Subversion-Projekte lars-tiefland.ci

Revision

Revision 1257 | Revision 2107 | Zur aktuellen Revision | Ganze Datei anzeigen | Leerzeichen ignorieren | Details | Blame | Letzte Ă„nderung | Log anzeigen | RSS feed

Revision 1257 Revision 2049
Zeile 4... Zeile 4...
4 
 *
 4 
 *
5 
 * An open source application development framework for PHP
 5 
 * An open source application development framework for PHP
6 
 *
 6 
 *
7 
 * This content is released under the MIT License (MIT)
 7 
 * This content is released under the MIT License (MIT)
8 
 *
 8 
 *
9 
 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
 9 
 * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
10 
 *
 10 
 *
11 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 11 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 
 * of this software and associated documentation files (the "Software"), to deal
 12 
 * of this software and associated documentation files (the "Software"), to deal
13 
 * in the Software without restriction, including without limitation the rights
 13 
 * in the Software without restriction, including without limitation the rights
14 
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 14 
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
Zeile 27... Zeile 27...
27 
 * THE SOFTWARE.
 27 
 * THE SOFTWARE.
28 
 *
 28 
 *
29 
 * @package	CodeIgniter
 29 
 * @package	CodeIgniter
30 
 * @author	EllisLab Dev Team
 30 
 * @author	EllisLab Dev Team
31 
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
 31 
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
32 
 * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
 32 
 * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
33 
 * @license	http://opensource.org/licenses/MIT	MIT License
 33 
 * @license	http://opensource.org/licenses/MIT	MIT License
34 
 * @link	https://codeigniter.com
 34 
 * @link	https://codeigniter.com
35 
 * @since	Version 1.0.0
 35 
 * @since	Version 1.0.0
36 
 * @filesource
 36 
 * @filesource
37 
 */
 37 
 */
Zeile 222... Zeile 222...
222 
					return $this;
 222 
					return $this;
223 
				}
 223 
				}
224 
			}
 224 
			}
225 
		}
 225 
		}
Zeile 226... Zeile 226...
226 
 
 226 
 
227 
		// Do the tokens exist in both the _POST and _COOKIE arrays?
 227 
		// Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate
228 
		if ( ! isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
 228 
		$valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
229 
			OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match?
 - 
 
230 
		{
 - 
 
231 
			$this->csrf_show_error();
 - 
 
Zeile 232... Zeile 229...
232 
		}
 229 
			&& hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]);
233 
 
 230 
 
Zeile 234... Zeile 231...
234 
		// We kill this since we're done and we don't want to pollute the _POST array
 231 
		// We kill this since we're done and we don't want to pollute the _POST array
Zeile 243... Zeile 240...
243 
		}
 240 
		}
Zeile 244... Zeile 241...
244 
 
 241 
 
245 
		$this->_csrf_set_hash();
 242 
		$this->_csrf_set_hash();
Zeile -... Zeile 243...
- 
 
 243 
		$this->csrf_set_cookie();
- 
 
 244 
 
- 
 
 245 
		if ($valid !== TRUE)
- 
 
 246 
		{
- 
 
 247 
			$this->csrf_show_error();
246 
		$this->csrf_set_cookie();
 248 
		}
247 
 
 249 
 
248 
		log_message('info', 'CSRF token verified');
 250 
		log_message('info', 'CSRF token verified');
Zeile 249... Zeile 251...
249 
		return $this;
 251 
		return $this;
Zeile 497... Zeile 499...
497 
		 *
 499 
		 *
498 
		 * So this: <blink>
 500 
		 * So this: <blink>
499 
		 * Becomes: &lt;blink&gt;
 501 
		 * Becomes: &lt;blink&gt;
500 
		 */
 502 
		 */
501 
		$pattern = '#'
 503 
		$pattern = '#'
502 
			.'<((?<slash>/*\s*)(?<tagName>[a-z0-9]+)(?=[^a-z0-9]|$)' // tag start and name, followed by a non-tag character
 504 
			.'<((?<slash>/*\s*)((?<tagName>[a-z0-9]+)(?=[^a-z0-9]|$)|.+)' // tag start and name, followed by a non-tag character
503 
			.'[^\s\042\047a-z0-9>/=]*' // a valid attribute character immediately after the tag would count as a separator
 505 
			.'[^\s\042\047a-z0-9>/=]*' // a valid attribute character immediately after the tag would count as a separator
504 
			// optional attributes
 506 
			// optional attributes
505 
			.'(?<attributes>(?:[\s\042\047/=]*' // non-attribute characters, excluding > (tag close) for obvious reasons
 507 
			.'(?<attributes>(?:[\s\042\047/=]*' // non-attribute characters, excluding > (tag close) for obvious reasons
506 
			.'[^\s\042\047>/=]+' // attribute characters
 508 
			.'[^\s\042\047>/=]+' // attribute characters
507 
			// optional attribute-value
 509 
			// optional attribute-value