560 lines
16 KiB
PHP
560 lines
16 KiB
PHP
<?php
|
|
/**
|
|
* CodeIgniter
|
|
*
|
|
* An open source application development framework for PHP
|
|
*
|
|
* This content is released under the MIT License (MIT)
|
|
*
|
|
* Copyright (c) 2014 - 2019, British Columbia Institute of Technology
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*
|
|
* @package CodeIgniter
|
|
* @author EllisLab Dev Team
|
|
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
|
|
* @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
|
|
* @license https://opensource.org/licenses/MIT MIT License
|
|
* @link https://codeigniter.com
|
|
* @since Version 1.0.0
|
|
* @filesource
|
|
*/
|
|
defined('BASEPATH') OR exit('No direct script access allowed');
|
|
|
|
/**
|
|
* System Initialization File
|
|
*
|
|
* Loads the base classes and executes the request.
|
|
*
|
|
* @package CodeIgniter
|
|
* @subpackage CodeIgniter
|
|
* @category Front-controller
|
|
* @author EllisLab Dev Team
|
|
* @link https://codeigniter.com/user_guide/
|
|
*/
|
|
|
|
/**
|
|
* CodeIgniter Version
|
|
*
|
|
* @var string
|
|
*
|
|
*/
|
|
const CI_VERSION = '3.1.10';
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Load the framework constants
|
|
* ------------------------------------------------------
|
|
*/
|
|
if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
|
|
{
|
|
require_once(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
|
|
}
|
|
|
|
if (file_exists(APPPATH.'config/constants.php'))
|
|
{
|
|
require_once(APPPATH.'config/constants.php');
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Load the global functions
|
|
* ------------------------------------------------------
|
|
*/
|
|
require_once(BASEPATH.'core/Common.php');
|
|
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Security procedures
|
|
* ------------------------------------------------------
|
|
*/
|
|
|
|
if ( ! is_php('5.4'))
|
|
{
|
|
ini_set('magic_quotes_runtime', 0);
|
|
|
|
if ((bool) ini_get('register_globals'))
|
|
{
|
|
$_protected = array(
|
|
'_SERVER',
|
|
'_GET',
|
|
'_POST',
|
|
'_FILES',
|
|
'_REQUEST',
|
|
'_SESSION',
|
|
'_ENV',
|
|
'_COOKIE',
|
|
'GLOBALS',
|
|
'HTTP_RAW_POST_DATA',
|
|
'system_path',
|
|
'application_folder',
|
|
'view_folder',
|
|
'_protected',
|
|
'_registered'
|
|
);
|
|
|
|
$_registered = ini_get('variables_order');
|
|
foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
|
|
{
|
|
if (strpos($_registered, $key) === FALSE)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
foreach (array_keys($$superglobal) as $var)
|
|
{
|
|
if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
|
|
{
|
|
$GLOBALS[$var] = NULL;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Define a custom error handler so we can log PHP errors
|
|
* ------------------------------------------------------
|
|
*/
|
|
set_error_handler('_error_handler');
|
|
set_exception_handler('_exception_handler');
|
|
register_shutdown_function('_shutdown_handler');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Set the subclass_prefix
|
|
* ------------------------------------------------------
|
|
*
|
|
* Normally the "subclass_prefix" is set in the config file.
|
|
* The subclass prefix allows CI to know if a core class is
|
|
* being extended via a library in the local application
|
|
* "libraries" folder. Since CI allows config items to be
|
|
* overridden via data set in the main index.php file,
|
|
* before proceeding we need to know if a subclass_prefix
|
|
* override exists. If so, we will set this value now,
|
|
* before any classes are loaded
|
|
* Note: Since the config file data is cached it doesn't
|
|
* hurt to load it here.
|
|
*/
|
|
if ( ! empty($assign_to_config['subclass_prefix']))
|
|
{
|
|
get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix']));
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Should we use a Composer autoloader?
