From 016cd7198c302d83f30398863bccf656b39436bd Mon Sep 17 00:00:00 2001
From: Andreas <6977712+AndreasK79@users.noreply.github.com>
Date: Sat, 6 Nov 2021 20:05:55 +0100
Subject: [PATCH] Updated CodeIgniter to latest dev from Github
---
system/.htaccess | 7 +-
system/core/Benchmark.php | 8 +-
system/core/CodeIgniter.php | 99 ++----
system/core/Common.php | 24 +-
system/core/Config.php | 24 +-
system/core/Controller.php | 15 +-
system/core/Exceptions.php | 20 +-
system/core/Hooks.php | 14 +-
system/core/Input.php | 293 ++----------------
system/core/Lang.php | 11 +-
system/core/Loader.php | 38 +--
system/core/Log.php | 19 +-
system/core/Model.php | 20 +-
system/core/Output.php | 27 +-
system/core/Router.php | 51 +--
system/core/Security.php | 70 ++---
system/core/URI.php | 130 ++++----
system/core/Utf8.php | 22 +-
system/core/compat/hash.php | 16 +-
system/core/compat/index.html | 2 +-
system/core/compat/mbstring.php | 16 +-
system/core/compat/password.php | 20 +-
system/core/compat/standard.php | 58 +---
system/core/index.html | 2 +-
system/database/DB.php | 17 +-
system/database/DB_cache.php | 8 +-
system/database/DB_driver.php | 149 +++------
system/database/DB_forge.php | 59 ++--
system/database/DB_query_builder.php | 217 ++++++++-----
system/database/DB_result.php | 19 +-
system/database/DB_utility.php | 22 +-
.../database/drivers/cubrid/cubrid_driver.php | 8 +-
.../database/drivers/cubrid/cubrid_forge.php | 8 +-
.../database/drivers/cubrid/cubrid_result.php | 8 +-
.../drivers/cubrid/cubrid_utility.php | 8 +-
system/database/drivers/cubrid/index.html | 2 +-
.../database/drivers/ibase/ibase_driver.php | 8 +-
system/database/drivers/ibase/ibase_forge.php | 12 +-
.../database/drivers/ibase/ibase_result.php | 8 +-
.../database/drivers/ibase/ibase_utility.php | 8 +-
system/database/drivers/ibase/index.html | 2 +-
system/database/drivers/index.html | 2 +-
system/database/drivers/mssql/index.html | 2 +-
.../database/drivers/mssql/mssql_driver.php | 22 +-
system/database/drivers/mssql/mssql_forge.php | 8 +-
.../database/drivers/mssql/mssql_result.php | 8 +-
.../database/drivers/mssql/mssql_utility.php | 8 +-
system/database/drivers/mysql/index.html | 2 +-
.../database/drivers/mysql/mysql_driver.php | 67 ++--
system/database/drivers/mysql/mysql_forge.php | 8 +-
.../database/drivers/mysql/mysql_result.php | 8 +-
.../database/drivers/mysql/mysql_utility.php | 8 +-
system/database/drivers/mysqli/index.html | 2 +-
.../database/drivers/mysqli/mysqli_driver.php | 68 ++--
.../database/drivers/mysqli/mysqli_forge.php | 8 +-
.../database/drivers/mysqli/mysqli_result.php | 22 +-
.../drivers/mysqli/mysqli_utility.php | 14 +-
system/database/drivers/oci8/index.html | 2 +-
system/database/drivers/oci8/oci8_driver.php | 23 +-
system/database/drivers/oci8/oci8_forge.php | 39 ++-
system/database/drivers/oci8/oci8_result.php | 8 +-
system/database/drivers/oci8/oci8_utility.php | 8 +-
system/database/drivers/odbc/index.html | 2 +-
system/database/drivers/odbc/odbc_driver.php | 8 +-
system/database/drivers/odbc/odbc_forge.php | 6 +-
system/database/drivers/odbc/odbc_result.php | 8 +-
system/database/drivers/odbc/odbc_utility.php | 6 +-
system/database/drivers/pdo/index.html | 2 +-
system/database/drivers/pdo/pdo_driver.php | 23 +-
system/database/drivers/pdo/pdo_forge.php | 6 +-
system/database/drivers/pdo/pdo_result.php | 10 +-
system/database/drivers/pdo/pdo_utility.php | 6 +-
.../drivers/pdo/subdrivers/index.html | 2 +-
.../drivers/pdo/subdrivers/pdo_4d_driver.php | 8 +-
.../drivers/pdo/subdrivers/pdo_4d_forge.php | 8 +-
.../pdo/subdrivers/pdo_cubrid_driver.php | 8 +-
.../pdo/subdrivers/pdo_cubrid_forge.php | 8 +-
.../pdo/subdrivers/pdo_dblib_driver.php | 8 +-
.../pdo/subdrivers/pdo_dblib_forge.php | 8 +-
.../pdo/subdrivers/pdo_firebird_driver.php | 8 +-
.../pdo/subdrivers/pdo_firebird_forge.php | 14 +-
.../drivers/pdo/subdrivers/pdo_ibm_driver.php | 8 +-
.../drivers/pdo/subdrivers/pdo_ibm_forge.php | 8 +-
.../pdo/subdrivers/pdo_informix_driver.php | 8 +-
.../pdo/subdrivers/pdo_informix_forge.php | 8 +-
.../pdo/subdrivers/pdo_mysql_driver.php | 15 +-
.../pdo/subdrivers/pdo_mysql_forge.php | 8 +-
.../drivers/pdo/subdrivers/pdo_oci_driver.php | 12 +-
.../drivers/pdo/subdrivers/pdo_oci_forge.php | 41 ++-
.../pdo/subdrivers/pdo_odbc_driver.php | 8 +-
.../drivers/pdo/subdrivers/pdo_odbc_forge.php | 6 +-
.../pdo/subdrivers/pdo_pgsql_driver.php | 14 +-
.../pdo/subdrivers/pdo_pgsql_forge.php | 16 +-
.../pdo/subdrivers/pdo_sqlite_driver.php | 20 +-
.../pdo/subdrivers/pdo_sqlite_forge.php | 8 +-
.../pdo/subdrivers/pdo_sqlsrv_driver.php | 8 +-
.../pdo/subdrivers/pdo_sqlsrv_forge.php | 8 +-
system/database/drivers/postgre/index.html | 2 +-
.../drivers/postgre/postgre_driver.php | 56 ++--
