diff options
| author | Timothy Warren <tim@timshomepage.net> | 2011-09-06 20:40:34 +0200 |
|---|---|---|
| committer | Timothy Warren <tim@timshomepage.net> | 2011-09-06 20:40:34 +0200 |
| commit | f22ce8f368e64b1c343e06427e8dad1ab1cef2a4 (patch) | |
| tree | f0552e9318a541e82c3375646fc870490d835e12 | |
| parent | 36fb8de7bf385036f3145dd1fbd9537f6a01ac36 (diff) | |
| parent | 40d1a7684444f6a8eb4cda23d8822f0b258f0c3e (diff) | |
Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into develop
38 files changed, 518 insertions, 286 deletions
diff --git a/application/config/config.php b/application/config/config.php index 7554f994a..a6d10d8dc 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -79,6 +79,8 @@ $config['language'] = 'english'; | This determines which character set is used by default in various methods | that require a character set to be provided. | +| See http://php.net/htmlspecialchars for a list of supported charsets. +| */ $config['charset'] = 'UTF-8'; @@ -296,11 +298,13 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_token_name' = The token name | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire. +| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; +$config['csrf_exclude_uris'] = array(); /* |-------------------------------------------------------------------------- diff --git a/application/config/mimes.php b/application/config/mimes.php index 82767d7c8..206329fde 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -8,10 +8,10 @@ | */ -$mimes = array( 'hqx' => 'application/mac-binhex40', +$mimes = array('hqx' => array('application/mac-binhex40', 'application/mac-binhex', 'application/x-binhex40', 'application/x-mac-binhex40'), 'cpt' => 'application/mac-compactpro', 'csv' => array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel'), - 'bin' => 'application/macbinary', + 'bin' => array('application/macbinary', 'application/mac-binary', 'application/octet-stream', 'application/x-binary', 'application/x-macbinary'), 'dms' => 'application/octet-stream', 'lha' => 'application/octet-stream', 'lzh' => 'application/octet-stream', @@ -39,6 +39,7 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'dvi' => 'application/x-dvi', 'gtar' => 'application/x-gtar', 'gz' => 'application/x-gzip', + 'gzip' => 'application/x-gzip', 'php' => 'application/x-httpd-php', 'php4' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php', @@ -51,14 +52,14 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'tgz' => array('application/x-tar', 'application/x-gzip-compressed'), 'xhtml' => 'application/xhtml+xml', 'xht' => 'application/xhtml+xml', - 'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'), + 'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'), 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mpga' => 'audio/mpeg', 'mp2' => 'audio/mpeg', 'mp3' => array('audio/mpeg', 'audio/mpg', 'audio/mpeg3', 'audio/mp3'), - 'aif' => 'audio/x-aiff', - 'aiff' => 'audio/x-aiff', + 'aif' => array('audio/x-aiff', 'audio/aiff'), + 'aiff' => array('audio/x-aiff', 'audio/aiff'), 'aifc' => 'audio/x-aiff', 'ram' => 'audio/x-pn-realaudio', 'rm' => 'audio/x-pn-realaudio', @@ -66,7 +67,7 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'ra' => 'audio/x-realaudio', 'rv' => 'video/vnd.rn-realvideo', 'wav' => 'audio/x-wav', - 'bmp' => 'image/bmp', + 'bmp' => array('image/bmp', 'image/x-windows-bmp'), 'gif' => 'image/gif', 'jpeg' => array('image/jpeg', 'image/pjpeg'), 'jpg' => array('image/jpeg', 'image/pjpeg'), @@ -90,7 +91,7 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'mpe' => 'video/mpeg', 'qt' => 'video/quicktime', 'mov' => 'video/quicktime', - 'avi' => 'video/x-msvideo', + 'avi' => array('video/x-msvideo', 'video/msvideo', 'video/avi', 'application/x-troff-msvideo'), 'movie' => 'video/x-sgi-movie', 'doc' => 'application/msword', 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', @@ -98,7 +99,40 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'word' => array('application/msword', 'application/octet-stream'), 'xl' => 'application/excel', 'eml' => 'message/rfc822', - 'json' => array('application/json', 'text/json') + 'json' => array('application/json', 'text/json'), + 'pem' => array('application/x-x509-user-cert', 'application/x-pem-file', 'application/octet-stream'), + 'p10' => array('application/x-pkcs10', 'application/pkcs10'), + 'p12' => 'application/x-pkcs12', + 'p7a' => 'application/x-pkcs7-signature', + 'p7c' => array('application/pkcs7-mime', 'application/x-pkcs7-mime'), + 'p7m' => array('application/pkcs7-mime', 'application/x-pkcs7-mime'), + 'p7r' => 'application/x-pkcs7-certreqresp', + 'p7s' => 'application/pkcs7-signature', + 'crt' => array('application/x-x509-ca-cert', 'application/x-x509-user-cert', 'application/pkix-cert'), + 'crl' => array('application/pkix-crl', 'application/pkcs-crl'), + 'der' => 'application/x-x509-ca-cert', + 'kdb' => 'application/octet-stream', + 'pgp' => 'application/pgp', + 'gpg' => 'application/gpg-keys', + 'sst' => 'application/octet-stream', + 'csr' => 'application/octet-stream', + 'rsa' => 'application/x-pkcs7', + 'cer' => array('application/pkix-cert', 'application/x-x509-ca-cert'), + '3g2' => 'video/3gpp2', + '3gp' => 'video/3gp', + 'mp4' => 'video/mp4', + 'm4a' => 'audio/x-m4a', + 'f4v' => 'video/mp4', + 'aac' => 'audio/x-acc', + 'm4u' => 'application/vnd.mpegurl', + 'm3u' => 'text/plain', + 'xspf' => 'application/xspf+xml', + 'vlc' => 'application/videolan', + 'wmv' => 'video/x-ms-wmv', + 'au' => 'audio/x-au', + 'ac3' => 'audio/ac3', + 'flac' => 'audio/x-flac', + 'ogg' => 'audio/ogg', ); diff --git a/application/config/routes.php b/application/config/routes.php index 5f9a58343..f30a0d1f2 100644 --- a/application/config/routes.php +++ b/application/config/routes.php @@ -23,7 +23,7 @@ | RESERVED ROUTES | ------------------------------------------------------------------------- | -| There area two reserved routes: +| There are two reserved routes: | | $route['default_controller'] = 'welcome'; | diff --git a/application/config/smileys.php b/application/config/smileys.php index 25d28b2c4..38f02a9e0 100644 --- a/application/config/smileys.php +++ b/application/config/smileys.php @@ -60,7 +60,7 @@ $smileys = array( ':exclaim:' => array('exclaim.gif', '19', '19', 'excaim'), ':question:' => array('question.gif', '19', '19', 'question') // no comma after last item - ); +); /* End of file smileys.php */ /* Location: ./application/config/smileys.php */
