coderlee
diff --git a/‎system/core/CodeIgniter.php
Lines changed: 1 addition & 1 deletion b/‎system/core/CodeIgniter.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎system/helpers/captcha_helper.php
Lines changed: 96 additions & 7 deletions b/‎system/helpers/captcha_helper.php
Lines changed: 96 additions & 7 deletions
diff --git a/‎user_guide/changelog.html
Lines changed: 16 additions & 2 deletions b/‎user_guide/changelog.html
Lines changed: 16 additions & 2 deletions
diff --git a/‎user_guide/database/active_record.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/active_record.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎user_guide/database/caching.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/caching.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎user_guide/database/call_function.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/call_function.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎user_guide/database/configuration.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/configuration.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎user_guide/database/connecting.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/connecting.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎user_guide/database/examples.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/examples.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎user_guide/database/fields.html
Lines changed: 1 addition & 1 deletion b/‎user_guide/database/fields.html
Lines changed: 1 addition & 1 deletion
@@ -34,7 +34,7 @@
  * @var string
  *
  */
-	define('CI_VERSION', '2.2.5');
+	define('CI_VERSION', '2.2.6');
 
 /**
  * CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
 
@@ -107,18 +107,93 @@ function create_captcha($data = '', $img_path = '', $img_url = '', $font_path =
 		// Do we have a "word" yet?
 		// -----------------------------------
 
-	   if ($word == '')
-	   {
+		// -----------------------------------
+		// Do we have a "word" yet?
+		// -----------------------------------
+
+		if (empty($word))
+		{
+			$word = '';
 			$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+			$pool_length = strlen($pool);
+			$rand_max = $pool_length - 1;
 
-			$str = '';
-			for ($i = 0; $i < 8; $i++)
+			// PHP7 or a suitable polyfill
+			if (function_exists('random_int'))
 			{
-				$str .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
+				try
+				{
+					for ($i = 0; $i < $word_length; $i++)
+					{
+						$word .= $pool[random_int(0, $rand_max)];
+					}
+				}
+				catch (Exception $e)
+				{
+					// This means fallback to the next possible
+					// alternative to random_int()
+					$word = '';
+				}
 			}
+		}
 
-			$word = $str;
-	   }
+		if (empty($word))
+		{
+			// To avoid numerous get_random_bytes() calls, we'll
+			// just try fetching as much bytes as we need at once.
+			if (($bytes = _ci_captcha_get_random_bytes($pool_length)) !== FALSE)
+			{
+				$byte_index = $word_index = 0;
+				while ($word_index < $word_length)
+				{
+					if (($rand_index = unpack('C', $bytes[$byte_index++])) > $rand_max)
+					{
+						// Was this the last byte we have?
+						// If so, try to fetch more.
+						if ($byte_index === $pool_length)
+						{
+							// No failures should be possible if
+							// the first get_random_bytes() call
+							// didn't return FALSE, but still ...
+							for ($i = 0; $i < 5; $i++)
+							{
+								if (($bytes = _ci_captcha_get_random_bytes($pool_length)) === FALSE)
+								{
+									continue;
+								}
+
+								$byte_index = 0;
+								break;
+							}
+
+							if ($bytes === FALSE)
+							{
+								// Sadly, this means fallback to mt_rand()
+								$word = '';
+								break;
+							}
+						}
+
+						continue;
+					}
+
+					$word .= $pool[$rand_index];
+					$word_index++;
+				}
+			}
+		}
+
+		if (empty($word))
+		{
+			for ($i = 0; $i < $word_length; $i++)
+			{
+				$word .= $pool[mt_rand(0, $rand_max)];
+			}
+		}
+		elseif ( ! is_string($word))
+		{
+			$word = (string) $word;
+		}
 
 		// -----------------------------------
 		// Determine angle and position
@@ -239,6 +314,20 @@ function create_captcha($data = '', $img_path = '', $img_url = '', $font_path =
 
 		return array('word' => $word, 'time' => $now, 'image' => $img);
 	}
+
+	function _ci_captcha_get_random_bytes($length)
+	{
+		if (defined('MCRYPT_DEV_URANDOM'))
+		{
+			return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+		}
+		elseif (function_exists('openssl_random_pseudo_bytes'))
+		{
+			return openssl_random_pseudo_bytes($length);
+		}
+
+		return FALSE;
+	}
 }
 
 // ------------------------------------------------------------------------
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="./toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
@@ -57,13 +57,27 @@
 
 <h1>Change Log</h1>
 
+
+<h2>Version 2.2.6</h2>
+<p>Release Date: October 31, 2015</p>
+
+<ul>
+	<li><b>Security</b>
+		<ul>
+			<li>Fixed an XSS attack vector in <a href="libraries/security.html">Security Library</a> method <samp>xss_clean()</samp>.</li>
+			<li>Changed <a href="libraries/config.html">Config Library</a> method <samp>base_url()</samp> to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.</li>
+			<li>Changed <a href="helpers/captcha_helper.html">CAPTCHA Helper</a> to try to use the operating system's PRNG first.</a>
+		</ul>
+	</li>
+</ul>
+
 <h2>Version 2.2.5</h2>
 <p>Release Date: October 8, 2015</p>
 
 <ul>
 	<li><b>Security</b>
 		<ul>
-			<li>Fixed a number of XSS attack vectors in <a href="libraries/security.html">Security Library</a> method <samp>xss_clean</samp> (thanks to Frans Rosén from <a href="https://detectify.com/">Detectify</a>).
+			<li>Fixed a number of XSS attack vectors in <a href="libraries/security.html">Security Library</a> method <samp>xss_clean()</samp> (thanks to Frans Rosén from <a href="https://detectify.com/">Detectify</a>).</li>
 		</ul>
 	</li>
 </ul>
 
@@ -27,7 +27,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
 
@@ -28,7 +28,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.2.5</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.2.6</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`	`* @var string`
`35`	`35`	`*`
`36`	`36`	`*/`
`37`		`- define('CI_VERSION', '2.2.5');`
	`37`	`+ define('CI_VERSION', '2.2.6');`
`38`	`38`
`39`	`39`	`/**`
`40`	`40`	`* CodeIgniter Branch (Core = TRUE, Reactor = FALSE)`