.../drivers/postgre/postgre_forge.php | 16 +-
.../drivers/postgre/postgre_result.php | 8 +-
.../drivers/postgre/postgre_utility.php | 8 +-
system/database/drivers/sqlite3/index.html | 2 +-
.../drivers/sqlite3/sqlite3_driver.php | 20 +-
.../drivers/sqlite3/sqlite3_forge.php | 8 +-
.../drivers/sqlite3/sqlite3_result.php | 8 +-
.../drivers/sqlite3/sqlite3_utility.php | 8 +-
system/database/drivers/sqlsrv/index.html | 2 +-
.../database/drivers/sqlsrv/sqlsrv_driver.php | 8 +-
.../database/drivers/sqlsrv/sqlsrv_forge.php | 8 +-
.../database/drivers/sqlsrv/sqlsrv_result.php | 8 +-
.../drivers/sqlsrv/sqlsrv_utility.php | 8 +-
system/database/index.html | 2 +-
system/fonts/index.html | 2 +-
system/helpers/array_helper.php | 8 +-
system/helpers/captcha_helper.php | 119 ++++---
system/helpers/cookie_helper.php | 15 +-
system/helpers/date_helper.php | 48 +--
system/helpers/directory_helper.php | 8 +-
system/helpers/download_helper.php | 62 ++--
system/helpers/file_helper.php | 28 +-
system/helpers/form_helper.php | 32 +-
system/helpers/html_helper.php | 75 ++---
system/helpers/index.html | 2 +-
system/helpers/inflector_helper.php | 66 +++-
system/helpers/language_helper.php | 8 +-
system/helpers/number_helper.php | 8 +-
system/helpers/path_helper.php | 8 +-
system/helpers/security_helper.php | 32 +-
system/helpers/string_helper.php | 55 +---
system/helpers/text_helper.php | 8 +-
system/helpers/typography_helper.php | 8 +-
system/helpers/url_helper.php | 18 +-
system/helpers/xml_helper.php | 8 +-
system/index.html | 2 +-
system/language/english/calendar_lang.php | 6 +-
system/language/english/date_lang.php | 6 +-
system/language/english/db_lang.php | 6 +-
system/language/english/email_lang.php | 6 +-
.../language/english/form_validation_lang.php | 8 +-
system/language/english/ftp_lang.php | 6 +-
system/language/english/imglib_lang.php | 7 +-
system/language/english/index.html | 2 +-
system/language/english/migration_lang.php | 6 +-
system/language/english/number_lang.php | 6 +-
system/language/english/pagination_lang.php | 6 +-
system/language/english/profiler_lang.php | 6 +-
system/language/english/unit_test_lang.php | 6 +-
system/language/english/upload_lang.php | 6 +-
system/language/index.html | 2 +-
system/libraries/Cache/Cache.php | 19 +-
system/libraries/Cache/drivers/Cache_apc.php | 14 +-
system/libraries/Cache/drivers/Cache_apcu.php | 219 +++++++++++++
.../libraries/Cache/drivers/Cache_dummy.php | 14 +-
system/libraries/Cache/drivers/Cache_file.php | 8 +-
.../Cache/drivers/Cache_memcached.php | 38 ++-
.../libraries/Cache/drivers/Cache_redis.php | 126 +++++---
.../Cache/drivers/Cache_wincache.php | 16 +-
system/libraries/Cache/drivers/index.html | 2 +-
system/libraries/Cache/index.html | 2 +-
system/libraries/Calendar.php | 8 +-
system/libraries/Driver.php | 6 +-
system/libraries/Email.php | 291 ++++++++---------
system/libraries/Encrypt.php | 10 +-
system/libraries/Encryption.php | 21 +-
system/libraries/Form_validation.php | 172 +++++-----
system/libraries/Ftp.php | 8 +-
system/libraries/Image_lib.php | 53 +++-
system/libraries/Migration.php | 8 +-
system/libraries/Pagination.php | 17 +-
system/libraries/Parser.php | 8 +-
system/libraries/Profiler.php | 26 +-
system/libraries/Session/Session.php | 43 +--
system/libraries/Session/Session_driver.php | 46 ++-
.../drivers/Session_database_driver.php | 129 ++++----
.../Session/drivers/Session_files_driver.php | 38 ++-
.../drivers/Session_memcached_driver.php | 49 ++-
.../Session/drivers/Session_redis_driver.php | 180 ++++++++---
system/libraries/Session/drivers/index.html | 2 +-
system/libraries/Session/index.html | 2 +-
system/libraries/Table.php | 9 +-
system/libraries/Trackback.php | 8 +-
system/libraries/Typography.php | 8 +-
system/libraries/Unit_test.php | 8 +-
system/libraries/Upload.php | 26 +-
system/libraries/User_agent.php | 8 +-
system/libraries/Xmlrpc.php | 26 +-
system/libraries/Xmlrpcs.php | 28 +-
system/libraries/Zip.php | 20 +-
system/libraries/index.html | 2 +-
190 files changed, 2444 insertions(+), 2402 deletions(-)
create mode 100644 system/libraries/Cache/drivers/Cache_apcu.php
diff --git a/system/.htaccess b/system/.htaccess
index 14249c50..97c65d2d 100644
--- a/system/.htaccess
+++ b/system/.htaccess
@@ -1 +1,6 @@
-Deny from all
\ No newline at end of file
+
+ Require all denied
+
+
+ Deny from all
+
\ No newline at end of file
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php
index b3ac79c6..0b48d4d0 100644
--- a/system/core/Benchmark.php
+++ b/system/core/Benchmark.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/benchmark.html
+ * @link https://codeigniter.com/userguide3/libraries/benchmark.html
*/
class CI_Benchmark {
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index d8318f2d..acc3bbcb 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage CodeIgniter
