public function common_functions()
{
echo is_php('5.3');
echo is_really_writable('file.php');
echo config_item('key');
echo set_status_header('200', 'text');
echo remove_invisible_characters('Java\\0script');
echo html_escape(array());
echo get_mimes();
echo is_https();
echo is_cli();
echo function_usable('eval');
}
/**
* Image Process Using NetPBM
*
* This function will resize, crop or rotate
*
* @param string
* @return bool
*/
public function image_process_netpbm($action = 'resize')
{
if ($this->library_path === '') {
$this->set_error('imglib_libpath_invalid');
return FALSE;
}
// Build the resizing command
switch ($this->image_type) {
case 1:
$cmd_in = 'giftopnm';
$cmd_out = 'ppmtogif';
break;
case 2:
$cmd_in = 'jpegtopnm';
$cmd_out = 'ppmtojpeg';
break;
case 3:
$cmd_in = 'pngtopnm';
$cmd_out = 'ppmtopng';
break;
}
if ($action === 'crop') {
$cmd_inner = 'pnmcut -left ' . $this->x_axis . ' -top ' . $this->y_axis . ' -width ' . $this->width . ' -height ' . $this->height;
} elseif ($action === 'rotate') {
switch ($this->rotation_angle) {
case 90:
$angle = 'r270';
break;
case 180:
$angle = 'r180';
break;
case 270:
$angle = 'r90';
break;
case 'vrt':
$angle = 'tb';
break;
case 'hor':
$angle = 'lr';
break;
}
$cmd_inner = 'pnmflip -' . $angle . ' ';
} else {
$cmd_inner = 'pnmscale -xysize ' . $this->width . ' ' . $this->height;
}
$cmd = $this->library_path . $cmd_in . ' ' . $this->full_src_path . ' | ' . $cmd_inner . ' | ' . $cmd_out . ' > ' . $this->dest_folder . 'netpbm.tmp';
$retval = 1;
// exec() might be disabled
if (function_usable('exec')) {
@exec($cmd, $output, $retval);
}
// Did it work?
if ($retval > 0) {
$this->set_error('imglib_image_process_failed');
return FALSE;
}
// With NetPBM we have to create a temporary image.
// If you try manipulating the original it fails so
// we have to rename the temp file.
copy($this->dest_folder . 'netpbm.tmp', $this->full_dst_path);
unlink($this->dest_folder . 'netpbm.tmp');
chmod($this->full_dst_path, $this->file_permissions);
return TRUE;
}
/**
* File MIME type
*
* Detects the (actual) MIME type of the uploaded file, if possible.
* The input array is expected to be $_FILES[$field]
*
* @param array $file
* @return void
*/
protected function _file_mime_type($file)
{
// We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii)
$regexp = '/^([a-z\\-]+\\/[a-z0-9\\-\\.\\+]+)(;\\s.+)?$/';
/* Fileinfo extension - most reliable method
*
* Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the
* more convenient FILEINFO_MIME_TYPE flag doesn't exist.
*/
if (function_exists('finfo_file')) {
$finfo = @finfo_open(FILEINFO_MIME);
if (is_resource($finfo)) {
$mime = @finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
/* According to the comments section of the PHP manual page,
* it is possible that this function returns an empty string
* for some files (e.g. if they don't exist in the magic MIME database)
*/
if (is_string($mime) && preg_match($regexp, $mime, $matches)) {
$this->file_type = $matches[1];
return;
}
}
}
/* This is an ugly hack, but UNIX-type systems provide a "native" way to detect the file type,
* which is still more secure than depending on the value of $_FILES[$field]['type'], and as it
* was reported in issue #750 (https://github.com/EllisLab/CodeIgniter/issues/750) - it's better
* than mime_content_type() as well, hence the attempts to try calling the command line with
* three different functions.
*
* Notes:
* - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system
* - many system admins would disable the exec(), shell_exec(), popen() and similar functions
* due to security concerns, hence the function_usable() checks
*/
if (DIRECTORY_SEPARATOR !== '\\') {
$cmd = function_exists('escapeshellarg') ? 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1' : 'file --brief --mime ' . $file['tmp_name'] . ' 2>&1';
if (function_usable('exec')) {
/* This might look confusing, as $mime is being populated with all of the output when set in the second parameter.
