Merge branch '3.0-stable' into develop

narfbg · narfbg · commit 788fb4aa8231 · 2015-12-14T16:42:29.000+02:00
diff --git a/system/core/Security.php b/system/core/Security.php
@@ -593,6 +593,22 @@ public function get_random_bytes($length)
 			return FALSE;
 		}
 
+		if (function_exists('random_bytes'))
+		{
+			try
+			{
+				// The cast is required to avoid TypeError
+				return random_bytes((int) $length);
+			}
+			catch (Exception $e)
+			{
+				// If random_bytes() can't do the job, we can't either ...
+				// There's no point in using fallbacks.
+				log_message('error', $e->getMessage());
+				return FALSE;
+			}
+		}
+
 		// Unfortunately, none of the following PRNGs is guaranteed to exist ...
 		if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE)
 		{
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
@@ -498,6 +498,18 @@ public function db_select()
 
 	// --------------------------------------------------------------------
 
+	/**
+	 * Last error
+	 *
+	 * @return	array
+	 */
+	public function error()
+	{
+		return array('code' => NULL, 'message' => NULL);
+	}
+
+	// --------------------------------------------------------------------
+
 	/**
 	 * Set client character set
 	 *
diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php
@@ -780,10 +780,6 @@ protected function _process_fields($create_table = FALSE)
 					case 'ENUM':
 					case 'SET':
 						$attributes['CONSTRAINT'] = $this->db->escape($attributes['CONSTRAINT']);
-						$field['length'] = is_array($attributes['CONSTRAINT'])
-							? "('".implode("','", $attributes['CONSTRAINT'])."')"
-							: '('.$attributes['CONSTRAINT'].')';
-						break;
 					default:
 						$field['length'] = is_array($attributes['CONSTRAINT'])
 							? '('.implode(',', $attributes['CONSTRAINT']).')'
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
@@ -1379,7 +1379,7 @@ public function count_all_results($table = '', $reset = TRUE)
 			$this->from($table);
 		}
 
-		$result = ($this->qb_distinct === TRUE)
+		$result = ($this->qb_distinct === TRUE OR ! empty($this->qb_orderby))
 			? $this->query($this->_count_string.$this->protect_identifiers('numrows')."\nFROM (\n".$this->_compile_select()."\n) CI_count_all_results")
 			: $this->query($this->_compile_select($this->_count_string.$this->protect_identifiers('numrows')));
 
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
@@ -267,7 +267,7 @@ protected function _db_set_charset($charset)
 	 */
 	protected function _version()
 	{
-		return 'SELECT @@VERSION AS ver';
+		return "SELECT SERVERPROPERTY('ProductVersion') AS ver";
 	}
 
 	// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
@@ -252,12 +252,16 @@ public function version()
 			return $this->data_cache['version'];
 		}
 
-		if ( ! $this->conn_id OR ($version = oci_server_version($this->conn_id)) === FALSE)
+		if ( ! $this->conn_id OR ($version_string = oci_server_version($this->conn_id)) === FALSE)
 		{
 			return FALSE;
 		}
+		elseif (preg_match('#Release\s(\d+(?:\.\d+)+)#', $version_string, $match))
+		{
+			return $this->data_cache['version'] = $match[1];
+		}
 
-		return $this->data_cache['version'] = $version;
+		return FALSE;
 	}
 
 	// --------------------------------------------------------------------
diff --git a/system/database/drivers/pdo/subdrivers/pdo_oci_driver.php b/system/database/drivers/pdo/subdrivers/pdo_oci_driver.php
@@ -129,6 +129,29 @@ public function __construct($params)
 
 	// --------------------------------------------------------------------
 
+	/**
+	 * Database version number
+	 *
+	 * @return	string
+	 */
+	public function version()
+	{
+		if (isset($this->data_cache['version']))
+		{
+			return $this->data_cache['version'];
+		}
+
+		$version_string = parent::version();
+		if (preg_match('#Release\s(?<version>\d+(?:\.\d+)+)#', $version_string, $match))
+		{
+			return $this->data_cache['version'] = $match[1];
+		}
+
+		return FALSE;
+	}
+
+	// --------------------------------------------------------------------
+
 	/**
 	 * Show table query
 	 *
diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php
@@ -171,7 +171,8 @@ function create_captcha($data = '', $img_path = '', $img_url = '', $font_path =
 				$byte_index = $word_index = 0;
 				while ($word_index < $word_length)
 				{
-					if (($rand_index = unpack('C', $bytes[$byte_index++])) > $rand_max)
+					list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
+					if ($rand_index > $rand_max)
 					{
 						// Was this the last byte we have?
 						// If so, try to fetch more.
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
@@ -769,12 +769,11 @@ function set_checkbox($field, $value = '', $default = FALSE)
 		{
 			return $CI->form_validation->set_checkbox($field, $value, $default);
 		}
-		elseif (($input = $CI->input->post($field, FALSE)) === NULL)
-		{
-			return ($default === TRUE) ? ' checked="checked"' : '';
-		}
 