* @category Front-controller
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/
+ * @link https://codeigniter.com/userguide3/
*/
/**
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @var string
*
*/
- const CI_VERSION = '3.1.6';
+ const CI_VERSION = '3.2.0-dev';
/*
* ------------------------------------------------------
@@ -79,57 +79,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
*/
require_once(BASEPATH.'core/Common.php');
-
-/*
- * ------------------------------------------------------
- * Security procedures
- * ------------------------------------------------------
- */
-
-if ( ! is_php('5.4'))
-{
- ini_set('magic_quotes_runtime', 0);
-
- if ((bool) ini_get('register_globals'))
- {
- $_protected = array(
- '_SERVER',
- '_GET',
- '_POST',
- '_FILES',
- '_REQUEST',
- '_SESSION',
- '_ENV',
- '_COOKIE',
- 'GLOBALS',
- 'HTTP_RAW_POST_DATA',
- 'system_path',
- 'application_folder',
- 'view_folder',
- '_protected',
- '_registered'
- );
-
- $_registered = ini_get('variables_order');
- foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
- {
- if (strpos($_registered, $key) === FALSE)
- {
- continue;
- }
-
- foreach (array_keys($$superglobal) as $var)
- {
- if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
- {
- $GLOBALS[$var] = NULL;
- }
- }
- }
- }
-}
-
-
/*
* ------------------------------------------------------
* Define a custom error handler so we can log PHP errors
@@ -192,20 +141,6 @@ if ( ! is_php('5.4'))
$BM->mark('total_execution_time_start');
$BM->mark('loading_time:_base_classes_start');
-/*
- * ------------------------------------------------------
- * Instantiate the hooks class
- * ------------------------------------------------------
- */
- $EXT =& load_class('Hooks', 'core');
-
-/*
- * ------------------------------------------------------
- * Is there a "pre_system" hook?
- * ------------------------------------------------------
- */
- $EXT->call_hook('pre_system');
-
/*
* ------------------------------------------------------
* Instantiate the config class
@@ -227,6 +162,20 @@ if ( ! is_php('5.4'))
}
}
+/*
+ * ------------------------------------------------------
+ * Instantiate the hooks class
+ * ------------------------------------------------------
+ */
+ $EXT =& load_class('Hooks', 'core', $CFG);
+
+/*
+ * ------------------------------------------------------
+ * Is there a "pre_system" hook?
+ * ------------------------------------------------------
+ */
+ $EXT->call_hook('pre_system');
+
/*
* ------------------------------------------------------
* Important charset-related stuff
@@ -294,14 +243,14 @@ if ( ! is_php('5.4'))
* Instantiate the UTF-8 class
* ------------------------------------------------------
*/
- $UNI =& load_class('Utf8', 'core');
+ $UNI =& load_class('Utf8', 'core', $charset);
/*
* ------------------------------------------------------
* Instantiate the URI class
* ------------------------------------------------------
*/
- $URI =& load_class('URI', 'core');
+ $URI =& load_class('URI', 'core', $CFG);
/*
* ------------------------------------------------------
@@ -332,14 +281,14 @@ if ( ! is_php('5.4'))
* Load the security class for xss and csrf support
* -----------------------------------------------------
*/
- $SEC =& load_class('Security', 'core');
+ $SEC =& load_class('Security', 'core', $charset);
/*
* ------------------------------------------------------
* Load the Input class and sanitize globals
* ------------------------------------------------------
*/
- $IN =& load_class('Input', 'core');
+ $IN =& load_class('Input', 'core', $SEC);
/*
* ------------------------------------------------------
@@ -438,7 +387,7 @@ if ( ! is_php('5.4'))
* ReflectionMethod::isConstructor() is the ONLY reliable check,
* knowing which method will be executed as a constructor.
*/
- elseif ( ! is_callable(array($class, $method)))
+ else
{
$reflection = new ReflectionMethod($class, $method);
if ( ! $reflection->isPublic() OR $reflection->isConstructor())
diff --git a/system/core/Common.php b/system/core/Common.php
index d6a1fdb4..ed96de0c 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage CodeIgniter
* @category Common Functions
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/
+ * @link https://codeigniter.com/userguide3/
*/
// ------------------------------------------------------------------------
@@ -81,8 +81,7 @@ if ( ! function_exists('is_really_writable'))
* Tests for file writability
*
* is_writable() returns TRUE on Windows servers when you really can't write to
- * the file, based on the read-only attribute. is_writable() is also unreliable
- * on Unix servers if safe_mode is on.
+ * the file, based on the read-only attribute.
