diff --git a/src/system/core/Benchmark.php b/src/system/core/Benchmark.php index a5c3e999..daffa292 100644 --- a/src/system/core/Benchmark.php +++ b/src/system/core/Benchmark.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -24,7 +25,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/benchmark.html */ class CI_Benchmark { diff --git a/src/system/core/CodeIgniter.php b/src/system/core/CodeIgniter.php index 34078174..b49c1458 100644 --- a/src/system/core/CodeIgniter.php +++ b/src/system/core/CodeIgniter.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage codeigniter * @category Front-controller - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/ */ @@ -33,7 +34,7 @@ * @var string * */ - define('CI_VERSION', '2.2.0'); + define('CI_VERSION', '2.2.1'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/src/system/core/Common.php b/src/system/core/Common.php index cd6f0e37..5e56aa09 100644 --- a/src/system/core/Common.php +++ b/src/system/core/Common.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage codeigniter * @category Common Functions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/ */ diff --git a/src/system/core/Config.php b/src/system/core/Config.php index 605c6cf6..50a0d8ee 100644 --- a/src/system/core/Config.php +++ b/src/system/core/Config.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/config.html */ class CI_Config { diff --git a/src/system/core/Controller.php b/src/system/core/Controller.php index 6ccaf975..e05362ca 100644 --- a/src/system/core/Controller.php +++ b/src/system/core/Controller.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -24,7 +25,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/general/controllers.html */ class CI_Controller { diff --git a/src/system/core/Exceptions.php b/src/system/core/Exceptions.php index 45120968..4ca2fafb 100644 --- a/src/system/core/Exceptions.php +++ b/src/system/core/Exceptions.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -21,7 +22,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Exceptions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/exceptions.html */ class CI_Exceptions { diff --git a/src/system/core/Hooks.php b/src/system/core/Hooks.php index ee5c2307..4dbabb87 100644 --- a/src/system/core/Hooks.php +++ b/src/system/core/Hooks.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Hooks { diff --git a/src/system/core/Input.php b/src/system/core/Input.php index bf2aaf1b..40305745 100644 --- a/src/system/core/Input.php +++ b/src/system/core/Input.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Input - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/input.html */ class CI_Input { diff --git a/src/system/core/Lang.php b/src/system/core/Lang.php index ef5d1080..28497034 100644 --- a/src/system/core/Lang.php +++ b/src/system/core/Lang.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -21,7 +22,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Language - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/language.html */ class CI_Lang { diff --git a/src/system/core/Loader.php b/src/system/core/Loader.php index b5b0634e..40090db6 100644 --- a/src/system/core/Loader.php +++ b/src/system/core/Loader.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -22,7 +23,7 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @category Loader * @link http://codeigniter.com/user_guide/libraries/loader.html */ diff --git a/src/system/core/Model.php b/src/system/core/Model.php index 1f142509..9bbb1fcd 100644 --- a/src/system/core/Model.php +++ b/src/system/core/Model.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -21,7 +22,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/config.html */ class CI_Model { diff --git a/src/system/core/Output.php b/src/system/core/Output.php index 7959befb..fc88f6e5 100644 --- a/src/system/core/Output.php +++ b/src/system/core/Output.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Output - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/output.html */ class CI_Output { diff --git a/src/system/core/Router.php b/src/system/core/Router.php index b48a3456..b39dc163 100644 --- a/src/system/core/Router.php +++ b/src/system/core/Router.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -22,7 +23,7 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @category Libraries * @link http://codeigniter.com/user_guide/general/routing.html */ diff --git a/src/system/core/Security.php b/src/system/core/Security.php index 8c6a5a3c..710d9755 100644 --- a/src/system/core/Security.php +++ b/src/system/core/Security.php @@ -1,12 +1,13 @@ - '[removed]', '.parentNode' => '[removed]', '.innerHTML' => '[removed]', - 'window.location' => '[removed]', '-moz-binding' => '[removed]', '' => '-->', @@ -90,9 +90,13 @@ class CI_Security { */ protected $_never_allowed_regex = array( 'javascript\s*:', + '(document|(document\.)?window)\.