+		// Form inputs are always strings ...
 		$value = (string) $value;
+		$input = $CI->input->post($field, FALSE);
+
 		if (is_array($input))
 		{
 			// Note: in_array('', array(0)) returns TRUE, do not use it
@@ -789,7 +788,13 @@ function set_checkbox($field, $value = '', $default = FALSE)
 			return '';
 		}
 
-		return ($input === $value) ? ' checked="checked"' : '';
+		// Unchecked checkbox and radio inputs are not even submitted by browsers ...
+		if ($CI->input->method() === 'post')
+		{
+			return ($input === 'value') ? ' checked="checked"' : '';
+		}
+
+		return ($default === TRUE) ? ' checked="checked"' : '';
 	}
 }
 
@@ -816,12 +821,32 @@ function set_radio($field, $value = '', $default = FALSE)
 		{
 			return $CI->form_validation->set_radio($field, $value, $default);
 		}
-		elseif (($input = $CI->input->post($field, FALSE)) === NULL)
+
+		// Form inputs are always strings ...
+		$value = (string) $value;
+		$input = $CI->input->post($field, FALSE);
+
+		if (is_array($input))
+		{
+			// Note: in_array('', array(0)) returns TRUE, do not use it
+			foreach ($input as &$v)
+			{
+				if ($value === $v)
+				{
+					return ' checked="checked"';
+				}
+			}
+
+			return '';
+		}
+
+		// Unchecked checkbox and radio inputs are not even submitted by browsers ...
+		if ($CI->input->method() === 'post')
 		{
-			return ($default === TRUE) ? ' checked="checked"' : '';
+			return ($input === 'value') ? ' checked="checked"' : '';
 		}
 
-		return ($input === (string) $value) ? ' checked="checked"' : '';
+		return ($default === TRUE) ? ' checked="checked"' : '';
 	}
 }
 
diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php
@@ -270,7 +270,7 @@ function increment_string($str, $separator = '_', $first = 1)
 	 * @param	string (as many parameters as needed)
 	 * @return	string
 	 */
-	function alternator($args)
+	function alternator()
 	{
 		static $i;
 
@@ -279,6 +279,7 @@ function alternator($args)
 			$i = 0;
 			return '';
 		}
+
 		$args = func_get_args();
 		return $args[($i++ % count($args))];
 	}
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
@@ -1469,6 +1469,20 @@ protected function _build_message()
 	 */
 	protected function _prep_quoted_printable($str)
 	{
+		// ASCII code numbers for "safe" characters that can always be
+		// used literally, without encoding, as described in RFC 2049.
+		// http://www.ietf.org/rfc/rfc2049.txt
+		static $ascii_safe_chars = array(
+			// ' (  )   +   ,   -   .   /   :   =   ?
+			39, 40, 41, 43, 44, 45, 46, 47, 58, 61, 63,
+			// numbers
+			48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
+			// upper-case letters
+			65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90,
+			// lower-case letters
+			97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122
+		);
+
 		// We are intentionally wrapping so mail servers will encode characters
 		// properly and MUAs will behave, so {unwrap} must go!
 		$str = str_replace(array('{unwrap}', '{/unwrap}'), '', $str);
@@ -1516,14 +1530,25 @@ protected function _prep_quoted_printable($str)
 				$ascii = ord($char);
 
 				// Convert spaces and tabs but only if it's the end of the line
-				if ($i === ($length - 1) && ($ascii === 32 OR $ascii === 9))
+				if ($ascii === 32 OR $ascii === 9)
 				{
-					$char = $escape.sprintf('%02s', dechex($ascii));
+					if ($i === ($length - 1))
+					{
+						$char = $escape.sprintf('%02s', dechex($ascii));
+					}
 				}
-				elseif ($ascii === 61) // encode = signs
+				// DO NOT move this below the $ascii_safe_chars line!
+				//
+				// = (equals) signs are allowed by RFC2049, but must be encoded
+				// as they are the encoding delimiter!
+				elseif ($ascii === 61)
 				{
 					$char = $escape.strtoupper(sprintf('%02s', dechex($ascii)));  // =3D
 				}
+				elseif ( ! in_array($ascii, $ascii_safe_chars, TRUE))
+				{
+					$char = $escape.strtoupper(sprintf('%02s', dechex($ascii)));
+				}
 
