1. volftomas
  2. CodeIgniter Reactor

Commits

admin  committed 2bb8ec7

  • Participants
  • Parent commits fe40369
  • Branches default

Comments (0)

Files changed (9)

File system/application/config/config.php

View file
  • Ignore whitespace
 
 /*
 |--------------------------------------------------------------------------
+| Allowed URL Characters
+|--------------------------------------------------------------------------
+|
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
+|
+| As a security measure you are STRONGLY encouraged to restrict URLs to
+| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
+|
+| Leave blank to allow all characters -- but only if you are insane.
+| 
+| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
+|
+*/
+$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-';
+
+
+/*
+|--------------------------------------------------------------------------
 | Enable Query Strings
 |--------------------------------------------------------------------------
 |

File system/drivers/DB_mssql.php

View file
  • Ignore whitespace
 	 */
 	function escape_str($str)	
 	{	
-		// MS SQL doesn't require escaping
-		return $str;
+		// Escape single quotes
+		return str_replace("'", "''", $str);
 	}
 	
 	// --------------------------------------------------------------------

File system/drivers/DB_mysqli.php

View file
  • Ignore whitespace
 	function execute($sql)
 	{
 		$sql = $this->_prep_query($sql);	
-		return @mysqli_query($this->conn_id, $sql);
+		$result = @mysqli_query($this->conn_id, $sql);
+		mysqli_next_result($this->conn_id);
+		return $result;
 	}
 	
 	// --------------------------------------------------------------------

File system/libraries/Config.php

View file
  • Ignore whitespace
 	 *
 	 * @access	public
 	 * @param	string	the config file name
-	 * @return	void
+	 * @return	boolean	if the file was loaded correctly
 	 */	
 	function load($file = '')
 	{
 	
 		if (in_array($file, $this->is_loaded))
 		{                
-			return;
+			return TRUE;
 		}
 	
 		include_once(APPPATH.'config/'.$file.EXT);
 		unset($config);
 
 		log_message('debug', 'Config file loaded: config/'.$file.EXT);
+		return TRUE;
 	}
   	// END load()
   	

File system/libraries/Router.php

View file
  • Ignore whitespace
 	 */	
 	function _filter_uri($str)
 	{
-		 if ( ! preg_match("/^[a-z0-9~\s\%\.:_-]+$/i", $str))
-		 { 
-			exit('The URI you submitted has disallowed characters: '.$str);
-		 }
-		 
-		 return $str;
+		if ($this->config->item('permitted_uri_chars') != '')
+		{
+			if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", $str))
+			{ 
+				exit('The URI you submitted has disallowed characters: '.$str);
+			}
+		}	
+			return $str;
 	}
 	// END _filter_uri()
 	

File user_guide/general/changelog.html

View file
  • Ignore whitespace
 <li>Added the ability to <a href="core_classes.html">replace core system classes</a> with your own classes.</li>
 <li>Added support for % character in URL.</li>
 <li>Added the ability to supply full URLs using the <dfn>anchor()</dfn> helper function.</li>
-<li>Moved the MIME type array out of the Upload class and into its own file in the applications/comfig/ folder.</li>
+<li>Moved the list of "allowed URI characters" out of the Router class and into the config file.</li>
+<li>Moved the MIME type array out of the Upload class and into its own file in the applications/config/ folder.</li>
 <li>Updated the URI Protocol code to allow more options so that URLs will work more reliably in different environments.</li>
 <li>Updated the <dfn>form_open()</dfn> helper to allow the GET method to be used.</li>
+<li>Updated the MySQLi <dfn>execute()</dfn> function with some code to help prevent lost connection errors.</li>
+<li>Updated the Models loader function to allow multiple loads of the same model.</li>
+<li>Updated the MS SQL driver so that single quotes are escaped.</li>
 <li>Removed a strtolower() call that was changing URL segments to lower case.</li>
 <li>Removed some references that were interfering with PHP 4.4.1 compatibility.</li>
 <li>Removed backticks from Postgre class since these are not needed.</li>
-<li>Deprecated the hash() function due to a naming conflict with a native PHP function with the same name.  Please use dohash() instead.</li>
-<li>Fixed an issue when removing GET variables.</li>
-<li>Fixed <a href="http://www.codeigniter.com/forums/viewthread/773/">this</a> router bug.</li>
+<li>Deprecated the hash() function due to a naming conflict with a native PHP function with the same name.  Please use <kbd>dohash()</kbd> instead.</li>
+<li>Fixed an bug that was preventing the input class from unsetting GET variables.</li>
+<li>Fixed a router bug that was making it too greedy when matching end segments.</li>
 <li>Fixed a bug that was preventing multiple discreet database calls.</li>
 <li>Fixed a bug in which loading a language file was producing a "file contains no data" message.</li>
 <li>Fixed a session bug caused by the XSS Filtering feature inadvertently changing the case of certain words.</li>

File user_guide/general/controllers.html

View file
  • Ignore whitespace
 
 <p>Simply create folders within your <dfn>application/controllers</dfn> directory and place your controller classes within them.</p>
 
-<p><strong>Note:</strong>&nbsp; When using this feature the first segment or your URI must specify the folder.  For example, lets say you have a controller
+<p><strong>Note:</strong>&nbsp; When using this feature the first segment of your URI must specify the folder.  For example, lets say you have a controller
 located here:</p>
 
 <code>application/controllers/<kbd>products</kbd>/shoes.php</code>

File user_guide/general/core_classes.html

View file
  • Ignore whitespace
 
 <p>Every time Code Igniter runs there are several base classes that are initialized automatically as part of the core framework.
 It is possible, however, to swap any of the core system classes with your own versions.&nbsp;  <strong>Most users will never have any need to do this,
-but the option to replace them does exist for those that would like to significantly alter the Code Igniter core.</strong>
+but the option to replace them does exist for those who would like to significantly alter the Code Igniter core.</strong>
 </p>
 
 <p class="important"><strong>Note:</strong>&nbsp; Replacing a core system class with your own version has a lot of implications, so make sure you 

File user_guide/installation/upgrade_140.html

View file
  • Ignore whitespace
 </ul>
 
 
-<h2>Step 4: Update your user guide</h2>
+<h2>Step 2: Update your config.php file</h2>
+
+<p>Open your <dfn>application/config/config.php</dfn> file and add these new items:</p>
+
+<pre>
+/*
+|--------------------------------------------------------------------------
+| Allowed URL Characters
+|--------------------------------------------------------------------------
+|
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
+|
+| As a security measure you are STRONGLY encouraged to restrict URLs to
+| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
+|
+| Leave blank to allow all characters -- but only if you are insane.
+| 
+| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
+|
+*/
+$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-';
+</pre>
+
+
+<h2>Step 3: Update your user guide</h2>
 
 <p>Please also replace your local copy of the user guide with the new version.</p>