Updated CodeIgniter 2.2.2 system dir.
This commit is contained in:
parent
9c89bbd2b4
commit
181ad4d67a
4 changed files with 13 additions and 10 deletions
|
@ -34,7 +34,7 @@
|
|||
* @var string
|
||||
*
|
||||
*/
|
||||
define('CI_VERSION', '2.2.1');
|
||||
define('CI_VERSION', '2.2.2');
|
||||
|
||||
/**
|
||||
* CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
|
||||
|
|
|
@ -67,11 +67,13 @@ class CI_Config {
|
|||
// Set the base_url automatically if none was provided
|
||||
if ($this->config['base_url'] == '')
|
||||
{
|
||||
if (isset($_SERVER['HTTP_HOST']))
|
||||
// The regular expression is only a basic validation for a valid "Host" header.
|
||||
// It's not exhaustive, only checks for valid characters.
|
||||
if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\[[0-9a-f:]+\])|(\d{1,3}(\.\d{1,3}){3})|[a-z0-9\-\.]+)(:\d+)?$/i', $_SERVER['HTTP_HOST']))
|
||||
{
|
||||
$base_url = (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off') ? 'http' : 'https';
|
||||
$base_url .= '://'. $_SERVER['HTTP_HOST'];
|
||||
$base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
|
||||
$base_url .= substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
|
||||
}
|
||||
|
||||
else
|
||||
|
|
|
@ -513,7 +513,7 @@ class CI_Security {
|
|||
$str_compare = $str;
|
||||
|
||||
// Decode standard entities, avoiding false positives
|
||||
if ($c = preg_match_all('/&[a-z]{2,}(?![a-z;])/i', $str, $matches))
|
||||
if (preg_match_all('/\&[a-z]{2,}(?![a-z;])/i', $str, $matches))
|
||||
{
|
||||
if ( ! isset($_entities))
|
||||
{
|
||||
|
@ -530,7 +530,7 @@ class CI_Security {
|
|||
{
|
||||
$_entities[':'] = ':';
|
||||
$_entities['('] = '(';
|
||||
$_entities[')'] = '&rpar';
|
||||
$_entities[')'] = ')';
|
||||
$_entities["\n"] = '&newline;';
|
||||
$_entities["\t"] = '&tab;';
|
||||
}
|
||||
|
@ -538,11 +538,11 @@ class CI_Security {
|
|||
|
||||
$replace = array();
|
||||
$matches = array_unique(array_map('strtolower', $matches[0]));
|
||||
for ($i = 0; $i < $c; $i++)
|
||||
foreach ($matches as &$match)
|
||||
{
|
||||
if (($char = array_search($matches[$i].';', $_entities, TRUE)) !== FALSE)
|
||||
if (($char = array_search($match.';', $_entities, TRUE)) !== FALSE)
|
||||
{
|
||||
$replace[$matches[$i]] = $char;
|
||||
$replace[$match] = $char;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -644,7 +644,7 @@ class CI_Security {
|
|||
protected function _remove_evil_attributes($str, $is_image)
|
||||
{
|
||||
// All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
|
||||
$evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href');
|
||||
$evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href', 'FSCommand', 'seekSegmentTime');
|
||||
|
||||
if ($is_image === TRUE)
|
||||
{
|
||||
|
|
|
@ -204,6 +204,7 @@ class CI_Cache extends CI_Driver_Library {
|
|||
if ( ! $this->is_supported($child))
|
||||
{
|
||||
$this->_adapter = $this->_backup_driver;
|
||||
$obj = parent::__get($this->_adapter);
|
||||
}
|
||||
|
||||
return $obj;
|
||||
|
|
Loading…
Reference in a new issue