 				// If we're at the character limit, add the line to the output,
 				// reset our temp variable, and keep on chuggin'
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
@@ -337,6 +337,11 @@ protected function _openssl_initialize($params)
 	 */
 	public function create_key($length)
 	{
+		if (function_exists('random_bytes'))
+		{
+			return random_bytes((int) $length);
+		}
+
 		return ($this->_driver === 'mcrypt')
 			? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
 			: openssl_random_pseudo_bytes($length);
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
@@ -415,12 +415,9 @@ public function error_string($prefix = '', $suffix = '')
 	 */
 	public function run($group = '')
 	{
-		// Do we even have any data to process?  Mm?
-		$validation_array = empty($this->validation_data) ? $_POST : $this->validation_data;
-		if (count($validation_array) === 0)
-		{
-			return FALSE;
-		}
+		$validation_array = empty($this->validation_data)
+			? $_POST
+			: $this->validation_data;
 
 		// Does the _field_data array containing the validation rules exist?
 		// If not, we look to see if they were assigned via a config file
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
@@ -74,6 +74,18 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 	 */
 	protected $_session_id;
 
+	/**
+	 * Success and failure return values
+	 *
+	 * Necessary due to a bug in all PHP 5 versions where return values
+	 * from userspace handlers are not handled properly. PHP 7 fixes the
+	 * bug, so we need to return different values depending on the version.
+	 *
+	 * @see	https://wiki.php.net/rfc/session.user.return-value
+	 * @var	mixed
+	 */
+	protected $_success, $_failure;
+
 	// ------------------------------------------------------------------------
 
 	/**
@@ -85,6 +97,17 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 	public function __construct(&$params)
 	{
 		$this->_config =& $params;
+
+		if (is_php('7'))
+		{
+			$this->_success = TRUE;
+			$this->_failure = FALSE;
+		}
+		else
+		{
+			$this->_success = 0;
+			$this->_failure = -1;
+		}
 	}
 
 	// ------------------------------------------------------------------------
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst

