Update CodeIgniter 3.1.9

domProjects · domProjects · commit 425886df00dc · 2018-06-16T09:58:51.000+02:00
diff --git a/README.md b/README.md
@@ -43,7 +43,7 @@ It should work on 5.4.8 as well, but we strongly advise you NOT to run such old
 ## Dependencies
 | NAME | VERSION | WEB | REPO |
 | :--- | :---: | :---: | :---: |
-| CodeIgniter | 3.1.8 | [Website](https://codeigniter.com) | [Github](https://github.com/bcit-ci/CodeIgniter/)
+| CodeIgniter | 3.1.9 | [Website](https://codeigniter.com) | [Github](https://github.com/bcit-ci/CodeIgniter/)
 | AdminLTE | 2.3.11 | [Website](https://adminlte.io) | [Github](https://github.com/almasaeed2010/AdminLTE/)
 | Bootstrap | 3.3.7 | [Website](https://getbootstrap.com/docs/3.3) | [Github](https://github.com/twbs/bootstrap)
 | Ion Auth | 2.6.0 | [Website](http://benedmunds.com/ion_auth) | [Github](https://github.com/benedmunds/CodeIgniter-Ion-Auth)
diff --git a/application/config/mimes.php b/application/config/mimes.php
@@ -77,6 +77,14 @@
 	'jpeg'	=>	array('image/jpeg', 'image/pjpeg'),
 	'jpg'	=>	array('image/jpeg', 'image/pjpeg'),
 	'jpe'	=>	array('image/jpeg', 'image/pjpeg'),
+	'jp2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'j2k'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpf'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpg2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpx'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpm'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'mj2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'mjp2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
 	'png'	=>	array('image/png',  'image/x-png'),
 	'tiff'	=>	'image/tiff',
 	'tif'	=>	'image/tiff',
@@ -129,7 +137,8 @@
 	'3gp'   =>	array('video/3gp', 'video/3gpp'),
 	'mp4'   =>	'video/mp4',
 	'm4a'   =>	'audio/x-m4a',
-	'f4v'   =>	'video/mp4',
+	'f4v'   =>	array('video/mp4', 'video/x-f4v'),
+	'flv'	=>	'video/x-flv',
 	'webm'	=>	'video/webm',
 	'aac'   =>	'audio/x-acc',
 	'm4u'   =>	'application/vnd.mpegurl',
@@ -140,19 +149,36 @@
 	'au'    =>	'audio/x-au',
 	'ac3'   =>	'audio/ac3',
 	'flac'  =>	'audio/x-flac',
-	'ogg'   =>	'audio/ogg',
+	'ogg'   =>	array('audio/ogg', 'video/ogg', 'application/ogg'),
 	'kmz'	=>	array('application/vnd.google-earth.kmz', 'application/zip', 'application/x-zip'),
 	'kml'	=>	array('application/vnd.google-earth.kml+xml', 'application/xml', 'text/xml'),
 	'ics'	=>	'text/calendar',
 	'ical'	=>	'text/calendar',
 	'zsh'	=>	'text/x-scriptzsh',
-	'7zip'	=>	array('application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
+	'7z'	=>	array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
+	'7zip'	=>	array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
 	'cdr'	=>	array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'),
 	'wma'	=>	array('audio/x-ms-wma', 'video/x-ms-asf'),
 	'jar'	=>	array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'),
 	'svg'	=>	array('image/svg+xml', 'application/xml', 'text/xml'),
 	'vcf'	=>	'text/x-vcard',
 	'srt'	=>	array('text/srt', 'text/plain'),
 	'vtt'	=>	array('text/vtt', 'text/plain'),
-	'ico'	=>	array('image/x-icon', 'image/x-ico', 'image/vnd.microsoft.icon')
+	'ico'	=>	array('image/x-icon', 'image/x-ico', 'image/vnd.microsoft.icon'),
+	'odc'	=>	'application/vnd.oasis.opendocument.chart',
+	'otc'	=>	'application/vnd.oasis.opendocument.chart-template',
+	'odf'	=>	'application/vnd.oasis.opendocument.formula',
+	'otf'	=>	'application/vnd.oasis.opendocument.formula-template',
+	'odg'	=>	'application/vnd.oasis.opendocument.graphics',
+	'otg'	=>	'application/vnd.oasis.opendocument.graphics-template',
+	'odi'	=>	'application/vnd.oasis.opendocument.image',
+	'oti'	=>	'application/vnd.oasis.opendocument.image-template',
+	'odp'	=>	'application/vnd.oasis.opendocument.presentation',
+	'otp'	=>	'application/vnd.oasis.opendocument.presentation-template',
+	'ods'	=>	'application/vnd.oasis.opendocument.spreadsheet',
+	'ots'	=>	'application/vnd.oasis.opendocument.spreadsheet-template',
+	'odt'	=>	'application/vnd.oasis.opendocument.text',
+	'odm'	=>	'application/vnd.oasis.opendocument.text-master',
+	'ott'	=>	'application/vnd.oasis.opendocument.text-template',
+	'oth'	=>	'application/vnd.oasis.opendocument.text-web'
 );
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@
  * @var	string
  *
  */
-	const CI_VERSION = '3.1.8';
+	const CI_VERSION = '3.1.9';
 