* However, we only need the last line, which is the actual return value of exec(), and as such - it overwrites
* anything that could already be set for $mime previously. This effectively makes the second parameter a dummy
* value, which is only put to allow us to get the return status code.
*/
$mime = @exec($cmd, $mime, $return_status);
if ($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)) {
$this->file_type = $matches[1];
return;
}
}
if (!ini_get('safe_mode') && function_usable('shell_exec')) {
$mime = @shell_exec($cmd);
if (strlen($mime) > 0) {
$mime = explode("\n", trim($mime));
if (preg_match($regexp, $mime[count($mime) - 1], $matches)) {
$this->file_type = $matches[1];
return;
}
}
}
if (function_usable('popen')) {
$proc = @popen($cmd, 'r');
if (is_resource($proc)) {
$mime = @fread($proc, 512);
@pclose($proc);
if ($mime !== FALSE) {
$mime = explode("\n", trim($mime));
if (preg_match($regexp, $mime[count($mime) - 1], $matches)) {
$this->file_type = $matches[1];
return;
}
}
}
}
}
// Fall back to the deprecated mime_content_type(), if available (still better than $_FILES[$field]['type'])
if (function_exists('mime_content_type')) {
$this->file_type = @mime_content_type($file['tmp_name']);
if (strlen($this->file_type) > 0) {
return;
}
}
$this->file_type = $file['type'];
}
/**
* Send using Sendmail
*
* @return bool
*/
protected function _send_with_sendmail()
{
// is popen() enabled?
if (!function_usable('popen') or FALSE === ($fp = @popen($this->mailpath . ' -oi -f ' . $this->clean_email($this->_headers['From']) . ' -t -r ' . $this->clean_email($this->_headers['Return-Path']), 'w'))) {
return FALSE;
}
fputs($fp, $this->_header_str);
fputs($fp, $this->_finalbody);
$status = pclose($fp);
if ($status !== 0) {
$this->_set_error_message('lang:email_exit_status', $status);
$this->_set_error_message('lang:email_no_socket');
return FALSE;
}
return TRUE;
}
function isWindowsNT()
{
static $winnt;
if (isset($winnt)) {
return $winnt;
}
// FIXME: Do this using PHP_OS instead of php_uname().
// $winnt = (PHP_OS == "WINNT"); // example from http://www.php.net/manual/en/ref.readline.php
if (function_usable('php_uname')) {
$winnt = preg_match('/^Windows NT/', php_uname());
} else {
$winnt = false;
}
// FIXME: punt.
return $winnt;
}
/**
* Internal CI Data Loader
*
* Used to load views and files.
*
* Variables are prefixed with _ci_ to avoid symbol collision with
* variables made available to view files.
*
* @used-by CI_Loader::view()
* @used-by CI_Loader::file()
* @param array $_ci_data Data to load
* @return object
*/
protected function _ci_load($_ci_data)
{
// Set the default data variables
foreach (array('_ci_view', '_ci_vars', '_ci_path', '_ci_return') as $_ci_val) {
${$_ci_val} = isset($_ci_data[$_ci_val]) ? $_ci_data[$_ci_val] : FALSE;
}
$file_exists = FALSE;
// Set the path to the requested file
if (is_string($_ci_path) && $_ci_path !== '') {
$_ci_x = explode('/', $_ci_path);
$_ci_file = end($_ci_x);
} else {
$_ci_ext = pathinfo($_ci_view, PATHINFO_EXTENSION);
$_ci_file = $_ci_ext === '' ? $_ci_view . '.php' : $_ci_view;
foreach ($this->_ci_view_paths as $_ci_view_file => $cascade) {
if (file_exists($_ci_view_file . $_ci_file)) {
$_ci_path = $_ci_view_file . $_ci_file;
$file_exists = TRUE;
break;
}
if (!$cascade) {
break;
}
}
}
if (!$file_exists && !file_exists($_ci_path)) {
show_error('Unable to load the requested file: ' . $_ci_file);
}
// This allows anything loaded using $this->load (views, files, etc.)
// to become accessible from within the Controller and Model functions.
$_ci_CI =& get_instance();
foreach (get_object_vars($_ci_CI) as $_ci_key => $_ci_var) {
if (!isset($this->{$_ci_key})) {
$this->{$_ci_key} =& $_ci_CI->{$_ci_key};
}
}
/*
* Extract and cache variables
*
* You can either set variables using the dedicated $this->load->vars()
* function or via the second parameter of this function. We'll merge
* the two types and cache them so that views that are embedded within
* other views can have access to these variables.