|
|
* ------------------------------------------------------
|
|
*/
|
|
if ($composer_autoload = config_item('composer_autoload'))
|
|
{
|
|
if ($composer_autoload === TRUE)
|
|
{
|
|
file_exists(APPPATH.'vendor/autoload.php')
|
|
? require_once(APPPATH.'vendor/autoload.php')
|
|
: log_message('error', '$config[\'composer_autoload\'] is set to TRUE but '.APPPATH.'vendor/autoload.php was not found.');
|
|
}
|
|
elseif (file_exists($composer_autoload))
|
|
{
|
|
require_once($composer_autoload);
|
|
}
|
|
else
|
|
{
|
|
log_message('error', 'Could not find the specified $config[\'composer_autoload\'] path: '.$composer_autoload);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Start the timer... tick tock tick tock...
|
|
* ------------------------------------------------------
|
|
*/
|
|
$BM =& load_class('Benchmark', 'core');
|
|
$BM->mark('total_execution_time_start');
|
|
$BM->mark('loading_time:_base_classes_start');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the hooks class
|
|
* ------------------------------------------------------
|
|
*/
|
|
$EXT =& load_class('Hooks', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Is there a "pre_system" hook?
|
|
* ------------------------------------------------------
|
|
*/
|
|
$EXT->call_hook('pre_system');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the config class
|
|
* ------------------------------------------------------
|
|
*
|
|
* Note: It is important that Config is loaded first as
|
|
* most other classes depend on it either directly or by
|
|
* depending on another class that uses it.
|
|
*
|
|
*/
|
|
$CFG =& load_class('Config', 'core');
|
|
|
|
// Do we have any manually set config items in the index.php file?
|
|
if (isset($assign_to_config) && is_array($assign_to_config))
|
|
{
|
|
foreach ($assign_to_config as $key => $value)
|
|
{
|
|
$CFG->set_item($key, $value);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Important charset-related stuff
|
|
* ------------------------------------------------------
|
|
*
|
|
* Configure mbstring and/or iconv if they are enabled
|
|
* and set MB_ENABLED and ICONV_ENABLED constants, so
|
|
* that we don't repeatedly do extension_loaded() or
|
|
* function_exists() calls.
|
|
*
|
|
* Note: UTF-8 class depends on this. It used to be done
|
|
* in it's constructor, but it's _not_ class-specific.
|
|
*
|
|
*/
|
|
$charset = strtoupper(config_item('charset'));
|
|
ini_set('default_charset', $charset);
|
|
|
|
if (extension_loaded('mbstring'))
|
|
{
|
|
define('MB_ENABLED', TRUE);
|
|
// mbstring.internal_encoding is deprecated starting with PHP 5.6
|
|
// and it's usage triggers E_DEPRECATED messages.
|
|
@ini_set('mbstring.internal_encoding', $charset);
|
|
// This is required for mb_convert_encoding() to strip invalid characters.
|
|
// That's utilized by CI_Utf8, but it's also done for consistency with iconv.
|
|
mb_substitute_character('none');
|
|
}
|
|
else
|
|
{
|
|
define('MB_ENABLED', FALSE);
|
|
}
|
|
|
|
// There's an ICONV_IMPL constant, but the PHP manual says that using
|
|
// iconv's predefined constants is "strongly discouraged".
|
|
if (extension_loaded('iconv'))
|
|
{
|
|
define('ICONV_ENABLED', TRUE);
|
|
// iconv.internal_encoding is deprecated starting with PHP 5.6
|
|
// and it's usage triggers E_DEPRECATED messages.
