Updated CodeIgniter 2.2.2 system dir.

This commit is contained in:
Alex Tselegidis 2015-05-10 22:01:35 +02:00
parent 9c89bbd2b4
commit 181ad4d67a
4 changed files with 13 additions and 10 deletions

View file

@ -34,7 +34,7 @@
* @var string * @var string
* *
*/ */
define('CI_VERSION', '2.2.1'); define('CI_VERSION', '2.2.2');
/** /**
* CodeIgniter Branch (Core = TRUE, Reactor = FALSE) * CodeIgniter Branch (Core = TRUE, Reactor = FALSE)

View file

@ -67,11 +67,13 @@ class CI_Config {
// Set the base_url automatically if none was provided // Set the base_url automatically if none was provided
if ($this->config['base_url'] == '') if ($this->config['base_url'] == '')
{ {
if (isset($_SERVER['HTTP_HOST'])) // The regular expression is only a basic validation for a valid "Host" header.
// It's not exhaustive, only checks for valid characters.
if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\[[0-9a-f:]+\])|(\d{1,3}(\.\d{1,3}){3})|[a-z0-9\-\.]+)(:\d+)?$/i', $_SERVER['HTTP_HOST']))
{ {
$base_url = (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off') ? 'http' : 'https'; $base_url = (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off') ? 'http' : 'https';
$base_url .= '://'. $_SERVER['HTTP_HOST']; $base_url .= '://'. $_SERVER['HTTP_HOST'];
$base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); $base_url .= substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
} }
else else

View file

@ -513,7 +513,7 @@ class CI_Security {
$str_compare = $str; $str_compare = $str;
// Decode standard entities, avoiding false positives // Decode standard entities, avoiding false positives
if ($c = preg_match_all('/&[a-z]{2,}(?![a-z;])/i', $str, $matches)) if (preg_match_all('/\&[a-z]{2,}(?![a-z;])/i', $str, $matches))
{ {
if ( ! isset($_entities)) if ( ! isset($_entities))
{ {
@ -530,7 +530,7 @@ class CI_Security {
{ {
$_entities[':'] = ':'; $_entities[':'] = ':';
$_entities['('] = '('; $_entities['('] = '(';
$_entities[')'] = '&rpar'; $_entities[')'] = ')';
$_entities["\n"] = '&newline;'; $_entities["\n"] = '&newline;';
$_entities["\t"] = '&tab;'; $_entities["\t"] = '&tab;';
} }
@ -538,11 +538,11 @@ class CI_Security {
$replace = array(); $replace = array();
$matches = array_unique(array_map('strtolower', $matches[0])); $matches = array_unique(array_map('strtolower', $matches[0]));
for ($i = 0; $i < $c; $i++) foreach ($matches as &$match)
{ {
if (($char = array_search($matches[$i].';', $_entities, TRUE)) !== FALSE) if (($char = array_search($match.';', $_entities, TRUE)) !== FALSE)
{ {
$replace[$matches[$i]] = $char; $replace[$match] = $char;
} }
} }
@ -644,7 +644,7 @@ class CI_Security {
protected function _remove_evil_attributes($str, $is_image) protected function _remove_evil_attributes($str, $is_image)
{ {
// All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
$evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href'); $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href', 'FSCommand', 'seekSegmentTime');
if ($is_image === TRUE) if ($is_image === TRUE)
{ {

View file

@ -204,6 +204,7 @@ class CI_Cache extends CI_Driver_Library {
if ( ! $this->is_supported($child)) if ( ! $this->is_supported($child))
{ {
$this->_adapter = $this->_backup_driver; $this->_adapter = $this->_backup_driver;
$obj = parent::__get($this->_adapter);
} }
return $obj; return $obj;