*
* @link https://bugs.php.net/bug.php?id=54709
* @param string
@@ -90,8 +89,8 @@ if ( ! function_exists('is_really_writable'))
*/
function is_really_writable($file)
{
- // If we're on a Unix server with safe_mode off we call is_writable
- if (DIRECTORY_SEPARATOR === '/' && (is_php('5.4') OR ! ini_get('safe_mode')))
+ // If we're on a UNIX-like server, just is_writable()
+ if (DIRECTORY_SEPARATOR === '/')
{
return is_writable($file);
}
@@ -499,6 +498,7 @@ if ( ! function_exists('set_status_header'))
$stati = array(
100 => 'Continue',
101 => 'Switching Protocols',
+ 103 => 'Early Hints',
200 => 'OK',
201 => 'Created',
@@ -507,6 +507,7 @@ if ( ! function_exists('set_status_header'))
204 => 'No Content',
205 => 'Reset Content',
206 => 'Partial Content',
+ 207 => 'Multi-Status',
300 => 'Multiple Choices',
301 => 'Moved Permanently',
@@ -515,6 +516,7 @@ if ( ! function_exists('set_status_header'))
304 => 'Not Modified',
305 => 'Use Proxy',
307 => 'Temporary Redirect',
+ 308 => 'Permanent Redirect',
400 => 'Bad Request',
401 => 'Unauthorized',
@@ -534,11 +536,13 @@ if ( ! function_exists('set_status_header'))
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed',
+ 421 => 'Misdirected Request',
422 => 'Unprocessable Entity',
426 => 'Upgrade Required',
428 => 'Precondition Required',
429 => 'Too Many Requests',
431 => 'Request Header Fields Too Large',
+ 451 => 'Unavailable For Legal Reasons',
500 => 'Internal Server Error',
501 => 'Not Implemented',
@@ -565,7 +569,7 @@ if ( ! function_exists('set_status_header'))
return;
}
- $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE))
+ $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0'), TRUE))
? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
header($server_protocol.' '.$code.' '.$text, TRUE, $code);
}
@@ -625,7 +629,7 @@ if ( ! function_exists('_error_handler'))
// If the error is fatal, the execution of the script should be stopped because
// errors can't be recovered from. Halting the script conforms with PHP's
- // default error handling. See http://www.php.net/manual/en/errorfunc.constants.php
+ // default error handling. See https://secure.php.net/manual/en/errorfunc.constants.php
if ($is_error)
{
exit(1); // EXIT_ERROR
diff --git a/system/core/Config.php b/system/core/Config.php
index cda62241..e6eb0ad9 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/config.html
+ * @link https://codeigniter.com/userguide3/libraries/config.html
*/
class CI_Config {
@@ -169,7 +169,7 @@ class CI_Config {
$this->is_loaded[] = $file_path;
$config = NULL;
$loaded = TRUE;
- log_message('debug', 'Config file loaded: '.$file_path);
+ log_message('info', 'Config file loaded: '.$file_path);
}
}
@@ -350,20 +350,6 @@ class CI_Config {
// --------------------------------------------------------------------
- /**
- * System URL
- *
- * @deprecated 3.0.0 Encourages insecure practices
- * @return string
- */
- public function system_url()
- {
- $x = explode('/', preg_replace('|/*(.+?)/*$|', '\\1', BASEPATH));
- return $this->slash_item('base_url').end($x).'/';
- }
-
- // --------------------------------------------------------------------
-
/**
* Set a config file item
*
diff --git a/system/core/Controller.php b/system/core/Controller.php
index 59a91673..ac27989f 100644
--- a/system/core/Controller.php
+++ b/system/core/Controller.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/general/controllers.html
+ * @link https://codeigniter.com/userguide3/general/controllers.html
*/
class CI_Controller {
@@ -58,6 +58,13 @@ class CI_Controller {
*/
private static $instance;
+ /**
+ * CI_Loader
+ *
+ * @var CI_Loader
+ */
+ public $load;
+
/**
* Class constructor
*
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
index 52690960..92c635f9 100644
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -44,7 +44,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Exceptions
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/exceptions.html
+ * @link https://codeigniter.com/userguide3/libraries/exceptions.html
*/
class CI_Exceptions {
@@ -161,6 +161,10 @@ class CI_Exceptions {
{
$templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR;
}
+ else
+ {
+ $templates_path = rtrim($templates_path, '/\\').DIRECTORY_SEPARATOR;
+ }
if (is_cli())
{
@@ -194,6 +198,10 @@ class CI_Exceptions {
{
$templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR;
}
+ else
+ {
+ $templates_path = rtrim($templates_path, '/\\').DIRECTORY_SEPARATOR;
+ }
$message = $exception->getMessage();
if (empty($message))
@@ -240,6 +248,10 @@ class CI_Exceptions {
{
$templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR;
}
+ else
+ {
+ $templates_path = rtrim($templates_path, '/\\').DIRECTORY_SEPARATOR;
+ }
$severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity;
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
index f2d6f21c..864c59d2 100644
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/general/hooks.html
+ * @link https://codeigniter.com/userguide3/general/hooks.html
*/
class CI_Hooks {
@@ -83,16 +83,16 @@ class CI_Hooks {
/**
* Class constructor
*
+ * @param CI_Config $config
* @return void
*/
- public function __construct()
+ public function __construct(CI_Config $config)
{
- $CFG =& load_class('Config', 'core');
log_message('info', 'Hooks Class Initialized');
// If hooks are not enabled in the config file
// there is nothing else to do
- if ($CFG->item('enable_hooks') === FALSE)
+ if ($config->item('enable_hooks') === FALSE)
{
return;
}
diff --git a/system/core/Input.php b/system/core/Input.php
index af4f87c1..30d528b8 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Input
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/input.html
+ * @link https://codeigniter.com/userguide3/libraries/input.html
*/
class CI_Input {
@@ -57,45 +57,6 @@ class CI_Input {
*/
protected $ip_address = FALSE;
- /**
- * Allow GET array flag
- *
- * If set to FALSE, then $_GET will be set to an empty array.