*/
if (is_array($_ci_vars)) {
$this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars);
}
extract($this->_ci_cached_vars);
/*
* Buffer the output
*
* We buffer the output for two reasons:
* 1. Speed. You get a significant speed boost.
* 2. So that the final rendered template can be post-processed by
* the output class. Why do we need post processing? For one thing,
* in order to show the elapsed page load time. Unless we can
* intercept the content right before it's sent to the browser and
* then stop the timer it won't be accurate.
*/
ob_start();
// If the PHP installation does not support short tags we'll
// do a little string replacement, changing the short tags
// to standard PHP echo statements.
if (!is_php('5.4') && !ini_get('short_open_tag') && config_item('rewrite_short_tags') === TRUE && function_usable('eval')) {
echo eval('?>' . preg_replace('/;*\\s*\\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
} else {
include $_ci_path;
// include() vs include_once() allows for multiple views with the same name
}
log_message('info', 'File loaded: ' . $_ci_path);
// Return the file data if requested
if ($_ci_return === TRUE) {
$buffer = ob_get_contents();
@ob_end_clean();
return $buffer;
}
/*
* Flush the buffer... or buff the flusher?
*
* In order to permit views to be nested within
* other views, we need to flush the content back out whenever
* we are beyond the first level of output buffering so that
* it can be seen and included properly by the first included
* template and any subsequent ones. Oy!
*/
if (ob_get_level() > $this->_ci_ob_level + 1) {
ob_end_flush();
} else {
$_ci_CI->output->append_output(ob_get_contents());
@ob_end_clean();
}
return $this;
}
public function render()
{
if (!empty($this->image)) {
if (isset($this->_template)) {
$vars = get_object_vars($this);
extract($vars);
ob_start();
// If the PHP installation does not support short tags we'll
// do a little string replacement, changing the short tags
// to standard PHP echo statements.
if (!ini_get('short_open_tag') and function_usable('eval')) {
echo eval('?>' . preg_replace('/;*\\s*\\?>/', '; ?>', str_replace('<?=', '<?php echo ', $this->_template)));
} else {
echo eval('?>' . preg_replace('/;*\\s*\\?>/', '; ?>', $this->_template));
}
$output = ob_get_contents();
ob_end_clean();
return $output;
} else {
if (isset($this->link)) {
$output[] = new Link($this->image, $this->link);
$caption = new Link($this->caption, $this->link, ['class' => 'caption']);
} else {
$output[] = $this->image;
$caption = new Tag('div', $this->caption, ['class' => 'caption']);
}
if (isset($this->description)) {
$caption->append_content($this->description);
}
if (!empty($this->buttons)) {
$button = new Tag('p', implode(PHP_EOL, $this->buttons), ['class' => 'thumbnail-buttons']);
$caption->append_content($button);
}
$output[] = $caption;
return (new Tag($this->_tag, implode(PHP_EOL, $output), $this->_attributes))->render();
}
}
return '';
}
/**
* Send using Sendmail.
*
* @return bool
*/
protected function _send_with_sendmail()
{
// is popen() enabled?
if (!function_usable('popen') or false === ($fp = @popen($this->mailpath . ' -oi -f ' . $this->clean_email($this->_headers['From']) . ' -t', 'w'))) {
// server probably has popen disabled, so nothing we can do to get a verbose error.
return false;
}
fwrite($fp, $this->_header_str);
fwrite($fp, $this->_finalbody);
$status = pclose($fp);
if ($status !== 0) {
$this->_set_error_message('lang:email_exit_status', $status);
$this->_set_error_message('lang:email_no_socket');
return false;
}
return true;
}
function delete($key)
{
$vars =& $GLOBALS['HTTP_SESSION_VARS'];
if (!function_usable('ini_get') or ini_get('register_globals')) {
unset($GLOBALS[$key]);
}
if (DEBUG) {
trigger_error("delete session {$key}", E_USER_WARNING);
}
unset($vars[$key]);
session_unregister($key);
}
function delete($key)
{
if (!function_usable('ini_get') or ini_get('register_globals')) {
unset($GLOBALS[$key]);
}
if (DEBUG) {
trigger_error("delete session {$key}", E_USER_WARNING);
}
unset($_SESSION[$key]);
}
/**
* Send using Sendmail
*
* @return bool
*/
protected function _send_with_sendmail()
{
// is popen() enabled?
