[Git][codeigniterpower/codeigniterpower][master] 3 commits: Fixes bcit-ci#6201 ctype_digit() should act only on string values.

0 views

Skip to first unread message

Герхард PICCORO Lenz McKAY (@mckaygerhard)

unread,

Feb 5, 2024, 9:14:03 AMFeb 5

to venenux...@googlegroups.com

Герхард PICCORO Lenz McKAY pushed to branch master at codeigniterpower / codeigniterpower

Commits:

a1bc11d2

by George Petculescu at 2024-02-05T09:52:25-04:00

Fixes bcit-ci#6201 ctype_digit() should act only on string values.

55fc8746

by mckaygerhard at 2024-02-05T09:56:22-04:00

backported bcit-ci#6164, Fix FLOAT error when TIMEOUT is null on Redis 6.x

* this addressed additionally, the default value in Cache_redis.php
* backported https://github.com/pocketarc/codeigniter/commit/9612185eabf29f3f7638bf763eacde13959fd19e
* backported https://github.com/bcit-ci/CodeIgniter/pull/6164/commits/6028e8a8cd2ac36bc9259c0112afefa0c9da2a2f

6979c0dc

by mckaygerhard at 2024-02-05T10:13:45-04:00

Fixes bcit-ci#6159 and bcit-ci/CodeIgniter#6134 due samesetting config

* Fixed set_cookie: foreach not consistent with preceding comment
  cos the samesite setting will be ignored, and defaults
  to $config['cookie_samesite'] from applicati3on/config/config.php
  backported https://github.com/pocketarc/codeigniter/commit/c707e65028d1d010c432c8ce453ffb99d126e978
* Fixed codeigniter 3.1.13 Not Declaring CSRF Cookies introduced
  with the samesite setting commit as strict,
  backported https://github.com/FusionWowCMS/FusionCMS/commit/46773ee66cba3d97d0d7a20a6b525614911eaa33

5 changed files:

appsys/core/Input.php
appsys/core/Security.php
appsys/libraries/Cache/drivers/Cache_redis.php
appsys/libraries/Pagination.php
appsys/libraries/Session/drivers/Session_redis_driver.php

Changes:

appsys/core/Input.php


 		if (is_array($name))
 		{
 			// always leave 'name' in last place, as the loop will break otherwise, due to $$item
-			foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name', 'samesite') as $item)
+			foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'samesite', 'name') as $item)
 			{
 				if (isset($name[$item]))
 				{

appsys/core/Security.php


 			header('Set-Cookie: '.$this->_csrf_cookie_name.'='.$this->_csrf_hash
 					.'; Expires='.gmdate('D, d-M-Y H:i:s T', $expire)
 					.'; Max-Age='.$this->_csrf_expire
-					.'; Path='.rawurlencode(config_item('cookie_path'))
+					.'; Path='.implode('/', array_map('rawurlencode', explode('/', config_item('cookie_path'))))
 					.($domain === '' ? '' : '; Domain='.$domain)
 					.($secure_cookie ? '; Secure' : '')
 					.(config_item('cookie_httponly') ? '; HttpOnly' : '')

appsys/libraries/Cache/drivers/Cache_redis.php

...	...	@@ -60,7 +60,7 @@ class CI_Cache_redis extends CI_Driver
60	60	'host' => '127.0.0.1',
61	61	'password' => NULL,
62	62	'port' => 6379,
63		- 'timeout' => 0
	63	+ 'timeout' => 0.0
64	64	);
65	65
66	66	/**

appsys/libraries/Pagination.php


 		}
 
 		// If something isn't quite right, back to the default base page.
-		if ( ! ctype_digit($this->cur_page) OR ($this->use_page_numbers && (int) $this->cur_page === 0))
+		if ( ! ctype_digit((string) $this->cur_page) OR ($this->use_page_numbers && (int) $this->cur_page === 0))
 		{
 			$this->cur_page = $base_page;
 		}

appsys/libraries/Session/drivers/Session_redis_driver.php


 				'port' => empty($matches[2]) ? NULL : $matches[2],
 				'password' => preg_match('#auth=([^\s&]+)#', $matches[3], $match) ? $match[1] : NULL,
 				'database' => preg_match('#database=(\d+)#', $matches[3], $match) ? (int) $match[1] : NULL,
-				'timeout' => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : NULL
+				'timeout' => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : 0.0
 			);
 
 			preg_match('#prefix=([^\s&]+)#', $matches[3], $match) && $this->_key_prefix = $match[1];

—
View it on GitLab.
You're receiving this email because of your account on gitlab.com. Manage all notifications · Help

Reply all

Reply to author

Forward

0 new messages

...	...	@@ -366,7 +366,7 @@ class CI_Input {
366	366	if (is_array($name))
367	367	{
368	368	// always leave 'name' in last place, as the loop will break otherwise, due to $$item
369		- foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name', 'samesite') as $item)
	369	+ foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'samesite', 'name') as $item)
370	370	{
371	371	if (isset($name[$item]))
372	372	{

...	...	@@ -294,7 +294,7 @@ class CI_Security {
294	294	header('Set-Cookie: '.$this->_csrf_cookie_name.'='.$this->_csrf_hash
295	295	.'; Expires='.gmdate('D, d-M-Y H:i:s T', $expire)
296	296	.'; Max-Age='.$this->_csrf_expire
297		- .'; Path='.rawurlencode(config_item('cookie_path'))
	297	+ .'; Path='.implode('/', array_map('rawurlencode', explode('/', config_item('cookie_path'))))
298	298	.($domain === '' ? '' : '; Domain='.$domain)
299	299	.($secure_cookie ? '; Secure' : '')
300	300	.(config_item('cookie_httponly') ? '; HttpOnly' : '')

...	...	@@ -523,7 +523,7 @@ class CI_Pagination {
523	523	}
524	524
525	525	// If something isn't quite right, back to the default base page.
526		- if ( ! ctype_digit($this->cur_page) OR ($this->use_page_numbers && (int) $this->cur_page === 0))
	526	+ if ( ! ctype_digit((string) $this->cur_page) OR ($this->use_page_numbers && (int) $this->cur_page === 0))
527	527	{
528	528	$this->cur_page = $base_page;
529	529	}

...	...	@@ -142,7 +142,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements CI_Session_dr
142	142	'port' => empty($matches[2]) ? NULL : $matches[2],
143	143	'password' => preg_match('#auth=([^\s&]+)#', $matches[3], $match) ? $match[1] : NULL,
144	144	'database' => preg_match('#database=(\d+)#', $matches[3], $match) ? (int) $match[1] : NULL,
145		- 'timeout' => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : NULL
	145	+ 'timeout' => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : 0.0
146	146	);
147	147
148	148	preg_match('#prefix=([^\s&]+)#', $matches[3], $match) && $this->_key_prefix = $match[1];