(location|on\w*)', 'expression\s*(\(|&\#40;)', // CSS and IE 'vbscript\s*:', // IE, surprise! - 'Redirect\s+302', + 'wscript\s*:', // IE + 'jscript\s*:', // IE + 'vbs\s*:', // IE + 'Redirect\s+30\d:', "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); @@ -263,10 +267,7 @@ class CI_Security { */ public function xss_clean($str, $is_image = FALSE) { - /* - * Is the string an array? - * - */ + // Is the string an array? if (is_array($str)) { while (list($key) = each($str)) @@ -277,14 +278,9 @@ class CI_Security { return $str; } - /* - * Remove Invisible Characters - */ + //Remove Invisible Characters $str = remove_invisible_characters($str); - // Validate Entities in URLs - $str = $this->_validate_entities($str); - /* * URL Decode * @@ -293,9 +289,12 @@ class CI_Security { * Google * * Note: Use rawurldecode() so it does not remove plus signs - * */ - $str = rawurldecode($str); + do + { + $str = rawurldecode($str); + } + while (preg_match('/%[0-9a-f]{2,}/i', $str)); /* * Convert character entities to ASCII @@ -303,16 +302,11 @@ class CI_Security { * This permits our tests below to work reliably. * We only convert entities that are within tags since * these are the ones that will pose security problems. - * */ + $str = preg_replace_callback("/[^a-z0-9>]+[a-z0-9]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); + $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str); - $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); - - $str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", array($this, '_decode_entity'), $str); - - /* - * Remove Invisible Characters Again! - */ + // Remove Invisible Characters Again! $str = remove_invisible_characters($str); /* @@ -323,15 +317,9 @@ class CI_Security { * NOTE: preg_replace was found to be amazingly slow here on * large blocks of data, so we use str_replace. */ + $str = str_replace("\t", ' ', $str); - if (strpos($str, "\t") !== FALSE) - { - $str = str_replace("\t", ' ', $str); - } - - /* - * Capture converted string for later comparison - */ + // Capture converted string for later comparison $converted_string = $str; // Remove Strings that are never allowed @@ -351,11 +339,11 @@ class CI_Security { // Images have a tendency to have the PHP short opening and // closing tags every so often so we skip those and only // do the long opening tags. - $str = preg_replace('/<\?(php)/i', "<?\\1", $str); + $str = preg_replace('/<\?(php)/i', '<?\\1', $str); } else { - $str = str_replace(array(''), array('<?', '?>'), $str); + $str = str_replace(array(''), array('<?', '?>'), $str); } /* @@ -365,22 +353,18 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', 'base64', - 'applet', 'alert', 'document', 'write', 'cookie', 'window' + 'javascript', 'expression', 'vbscript', 'jscript', 'wscript', + 'vbs', 'script', 'base64', 'applet', 'alert', 'document', + 'write', 'cookie', 'window', 'confirm', 'prompt' ); foreach ($words as $word) { - $temp = ''; - - for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++) - { - $temp .= substr($word, $i, 1)."\s*"; - } + $word = implode('\s*', str_split($word)).'\s*'; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" - $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); + $str = preg_replace_callback('#('.substr($word, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); } /* @@ -388,27 +372,33 @@ class CI_Security { * We used to do some version comparisons and use of stripos(), * but it is dog slow compared to these simplified non-capturing * preg_match(), especially if the pattern exists in the string + * + * Note: It was reported that not only space characters, but all in + * the following pattern can be parsed as separators between a tag name + * and its attributes: [\d\s"\'`;,\/\=\(\x00\x0B\x09\x0C] + * ... however, remove_invisible_characters() above already strips the + * hex-encoded ones, so we'll skip them below. */ do { $original = $str; - if (preg_match("/]*?)(>|$)#si", array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } - if (preg_match("/]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } - if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) + if (preg_match('/script|xss/i', $str)) { - $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[removed]', $str); + $str = preg_replace('##si', '[removed]', $str); } } - while($original != $str); + while($original !