\ No newline at end of file diff --git a/application/config/user_agents.php b/application/config/user_agents.php index e2d3c3af0..9080b43f6 100644 --- a/application/config/user_agents.php +++ b/application/config/user_agents.php @@ -11,167 +11,169 @@ */ $platforms = array ( - 'windows nt 6.0' => 'Windows Longhorn', + 'windows nt 6.1' => 'Windows 7', + 'windows nt 6.0' => 'Windows Vista', 'windows nt 5.2' => 'Windows 2003', - 'windows nt 5.0' => 'Windows 2000', 'windows nt 5.1' => 'Windows XP', + 'windows nt 5.0' => 'Windows 2000', 'windows nt 4.0' => 'Windows NT 4.0', - 'winnt4.0' => 'Windows NT 4.0', - 'winnt 4.0' => 'Windows NT', - 'winnt' => 'Windows NT', + 'winnt4.0' => 'Windows NT 4.0', + 'winnt 4.0' => 'Windows NT', + 'winnt' => 'Windows NT', 'windows 98' => 'Windows 98', - 'win98' => 'Windows 98', + 'win98' => 'Windows 98', 'windows 95' => 'Windows 95', - 'win95' => 'Windows 95', - 'windows' => 'Unknown Windows OS', - 'os x' => 'Mac OS X', - 'ppc mac' => 'Power PC Mac', - 'freebsd' => 'FreeBSD', - 'ppc' => 'Macintosh', - 'linux' => 'Linux', - 'debian' => 'Debian', - 'sunos' => 'Sun Solaris', - 'beos' => 'BeOS', + 'win95' => 'Windows 95', + 'windows' => 'Unknown Windows OS', + 'os x' => 'Mac OS X', + 'ppc mac' => 'Power PC Mac', + 'freebsd' => 'FreeBSD', + 'ppc' => 'Macintosh', + 'linux' => 'Linux', + 'debian' => 'Debian', + 'sunos' => 'Sun Solaris', + 'beos' => 'BeOS', 'apachebench' => 'ApacheBench', - 'aix' => 'AIX', - 'irix' => 'Irix', - 'osf' => 'DEC OSF', - 'hp-ux' => 'HP-UX', - 'netbsd' => 'NetBSD', - 'bsdi' => 'BSDi', - 'openbsd' => 'OpenBSD', - 'gnu' => 'GNU/Linux', - 'unix' => 'Unknown Unix OS' + 'aix' => 'AIX', + 'irix' => 'Irix', + 'osf' => 'DEC OSF', + 'hp-ux' => 'HP-UX', + 'netbsd' => 'NetBSD', + 'bsdi' => 'BSDi', + 'openbsd' => 'OpenBSD', + 'gnu' => 'GNU/Linux', + 'unix' => 'Unknown Unix OS' ); // The order of this array should NOT be changed. Many browsers return // multiple browser types so we want to identify the sub-type first. $browsers = array( - 'Flock' => 'Flock', - 'Chrome' => 'Chrome', - 'Opera' => 'Opera', - 'MSIE' => 'Internet Explorer', + 'Flock' => 'Flock', + 'Chrome' => 'Chrome', + 'Opera' => 'Opera', + 'MSIE' => 'Internet Explorer', 'Internet Explorer' => 'Internet Explorer', - 'Shiira' => 'Shiira', - 'Firefox' => 'Firefox', - 'Chimera' => 'Chimera', - 'Phoenix' => 'Phoenix', - 'Firebird' => 'Firebird', - 'Camino' => 'Camino', - 'Netscape' => 'Netscape', - 'OmniWeb' => 'OmniWeb', - 'Safari' => 'Safari', - 'Mozilla' => 'Mozilla', - 'Konqueror' => 'Konqueror', - 'icab' => 'iCab', - 'Lynx' => 'Lynx', - 'Links' => 'Links', - 'hotjava' => 'HotJava', - 'amaya' => 'Amaya', - 'IBrowse' => 'IBrowse' + 'Shiira' => 'Shiira', + 'Firefox' => 'Firefox', + 'Chimera' => 'Chimera', + 'Phoenix' => 'Phoenix', + 'Firebird' => 'Firebird', + 'Camino' => 'Camino', + 'Netscape' => 'Netscape', + 'OmniWeb' => 'OmniWeb', + 'Safari' => 'Safari', + 'Mozilla' => 'Mozilla', + 'Konqueror' => 'Konqueror', + 'icab' => 'iCab', + 'Lynx' => 'Lynx', + 'Links' => 'Links', + 'hotjava' => 'HotJava', + 'amaya' => 'Amaya', + 'IBrowse' => 'IBrowse' ); $mobiles = array( // legacy array, old values commented out 'mobileexplorer' => 'Mobile Explorer', -// 'openwave' => 'Open Wave', +// 'openwave' => 'Open Wave', // 'opera mini' => 'Opera Mini', -// 'operamini' => 'Opera Mini', -// 'elaine' => 'Palm', +// 'operamini' => 'Opera Mini', +// 'elaine' => 'Palm', 'palmsource' => 'Palm', // 'digital paths' => 'Palm', -// 'avantgo' => 'Avantgo', -// 'xiino' => 'Xiino', - 'palmscape' => 'Palmscape', -// 'nokia' => 'Nokia', -// 'ericsson' => 'Ericsson', +// 'avantgo' => 'Avantgo', +// 'xiino' => 'Xiino', + 'palmscape' => 'Palmscape', +// 'nokia' => 'Nokia', +// 'ericsson' => 'Ericsson', // 'blackberry' => 'BlackBerry', -// 'motorola' => 'Motorola' +// 'motorola' => 'Motorola' // Phones and Manufacturers - 'motorola' => "Motorola", - 'nokia' => "Nokia", - 'palm' => "Palm", - 'iphone' => "Apple iPhone", - 'ipad' => "iPad", - 'ipod' => "Apple iPod Touch", - 'sony' => "Sony Ericsson", - 'ericsson' => "Sony Ericsson", + 'motorola' => "Motorola", + 'nokia' => "Nokia", + 'palm' => "Palm", + 'iphone' => "Apple iPhone", + 'ipad' => "iPad", + 'ipod' => "Apple iPod Touch", + 'sony' => "Sony Ericsson", + 'ericsson' => "Sony Ericsson", 'blackberry' => "BlackBerry", - 'cocoon' => "O2 Cocoon", - 'blazer' => "Treo", - 'lg' => "LG", - 'amoi' => "Amoi", - 'xda' => "XDA", - 'mda' => "MDA", - 'vario' => "Vario", - 'htc' => "HTC", - 'samsung' => "Samsung", - 'sharp' => "Sharp", - 'sie-' => "Siemens", - 'alcatel' => "Alcatel", - 'benq' => "BenQ", - 'ipaq' => "HP iPaq", - 'mot-' => "Motorola", + 'cocoon' => "O2 Cocoon", + 'blazer' => "Treo", + 'lg' => "LG", + 'amoi' => "Amoi", + 'xda' => "XDA", + 'mda' => "MDA", + 'vario' => "Vario", + 'htc' => "HTC", + 'samsung' => "Samsung", + 'sharp' => "Sharp", + 'sie-' => "Siemens", + 'alcatel' => "Alcatel", + 'benq' => "BenQ", + 'ipaq' => "HP iPaq", + 'mot-' => "Motorola", 'playstation portable' => "PlayStation Portable", - 'hiptop' => "Danger Hiptop", - 'nec-' => "NEC", - 'panasonic' => "Panasonic", - 'philips' => "Philips", - 'sagem' => "Sagem", - 'sanyo' => "Sanyo", - 'spv' => "SPV", - 'zte' => "ZTE", - 'sendo' => "Sendo", + 'hiptop' => "Danger Hiptop", + 'nec-' => "NEC", + 'panasonic' => "Panasonic", + 'philips' => "Philips", + 'sagem' => "Sagem", + 'sanyo' => "Sanyo", + 'spv' => "SPV", + 'zte' => "ZTE", + 'sendo' => "Sendo", - // Operating Systems - 'symbian' => "Symbian", - 'SymbianOS' => "SymbianOS", - 'elaine' => "Palm", - 'palm' => "Palm", - 'series60' => "Symbian S60", - 'windows ce' => "Windows CE", +// Operating Systems + 'android' => "Android", + 