 /*
  * ------------------------------------------------------
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
@@ -1528,7 +1528,7 @@ protected function _update($table, $values)
 		return 'UPDATE '.$table.' SET '.implode(', ', $valstr)
 			.$this->_compile_wh('qb_where')
 			.$this->_compile_order_by()
-			.($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+			.($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
 	}
 
 	// --------------------------------------------------------------------
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
@@ -970,7 +970,7 @@ protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $n
 					$v = "'{$v}'";
 					break;
 				case 'before':
-					$v = "%'{$v}'";
+					$v = "'%{$v}'";
 					break;
 				case 'after':
 					$v = "'{$v}%'";
@@ -987,7 +987,7 @@ protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $n
 				$v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
 			}
 
-			$qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape);
+			$qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape);
 			$this->qb_where[] = $qb_where;
 			if ($this->qb_caching === TRUE)
 			{
@@ -2215,7 +2215,7 @@ public function delete($table = '', $where = '', $limit = NULL, $reset_data = TR
 	protected function _delete($table)
 	{
 		return 'DELETE FROM '.$table.$this->_compile_wh('qb_where')
-			.($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+			.($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
 	}
 
 	// --------------------------------------------------------------------
@@ -2365,7 +2365,7 @@ protected function _compile_select($select_override = FALSE)
 			.$this->_compile_order_by(); // ORDER BY
 
 		// LIMIT
-		if ($this->qb_limit OR $this->qb_offset)
+		if ($this->qb_limit !== FALSE OR $this->qb_offset)
 		{
 			return $this->_limit($sql."\n");
 		}
diff --git a/system/helpers/html_helper.php b/system/helpers/html_helper.php
@@ -200,7 +200,7 @@ function img($src = '', $index_page = FALSE, $attributes = '')
 				}
 				else
 				{
-					$img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"';
+					$img .= ' src="'.get_instance()->config->base_url($v).'"';
 				}
 			}
 			else
@@ -292,7 +292,7 @@ function link_tag($href = '', $rel = 'stylesheet', $type = 'text/css', $title =
 					}
 					else
 					{
-						$link .= 'href="'.$CI->config->slash_item('base_url').$v.'" ';
+						$link .= 'href="'.$CI->config->base_url($v).'" ';
 					}
 				}
 				else
@@ -313,7 +313,7 @@ function link_tag($href = '', $rel = 'stylesheet', $type = 'text/css', $title =
 			}
 			else
 			{
-				$link .= 'href="'.$CI->config->slash_item('base_url').$href.'" ';
+				$link .= 'href="'.$CI->config->base_url($href).'" ';
 			}
 
 			$link .= 'rel="'.$rel.'" type="'.$type.'" ';
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
@@ -396,7 +396,7 @@ function auto_link($str, $type = 'both', $popup = FALSE)
 		if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
 		{
 			// Set our target HTML if using popup links.
-			$target = ($popup) ? ' target="_blank"' : '';
+			$target = ($popup) ? ' target="_blank" rel="noopener"' : '';
 