== $str); unset($original); @@ -424,7 +414,7 @@ class CI_Security { * So this: * Becomes: <blink> */ - $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss'; + $naughty = 'alert|prompt|confirm|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|math|video|svg|xml|xss'; $str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str); /* @@ -439,8 +429,11 @@ class CI_Security { * For example: eval('some code') * Becomes: eval('some code') */ - $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str); - + $str = preg_replace( + '#(alert|prompt|confirm|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', + '\\1\\2(\\3)', + $str + ); // Final clean up // This adds a bit of extra precaution in case @@ -459,7 +452,7 @@ class CI_Security { if ($is_image === TRUE) { - return ($str == $converted_string) ? TRUE: FALSE; + return ($str === $converted_string); } log_message('debug', "XSS Filtering completed"); @@ -503,14 +496,68 @@ class CI_Security { */ public function entity_decode($str, $charset='UTF-8') { - if (stristr($str, '&') === FALSE) + if (strpos($str, '&') === FALSE) { return $str; } - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); + static $_entities; + + isset($charset) OR $charset = strtoupper(config_item('charset')); + $flag = is_php('5.4') + ? ENT_COMPAT | ENT_HTML5 + : ENT_COMPAT; + + do + { + $str_compare = $str; + + // Decode standard entities, avoiding false positives + if ($c = preg_match_all('/&[a-z]{2,}(?![a-z;])/i', $str, $matches)) + { + if ( ! isset($_entities)) + { + $_entities = array_map( + 'strtolower', + is_php('5.3.4') + ? get_html_translation_table(HTML_ENTITIES, $flag, $charset) + : get_html_translation_table(HTML_ENTITIES, $flag) + ); + + // If we're not on PHP 5.4+, add the possibly dangerous HTML 5 + // entities to the array manually + if ($flag === ENT_COMPAT) + { + $_entities[':'] = ':'; + $_entities['('] = '('; + $_entities[')'] = '&rpar'; + $_entities["\n"] = '&newline;'; + $_entities["\t"] = '&tab;'; + } + } + + $replace = array(); + $matches = array_unique(array_map('strtolower', $matches[0])); + for ($i = 0; $i < $c; $i++) + { + if (($char = array_search($matches[$i].';', $_entities, TRUE)) !== FALSE) + { + $replace[$matches[$i]] = $char; + } + } + + $str = str_ireplace(array_keys($replace), array_values($replace), $str); + } + + // Decode numeric & UTF16 two byte entities + $str = html_entity_decode( + preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str), + $flag, + $charset + ); + } + while ($str_compare !== $str); + return $str; } // -------------------------------------------------------------------- @@ -525,37 +572,22 @@ class CI_Security { public function sanitize_filename($str, $relative_path = FALSE) { $bad = array( - "../", - "", - "<", - ">", - "'", - '"', - '&', - '$', - '#', - '{', - '}', - '[', - ']', - '=', - ';', - '?', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = + '../', '', '<', '>', + "'", '"', '&', '$', '#', + '{', '}', '[', ']', '=', + ';', '?', '%20', '%22', + '%3c', // < + '%253c', // < + '%3e', // > + '%0e', // > + '%28', // ( + '%29', // ) + '%2528', // ( + '%26', // & + '%24', // $ + '%3f', // ? + '%3b', // ; + '%3d' // = ); if ( ! $relative_path) @@ -565,7 +597,15 @@ class CI_Security { } $str = remove_invisible_characters($str, FALSE); - return stripslashes(str_replace($bad, '', $str)); + + do + { + $old = $str; + $str = str_replace($bad, '', $str); + } + while ($old !== $str); + + return stripslashes($str); } // ---------------------------------------------------------------- @@ -604,7 +644,7 @@ class CI_Security { protected function _remove_evil_attributes($str, $is_image) { // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns - $evil_attributes = array('(?]*)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/(?]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -641,7 +681,8 @@ class CI_Security { $str = preg_replace('/(<]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><]?)([><]*)/i', '$1$2 $4$6$7$8', $str, -1, $count); } - } while ($count); + } + while ($count); return $str; } @@ -658,14 +699,9 @@ class CI_Security { */ protected function _sanitize_naughty_html($matches) { - // encode opening brace - $str = '<'.$matches[1].$matches[2].$matches[3]; - - // encode captured opening or closing brace to prevent recursive vectors - $str .= str_replace(array('>', '<'), array('>', '<'), - $matches[4]); - - return $str; + return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace + // encode captured opening or closing brace to prevent recursive vectors: + .str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- @@ -686,7 +722,7 @@ class CI_Security { return str_replace( $match[1], preg_replace( - '#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -712,7 +748,7 @@ class CI_Security { return str_replace( $match[1], preg_replace( - '#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -772,52 +808,16 @@ class CI_Security { */ protected function _decode_entity($match) { - return $this->entity_decode($match[0], strtoupper(config_item('charset'))); - } + // Protect GET variables in URLs + // 901119URL5918AMP18930PROTECT8198 + $match = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-/]+)|i', $this->xss_hash().'