|
|
@ini_set('iconv.internal_encoding', $charset);
|
|
}
|
|
else
|
|
{
|
|
define('ICONV_ENABLED', FALSE);
|
|
}
|
|
|
|
if (is_php('5.6'))
|
|
{
|
|
ini_set('php.internal_encoding', $charset);
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Load compatibility features
|
|
* ------------------------------------------------------
|
|
*/
|
|
|
|
require_once(BASEPATH.'core/compat/mbstring.php');
|
|
require_once(BASEPATH.'core/compat/hash.php');
|
|
require_once(BASEPATH.'core/compat/password.php');
|
|
require_once(BASEPATH.'core/compat/standard.php');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the UTF-8 class
|
|
* ------------------------------------------------------
|
|
*/
|
|
$UNI =& load_class('Utf8', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the URI class
|
|
* ------------------------------------------------------
|
|
*/
|
|
$URI =& load_class('URI', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the routing class and set the routing
|
|
* ------------------------------------------------------
|
|
*/
|
|
$RTR =& load_class('Router', 'core', isset($routing) ? $routing : NULL);
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the output class
|
|
* ------------------------------------------------------
|
|
*/
|
|
$OUT =& load_class('Output', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Is there a valid cache file? If so, we're done...
|
|
* ------------------------------------------------------
|
|
*/
|
|
if ($EXT->call_hook('cache_override') === FALSE && $OUT->_display_cache($CFG, $URI) === TRUE)
|
|
{
|
|
exit;
|
|
}
|
|
|
|
/*
|
|
* -----------------------------------------------------
|
|
* Load the security class for xss and csrf support
|
|
* -----------------------------------------------------
|
|
*/
|
|
$SEC =& load_class('Security', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Load the Input class and sanitize globals
|
|
* ------------------------------------------------------
|
|
*/
|
|
$IN =& load_class('Input', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Load the Language class
|
|
* ------------------------------------------------------
|
|
*/
|
|
$LANG =& load_class('Lang', 'core');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Load the app controller and local controller
|
|
* ------------------------------------------------------
|
|
*
|
|
*/
|
|
// Load the base controller class
|
|
require_once BASEPATH.'core/Controller.php';
|
|
|
|
/**
|
|
* Reference to the CI_Controller method.
|
|
*
|
|
* Returns current CI instance object
|
|
*
|
|
* @return CI_Controller
|
|
*/
|
|
function &get_instance()
|
|
{
|
|
return CI_Controller::get_instance();
|
|
}
|
|
|
|
if (file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php'))
|
|
{
|
|
require_once APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php';
|
|
}
|
|
|
|
// Set a mark point for benchmarking
|
|
$BM->mark('loading_time:_base_classes_end');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Sanity checks
|
|
* ------------------------------------------------------
|
|
*
|
|
* The Router class has already validated the request,
|
|
* leaving us with 3 options here:
|
|
*
|
|
* 1) an empty class name, if we reached the default
|
|
* controller, but it didn't exist;
|
|
* 2) a query string which doesn't go through a
|
|
* file_exists() check
|
|
* 3) a regular request for a non-existing page
|
|
*
|
|
* We handle all of these as a 404 error.
|
|
*
|
|
* Furthermore, none of the methods in the app controller
|
|
* or the loader class can be called via the URI, nor can
|
|
* controller methods that begin with an underscore.
|
|
*/
|
|
|
|
$e404 = FALSE;
|
|
$class = ucfirst($RTR->class);
|
|
$method = $RTR->method;
|
|
|
|
if (empty($class) OR ! file_exists(APPPATH.'controllers/'.$RTR->directory.$class.'.php'))
|
|
{
|
|
$e404 = TRUE;
|
|
}
|
|
else
|
|
{
|
|
require_once(APPPATH.'controllers/'.$RTR->directory.$class.'.php');
|
|
|
|
if ( ! class_exists($class, FALSE) OR $method[0] === '_' OR method_exists('CI_Controller', $method))
|
|
{
|
|
$e404 = TRUE;
|
|
}
|
|
elseif (method_exists($class, '_remap'))
|
|
{
|
|
$params = array($method, array_slice($URI->rsegments, 2));
|
|
$method = '_remap';
|
|
}
|
|
elseif ( ! method_exists($class, $method))
|
|
{
|
|
$e404 = TRUE;
|
|
}
|
|
/**
|
|
* DO NOT CHANGE THIS, NOTHING ELSE WORKS!