'symbian' => "Symbian", + 'SymbianOS' => "SymbianOS", + 'elaine' => "Palm", + 'palm' => "Palm", + 'series60' => "Symbian S60", + 'windows ce' => "Windows CE", // Browsers - 'obigo' => "Obigo", - 'netfront' => "Netfront Browser", - 'openwave' => "Openwave Browser", - 'mobilexplorer' => "Mobile Explorer", - 'operamini' => "Opera Mini", - 'opera mini' => "Opera Mini", + 'obigo' => "Obigo", + 'netfront' => "Netfront Browser", + 'openwave' => "Openwave Browser", + 'mobilexplorer' => "Mobile Explorer", + 'operamini' => "Opera Mini", + 'opera mini' => "Opera Mini", // Other - 'digital paths' => "Digital Paths", - 'avantgo' => "AvantGo", - 'xiino' => "Xiino", - 'novarra' => "Novarra Transcoder", - 'vodafone' => "Vodafone", - 'docomo' => "NTT DoCoMo", - 'o2' => "O2", + 'digital paths' => "Digital Paths", + 'avantgo' => "AvantGo", + 'xiino' => "Xiino", + 'novarra' => "Novarra Transcoder", + 'vodafone' => "Vodafone", + 'docomo' => "NTT DoCoMo", + 'o2' => "O2", // Fallback - 'mobile' => "Generic Mobile", - 'wireless' => "Generic Mobile", - 'j2me' => "Generic Mobile", - 'midp' => "Generic Mobile", - 'cldc' => "Generic Mobile", - 'up.link' => "Generic Mobile", - 'up.browser' => "Generic Mobile", - 'smartphone' => "Generic Mobile", - 'cellphone' => "Generic Mobile" + 'mobile' => "Generic Mobile", + 'wireless' => "Generic Mobile", + 'j2me' => "Generic Mobile", + 'midp' => "Generic Mobile", + 'cldc' => "Generic Mobile", + 'up.link' => "Generic Mobile", + 'up.browser' => "Generic Mobile", + 'smartphone' => "Generic Mobile", + 'cellphone' => "Generic Mobile" ); // There are hundreds of bots but these are the most common. $robots = array( - 'googlebot' => 'Googlebot', - 'msnbot' => 'MSNBot', - 'slurp' => 'Inktomi Slurp', - 'yahoo' => 'Yahoo', - 'askjeeves' => 'AskJeeves', + 'googlebot' => 'Googlebot', + 'msnbot' => 'MSNBot', + 'slurp' => 'Inktomi Slurp', + 'yahoo' => 'Yahoo', + 'askjeeves' => 'AskJeeves', 'fastcrawler' => 'FastCrawler', - 'infoseek' => 'InfoSeek Robot 1.0', - 'lycos' => 'Lycos' + 'infoseek' => 'InfoSeek Robot 1.0', + 'lycos' => 'Lycos' ); /* End of file user_agents.php */ diff --git a/readme.md b/readme.md new file mode 100644 index 000000000..7919465d6 --- /dev/null +++ b/readme.md @@ -0,0 +1,11 @@ +# What is CodeIgniter + +CodeIgniter is an Application Development Framework - a toolkit - for people who build web sites using PHP. Its goal is to enable you to develop projects much faster than you could if you were writing code from scratch, by providing a rich set of libraries for commonly needed tasks, as well as a simple interface and logical structure to access these libraries. CodeIgniter lets you creatively focus on your project by minimizing the amount of code needed for a given task. + +# Resources + + * [User Guide](http://codeigniter.com/user_guide/) + * [Community Forums](http://codeigniter.com/forums/) + * [User Voice](http://codeigniter.uservoice.com/forums/40508-codeigniter-reactor) + * [Community Wiki](http://codeigniter.com/wiki/) + * [Community IRC](http://codeigniter.com/irc/)
\ No newline at end of file diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 0a1391d18..aca4fb23c 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -39,7 +39,7 @@ * @var string * */ - define('CI_VERSION', '2.0.2'); + define('CI_VERSION', '2.1.0-dev'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/system/core/Common.php b/system/core/Common.php index db9fbeb9f..d79375475 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -132,9 +132,9 @@ if ( ! function_exists('load_class')) $name = FALSE; - // Look for the class first in the native system/libraries folder - // thenin the local application/libraries folder - foreach (array(BASEPATH, APPPATH) as $path) + // Look for the class first in the local application/libraries folder + // then in the native system/libraries folder + foreach (array(APPPATH, BASEPATH) as $path) { if (file_exists($path.$directory.'/'.$class.'.php')) { @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/system/core/Input.php b/system/core/Input.php index 5a033e7b8..0dc2c4550 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -323,13 +323,13 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; + $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR')) + elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) { - $this->ip_address = $_SERVER['REMOTE_ADDR']; + $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } elseif ($this->server('HTTP_CLIENT_IP')) { diff --git a/system/core/Lang.php b/system/core/Lang.php index 5ac671838..d61d1029a 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -112,7 +112,7 @@ class CI_Lang { } - if ( ! isset($lang)) + if ( ! isset($lang) OR ! is_array($lang)) { log_message('error', 'Language file contains no data: language/'.$idiom.'/'.$langfile); return; @@ -124,7 +124,7 @@ class CI_Lang { } $this->is_loaded[] = $langfile; - $this->language = array_merge($this->language, $lang); + $this->language = $this->language + $lang; unset($lang); log_message('debug', 'Language file loaded: language/'.$idiom.'/'.$langfile); diff --git a/system/core/Loader.php b/system/core/Loader.php index 452dc0b4c..de0fc06d2 100755 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1106,7 +1106,7 @@ class CI_Loader { * @param array * @return void */ - private function _ci_autoloader() + protected function _ci_autoloader() { if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) { diff --git a/system/core/Security.php b/system/core/Security.php index dcc680a11..e99418bdd 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -33,6 +33,7 @@ class CI_Security { * @access protected */ protected $_xss_hash = ''; + /** * Random Hash for Cross Site Request Forgery Protection Cookie * @@ -40,6 +41,7 @@ class CI_Security { * @access protected */ protected $_csrf_hash = ''; + /** * Expiration time for Cross Site Request Forgery Protection Cookie * Defaults to two hours (in seconds) @@ -48,6 +50,7 @@ class CI_Security { * @access protected */ protected $_csrf_expire = 7200; + /** * Token name for Cross Site Request Forgery