\\1=\\2', $match[0]); - // -------------------------------------------------------------------- - - /** - * Validate URL entities - * - * Called by xss_clean() - * - * @param string - * @return string - */ - protected function _validate_entities($str) - { - /* - * Protect GET variables in URLs - */ - - // 901119URL5918AMP18930PROTECT8198 - - $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str); - - /* - * Validate standard character entities - * - * Add a semicolon if missing. We do this to enable - * the conversion of entities to ASCII later. - * - */ - $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str); - - /* - * Validate UTF16 two byte encoding (x00) - * - * Just as above, adds a semicolon if missing. - * - */ - $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i',"\\1\\2;",$str); - - /* - * Un-Protect GET variables in URLs - */ - $str = str_replace($this->xss_hash(), '&', $str); - - return $str; + // Decode, then un-protect URL GET vars + return str_replace( + $this->xss_hash(), + '&', + $this->entity_decode($match, strtoupper(config_item('charset'))) + ); } // ---------------------------------------------------------------------- @@ -872,4 +872,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ \ No newline at end of file diff --git a/src/system/core/URI.php b/src/system/core/URI.php index a2f3b23b..a66cd715 100644 --- a/src/system/core/URI.php +++ b/src/system/core/URI.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category URI - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/uri.html */ class CI_URI { diff --git a/src/system/core/Utf8.php b/src/system/core/Utf8.php index 1a5bee19..efb78ce1 100644 --- a/src/system/core/Utf8.php +++ b/src/system/core/Utf8.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category UTF-8 - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/utf8.html */ class CI_Utf8 { diff --git a/src/system/database/DB.php b/src/system/database/DB.php index d74738a0..bb3db3d1 100644 --- a/src/system/database/DB.php +++ b/src/system/database/DB.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -19,7 +20,7 @@ * Initialize the database * * @category Database - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/database/ * @param string * @param bool Determines if active record should be used or not diff --git a/src/system/database/DB_active_rec.php b/src/system/database/DB_active_rec.php index 85faa555..f4b796cc 100644 --- a/src/system/database/DB_active_rec.php +++ b/src/system/database/DB_active_rec.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Drivers * @category Database - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/database/ */ class CI_DB_active_record extends CI_DB_driver { diff --git a/src/system/database/DB_cache.php b/src/system/database/DB_cache.php index e6945950..4551c1e6 100644 --- a/src/system/database/DB_cache.php +++ b/src/system/database/DB_cache.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -19,7 +20,7 @@ * Database Cache Class * * @category Database - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/database/ */ class CI_DB_Cache { diff --git a/src/system/database/DB_driver.php b/src/system/database/DB_driver.php index c342aacb..b6c1e34b 100644 --- a/src/system/database/DB_driver.php +++ b/src/system/database/DB_driver.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -25,7 +26,7 @@ * @package CodeIgniter * @subpackage Drivers * @category Database - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/database/ */ class CI_DB_driver { diff --git a/src/system/database/DB_forge.php b/src/system/database/DB_forge.php index b92069bb..cf63ee1e 100644 --- a/src/system/database/DB_forge.php +++ b/src/system/database/DB_forge.php @@ -1,12 +1,13 @@ userdata['last_activity'] + $this->sess_time_to_update) >= $this->now) + if ($this->CI->input->is_ajax_request() OR ($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now) { return; } diff --git a/src/system/libraries/Sha1.php b/src/system/libraries/Sha1.php index 33778f96..2aedbf3d 100644 --- a/src/system/libraries/Sha1.php +++ b/src/system/libraries/Sha1.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -39,7 +40,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Encryption - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/general/encryption.html */ class CI_SHA1 { diff --git a/src/system/libraries/Table.php b/src/system/libraries/Table.php index a2353d1e..e980d62e 100644 --- a/src/system/libraries/Table.php +++ b/src/system/libraries/Table.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.3.1 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category HTML Tables - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/uri.html */ class CI_Table { diff --git a/src/system/libraries/Trackback.php b/src/system/libraries/Trackback.php index 898553cd..2e01581a 100644 --- a/src/system/libraries/Trackback.php +++ b/src/system/libraries/Trackback.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Trackbacks - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/trackback.html */ class CI_Trackback { diff --git a/src/system/libraries/Typography.php b/src/system/libraries/Typography.php index b30582d8..cdac5c9d 100644 --- a/src/system/libraries/Typography.php +++ b/src/system/libraries/Typography.