- *
- * @var bool
- */
- protected $_allow_get_array = TRUE;
-
- /**
- * Standardize new lines flag
- *
- * If set to TRUE, then newlines are standardized.
- *
- * @var bool
- */
- protected $_standardize_newlines;
-
- /**
- * Enable XSS flag
- *
- * Determines whether the XSS filter is always active when
- * GET, POST or COOKIE data is encountered.
- * Set automatically based on config setting.
- *
- * @var bool
- */
- protected $_enable_xss = FALSE;
-
- /**
- * Enable CSRF flag
- *
- * Enables a CSRF cookie token to be set.
- * Set automatically based on config setting.
- *
- * @var bool
- */
- protected $_enable_csrf = FALSE;
-
/**
* List of all HTTP request headers
*
@@ -122,8 +83,15 @@ class CI_Input {
*/
protected $_input_stream;
+ /**
+ * CI_Security instance
+ *
+ * Used for the optional $xss_filter parameter that most
+ * getter methods have here.
+ *
+ * @var CI_Security
+ */
protected $security;
- protected $uni;
// --------------------------------------------------------------------
@@ -135,30 +103,9 @@ class CI_Input {
*
* @return void
*/
- public function __construct()
+ public function __construct(CI_Security &$security)
{
- $this->_allow_get_array = (config_item('allow_get_array') === TRUE);
- $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
- $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
- $this->_standardize_newlines = (bool) config_item('standardize_newlines');
-
- $this->security =& load_class('Security', 'core');
-
- // Do we need the UTF-8 class?
- if (UTF8_ENABLED === TRUE)
- {
- $this->uni =& load_class('Utf8', 'core');
- }
-
- // Sanitize global arrays
- $this->_sanitize_globals();
-
- // CSRF Protection check
- if ($this->_enable_csrf === TRUE && ! is_cli())
- {
- $this->security->csrf_verify();
- }
-
+ $this->security = $security;
log_message('info', 'Input Class Initialized');
}
@@ -174,10 +121,8 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL)
+ protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = FALSE)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
// If $index is NULL, it means that the whole $array is requested
isset($index) OR $index = array_keys($array);
@@ -237,7 +182,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get($index = NULL, $xss_clean = NULL)
+ public function get($index = NULL, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_GET, $index, $xss_clean);
}
@@ -251,7 +196,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post($index = NULL, $xss_clean = NULL)
+ public function post($index = NULL, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_POST, $index, $xss_clean);
}
@@ -265,11 +210,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post_get($index, $xss_clean = NULL)
+ public function post_get($index, $xss_clean = FALSE)
{
- return isset($_POST[$index])
- ? $this->post($index, $xss_clean)
- : $this->get($index, $xss_clean);
+ $output = $this->post($index, $xss_clean);
+ return isset($output) ? $output : $this->get($index, $xss_clean);
}
// --------------------------------------------------------------------
@@ -281,11 +225,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get_post($index, $xss_clean = NULL)
+ public function get_post($index, $xss_clean = FALSE)
{
- return isset($_GET[$index])
- ? $this->get($index, $xss_clean)
- : $this->post($index, $xss_clean);
+ $output = $this->get($index, $xss_clean);
+ return isset($output) ? $output : $this->post($index, $xss_clean);
}
// --------------------------------------------------------------------
@@ -297,7 +240,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function cookie($index = NULL, $xss_clean = NULL)
+ public function cookie($index = NULL, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
}
@@ -311,7 +254,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function server($index, $xss_clean = NULL)
+ public function server($index, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
}
@@ -327,7 +270,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function input_stream($index = NULL, $xss_clean = NULL)
+ public function input_stream($index = NULL, $xss_clean = FALSE)
{
// Prior to PHP 5.6, the input stream can only be read once,
// so we'll need to check if we have already done that first.
@@ -359,7 +302,7 @@ class CI_Input {
* @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript)
* @return void
*/
- public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL)
+ public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL)
{
if (is_array($name))
{
@@ -396,9 +339,9 @@ class CI_Input {
? (bool) config_item('cookie_httponly')
: (bool) $httponly;
- if ( ! is_numeric($expire))
+ if ( ! is_numeric($expire) OR $expire < 0)
{
- $expire = time() - 86500;
+ $expire = 1;
}
else
{
@@ -579,174 +522,13 @@ class CI_Input {
*
* @return string|null User Agent string or NULL if it doesn't exist
*/
- public function user_agent($xss_clean = NULL)
+ public function user_agent($xss_clean = FALSE)
{
return $this->_fetch_from_array($_SERVER, 'HTTP_USER_AGENT', $xss_clean);
}
// --------------------------------------------------------------------
- /**
- * Sanitize Globals
- *
- * Internal method serving for the following purposes:
- *
- * - Unsets $_GET data, if query strings are not enabled
- * - Cleans POST, COOKIE and SERVER data
- * - Standardizes newline characters to PHP_EOL
- *
- * @return void
- */
- protected function _sanitize_globals()
- {
- // Is $_GET data allowed? If not we'll set the $_GET to an empty array
- if ($this->_allow_get_array === FALSE)
- {
- $_GET = array();
- }
- elseif (is_array($_GET))
- {
- foreach ($_GET as $key => $val)
- {
- $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
- }
- }
-
- // Clean $_POST Data
- if (is_array($_POST))
- {
- foreach ($_POST as $key => $val)
- {
- $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
- }
- }
-
- // Clean $_COOKIE Data
- if (is_array($_COOKIE))
- {
- // Also get rid of specially treated cookies that might be set by a server
- // or silly application, that are of no use to a CI application anyway
- // but that when present will trip our 'Disallowed Key Characters' alarm
- // http://www.ietf.org/rfc/rfc2109.txt
- // note that the key names below are single quoted strings, and are not PHP variables
- unset(
- $_COOKIE['$Version'],
- $_COOKIE['$Path'],
- $_COOKIE['$Domain']
- );
-
- foreach ($_COOKIE as $key => $val)
- {
- if (($cookie_key = $this->_clean_input_keys($key)) !== FALSE)
- {
- $_COOKIE[$cookie_key] = $this->_clean_input_data($val);
- }
- else
- {
- unset($_COOKIE[$key]);
- }
- }
- }
-
- // Sanitize PHP_SELF
- $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
-
- log_message('debug', 'Global POST, GET and COOKIE data sanitized');
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Clean Input Data
- *
- * Internal method that aids in escaping data and
- * standardizing newline characters to PHP_EOL.