Protection Cookie * @@ -55,6 +58,7 @@ class CI_Security { * @access protected */ protected $_csrf_token_name = 'ci_csrf_token'; + /** * Cookie name for Cross Site Request Forgery Protection Cookie * @@ -62,12 +66,14 @@ class CI_Security { * @access protected */ protected $_csrf_cookie_name = 'ci_csrf_token'; + /** * List of never allowed strings * * @var array * @access protected */ + protected $_never_allowed_str = array( 'document.cookie' => '[removed]', 'document.write' => '[removed]', @@ -80,7 +86,6 @@ class CI_Security { '<![CDATA[' => '<![CDATA[' ); - /* never allowed, regex replacement */ /** * List of never allowed regex replacement * @@ -134,6 +139,16 @@ class CI_Security { { return $this->csrf_set_cookie(); } + + // Check if URI has been whitelisted from CSRF checks + if ($exclude_uris = config_item('csrf_exclude_uris')) + { + $uri = load_class('URI', 'core'); + if (in_array($uri->uri_string(), $exclude_uris)) + { + return $this; + } + } // Do the tokens exist in both the _POST and _COOKIE arrays? if ( ! isset($_POST[$this->_csrf_token_name]) OR @@ -156,9 +171,9 @@ class CI_Security { unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_set_hash(); $this->csrf_set_cookie(); - - log_message('debug', "CSRF token verified "); - + + log_message('debug', "CSRF token verified"); + return $this; } @@ -510,9 +525,17 @@ class CI_Security { * @param string * @return string */ - public function entity_decode($str, $charset='UTF-8') + public function entity_decode($str, $charset = NULL) { - if (stristr($str, '&') === FALSE) return $str; + if (stristr($str, '&') === FALSE) + { + return $str; + } + + if (empty($charset)) + { + $charset = config_item('charset'); + } // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon @@ -869,7 +892,6 @@ class CI_Security { } } -// END Security Class /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ +/* Location: ./system/libraries/Security.php */
\ No newline at end of file diff --git a/system/core/URI.php b/system/core/URI.php index a3ae20cc3..8946bc76b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -175,7 +175,7 @@ class CI_URI { * @access private * @return string */ - private function _detect_uri() + protected function _detect_uri() { if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME'])) { @@ -232,7 +232,7 @@ class CI_URI { * @access private * @return string */ - private function _parse_cli_args() + protected function _parse_cli_args() { $args = array_slice($_SERVER['argv'], 1); diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 37d162bc1..89766e304 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -894,7 +894,7 @@ class CI_DB_active_record extends CI_DB_driver { */ public function offset($offset) { - $this->ar_offset = $offset; + $this->ar_offset = (int) $offset; return $this; } diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index f9bf118fb..f3c6e41ad 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -251,9 +251,10 @@ class CI_DB_driver { { if ($sql == '') { + log_message('error', 'Invalid query: '.$sql); + if ($this->db_debug) { - log_message('error', 'Invalid query: '.$sql); return $this->display_error('db_invalid_query'); } return FALSE; @@ -306,21 +307,23 @@ class CI_DB_driver { // This will trigger a rollback if transactions are being used $this->_trans_status = FALSE; + // Grab the error number and message now, as we might run some + // additional queries before displaying the error + $error_no = $this->_error_number(); + $error_msg = $this->_error_message(); + + // Log errors + log_message('error', 'Query error: '.$error_msg); + if ($this->db_debug) { - // grab the error number and message now, as we might run some - // additional queries before displaying the error - $error_no = $this->_error_number(); - $error_msg = $this->_error_message(); - // We call this function in order to roll-back queries // if transactions are enabled. If we don't call this here // the error message will trigger an exit, causing the // transactions to remain in limbo. $this->trans_complete(); - // Log and display errors - log_message('error', 'Query error: '.$error_msg); + // Display errors return $this->display_error( array( 'Error Number: '.$error_no, diff --git a/system/database/drivers/mysql/mysql_result.php b/system/database/drivers/mysql/mysql_result.php index 2d2905c98..6ceaf4b9b 100644 --- a/system/database/drivers/mysql/mysql_result.php +++ b/system/database/drivers/mysql/mysql_result.php @@ -86,10 +86,10 @@ class CI_DB_mysql_result extends CI_DB_result { $retval = array(); while ($field = mysql_fetch_object($this->result_id)) { - preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + preg_match('/([a-zA-Z]+)(\((\d+)\))?/i', $field->Type, $matches); $type = $matches[1]; - $length = (int)$matches[2]; + $length = isset($matches[3]) ? (int) $matches[3] : NULL; $F = new stdClass(); $F->name = $field->Field; diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php index ac863056a..bbfb8481a 100644 --- a/system/database/drivers/mysqli/mysqli_result.php +++ b/system/database/drivers/mysqli/mysqli_result.php @@ -86,10 +86,10 @@ class CI_DB_mysqli_result extends CI_DB_result { $retval = array(); while ($field = mysqli_fetch_object($this->result_id)) { - preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + preg_match('/([a-zA-Z]+)(\((\d+)\))?