 			// We process the links in reverse order (last -> first) so that
 			// the returned string offsets from preg_match_all() are not
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
@@ -1038,7 +1038,11 @@ public function valid_email($email)
 			$domain = defined('INTL_IDNA_VARIANT_UTS46')
 				? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
 				: idn_to_ascii($domain);
-			$email = $account.'@'.$domain;
+
+			if ($domain !== FALSE)
+			{
+				$email = $account.'@'.$domain;
+			}
 		}
 
 		return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
@@ -1859,7 +1863,11 @@ protected function _validate_email_for_shell(&$email)
 			$domain = defined('INTL_IDNA_VARIANT_UTS46')
 				? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
 				: idn_to_ascii($domain);
-			$email = $account.'@'.$domain;
+
+			if ($domain !== FALSE)
+			{
+				$email = $account.'@'.$domain;
+			}
 		}
 
 		return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email));
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
@@ -1234,7 +1234,11 @@ public function valid_email($str)
 			$domain = defined('INTL_IDNA_VARIANT_UTS46')
 				? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46)
 				: idn_to_ascii($matches[2]);
-			$str = $matches[1].'@'.$domain;
+
+			if ($domain !== FALSE)
+			{
+				$str = $matches[1].'@'.$domain;
+			}
 		}
 
 		return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
@@ -604,7 +604,7 @@ public function get_temp_keys()
 	// ------------------------------------------------------------------------
 
 	/**
-	 * Unmark flash
+	 * Unmark temp
 	 *
 	 * @param	mixed	$key	Session data key(s)
 	 * @return	void
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
@@ -112,6 +112,23 @@ public function __construct(&$params)
 
 	// ------------------------------------------------------------------------
 
+	/**
+	 * PHP 5.x validate ID
+	 *
+	 * Enforces session.use_strict_mode on PHP 5.x (7+ does it by itself)
+	 *
+	 * @return	void
+	 */
+	public function php5_validate_id()
+	{
+		if (PHP_VERSION_ID < 70000 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']]))
+		{
+			unset($_COOKIE[$this->_config['cookie_name']]);
+		}
+	}
+
+	// ------------------------------------------------------------------------
+
 	/**
 	 * Cookie destroy
 	 *
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
@@ -133,6 +133,8 @@ public function open($save_path, $name)
 			return $this->_fail();
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -340,6 +342,30 @@ public function gc($maxlifetime)
 			: $this->_fail();
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		// Prevent previous QB calls from messing with our queries
+		$this->_db->reset_query();
+
+		$this->_db->select('1')->from($this->_config['save_path'])->where('id', $id);
+		empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+		$result = $this->_db->get();
+		empty($result) OR $result = $result->row();
+
+		return ! empty($result);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
@@ -148,6 +148,8 @@ public function open($save_path, $name)
 			.$name // we'll use the session cookie name as a prefix to avoid collisions
 			.($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -391,6 +393,22 @@ public function gc($maxlifetime)
 
 	// --------------------------------------------------------------------
 
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		return is_file($this->_file_path.$id);
+	}
+
+	// --------------------------------------------------------------------
+
 	/**
 	 * Byte-safe strlen()
 	 *
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -145,6 +145,8 @@ public function open($save_path, $name)
 			return $this->_fail();
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -290,6 +292,23 @@ public function gc($maxlifetime)
 		return $this->_success;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		$this->_memcached-get($this->_key_prefix.$id);
+		return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -153,6 +153,8 @@ public function open($save_path, $name)
 			return $this->_success;
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_fail();
 	}
 
