Merge pull request #2480 from florisluiten/develop
Prevent email header injection
diff --git a/application/config/mimes.php b/application/config/mimes.php
index 6ff3812..32d10f6 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -49,7 +49,7 @@
'sea' => 'application/octet-stream',
'dll' => 'application/octet-stream',
'oda' => 'application/oda',
- 'pdf' => array('application/pdf', 'application/x-download', 'binary/octet-stream'),
+ 'pdf' => array('application/pdf', 'application/force-download', 'application/x-download', 'binary/octet-stream'),
'ai' => array('application/pdf', 'application/postscript'),
'eps' => 'application/postscript',
'ps' => 'application/postscript',
diff --git a/system/core/Common.php b/system/core/Common.php
index cad340f..cb087cb 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -346,7 +346,20 @@
*/
function is_https()
{
- return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on');
+ if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on')
+ {
+ return TRUE;
+ }
+ elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+ {
+ return TRUE;
+ }
+ elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] === 'on')
+ {
+ return TRUE;
+ }
+
+ return FALSE;
}
}
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 49bd641..70a6b6f 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -955,7 +955,7 @@
// Is this a class extension request?
if (file_exists($subclass))
{
- $baseclass = BASEPATH.'libraries/'.$class.'.php';
+ $baseclass = BASEPATH.'libraries/'.$subdir.$class.'.php';
if ( ! file_exists($baseclass))
{
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 1ee0035..11ee290 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1275,7 +1275,7 @@
if ($this->send_multipart === FALSE)
{
$hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline
- .'Content-Transfer-Encoding: quoted-printable';
+ .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline;
}
else
{
diff --git a/user_guide_src/source/libraries/xmlrpc.rst b/user_guide_src/source/libraries/xmlrpc.rst
index b478a2d..a43c488 100644
--- a/user_guide_src/source/libraries/xmlrpc.rst
+++ b/user_guide_src/source/libraries/xmlrpc.rst
@@ -423,7 +423,7 @@
$parameters = $request->output_parameters();
$name = $parameters[0]['name'];
$size = $parameters[1]['size'];
- $size = $parameters[1]['shape'];
+ $shape = $parameters[1]['shape'];
**************************
XML-RPC Function Reference