/i', $field->Type, $matches); $type = $matches[1]; - $length = (int)$matches[2]; + $length = isset($matches[3]) ? (int) $matches[3] : NULL; $F = new stdClass(); $F->name = $field->Field; diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 42cfaaefb..d4adfd528 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -404,6 +404,7 @@ class CI_DB_oci8_driver extends CI_DB { } $str = remove_invisible_characters($str); + $str = str_replace("'", "''", $str); // escape LIKE condition wildcards if ($like === TRUE) diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 5e764e071..08cd27b6c 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -50,7 +50,7 @@ class CI_DB_odbc_driver extends CI_DB { function CI_DB_odbc_driver($params) { - parent::CI_DB($params); + parent::CI_DB_driver($params); $this->_random_keyword = ' RND('.time().')'; // database specific random keyword } diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 6c559bb25..e14bc2f94 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -54,10 +54,8 @@ if ( ! function_exists('now')) return $system_time; } - else - { - return time(); - } + + return time(); } } @@ -85,12 +83,18 @@ if ( ! function_exists('mdate')) function mdate($datestr = '', $time = '') { if ($datestr == '') - return ''; + { + return ''; + } - if ($time == '') - $time = now(); + $time = ($time == '') ? now() : $time; + + $datestr = str_replace( + '%\\', + '', + preg_replace("/([a-z]+?){1}/i", "\\\\\\1", $datestr) + ); - $datestr = str_replace('%\\', '', preg_replace("/([a-z]+?){1}/i", "\\\\\\1", $datestr)); return date($datestr, $time); } } @@ -162,14 +166,7 @@ if ( ! function_exists('timespan')) $time = time(); } - if ($time <= $seconds) - { - $seconds = 1; - } - else - { - $seconds = $time - $seconds; - } + $seconds = ($time <= $seconds) ? 1 : $time - $seconds; $str = ''; $years = floor($seconds / 31536000); @@ -303,9 +300,18 @@ if ( ! function_exists('local_to_gmt')) function local_to_gmt($time = '') { if ($time == '') + { $time = time(); - - return mktime( gmdate("H", $time), gmdate("i", $time), gmdate("s", $time), gmdate("m", $time), gmdate("d", $time), gmdate("Y", $time)); + } + + return mktime( + gmdate("H", $time), + gmdate("i", $time), + gmdate("s", $time), + gmdate("m", $time), + gmdate("d", $time), + gmdate("Y", $time) + ); } } @@ -366,14 +372,14 @@ if ( ! function_exists('mysql_to_unix')) $time = str_replace(' ', '', $time); // YYYYMMDDHHMMSS - return mktime( - substr($time, 8, 2), - substr($time, 10, 2), - substr($time, 12, 2), - substr($time, 4, 2), - substr($time, 6, 2), - substr($time, 0, 4) - ); + return mktime( + substr($time, 8, 2), + substr($time, 10, 2), + substr($time, 12, 2), + substr($time, 4, 2), + substr($time, 6, 2), + substr($time, 0, 4) + ); } } @@ -475,13 +481,19 @@ if ( ! function_exists('human_to_unix')) $ampm = strtolower($split['2']); if (substr($ampm, 0, 1) == 'p' AND $hour < 12) - $hour = $hour + 12; + { + $hour = $hour + 12; + } if (substr($ampm, 0, 1) == 'a' AND $hour == 12) + { $hour = '00'; - + } + if (strlen($hour) == 1) - $hour = '0'.$hour; + { + $hour = '0'.$hour; + } } return mktime($hour, $min, $sec, $month, $day, $year); @@ -501,16 +513,16 @@ if ( ! function_exists('human_to_unix')) */ if ( ! function_exists('nice_date')) { - function nice_date($bad_date='', $format=false) + function nice_date($bad_date = '', $format = FALSE) { if (empty($bad_date)) { return 'Unknown'; } + // Date like: YYYYMM - if (preg_match('/^\d{6}$/',$bad_date)) + if (preg_match('/^\d{6}$/', $bad_date)) { - //echo $bad_date." "; if (in_array(substr($bad_date, 0, 2),array('19', '20'))) { $year = substr($bad_date, 0, 4); @@ -521,8 +533,8 @@ if ( ! function_exists('nice_date')) $month = substr($bad_date, 0, 2); $year = substr($bad_date, 2, 4); } + return date($format, strtotime($year . '-' . $month . '-01')); - } // Date Like: YYYYMMDD @@ -531,6 +543,7 @@ if ( ! function_exists('nice_date')) $month = substr($bad_date, 0, 2); $day = substr($bad_date, 2, 2); $year = substr($bad_date, 4, 4); + return date($format, strtotime($month . '/01/' . $year)); } @@ -574,8 +587,7 @@ if ( ! function_exists('timezone_menu')) $CI =& get_instance(); $CI->lang->load('date'); - if ($default == 'GMT') - $default = 'UTC'; + $default = ($default == 'GMT') ? 'UTC' : $default; $menu = '<select name="'.$name.'"'; @@ -618,60 +630,58 @@ if ( ! function_exists('timezones')) // some items appear to be in the wrong order $zones = array( - 'UM12' => -12, - 'UM11' => -11, - 'UM10' => -10, - 'UM95' => -9.5, - 'UM9' => -9, - 'UM8' => -8, - 'UM7' => -7, - 'UM6' => -6, - 'UM5' => -5, - 'UM45' => -4.5, - 'UM4' => -4, - 'UM35' => -3.5, - 'UM3' => -3, - 'UM2' => -2, - 'UM1' => -1, - 'UTC' => 0, - 'UP1' => +1, - 'UP2' => +2, - 'UP3' => +3, - 'UP35' => +3.5, - 'UP4' => +4, - 'UP45' => +4.5, - 'UP5' => +5, - 'UP55' => +5.5, - 'UP575' => +5.75, - 'UP6' => +6, - 'UP65' => +6.5, - 'UP7' => +7, - 'UP8' => +8, - 'UP875' => +8.75, - 'UP9' => +9, - 'UP95' => +9.5, - 'UP10' => +10, - 'UP105' => +10.5, - 'UP11' => +11, - 'UP115' => +11.5, - 'UP12' => +12, - 'UP1275' => +12.75, - 'UP13' => +13, - 'UP14' => +14 - ); + 'UM12' => -12, + 'UM11' => -11, + 'UM10' => -10, + 'UM95' => -9.5, + 'UM9' => -9, + 'UM8' => -8, + 'UM7' => -7, + 'UM6' => -6, + 'UM5' => -5, + 'UM45' => -4.5, + 'UM4' => -4, + 'UM35' => -3.5, + 'UM3' => -3, + 'UM2' => -2, + 'UM1' => -1, + 'UTC' => 0, + 'UP1' => +1, + 'UP2' => +2, + 'UP3' => +3, + 'UP35' => +3.5, + 'UP4' => +4, + 'UP45' => +4.5, + 'UP5' => +5, + 'UP55' => +5.5, + 'UP575' => +5.75, + 'UP6' => +6, + 'UP65' => +6.5, + 'UP7' => +7, + 'UP8' => +8, + 'UP875' => +8.75, + 'UP9' => +9, + 'UP95' => +9.5, + 'UP10' => +10, + 'UP105' => +10.5, + 'UP11' => +11, + 'UP115' => +11.5, + 'UP12' => +12, + 'UP1275' => +12.75, + 'UP13' => +13, + 'UP14' => +14 + ); if ($tz == '') { return $zones; } - - if ($tz == 'GMT') - $tz = 'UTC'; - + + $tz = ($tz == 'GMT') ? 'UTC' : $tz; + return ( ! isset($zones[$tz])) ? 0 : $zones[$tz]; } } - /* End of file date_helper.php */ /* Location: ./system/helpers/date_helper.php */
