Fix possible error messages with do_hash() and alter a changelog entry
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php
index 16dfb0d..2f3df78 100644
--- a/system/helpers/security_helper.php
+++ b/system/helpers/security_helper.php
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* CodeIgniter Security Helpers
*
@@ -42,7 +40,6 @@
/**
* XSS Filtering
*
- * @access public
* @param string
* @param bool whether or not the content is an image file
* @return string
@@ -61,7 +58,6 @@
/**
* Sanitize Filename
*
- * @access public
* @param string
* @return string
*/
@@ -79,7 +75,6 @@
/**
* Hash encode a string
*
- * @access public
* @param string
* @return string
*/
@@ -87,6 +82,11 @@
{
function do_hash($str, $type = 'sha1')
{
+ if ( ! in_array($type, hash_algos()))
+ {
+ $type = 'md5';
+ }
+
return hash($type, $str);
}
}
@@ -96,7 +96,6 @@
/**
* Strip Image Tags
*
- * @access public
* @param string
* @return string
*/
@@ -104,7 +103,7 @@
{
function strip_image_tags($str)
{
- return preg_replace(array("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "#<img\s+.*?src\s*=\s*(.+?).*?\>#"), "\\1", $str);
+ return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
}
}
@@ -113,7 +112,6 @@
/**
* Convert PHP tags to entities
*
- * @access public
* @param string
* @return string
*/
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 1c709d4..5dcf54d 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -35,8 +35,6 @@
- Removed previously deprecated SHA1 Library.
- Removed previously deprecated use of ``$autoload['core']`` in application/config/autoload.php.
Only entries in ``$autoload['libraries']`` are auto-loaded now.
- - Added support for HttpOnly cookies with new config option ``cookie_httponly`` (Off by default).
- This affects session and CSRF cookies, as well as the behavior of set_cookie() in the Input library and cookie helper.
- Helpers
@@ -111,6 +109,7 @@
- $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available.
- Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD'].
- Modified valid_ip() to use PHP's filter_var() in the :doc:`Input Library <libraries/input>`.
+ - Added support for HTTP-Only cookies with new config option ``cookie_httponly`` (default FALSE).
Bug fixes for 3.0
------------------