if (!function_usable('popen') or FALSE === ($fp = @popen($this->mailpath . ' -oi -f ' . $this->clean_email($this->_headers['From']) . ' -t', 'w'))) {
return FALSE;
}
fputs($fp, $this->_header_str);
fputs($fp, $this->_finalbody);
$status = pclose($fp);
if ($status !== 0) {
$this->_set_error_message(_dgettext("system", "Exit status code: %s"), $status);
$this->_set_error_message(_dgettext("system", "Unable to open a socket to Sendmail. Please check settings."));
return FALSE;
}
return TRUE;
}
function delete($key)
{
$vars =& $GLOBALS['HTTP_SESSION_VARS'];
if (!function_usable('ini_get') or ini_get('register_globals')) {
unset($GLOBALS[$key]);
}
if (DEBUG) {
trigger_error("delete session {$key}", E_USER_WARNING);
}
unset($vars[$key]);
if (isset($_SESSION)) {
// php-5.2
unset($_SESSION[$key]);
}
if (!check_php_version(5, 3)) {
session_unregister($key);
}
}
/**
* File MIME type
* 文件的MIME类型
* Detects the (actual) MIME type of the uploaded file, if possible. 检测(实际)上传文件的MIME类型,如果可能的话。
* The input array is expected to be $_FILES[$field] 输入数组将带有$_FILES($字段)
*
* @param array $file
* @return void
*/
protected function _file_mime_type($file)
{
// We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii) 我们需要这个来验证MIME信息字符串(例如文本/平原;charset = us - ascii)
$regexp = '/^([a-z\\-]+\\/[a-z0-9\\-\\.\\+]+)(;\\s.+)?$/';
/* Fileinfo extension - most reliable method
* Fileinfo扩展,最可靠的方法
* Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the
* more convenient FILEINFO_MIME_TYPE flag doesn't exist.
* 不幸的是,PHP 5.3之前——这是只有PECL扩展和更方便FILEINFO_MIME_TYPE标识不存在。
*/
if (function_exists('finfo_file')) {
$finfo = @finfo_open(FILEINFO_MIME);
if (is_resource($finfo)) {
//有可能是一个错误的返回值,如果没有魔法MIME数据库文件系统上发现的
$mime = @finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
/* According to the comments section of the PHP manual page, 根据PHP手册页的评论部分,
* it is possible that this function returns an empty string 有可能是这个函数返回一个空字符串
* for some files (e.g. if they don't exist in the magic MIME database) 对一些文件(例如,如果他们不存在于魔法MIME数据库)
*/
if (is_string($mime) && preg_match($regexp, $mime, $matches)) {
$this->file_type = $matches[1];
return;
}
}
}
/* This is an ugly hack, but UNIX-type systems provide a "native" way to detect the file type,
* which is still more secure than depending on the value of $_FILES[$field]['type'], and as it
* was reported in issue #750 (https://github.com/EllisLab/CodeIgniter/issues/750) - it's better
* than mime_content_type() as well, hence the attempts to try calling the command line with
* three different functions.
* 这是一个丑陋的黑客,但类unix系统提供一种“本地”的方式来检测文件类型,仍比的值取决于安全带有$_file($场)(“类型”),
* 据报道在问题# 750(https://github.com/EllisLab/CodeIgniter/issues/750)——这比mime_content_type(),
* 因此,试图尝试调用命令行,有三个不同的功能。
* Notes: 注释:
* - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system DIRECTORY_SEPARATOR比较确保我们不是在Windows系统上
* - many system admins would disable the exec(), shell_exec(), popen() and similar functions 许多系统管理员可以禁用exec(),shell_exec(),popen()和类似的功能
* due to security concerns, hence the function_usable() checks 由于安全问题,因此function_usable()检查
*/
if (DIRECTORY_SEPARATOR !== '\\') {
$cmd = function_exists('escapeshellarg') ? 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1' : 'file --brief --mime ' . $file['tmp_name'] . ' 2>&1';
if (function_usable('exec')) {
/* This might look confusing, as $mime is being populated with all of the output when set in the second parameter.