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -18,10 +19,8 @@ /** * Typography Class * - * - * @access private * @category Helpers - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/helpers/ */ class CI_Typography { diff --git a/src/system/libraries/Unit_test.php b/src/system/libraries/Unit_test.php index b8919e1e..07dc5083 100644 --- a/src/system/libraries/Unit_test.php +++ b/src/system/libraries/Unit_test.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.3.1 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category UnitTesting - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/uri.html */ class CI_Unit_test { diff --git a/src/system/libraries/Upload.php b/src/system/libraries/Upload.php index c188c39b..02abe2aa 100644 --- a/src/system/libraries/Upload.php +++ b/src/system/libraries/Upload.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -21,7 +22,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Uploads - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/file_uploading.html */ class CI_Upload { @@ -256,7 +257,8 @@ class CI_Upload { } // Sanitize the file name for security - $this->file_name = $this->clean_file_name($this->file_name); + $CI =& get_instance(); + $this->file_name = $CI->security->sanitize_filename($this->file_name); // Truncate the file name if it's too long if ($this->max_filename > 0) @@ -745,43 +747,14 @@ class CI_Upload { /** * Clean the file name for security * - * @param string + * @deprecated 2.2.1 Alias for CI_Security::sanitize_filename() + * @param string $filename * @return string */ public function clean_file_name($filename) { - $bad = array( - "", - "'", - "<", - ">", - '"', - '&', - '$', - '=', - ';', - '?', - '/', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = - ); - - $filename = str_replace($bad, '', $filename); - - return stripslashes($filename); + $CI =& get_instance(); + return $CI->security->sanitize_filename($filename); } // -------------------------------------------------------------------- @@ -1052,7 +1025,7 @@ class CI_Upload { /* This is an ugly hack, but UNIX-type systems provide a "native" way to detect the file type, * which is still more secure than depending on the value of $_FILES[$field]['type'], and as it - * was reported in issue #750 (https://github.com/EllisLab/CodeIgniter/issues/750) - it's better + * was reported in issue #750 (https://github.com/bcit-ci/CodeIgniter/issues/750) - it's better * than mime_content_type() as well, hence the attempts to try calling the command line with * three different functions. * diff --git a/src/system/libraries/User_agent.php b/src/system/libraries/User_agent.php index 9b0d8713..6d5001f7 100644 --- a/src/system/libraries/User_agent.php +++ b/src/system/libraries/User_agent.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -23,7 +24,7 @@ * @package CodeIgniter * @subpackage Libraries * @category User Agent - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/user_agent.html */ class CI_User_agent { diff --git a/src/system/libraries/Xmlrpc.php b/src/system/libraries/Xmlrpc.php index f0f53cef..08ef690d 100644 --- a/src/system/libraries/Xmlrpc.php +++ b/src/system/libraries/Xmlrpc.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -27,7 +28,7 @@ if ( ! function_exists('xml_parser_create')) * @package CodeIgniter * @subpackage Libraries * @category XML-RPC - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/xmlrpc.html */ class CI_Xmlrpc { diff --git a/src/system/libraries/Xmlrpcs.php b/src/system/libraries/Xmlrpcs.php index d9d53c8a..23a9045c 100644 --- a/src/system/libraries/Xmlrpcs.php +++ b/src/system/libraries/Xmlrpcs.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -31,7 +32,7 @@ if ( ! class_exists('CI_Xmlrpc')) * @package CodeIgniter * @subpackage Libraries * @category XML-RPC - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/xmlrpc.html */ class CI_Xmlrpcs extends CI_Xmlrpc diff --git a/src/system/libraries/Zip.php b/src/system/libraries/Zip.php index ffff3f34..a1bb2e8f 100644 --- a/src/system/libraries/Zip.php +++ b/src/system/libraries/Zip.php @@ -5,8 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -27,7 +28,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Encryption - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/zip.html */ class CI_Zip { diff --git a/src/system/libraries/javascript/Jquery.php b/src/system/libraries/javascript/Jquery.php index 48d8b3e5..af536036 100644 --- a/src/system/libraries/javascript/Jquery.php +++ b/src/system/libraries/javascript/Jquery.php @@ -6,8 +6,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://www.codeigniter.com/user_guide/license.html * @link http://www.codeigniter.com * @since Version 1.0 @@ -19,7 +20,7 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @category Loader * @link http://www.codeigniter.com/user_guide/libraries/javascript.html */