\ No newline at end of file diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d9305c00b..130daee6a 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -642,11 +642,8 @@ if ( ! function_exists('form_prep')) { return $str; } - - $str = htmlspecialchars($str); - - // In case htmlspecialchars misses these. - $str = str_replace(array("'", '"'), array("'", """), $str); + + $str = html_escape($str); if ($field_name != '') { diff --git a/system/helpers/typography_helper.php b/system/helpers/typography_helper.php index 19b4eec03..82e686e53 100644 --- a/system/helpers/typography_helper.php +++ b/system/helpers/typography_helper.php @@ -39,9 +39,7 @@ if ( ! function_exists('nl2br_except_pre')) function nl2br_except_pre($str) { $CI =& get_instance(); - $CI->load->library('typography'); - return $CI->typography->nl2br_except_pre($str); } } @@ -82,9 +80,15 @@ if ( ! function_exists('auto_typography')) */ if ( ! function_exists('entity_decode')) { - function entity_decode($str, $charset='UTF-8') + function entity_decode($str, $charset = NULL) { global $SEC; + + if (empty($charset)) + { + $charset = config_item('charset'); + } + return $SEC->entity_decode($str, $charset); } } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 9f4b85248..c524dddd1 100644..100755 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -512,7 +512,7 @@ if ( ! function_exists('url_title')) $str = strtolower($str); } - return trim(stripslashes($str)); + return trim(trim(stripslashes($str)), $replace); } } @@ -527,7 +527,7 @@ if ( ! function_exists('url_title')) * * @access public * @param string the URL - * @param string the method: location or redirect + * @param string the method: location or refresh * @return string */ if ( ! function_exists('redirect')) diff --git a/system/language/english/migration_lang.php b/system/language/english/migration_lang.php index 4763ca243..94cb882fb 100644 --- a/system/language/english/migration_lang.php +++ b/system/language/english/migration_lang.php @@ -5,7 +5,7 @@ $lang['migration_not_found'] = "This migration could not be found."; $lang['migration_multiple_version'] = "This are multiple migrations with the same version number: %d."; $lang['migration_class_doesnt_exist'] = "The migration class \"%s\" could not be found."; $lang['migration_missing_up_method'] = "The migration class \"%s\" is missing an 'up' method."; -$lang['migration_missing_down_method'] = "The migration class \"%s\" is missing an 'up' method."; +$lang['migration_missing_down_method'] = "The migration class \"%s\" is missing a 'down' method."; $lang['migration_invalid_filename'] = "Migration \"%s\" has an invalid filename."; diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 8902f524d..a8a0387d8 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -1334,7 +1334,7 @@ class CI_Image_lib { return FALSE; } - $vals = @getimagesize($path); + $vals = getimagesize($path); $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index 3943ec130..3734e18f5 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -57,7 +57,7 @@ class CI_Migration { } // If not set, set it - $this->_migration_path == '' OR $this->_migration_path = APPPATH . 'migrations/'; + $this->_migration_path == '' AND $this->_migration_path = APPPATH . 'migrations/'; // Add trailing slash if not set $this->_migration_path = rtrim($this->_migration_path, '/').'/'; diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 9d8fd2b54..fb6e4493a 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -65,32 +65,43 @@ Change Log <ul> <li>General Changes <ul> - <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> - <li class="reactor">Ability to log certain error types, not all under a threshold.</li> + <li>Added Android to the list of user agents.</li> + <li>Added Windows 7 to the list of user platforms.</li> + <li>Callback validation rules can now accept parameters like any other validation rule.</li> + <li>Ability to log certain error types, not all under a threshold.</li> + <li>Added html_escape() to <a href="general/common_functions.html">Common functions</a> to escape HTML output for preventing XSS.</li> </ul> </li> <li>Helpers <ul> - <li class="reactor">Added <samp>increment_string()</samp> to <a href="helpers/string_helper.html">String Helper</a> to turn "foo" into "foo-1" or "foo-1" into "foo-2".</li> + <li>Added <samp>increment_string()</samp> to <a href="helpers/string_helper.html">String Helper</a> to turn "foo" into "foo-1" or "foo-1" into "foo-2".</li> <li>Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)</li> + <li><samp>url_title()</samp> will now trim extra dashes from beginning and end.</li> </ul> </li> <li>Database <ul> - <li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="libraries/database.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> - <li class="reactor">Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li> - <li class="reactor"> + <li>Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="database/index.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> + <li>Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li> + <li> Added additional option 'none' for the optional third argument for <kbd>$this->db->like()</kbd> in the <a href="database/active_record.html">Database Driver</a>. </li> </ul> </li> <li>Libraries <ul> - <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> - <li class="reactor">Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation Library</a>.</li> - <li class="reactor">Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li> - <li class="reactor">Driver children can be located in any package path.</li> - <li class="reactor">Added max_filename_increment config setting for Upload library.</li> + <li>Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> + <li>Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation Library</a>.</li> + <li>Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li> + <li>Driver children can be located in any package path.</li> + <li>Added max_filename_increment config setting for Upload library.</li> + <li><samp>CI_Loader::_ci_autoloader()</samp> is now a protected method.</li> + <li>Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> + </ul> + </li> + <li>Core + <ul> + <li>Changed private functions in CI_URI to protected so MY_URI can override them.</li> </ul> </li> </ul> @@ -102,9 +113,13 @@ Change Log <li class="reactor">Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.</li> <li class="rector">Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.</li> <li class="reactor">Fixed a bug (#200) where MySQL queries would be malformed after calling <samp>count_all()</samp> then <samp>db->get()</samp></li> + <li class="reactor">Fixed bug #105 that stopped query errors from being logged unless database debugging was enabled</li> <li>Fixed a bug (#181) where a mis-spelling was in the form validation language file.