* 这看起来令人困惑,因为美元mime正在填充所有的输出时,设置在第二个参数。
* However, we only need the last line, which is the actual return value of exec(), and as such - it overwrites
* anything that could already be set for $mime previously. This effectively makes the second parameter a dummy
* value, which is only put to allow us to get the return status code.
* 然而,我们只需要最后一行,这是实际的exec()的返回值,因此,它覆盖任何可能已经被设置为mime之前。
* 这有效地使一个假值,第二个参数是只允许我们返回状态代码。
*/
$mime = @exec($cmd, $mime, $return_status);
if ($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)) {
$this->file_type = $matches[1];
return;
}
}
if (!ini_get('safe_mode') && function_usable('shell_exec')) {
$mime = @shell_exec($cmd);
if (strlen($mime) > 0) {
$mime = explode("\n", trim($mime));
if (preg_match($regexp, $mime[count($mime) - 1], $matches)) {
$this->file_type = $matches[1];
return;
}
}
}
if (function_usable('popen')) {
$proc = @popen($cmd, 'r');
if (is_resource($proc)) {
$mime = @fread($proc, 512);
@pclose($proc);
if ($mime !== FALSE) {
$mime = explode("\n", trim($mime));
if (preg_match($regexp, $mime[count($mime) - 1], $matches)) {
$this->file_type = $matches[1];
return;
}
}
}
}
}
// Fall back to the deprecated mime_content_type(), if available (still better than $_FILES[$field]['type']) 回落到弃用mime_content_type(),如果可用
if (function_exists('mime_content_type')) {
$this->file_type = @mime_content_type($file['tmp_name']);
if (strlen($this->file_type) > 0) {
return;
}
}
$this->file_type = $file['type'];
}
public function _ci_load($_ci_data)
{
extract($_ci_data);
if (isset($_ci_view)) {
$_ci_path = '';
/* add file extension if not provided */
$_ci_file = pathinfo($_ci_view, PATHINFO_EXTENSION) ? $_ci_view : $_ci_view . '.php';
foreach ($this->_ci_view_paths as $path => $cascade) {
if (file_exists($view = $path . $_ci_file)) {
$_ci_path = $view;
break;
}
if (!$cascade) {
break;
}
}
} elseif (isset($_ci_path)) {
$_ci_file = basename($_ci_path);
if (!file_exists($_ci_path)) {
$_ci_path = '';
}
}
if (empty($_ci_path)) {
show_error('Unable to load the requested file: ' . $_ci_file);
}
if (isset($_ci_vars)) {
$this->_ci_cached_vars = array_merge($this->_ci_cached_vars, (array) $_ci_vars);
}
extract($this->_ci_cached_vars);
// Added by Ivan Tcholakov, 28-DEC-2013.
if (!empty($_ci_parsers)) {
CI::$APP->load->parser();
$_ci_parsers = CI::$APP->parser->parse_config($_ci_parsers, TRUE);
} else {
$_ci_parsers = array();
}
//
ob_start();
if (empty($_ci_parsers)) {
if (!is_php('5.4') && !ini_get('short_open_tag') && CI::$APP->config->item('rewrite_short_tags') == TRUE && function_usable('eval')) {
echo eval('?>' . preg_replace("/;*\\s*\\?>/", "; ?>", str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
} else {
include $_ci_path;
}
} else {
// This conditional branch has been added by Ivan Tcholakov, 27-DEC-2013.
if (!isset($_ci_vars)) {
$_ci_vars = array();
}
ob_start();
if (!is_php('5.4') && !ini_get('short_open_tag') && CI::$APP->config->item('rewrite_short_tags') == TRUE && function_usable('eval')) {
echo eval('?>' . preg_replace("/;*\\s*\\?>/", "; ?>", str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
} else {
include $_ci_path;
}
$_ci_template_content = ob_get_clean();
foreach ($_ci_parsers as $_ci_parser) {
CI::$APP->load->parser($_ci_parser['parser']);
$_ci_template_content = CI::$APP->{$_ci_parser['parser']}->parse_string($_ci_template_content, $_ci_vars, true, $_ci_parser['config']);
}
echo $_ci_template_content;
}
log_message('debug', 'File loaded: ' . $_ci_path);
if ($_ci_return == TRUE) {
return ob_get_clean();
}
if (ob_get_level() > $this->_ci_ob_level + 1) {
ob_end_flush();
} else {
CI::$APP->output->append_output(ob_get_clean());
}
}