Original file line number	Diff line number	Diff line change
`@@ -1379,7 +1379,7 @@ public function count_all_results($table = '', $reset = TRUE)`
`1379`	`1379`	`$this->from($table);`
`1380`	`1380`	`}`
`1381`	`1381`
`1382`		`- $result = ($this->qb_distinct === TRUE)`
	`1382`	`+ $result = ($this->qb_distinct === TRUE OR ! empty($this->qb_orderby))`
`1383`	`1383`	`? $this->query($this->_count_string.$this->protect_identifiers('numrows')."\nFROM (\n".$this->_compile_select()."\n) CI_count_all_results")`
`1384`	`1384`	`: $this->query($this->_compile_select($this->_count_string.$this->protect_identifiers('numrows')));`
`1385`	`1385`
Original file line number	Diff line number	Diff line change
`@@ -267,7 +267,7 @@ protected function _db_set_charset($charset)`
`267`	`267`	`*/`
`268`	`268`	`protected function _version()`
`269`	`269`	`{`
`270`		`- return 'SELECT @@VERSION AS ver';`
	`270`	`+ return "SELECT SERVERPROPERTY('ProductVersion') AS ver";`
`271`	`271`	`}`
`272`	`272`
`273`	`273`	`// --------------------------------------------------------------------`
Original file line number	Diff line number	Diff line change
`@@ -252,12 +252,16 @@ public function version()`
`252`	`252`	`return $this->data_cache['version'];`
`253`	`253`	`}`
`254`	`254`
`255`		`- if ( ! $this->conn_id OR ($version = oci_server_version($this->conn_id)) === FALSE)`
	`255`	`+ if ( ! $this->conn_id OR ($version_string = oci_server_version($this->conn_id)) === FALSE)`
`256`	`256`	`{`
`257`	`257`	`return FALSE;`
`258`	`258`	`}`
	`259`	`+ elseif (preg_match('#Release\s(\d+(?:\.\d+)+)#', $version_string, $match))`
	`260`	`+ {`
	`261`	`+ return $this->data_cache['version'] = $match[1];`
	`262`	`+ }`
`259`	`263`
`260`		`- return $this->data_cache['version'] = $version;`
	`264`	`+ return FALSE;`
`261`	`265`	`}`
`262`	`266`
`263`	`267`	`// --------------------------------------------------------------------`
Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,8 @@ function create_captcha($data = '', $img_path = '', $img_url = '', $font_path =`
`171`	`171`	`$byte_index = $word_index = 0;`
`172`	`172`	`while ($word_index < $word_length)`
`173`	`173`	`{`
`174`		`- if (($rand_index = unpack('C', $bytes[$byte_index++])) > $rand_max)`
	`174`	`+ list(, $rand_index) = unpack('C', $bytes[$byte_index++]);`
	`175`	`+ if ($rand_index > $rand_max)`
`175`	`176`	`{`
`176`	`177`	`// Was this the last byte we have?`
`177`	`178`	`// If so, try to fetch more.`
Original file line number	Diff line number	Diff line change
`@@ -769,12 +769,11 @@ function set_checkbox($field, $value = '', $default = FALSE)`
`769`	`769`	`{`
`770`	`770`	`return $CI->form_validation->set_checkbox($field, $value, $default);`
`771`	`771`	`}`
`772`		`- elseif (($input = $CI->input->post($field, FALSE)) === NULL)`
`773`		`- {`
`774`		`- return ($default === TRUE) ? ' checked="checked"' : '';`
`775`		`- }`
`776`	`772`
	`773`	`+ // Form inputs are always strings ...`
`777`	`774`	`$value = (string) $value;`
	`775`	`+ $input = $CI->input->post($field, FALSE);`
	`776`	`+`
`778`	`777`	`if (is_array($input))`
`779`	`778`	`{`
`780`	`779`	`// Note: in_array('', array(0)) returns TRUE, do not use it`
`@@ -789,7 +788,13 @@ function set_checkbox($field, $value = '', $default = FALSE)`
`789`	`788`	`return '';`
`790`	`789`	`}`
`791`	`790`
`792`		`- return ($input === $value) ? ' checked="checked"' : '';`
	`791`	`+ // Unchecked checkbox and radio inputs are not even submitted by browsers ...`
	`792`	`+ if ($CI->input->method() === 'post')`
	`793`	`+ {`
	`794`	`+ return ($input === 'value') ? ' checked="checked"' : '';`
	`795`	`+ }`
	`796`	`+`
	`797`	`+ return ($default === TRUE) ? ' checked="checked"' : '';`
`793`	`798`	`}`
`794`	`799`	`}`
`795`	`800`
`@@ -816,12 +821,32 @@ function set_radio($field, $value = '', $default = FALSE)`
`816`	`821`	`{`
`817`	`822`	`return $CI->form_validation->set_radio($field, $value, $default);`
`818`	`823`	`}`
`819`		`- elseif (($input = $CI->input->post($field, FALSE)) === NULL)`
	`824`	`+`
	`825`	`+ // Form inputs are always strings ...`
	`826`	`+ $value = (string) $value;`
	`827`	`+ $input = $CI->input->post($field, FALSE);`
	`828`	`+`
	`829`	`+ if (is_array($input))`
	`830`	`+ {`
	`831`	`+ // Note: in_array('', array(0)) returns TRUE, do not use it`
	`832`	`+ foreach ($input as &$v)`
	`833`	`+ {`
	`834`	`+ if ($value === $v)`
	`835`	`+ {`
	`836`	`+ return ' checked="checked"';`
	`837`	`+ }`
	`838`	`+ }`
	`839`	`+`
	`840`	`+ return '';`
	`841`	`+ }`
	`842`	`+`
	`843`	`+ // Unchecked checkbox and radio inputs are not even submitted by browsers ...`
	`844`	`+ if ($CI->input->method() === 'post')`
`820`	`845`	`{`
`821`		`- return ($default === TRUE) ? ' checked="checked"' : '';`
	`846`	`+ return ($input === 'value') ? ' checked="checked"' : '';`
`822`	`847`	`}`
`823`	`848`
`824`		`- return ($input === (string) $value) ? ' checked="checked"' : '';`
	`849`	`+ return ($default === TRUE) ? ' checked="checked"' : '';`
`825`	`850`	`}`
`826`	`851`	`}`
`827`	`852`
Original file line number	Diff line number	Diff line change
`@@ -270,7 +270,7 @@ function increment_string($str, $separator = '_', $first = 1)`
`270`	`270`	`* @param string (as many parameters as needed)`
`271`	`271`	`* @return string`
`272`	`272`	`*/`
`273`		`- function alternator($args)`
	`273`	`+ function alternator()`
`274`	`274`	`{`
`275`	`275`	`static $i;`
`276`	`276`
`@@ -279,6 +279,7 @@ function alternator($args)`
`279`	`279`	`$i = 0;`
`280`	`280`	`return '';`
`281`	`281`	`}`
	`282`	`+`
`282`	`283`	`$args = func_get_args();`
`283`	`284`	`return $args[($i++ % count($args))];`
`284`	`285`	`}`