</li> <li>Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.</li> <li>Fixed a bug (#150) - <samp>field_data()</samp> now correctly returns column length.</li> + <li>Fixed a bug (#8) - <samp>load_class()</samp> now looks for core classes in <samp>APPPATH</samp> first, allowing them to be replaced.</li> + <li>Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().</li> + <li>Fixed a bug (#85) - OCI8 (Oracle) database escape_str() function did not escape correct.</li> </ul> <h2>Version 2.0.3</h2> @@ -124,7 +139,13 @@ Change Log <li>Visual updates to the welcome_message view file and default error templates. Thanks to <a href="https://bitbucket.org/danijelb">danijelb</a> for the pull request.</li> <li class="reactor">Added <samp>insert_batch()</samp> function to the PostgreSQL database driver. Thanks to epallerols for the patch.</li> <li class="reactor">Added "application/x-csv" to mimes.php.</li> + <li class="reactor">Added CSRF protection URI whitelisting.</li> <li>Fixed a bug where <a href="libraries/email.html">Email library</a> attachments with a "." in the name would using invalid MIME-types.</li> + <li>Added support for pem,p10,p12,p7a,p7c,p7m,p7r,p7s,crt,crl,der,kdb,rsa,cer,sst,csr Certs to mimes.php.</li> + <li>Added support pgp,gpg to mimes.php.</li> + <li>Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.</li> + <li>Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php.</li> + </ul> </li> <li>Helpers @@ -137,7 +158,6 @@ Change Log <li>Libraries <ul> <li>Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.</li> - <li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> <li class="reactor">Added <kbd>$this->db->set_dbprefix()</kbd> to the <a href="database/queries.html">Database Driver</a>.</li> <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> <li class="reactor">Added <kbd>$this->load->get_var()</kbd> to the <a href="libraries/loader.html">Loader library</a> to retrieve global vars set with <kbd>$this->load->view()</kbd> and <kbd>$this->load->vars()</kbd>.</li> diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html index 92d9614d5..0f09e78c3 100644 --- a/user_guide/database/active_record.html +++ b/user_guide/database/active_record.html @@ -79,9 +79,6 @@ is generated by each database adapter. It also allows for safer queries, since <p>The following functions allow you to build SQL <strong>SELECT</strong> statements.</p> -<p><strong>Note: If you are using PHP 5 you can use method chaining for more compact syntax. This is described at the end of the page.</strong></p> - - <h2>$this->db->get();</h2> <p>Runs the selection query and returns the result. Can be used by itself to retrieve all records from a table:</p> @@ -532,7 +529,7 @@ $this->db->insert('mytable', $object); <p>Generates an insert string based on the data you supply, and runs the query. You can either pass an <strong>array</strong> or an <strong>object</strong> to the function. Here is an example using an array:</p> -<code> +<code> $data = array(<br/> array(<br /> 'title' => 'My title' ,<br /> @@ -544,7 +541,7 @@ $data = array(<br/> 'name' => 'Another Name' ,<br /> 'date' => 'Another date'<br /> )<br/> -);<br /> +);<br /> <br /> $this->db->update_batch('mytable', $data); <br /><br /> diff --git a/user_guide/database/results.html b/user_guide/database/results.html index ec5f97762..a47e335cb 100644 --- a/user_guide/database/results.html +++ b/user_guide/database/results.html @@ -105,8 +105,8 @@ Query Results <br /> foreach ($query->result('User') as $user)<br /> {<br /> - echo $row->name; // call attributes<br /> - echo $row->reverse_name(); // or methods defined on the 'User' class<br /> + echo $user->name; // call attributes<br /> + echo $user->reverse_name(); // or methods defined on the 'User' class<br /> } </code> diff --git a/user_guide/general/cli.html b/user_guide/general/cli.html index befc9994a..222a77c9d 100644 --- a/user_guide/general/cli.html +++ b/user_guide/general/cli.html @@ -83,7 +83,7 @@ Running via the CLI <ul> <li>Run your cron-jobs without needing to use wget or curl</li> - <li>Make your cron-jobs inaccessible from being loaded in the URL by checking for <kbd>IS_CLI</kbd></li> + <li>Make your cron-jobs inaccessible from being loaded in the URL by checking for <kbd>$this->input->is_cli_request()</kbd></li> <li>Make interactive "tasks" that can do things like set permissions, prune cache folders, run backups, etc.</li> <li>Integrate with other applications in other languages. For example, a random C++ script could call one command and run code in your models!</li> </ul> diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html index 65457759d..7cff6321c 100644 --- a/user_guide/general/common_functions.html +++ b/user_guide/general/common_functions.html @@ -104,6 +104,8 @@ else<br /> <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p> +<h2>html_escape(<var>$mixed</var>)</h2> +<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p> </div> diff --git a/user_guide/general/profiling.html b/user_guide/general/profiling.html index 9895b0284..0993da5b4 100644 --- a/user_guide/general/profiling.html +++ b/user_guide/general/profiling.html @@ -155,6 +155,11 @@ This information can be useful during development in order to help with debuggin <td class="td">TRUE</td> </tr> <tr> + <td class="td"><strong>session_data</strong></td> + <td class="td">Data stored in current session</td> + <td class="td">TRUE</td> + </tr> + <tr> <td class="td"><strong>query_toggle_count</strong></td> <td class="td">The number of queries after which the query block will default to hidden.</td> <td class="td">25</td> diff --git a/user_guide/general/requirements.html b/user_guide/general/requirements.html index 405798f04..de0ee76dd 100644 --- a/user_guide/general/requirements.html +++ b/user_guide/general/requirements.html @@ -59,7 +59,7 @@ Server Requirements <ul> <li><a href="http://www.php.net/">PHP</a> version 5.1.6 or newer.</li> - <li>A Database is required for most web application programming. Current supported databases are MySQL (4.1+), MySQLi, MS SQL, Postgres, Oracle, SQLite, and ODBC.