|
|
*
|
|
* - method_exists() returns true for non-public methods, which passes the previous elseif
|
|
* - is_callable() returns false for PHP 4-style constructors, even if there's a __construct()
|
|
* - method_exists($class, '__construct') won't work because CI_Controller::__construct() is inherited
|
|
* - People will only complain if this doesn't work, even though it is documented that it shouldn't.
|
|
*
|
|
* ReflectionMethod::isConstructor() is the ONLY reliable check,
|
|
* knowing which method will be executed as a constructor.
|
|
*/
|
|
elseif ( ! is_callable(array($class, $method)))
|
|
{
|
|
$reflection = new ReflectionMethod($class, $method);
|
|
if ( ! $reflection->isPublic() OR $reflection->isConstructor())
|
|
{
|
|
$e404 = TRUE;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($e404)
|
|
{
|
|
if ( ! empty($RTR->routes['404_override']))
|
|
{
|
|
if (sscanf($RTR->routes['404_override'], '%[^/]/%s', $error_class, $error_method) !== 2)
|
|
{
|
|
$error_method = 'index';
|
|
}
|
|
|
|
$error_class = ucfirst($error_class);
|
|
|
|
if ( ! class_exists($error_class, FALSE))
|
|
{
|
|
if (file_exists(APPPATH.'controllers/'.$RTR->directory.$error_class.'.php'))
|
|
{
|
|
require_once(APPPATH.'controllers/'.$RTR->directory.$error_class.'.php');
|
|
$e404 = ! class_exists($error_class, FALSE);
|
|
}
|
|
// Were we in a directory? If so, check for a global override
|
|
elseif ( ! empty($RTR->directory) && file_exists(APPPATH.'controllers/'.$error_class.'.php'))
|
|
{
|
|
require_once(APPPATH.'controllers/'.$error_class.'.php');
|
|
if (($e404 = ! class_exists($error_class, FALSE)) === FALSE)
|
|
{
|
|
$RTR->directory = '';
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$e404 = FALSE;
|
|
}
|
|
}
|
|
|
|
// Did we reset the $e404 flag? If so, set the rsegments, starting from index 1
|
|
if ( ! $e404)
|
|
{
|
|
$class = $error_class;
|
|
$method = $error_method;
|
|
|
|
$URI->rsegments = array(
|
|
1 => $class,
|
|
2 => $method
|
|
);
|
|
}
|
|
else
|
|
{
|
|
show_404($RTR->directory.$class.'/'.$method);
|
|
}
|
|
}
|
|
|
|
if ($method !== '_remap')
|
|
{
|
|
$params = array_slice($URI->rsegments, 2);
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Is there a "pre_controller" hook?
|
|
* ------------------------------------------------------
|
|
*/
|
|
$EXT->call_hook('pre_controller');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Instantiate the requested controller
|
|
* ------------------------------------------------------
|
|
*/
|
|
// Mark a start point so we can benchmark the controller
|
|
$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_start');
|
|
|
|
$CI = new $class();
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Is there a "post_controller_constructor" hook?
|
|
* ------------------------------------------------------
|
|
*/
|
|
$EXT->call_hook('post_controller_constructor');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Call the requested method
|
|
* ------------------------------------------------------
|
|
*/
|
|
call_user_func_array(array(&$CI, $method), $params);
|
|
|
|
// Mark a benchmark end point
|
|
$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Is there a "post_controller" hook?
|
|
* ------------------------------------------------------
|
|
*/
|
|
$EXT->call_hook('post_controller');
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Send the final rendered output to the browser
|
|
* ------------------------------------------------------
|
|
*/
|
|
if ($EXT->call_hook('display_override') === FALSE)
|
|
{
|
|
$OUT->_display();
|
|
}
|
|
|
|
/*
|
|
* ------------------------------------------------------
|
|
* Is there a "post_system" hook?
|
|
* ------------------------------------------------------
|
|
*/
|
|
$EXT->call_hook('post_system');
|