diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-03-09 13:37:42 +0100 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-03-09 13:37:42 +0100 |
commit | c7117524d409cdd66cbdf890015981ac8a2741e3 (patch) | |
tree | caff0c874a708709a13392065e5637d72e461fc8 | |
parent | c54403d2e0351b3951f5651edb6b05c86632c583 (diff) | |
parent | c016a1102e2a77e0c27b9656c19a0460df24dfb6 (diff) |
Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop-db-driver
-rwxr-xr-x | system/core/Input.php | 17 | ||||
-rwxr-xr-x | system/core/Security.php | 4 | ||||
-rw-r--r-- | system/helpers/captcha_helper.php | 13 | ||||
-rw-r--r-- | system/libraries/Form_validation.php | 20 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 3 | ||||
-rw-r--r-- | user_guide_src/source/general/creating_libraries.rst | 16 | ||||
-rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 2 | ||||
-rw-r--r-- | user_guide_src/source/libraries/input.rst | 16 |
8 files changed, 62 insertions, 29 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..5a4659a5a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -699,6 +699,23 @@ class CI_Input { return (php_sapi_name() === 'cli' OR defined('STDIN')); } + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method + * + * @param bool uppercase or lowercase + * @return bool + */ + public function method($upper = FALSE) + { + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); + } + } /* End of file Input.php */ diff --git a/system/core/Security.php b/system/core/Security.php index 6f25fb5bb..2bffa41b7 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -138,8 +138,8 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) === 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 668b034d4..4a48df27e 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -5,9 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -94,16 +94,15 @@ if ( ! function_exists('create_captcha')) // Remove old images // ----------------------------------- - list($usec, $sec) = explode(" ", microtime()); - $now = ((float)$usec + (float)$sec); + $now = microtime(TRUE); $current_dir = @opendir($img_path); while ($filename = @readdir($current_dir)) { - if ($filename != "." and $filename != ".." and $filename != "index.html") + if ($filename != '.' && $filename != '..' && $filename != 'index.html') { - $name = str_replace(".jpg", "", $filename); + $name = str_replace('.jpg', '', $filename); if (($name + $expiration) < $now) { @@ -198,7 +197,7 @@ if ( ! function_exists('create_captcha')) // Write the text // ----------------------------------- - $use_font = ($font_path != '' AND file_exists($font_path) AND function_exists('imagettftext')) ? TRUE : FALSE; + $use_font = ($font_path != '' && file_exists($font_path) && function_exists('imagettftext')) ? TRUE : FALSE; if ($use_font == FALSE) { diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index cdb3d3d62..bd8b7c216 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -65,7 +65,7 @@ class CI_Form_validation { mb_internal_encoding($this->CI->config->item('charset')); } - log_message('debug', "Form Validation Class Initialized"); + log_message('debug', 'Form Validation Class Initialized'); } // -------------------------------------------------------------------- @@ -84,7 +84,7 @@ class CI_Form_validation { { // No reason to set rules if we have no POST data // or a validation array has not been specified - if (count($_POST) === 0 && count($this->validation_data) === 0) + if ($this->CI->input->method() !== 'post' && empty($this->validation_data)) { return $this; } @@ -165,9 +165,9 @@ class CI_Form_validation { * * If an array is set through this method, then this array will * be used instead of the $_POST array - * - * Note that if you are validating multiple arrays, then the - * reset_validation() function should be called after validating + * + * Note that if you are validating multiple arrays, then the + * reset_validation() function should be called after validating * each array due to the limitations of CI's singleton * * @param array $data @@ -1156,15 +1156,14 @@ class CI_Form_validation { } // -------------------------------------------------------------------- - + /** * Equal to or Greater than * - * @access public * @param string * @return bool */ - function greater_than_equal_to($str, $min) + public function greater_than_equal_to($str, $min) { if ( ! is_numeric($str)) { @@ -1195,11 +1194,10 @@ class CI_Form_validation { /** * Equal to or Less than * - * @access public * @param string * @return bool */ - function less_than_equal_to($str, $max) + public function less_than_equal_to($str, $max) { if ( ! is_numeric($str)) { @@ -1351,7 +1349,7 @@ class CI_Form_validation { * Prevents subsequent validation routines from being affected by the * results of any previous validation routine due to the CI singleton. * - * @return void + * @return void */ public function reset_validation() { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index b5fb52df4..587c64c5a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -97,6 +97,7 @@ Release Date: Not Released - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). - is_loaded() function from system/core/Commons.php now returns a reference. - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available. + - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD']. Bug fixes for 3.0 ------------------ @@ -146,6 +147,8 @@ Bug fixes for 3.0 - Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL. - Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. - Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. +- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`. +- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. Version 2.1.1 ============= diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index bc545b483..673fbd4bb 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -188,17 +188,23 @@ application/libraries/MY_Email.php, and declare your class with:: } -Note: If you need to use a constructor in your class make sure you +If you need to use a constructor in your class make sure you extend the parent constructor:: class MY_Email extends CI_Email { - public function __construct() - { - parent::__construct(); - } + public function __construct($config = array()) + { + parent::__construct($config); + } + } +.. note:: + Not all of the libraries have the same (or any) parameters + in their constructor. Take a look at the library that you're + extending first to see how it should be implemented. + Loading Your Sub-class ---------------------- diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 5aa64d032..39b389f09 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -869,7 +869,7 @@ Rule Parameter Description underscores or dashes. **numeric** No Returns FALSE if the form element contains anything other than numeric characters. **integer** No Returns FALSE if the form element contains anything other than an integer. -**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. +**decimal** No Returns FALSE if the form element contains anything other than a decimal number. **is_natural** No Returns FALSE if the form element contains anything other than a natural number: 0, 1, 2, 3, etc. **is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index bcf117358..1f2ea650a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -99,7 +99,7 @@ The function returns FALSE (boolean) if there are no items in the POST. :: - $this->input->post(NULL, TRUE); // returns all POST items with XSS filter + $this->input->post(NULL, TRUE); // returns all POST items with XSS filter $this->input->post(); // returns all POST items without XSS filter $this->input->get() @@ -119,9 +119,9 @@ The function returns FALSE (boolean) if there are no items in the GET. :: - $this->input->get(NULL, TRUE); // returns all GET items with XSS filter + $this->input->get(NULL, TRUE); // returns all GET items with XSS filter $this->input->get(); // returns all GET items without XSS filtering - + $this->input->get_post() ========================= @@ -298,3 +298,13 @@ see if PHP is being run on the command line. $this->input->is_cli_request() +$this->input->method(); +===================================== + +Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase). + +:: + + echo $this->input->method(TRUE); // Outputs: POST + echo $this->input->method(FALSE); // Outputs: post + echo $this->input->method(); // Outputs: post |