- *
- * @param string|string[] $str Input string(s)
- * @return string
- */
- protected function _clean_input_data($str)
- {
- if (is_array($str))
- {
- $new_array = array();
- foreach (array_keys($str) as $key)
- {
- $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($str[$key]);
- }
- return $new_array;
- }
-
- /* We strip slashes if magic quotes is on to keep things consistent
-
- NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and
- it will probably not exist in future versions at all.
- */
- if ( ! is_php('5.4') && get_magic_quotes_gpc())
- {
- $str = stripslashes($str);
- }
-
- // Clean UTF-8 if supported
- if (UTF8_ENABLED === TRUE)
- {
- $str = $this->uni->clean_string($str);
- }
-
- // Remove control characters
- $str = remove_invisible_characters($str, FALSE);
-
- // Standardize newlines if needed
- if ($this->_standardize_newlines === TRUE)
- {
- return preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $str);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Clean Keys
- *
- * Internal method that helps to prevent malicious users
- * from trying to exploit keys we make sure that keys are
- * only named with alpha-numeric text and a few other items.
- *
- * @param string $str Input string
- * @param bool $fatal Whether to terminate script exection
- * or to return FALSE if an invalid
- * key is encountered
- * @return string|bool
- */
- protected function _clean_input_keys($str, $fatal = TRUE)
- {
- if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str))
- {
- if ($fatal === TRUE)
- {
- return FALSE;
- }
- else
- {
- set_status_header(503);
- echo 'Disallowed Key Characters.';
- exit(7); // EXIT_USER_INPUT
- }
- }
-
- // Clean UTF-8 if supported
- if (UTF8_ENABLED === TRUE)
- {
- return $this->uni->clean_string($str);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
/**
* Request Headers
*
@@ -838,21 +620,6 @@ class CI_Input {
// --------------------------------------------------------------------
- /**
- * Is CLI request?
- *
- * Test to see if a request was made from the command line.
- *
- * @deprecated 3.0.0 Use is_cli() instead
- * @return bool
- */
- public function is_cli_request()
- {
- return is_cli();
- }
-
- // --------------------------------------------------------------------
-
/**
* Get Request Method
*
diff --git a/system/core/Lang.php b/system/core/Lang.php
index cc371cd4..c4cea6e0 100644
--- a/system/core/Lang.php
+++ b/system/core/Lang.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -44,7 +44,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Language
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/language.html
+ * @link https://codeigniter.com/userguide3/libraries/language.html
*/
class CI_Lang {
@@ -146,6 +146,7 @@ class CI_Lang {
break;
}
}
+
// try to load in default language (english) //
if (($found !== TRUE)&&($idiom != 'english')) {
$idiom = 'english';
@@ -161,7 +162,7 @@ class CI_Lang {
}
}
}
-
+
if ($found !== TRUE)
{
show_error('Unable to load the requested language file: language/'.$idiom.'/'.$langfile);
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 085c5b51..d9a1539a 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Loader
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/loader.html
+ * @link https://codeigniter.com/userguide3/libraries/loader.html
*/
class CI_Loader {
@@ -226,7 +226,7 @@ class CI_Loader {
*
* Loads and instantiates models.
*
- * @param string $model Model name
+ * @param mixed $model Model name
* @param string $name An optional object name to assign to
* @param bool $db_conn An optional database connection configuration to initialize
* @return object
@@ -303,6 +303,8 @@ class CI_Loader {
{
throw new RuntimeException($app_path."Model.php exists, but doesn't declare class CI_Model");
}
+
+ log_message('info', 'CI_Model class loaded');
}
elseif ( ! class_exists('CI_Model', FALSE))
{
@@ -317,6 +319,8 @@ class CI_Loader {
{
throw new RuntimeException($app_path.$class.".php exists, but doesn't declare class ".$class);
}
+
+ log_message('info', config_item('subclass_prefix').'Model class loaded');
}
}
@@ -344,13 +348,16 @@ class CI_Loader {
throw new RuntimeException('Unable to locate the model you have specified: '.$model);
}
}
- elseif ( ! is_subclass_of($model, 'CI_Model'))
+
+ if ( ! is_subclass_of($model, 'CI_Model'))
{
- throw new RuntimeException("Class ".$model." already exists and doesn't extend CI_Model");
+ throw new RuntimeException("Class ".$model." doesn't extend CI_Model");
}
$this->_ci_models[] = $name;
- $CI->$name = new $model();
+ $model = new $model();
+ $CI->$name = $model;
+ log_message('info', 'Model "'.get_class($model).'" initialized');
return $this;
}
@@ -937,7 +944,7 @@ class CI_Loader {
empty($_ci_vars) OR $this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars);
extract($this->_ci_cached_vars);
- /*
+ /**
* Buffer the output
*
* We buffer the output for two reasons:
@@ -950,18 +957,7 @@ class CI_Loader {
*/
ob_start();
- // If the PHP installation does not support short tags we'll
- // do a little string replacement, changing the short tags
- // to standard PHP echo statements.