@@ -310,6 +312,22 @@ public function gc($maxlifetime)
 		return $this->_success;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		return (bool) $this->_redis->exists($this->_key_prefix.$id);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@`
`55`	`55`	`* @var string`
`56`	`56`	`*`
`57`	`57`	`*/`
`58`		`- const CI_VERSION = '3.1.8';`
	`58`	`+ const CI_VERSION = '3.1.9';`
`59`	`59`
`60`	`60`	`/*`
`61`	`61`	`* ------------------------------------------------------`
Original file line number	Diff line number	Diff line change
`@@ -1528,7 +1528,7 @@ protected function _update($table, $values)`
`1528`	`1528`	`return 'UPDATE '.$table.' SET '.implode(', ', $valstr)`
`1529`	`1529`	`.$this->_compile_wh('qb_where')`
`1530`	`1530`	`.$this->_compile_order_by()`
`1531`		`- .($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');`
	`1531`	`+ .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');`
`1532`	`1532`	`}`
`1533`	`1533`
`1534`	`1534`	`// --------------------------------------------------------------------`
Original file line number	Diff line number	Diff line change
`@@ -970,7 +970,7 @@ protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $n`
`970`	`970`	`$v = "'{$v}'";`
`971`	`971`	`break;`
`972`	`972`	`case 'before':`
`973`		`- $v = "%'{$v}'";`
	`973`	`+ $v = "'%{$v}'";`
`974`	`974`	`break;`
`975`	`975`	`case 'after':`
`976`	`976`	`$v = "'{$v}%'";`
`@@ -987,7 +987,7 @@ protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $n`
`987`	`987`	`$v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);`
`988`	`988`	`}`
`989`	`989`
`990`		`- $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape);`
	`990`	`+ $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape);`
`991`	`991`	`$this->qb_where[] = $qb_where;`
`992`	`992`	`if ($this->qb_caching === TRUE)`
`993`	`993`	`{`
`@@ -2215,7 +2215,7 @@ public function delete($table = '', $where = '', $limit = NULL, $reset_data = TR`
`2215`	`2215`	`protected function _delete($table)`
`2216`	`2216`	`{`
`2217`	`2217`	`return 'DELETE FROM '.$table.$this->_compile_wh('qb_where')`
`2218`		`- .($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');`
	`2218`	`+ .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');`
`2219`	`2219`	`}`
`2220`	`2220`
`2221`	`2221`	`// --------------------------------------------------------------------`
`@@ -2365,7 +2365,7 @@ protected function _compile_select($select_override = FALSE)`
`2365`	`2365`	`.$this->_compile_order_by(); // ORDER BY`
`2366`	`2366`
`2367`	`2367`	`// LIMIT`
`2368`		`- if ($this->qb_limit OR $this->qb_offset)`
	`2368`	`+ if ($this->qb_limit !== FALSE OR $this->qb_offset)`
`2369`	`2369`	`{`
`2370`	`2370`	`return $this->_limit($sql."\n");`
`2371`	`2371`	`}`
Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,7 @@ function img($src = '', $index_page = FALSE, $attributes = '')`
`200`	`200`	`}`
`201`	`201`	`else`
`202`	`202`	`{`
`203`		`- $img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"';`
	`203`	`+ $img .= ' src="'.get_instance()->config->base_url($v).'"';`
`204`	`204`	`}`
`205`	`205`	`}`
`206`	`206`	`else`
`@@ -292,7 +292,7 @@ function link_tag($href = '', $rel = 'stylesheet', $type = 'text/css', $title =`
`292`	`292`	`}`
`293`	`293`	`else`
`294`	`294`	`{`
`295`		`- $link .= 'href="'.$CI->config->slash_item('base_url').$v.'" ';`
	`295`	`+ $link .= 'href="'.$CI->config->base_url($v).'" ';`
`296`	`296`	`}`
`297`	`297`	`}`
`298`	`298`	`else`
`@@ -313,7 +313,7 @@ function link_tag($href = '', $rel = 'stylesheet', $type = 'text/css', $title =`
`313`	`313`	`}`
`314`	`314`	`else`
`315`	`315`	`{`
`316`		`- $link .= 'href="'.$CI->config->slash_item('base_url').$href.'" ';`
	`316`	`+ $link .= 'href="'.$CI->config->base_url($href).'" ';`
`317`	`317`	`}`
`318`	`318`
`319`	`319`	`$link .= 'rel="'.$rel.'" type="'.$type.'" ';`
Original file line number	Diff line number	Diff line change
`@@ -396,7 +396,7 @@ function auto_link($str, $type = 'both', $popup = FALSE)`
`396`	`396`	`if ($type !== 'email' && preg_match_all('#(\w://\|www\.)[a-z0-9]+(-+[a-z0-9]+)(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE \| PREG_SET_ORDER))`
`397`	`397`	`{`
`398`	`398`	`// Set our target HTML if using popup links.`
`399`		`- $target = ($popup) ? ' target="_blank"' : '';`
	`399`	`+ $target = ($popup) ? ' target="_blank" rel="noopener"' : '';`
`400`	`400`
`401`	`401`	`// We process the links in reverse order (last -> first) so that`
`402`	`402`	`// the returned string offsets from preg_match_all() are not`
Original file line number	Diff line number	Diff line change
`@@ -604,7 +604,7 @@ public function get_temp_keys()`
`604`	`604`	`// ------------------------------------------------------------------------`
`605`	`605`
`606`	`606`	`/**`
`607`		`- * Unmark flash`
	`607`	`+ * Unmark temp`
`608`	`608`	`*`
`609`	`609`	`* @param mixed $key Session data key(s)`
`610`	`610`	`* @return void`