</li> + <li>A Database is required for most web application programming. Current supported databases are MySQL (4.1+), MySQLi, MS SQL, Postgres, Oracle, SQLite, ODBC and CUBRID.</li> </ul> diff --git a/user_guide/helpers/url_helper.html b/user_guide/helpers/url_helper.html index ac9d0a68e..e60e96bf0 100644 --- a/user_guide/helpers/url_helper.html +++ b/user_guide/helpers/url_helper.html @@ -27,7 +27,7 @@ <div id="masthead"> <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> <tr> -<td><h1>CodeIgniter User Guide Version 2.0.2</h1></td> +<td><h1>CodeIgniter User Guide Version 2.0.3</h1></td> <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> </tr> </table> diff --git a/user_guide/installation/downloads.html b/user_guide/installation/downloads.html index f36b2bc0f..539fbc170 100644 --- a/user_guide/installation/downloads.html +++ b/user_guide/installation/downloads.html @@ -58,7 +58,9 @@ Downloading CodeIgniter <h1>Downloading CodeIgniter</h1> <ul> - <li><a href="http://codeigniter.com/downloads/">CodeIgniter V 2.0.2 (Current version)</a></li> + <li><a href="http://codeigniter.com/downloads/">CodeIgniter V 2.1.0 (Current version)</a></li> + <li><a href="http://codeigniter.com/download_files/reactor/CodeIgniter_2.0.3.zip">CodeIgniter V 2.0.3</a></li> + <li><a href="http://codeigniter.com/download_files/reactor/CodeIgniter_2.0.2.zip">CodeIgniter V 2.0.2</a></li> <li><a href="http://codeigniter.com/download_files/reactor/CodeIgniter_2.0.1.zip">CodeIgniter V 2.0.1</a></li> <li><a href="http://codeigniter.com/download_files/reactor/CodeIgniter_2.0.0.zip">CodeIgniter V 2.0.0</a></li> <li><a href="http://codeigniter.com/download_files/CodeIgniter_1.7.3.zip">CodeIgniter V 1.7.3</a></li> diff --git a/user_guide/installation/upgrade_203.html b/user_guide/installation/upgrade_203.html index 1d37a055d..04899832d 100644 --- a/user_guide/installation/upgrade_203.html +++ b/user_guide/installation/upgrade_203.html @@ -81,7 +81,7 @@ Upgrading from 2.0.2 to 2.0.3 <h2>Step 5: Remove APPPATH.'third_party' from autoload.php</h2> -<p>Open application/autoload.php, and look for the following:</p> +<p>Open application/config/autoload.php, and look for the following:</p> <code>$autoload['packages'] = array(APPPATH.'third_party');</code> diff --git a/user_guide/installation/upgrade_210.html b/user_guide/installation/upgrade_210.html new file mode 100644 index 000000000..6e8ddec9d --- /dev/null +++ b/user_guide/installation/upgrade_210.html @@ -0,0 +1,91 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<title>Upgrading from 2.0.3 to 2.1.0 : CodeIgniter User Guide</title> + +<style type='text/css' media='all'>@import url('../userguide.css');</style> +<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' /> + +<script type="text/javascript" src="../nav/nav.js"></script> +<script type="text/javascript" src="../nav/prototype.lite.js"></script> +<script type="text/javascript" src="../nav/moo.fx.js"></script> +<script type="text/javascript" src="../nav/user_guide_menu.js"></script> + +<meta http-equiv='expires' content='-1' /> +<meta http-equiv= 'pragma' content='no-cache' /> +<meta name='robots' content='all' /> +<meta name='author' content='ExpressionEngine Dev Team' /> +<meta name='description' content='CodeIgniter User Guide' /> + +</head> +<body> + +<!-- START NAVIGATION --> +<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div> +<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div> +<div id="masthead"> +<table cellpadding="0" cellspacing="0" border="0" style="width:100%"> +<tr> +<td><h1>CodeIgniter User Guide Version 2.1.0</h1></td> +<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> +</tr> +</table> +</div> +<!-- END NAVIGATION --> + + +<!-- START BREADCRUMB --> +<table cellpadding="0" cellspacing="0" border="0" style="width:100%"> +<tr> +<td id="breadcrumb"> +<a href="http://codeigniter.com/">CodeIgniter Home</a> › +<a href="../index.html">User Guide Home</a> › +Upgrading from 2.0.3 to 2.1.0 +</td> +<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td> +</tr> +</table> +<!-- END BREADCRUMB --> + +<br clear="all" /> + + +<!-- START CONTENT --> +<div id="content"> + +<h1>Upgrading from 2.0.3 to 2.1.0</h1> + +<p>Before performing an update you should take your site offline by replacing the index.php file with a static one.</p> + +<h2>Step 1: Update your CodeIgniter files</h2> + +<p>Replace all files and directories in your "system" folder and replace your index.php file. If any modifications were made to your index.php they will need to be made fresh in this new one.</p> + +<h2>Step 2: Replace config/user_agents.php</h2> + +<p>This config file has been updated to contain more user agent types, please copy it to <kbd>application/config/user_agents.php</kbd>.</p> + +<p class="important"><strong>Note:</strong> If you have any custom developed files in these folders please make copies of them first.</p> + + + + +</div> +<!-- END CONTENT --> + + +<div id="footer"> +<p> +Previous Topic: <a href="index.html">Installation Instructions</a> + · +<a href="#top">Top of Page</a> · +<a href="../index.html">User Guide Home</a> · +Next Topic: <a href="troubleshooting.html">Troubleshooting</a> +</p> +<p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2011 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> +</div> + +</body> +</html>
\ No newline at end of file diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html index dd62a4386..cbe12d852 100644 --- a/user_guide/libraries/security.html +++ b/user_guide/libraries/security.html @@ -116,6 +116,9 @@ Note: This function should only be used to deal with data upon submission. It's <p>If you use the <a href="../helpers/form_helper.html">form helper</a> the <var>form_open()</var> function will automatically insert a hidden csrf field in your forms.</p> +<p>Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:</p> +<code>$config['csrf_exclude_uris'] = array('api/person/add');</code> + </div> <!-- END CONTENT --> |