- if ( ! is_php('5.4') && ! ini_get('short_open_tag') && config_item('rewrite_short_tags') === TRUE)
- {
- echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('=', '_log_path = ($config['log_path'] !== '') ? $config['log_path'] : APPPATH.'logs/';
+ $this->_log_path = ($config['log_path'] !== '')
+ ? rtrim($config['log_path'], '/\\').DIRECTORY_SEPARATOR : APPPATH.'logs'.DIRECTORY_SEPARATOR;
+
$this->_file_ext = (isset($config['log_file_extension']) && $config['log_file_extension'] !== '')
? ltrim($config['log_file_extension'], '.') : 'php';
@@ -247,11 +249,11 @@ class CI_Log {
* @param string $level The error level
* @param string $date Formatted date string
* @param string $message The log message
- * @return string Formatted log line with a new line character '\n' at the end
+ * @return string Formatted log line with a new line character at the end
*/
protected function _format_line($level, $date, $message)
{
- return $level.' - '.$date.' --> '.$message."\n";
+ return $level.' - '.$date.' --> '.$message.PHP_EOL;
}
// --------------------------------------------------------------------
@@ -283,9 +285,6 @@ class CI_Log {
{
if (self::$func_overload)
{
- // mb_substr($str, $start, null, '8bit') returns an empty
- // string on PHP 5.3
- isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
return mb_substr($str, $start, $length, '8bit');
}
diff --git a/system/core/Model.php b/system/core/Model.php
index c809e7b8..58514829 100644
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -44,22 +44,10 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/config.html
+ * @link https://codeigniter.com/userguide3/libraries/config.html
*/
class CI_Model {
- /**
- * Class constructor
- *
- * @return void
- */
- public function __construct()
- {
- log_message('info', 'Model Class Initialized');
- }
-
- // --------------------------------------------------------------------
-
/**
* __get magic
*
diff --git a/system/core/Output.php b/system/core/Output.php
index a3155fec..c56aff4b 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Output
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/output.html
+ * @link https://codeigniter.com/userguide3/libraries/output.html
*/
class CI_Output {
@@ -412,7 +412,7 @@ class CI_Output {
* @param string $output Output data override
* @return void
*/
- public function _display($output = '')
+ public function _display($output = NULL)
{
// Note: We use load_class() because we can't use $CI =& get_instance()
// since this function is sometimes called by the caching mechanism,
@@ -429,7 +429,7 @@ class CI_Output {
// --------------------------------------------------------------------
// Set the output data
- if ($output === '')
+ if ($output === NULL)
{
$output =& $this->final_output;
}
@@ -502,7 +502,7 @@ class CI_Output {
echo $output;
log_message('info', 'Final output sent to browser');
- log_message('debug', 'Total execution time: '.$elapsed);
+ log_message('info', 'Total execution time: '.$elapsed);
return;
}
@@ -539,7 +539,7 @@ class CI_Output {
}
log_message('info', 'Final output sent to browser');
- log_message('debug', 'Total execution time: '.$elapsed);
+ log_message('info', 'Total execution time: '.$elapsed);
}
// --------------------------------------------------------------------
@@ -554,7 +554,7 @@ class CI_Output {
{
$CI =& get_instance();
$path = $CI->config->item('cache_path');
- $cache_path = ($path === '') ? APPPATH.'cache/' : $path;
+ $cache_path = ($path === '') ? APPPATH.'cache'.DIRECTORY_SEPARATOR : rtrim($path, '/\\').DIRECTORY_SEPARATOR;
if ( ! is_dir($cache_path) OR ! is_really_writable($cache_path))
{
@@ -563,7 +563,7 @@ class CI_Output {
}
$uri = $CI->config->item('base_url')
- .$CI->config->item('index_page')
+ .$CI->config->slash_item('index_page')
.$CI->uri->uri_string();
if (($cache_query_string = $CI->config->item('cache_query_string')) && ! empty($_SERVER['QUERY_STRING']))
@@ -658,7 +658,7 @@ class CI_Output {
$cache_path = ($CFG->item('cache_path') === '') ? APPPATH.'cache/' : $CFG->item('cache_path');
// Build the file path. The file name is an MD5 hash of the full URI
- $uri = $CFG->item('base_url').$CFG->item('index_page').$URI->uri_string;
+ $uri = $CFG->item('base_url').$CFG->slash_item('index_page').$URI->uri_string;
if (($cache_query_string = $CFG->item('cache_query_string')) && ! empty($_SERVER['QUERY_STRING']))
{
@@ -761,7 +761,7 @@ class CI_Output {
}
}
- $cache_path .= md5($CI->config->item('base_url').$CI->config->item('index_page').ltrim($uri, '/'));
+ $cache_path .= md5($CI->config->item('base_url').$CI->config->slash_item('index_page').ltrim($uri, '/'));
if ( ! @unlink($cache_path))
{
@@ -829,9 +829,6 @@ class CI_Output {
{
if (self::$func_overload)
{
- // mb_substr($str, $start, null, '8bit') returns an empty
- // string on PHP 5.3
- isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
return mb_substr($str, $start, $length, '8bit');
}
diff --git a/system/core/Router.php b/system/core/Router.php
index 1abe4c4e..0d966255 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/general/routing.html
+ * @link https://codeigniter.com/userguide3/general/routing.html
*/
class CI_Router {
@@ -438,19 +438,6 @@ class CI_Router {
// --------------------------------------------------------------------
- /**
- * Fetch the current class
- *
- * @deprecated 3.0.0 Read the 'class' property instead
- * @return string
- */
- public function fetch_class()
- {
- return $this->class;
- }
-
- // --------------------------------------------------------------------
-
/**
* Set method name
*
@@ -464,19 +451,6 @@ class CI_Router {
// --------------------------------------------------------------------
- /**
- * Fetch the current method
- *
- * @deprecated 3.0.0 Read the 'method' property instead
- * @return string
- */
- public function fetch_method()
- {
- return $this->method;
- }
-
- // --------------------------------------------------------------------
-
/**
* Set directory name
*
@@ -495,21 +469,4 @@ class CI_Router {
$this->directory .= str_replace('.', '', trim($dir, '/')).'/';
}
}
-
- // --------------------------------------------------------------------
-
- /**
- * Fetch directory
- *
- * Feches the sub-directory (if any) that contains the requested
- * controller class.
