[Filebin-general] [PATCH 3/3] Update CodeIgniter to version 2.1.4

Pierre Schmitz pierre at archlinux.de
Sun Sep 22 10:26:12 CEST 2013


Signed-off-by: Pierre Schmitz <pierre at archlinux.de>
---
 system/core/CodeIgniter.php       |  2 +-
 system/core/Security.php          | 13 ++++++-------
 system/database/DB_active_rec.php |  2 +-
 system/libraries/Email.php        |  2 +-
 system/libraries/Migration.php    |  2 +-
 5 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index c16c79c..e0819c8 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -33,7 +33,7 @@
  * @var string
  *
  */
-	define('CI_VERSION', '2.1.3');
+	define('CI_VERSION', '2.1.4');
 
 /**
  * CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
diff --git a/system/core/Security.php b/system/core/Security.php
index 00089d7..b0d39b9 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -619,17 +619,16 @@ class CI_Security {
 			$count = 0;
 			$attribs = array();
 
-			// find occurrences of illegal attribute strings without quotes
-			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
+			// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
+			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
 
 			foreach ($matches as $attr)
 			{
-
 				$attribs[] = preg_quote($attr[0], '/');
 			}
 
-			// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
-			preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is",  $str, $matches, PREG_SET_ORDER);
+			// find occurrences of illegal attribute strings without quotes
+			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
 
 			foreach ($matches as $attr)
 			{
@@ -639,7 +638,7 @@ class CI_Security {
 			// replace illegal attribute strings that are inside an html tag
 			if (count($attribs) > 0)
 			{
-				$str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
+				$str = preg_replace('/(<?)(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><]?)([><]*)/i', '$1$2 $4$6$7$8', $str, -1, $count);
 			}
 
 		} while ($count);
@@ -873,4 +872,4 @@ class CI_Security {
 }
 
 /* End of file Security.php */
-/* Location: ./system/libraries/Security.php */
\ No newline at end of file
+/* Location: ./system/libraries/Security.php */
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php
index 841ede2..4f3c463 100644
--- a/system/database/DB_active_rec.php
+++ b/system/database/DB_active_rec.php
@@ -1404,7 +1404,7 @@ class CI_DB_active_record extends CI_DB_driver {
 				}
 				else
 				{
-					$not[] = $k.'-'.$v;
+					$not[] = $k2.'-'.$v2;
 				}
 
 				if ($escape === FALSE)
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 9ec40af..d01d5c1 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1954,7 +1954,7 @@ class CI_Email {
 			}
 		}
 
-		$msg .= "<pre>".$this->_header_str."\n".htmlspecialchars($this->_subject)."\n".htmlspecialchars($this->_finalbody).'</pre>';
+		$msg .= "<pre>".htmlspecialchars($this->_header_str)."\n".htmlspecialchars($this->_subject)."\n".htmlspecialchars($this->_finalbody).'</pre>';
 		return $msg;
 	}
 
diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php
index df2dd7c..ffa640b 100644
--- a/system/libraries/Migration.php
+++ b/system/libraries/Migration.php
@@ -220,7 +220,7 @@ class CI_Migration {
 	{
 		if ( ! $migrations = $this->find_migrations())
 		{
-			$this->_error_string = $this->line->lang('migration_none_found');
+			$this->_error_string = $this->lang->line('migration_none_found');
 			return false;
 		}
 
-- 
1.8.4


More information about the Filebin-general mailing list