- *
- * @deprecated 3.0.0 Read the 'directory' property instead
- * @return string
- */
- public function fetch_directory()
- {
- return $this->directory;
- }
-
}
diff --git a/system/core/Security.php b/system/core/Security.php
index 082ffa96..818b0933 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
@@ -44,7 +44,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Security
* @author EllisLab Dev Team
- * @link https://codeigniter.com/user_guide/libraries/security.html
+ * @link https://codeigniter.com/userguide3/libraries/security.html
*/
class CI_Security {
@@ -134,7 +134,9 @@ class CI_Security {
*/
protected $_never_allowed_str = array(
'document.cookie' => '[removed]',
+ '(document).cookie' => '[removed]',
'document.write' => '[removed]',
+ '(document).write' => '[removed]',
'.parentNode' => '[removed]',
'.innerHTML' => '[removed]',
'-moz-binding' => '[removed]',
@@ -152,7 +154,7 @@ class CI_Security {
*/
protected $_never_allowed_regex = array(
'javascript\s*:',
- '(document|(document\.)?window)\.(location|on\w*)',
+ '(\(?document\)?|\(?window\)?(\.document)?)\.(location|on\w*)',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
'wscript\s*:', // IE
@@ -167,10 +169,12 @@ class CI_Security {
*
* @return void
*/
- public function __construct()
+ public function __construct($charset)
{
+ $this->charset = $charset;
+
// Is CSRF protection enabled?
- if (config_item('csrf_protection'))
+ if (config_item('csrf_protection') && ! is_cli())
{
// CSRF config
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
@@ -189,10 +193,9 @@ class CI_Security {
// Set the CSRF hash
$this->_csrf_set_hash();
+ $this->csrf_verify();
}
- $this->charset = strtoupper(config_item('charset'));
-
log_message('info', 'Security Class Initialized');
}
@@ -226,6 +229,7 @@ class CI_Security {
// Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate
$valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
+ && is_string($_POST[$this->_csrf_token_name]) && is_string($_COOKIE[$this->_csrf_cookie_name])
&& hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]);
// We kill this since we're done and we don't want to pollute the _POST array
@@ -542,6 +546,14 @@ class CI_Security {
$str
);
+ // Same thing, but for "tag functions" (e.g. eval`some code`)
+ // See https://github.com/bcit-ci/CodeIgniter/issues/5420
+ $str = preg_replace(
+ '#(alert|prompt|confirm|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)`(.*?)`#si',
+ '\\1\\2`\\3`',
+ $str
+ );
+
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
@@ -628,7 +640,7 @@ class CI_Security {
if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE)
{
// Try not to waste entropy ...
- is_php('5.4') && stream_set_chunk_size($fp, $length);
+ stream_set_chunk_size($fp, $length);
$output = fread($fp, $length);
fclose($fp);
if ($output !== FALSE)
@@ -658,7 +670,7 @@ class CI_Security {
* correctly. html_entity_decode() does not convert entities without
* semicolons, so we are left with our own little solution here. Bummer.
*
- * @link http://php.net/html-entity-decode
+ * @link https://secure.php.net/html-entity-decode
*
* @param string $str Input
* @param string $charset Character set
@@ -673,26 +685,8 @@ class CI_Security {
static $_entities;
- isset($charset) OR $charset = $this->charset;
- $flag = is_php('5.4')
- ? ENT_COMPAT | ENT_HTML5
- : ENT_COMPAT;
-
- if ( ! isset($_entities))
- {
- $_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, $flag, $charset));
-
- // If we're not on PHP 5.4+, add the possibly dangerous HTML 5
- // entities to the array manually
- if ($flag === ENT_COMPAT)
- {
- $_entities[':'] = ':';
- $_entities['('] = '(';
- $_entities[')'] = ')';
- $_entities["\n"] = '
';
- $_entities["\t"] = '	';
- }
- }
+ isset($charset) OR $charset = $this->charset;
+ isset($_entities) OR $_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, ENT_COMPAT | ENT_HTML5, $charset));
do
{
@@ -717,14 +711,9 @@ class CI_Security {
// Decode numeric & UTF16 two byte entities
$str = html_entity_decode(
preg_replace('/((?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str),
- $flag,
+ ENT_COMPAT | ENT_HTML5,
$charset
);
-
- if ($flag === ENT_COMPAT)
- {
- $str = str_replace(array_values($_entities), array_keys($_entities), $str);
- }
}
while ($str_compare !== $str);
return $str;
@@ -853,7 +842,7 @@ class CI_Security {
// For other tags, see if their attributes are "evil" and strip those
elseif (isset($matches['attributes']))
{
- // We'll store the already fitlered attributes here
+ // We'll store the already filtered attributes here
$attributes = array();
// Attribute-catching pattern
@@ -927,7 +916,7 @@ class CI_Security {
return str_replace(
$match[1],
preg_replace(
- '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|