Automated merge with http://hg.ellislab.com/CodeIgniter2

6 files changed, 33 insertions, 4 deletions

diff --git a/application/config/config.php b/application/config/config.php
index 6e52bcc17..c5eae8f5b 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -213,8 +213,8 @@ $config['cache_path'] = '';
 | Encryption Key
 |--------------------------------------------------------------------------
 |
-| If you use the Encryption class or the Sessions class with encryption
-| enabled you MUST set an encryption key.  See the user guide for info.
+| If you use the Encryption class or the Session class you
+| MUST set an encryption key.  See the user guide for info.
 |
 */
 $config['encryption_key'] = "";
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index dfef42757..8e6f88801 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1169,6 +1169,24 @@ class CI_DB_driver {
 			$message = ( ! is_array($error)) ? array(str_replace('%s', $swap, $LANG->line($error))) : $error;
 		}
 		
+		// Find the most likely culprit of the error by going through
+		// the backtrace until the source file is no longer in the
+		// database folder.
+		
+		$trace = debug_backtrace();
+
+		foreach($trace as $call)
+		{
+			if (isset($call['file']) && strpos($call['file'], BASEPATH.'database') === FALSE)
+			{
+				// Found it - use a relative path for safety
+				$message[] = 'Filename: '.str_replace(array(BASEPATH, APPPATH), '', $call['file']);
+				$message[] = 'Line Number: '.$call['line'];
+				
+				break;
+			}
+		}
+		
 		$error =& load_class('Exceptions', 'core');
 		echo $error->show_error($heading, $message, 'error_db');
 		exit;
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
index c893fbf9e..44fdce03b 100644
--- a/system/libraries/Encrypt.php
+++ b/system/libraries/Encrypt.php
@@ -72,7 +72,7 @@ class CI_Encrypt {
 			$CI =& get_instance();
 			$key = $CI->config->item('encryption_key');
 
-			if ($key === FALSE)
+			if ($key == FALSE)
 			{
 				show_error('In order to use the encryption class requires that you set an encryption key in your config file.');
 			}
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index cf6dc96e3..f413c0d1b 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -65,6 +65,11 @@ class CI_Session {
 			$this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key);
 		}
 
+		if ($this->encryption_key == '')
+		{
+			show_error('In order to use the Session class you are required to set an encryption key in your config file.');
+		}
+
 		// Load the string helper so we can use the strip_slashes() function
 		$this->CI->load->helper('string');
 
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 48d4309a5..d9c17ab76 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -98,7 +98,8 @@ Hg Tag: </p>
 			<li>Changed <kbd>do_xss_clean()</kbd> to return FALSE if the uploaded file fails XSS checks.</li> 
 			<li>Added stripslashes() and trim()ing of double quotes from $_FILES type value to standardize input in Upload library.</li>
 			<li>Added a second parameter (boolean) to <kbd>$this->zip->read_dir('/path/to/directory', FALSE)</kbd> to remove the preceding trail of empty folders when creating a Zip archive. This example would contain a zip with "directory" and all of its contents.</li>
-			<li>Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.</p>
+			<li>Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.</li>
+			<li>Modified the Session class to prevent use if no encryption key is set in the config file.</li>
 		</ul>
 	</li>
 	<li>Database
@@ -110,6 +111,7 @@ Hg Tag: </p>
 			<li>Semantic change to db->version() function to allow a list of exceptions for databases with functions to return version string instead of specially formed SQL queries. Currently this list only includes Oracle and SQLite.</li>
 			<li>Fixed a bug where driver specific table identifier protection could lead to malformed queries in the <kbd>field_data()</kbd> functions.</li>
 			<li>Fixed a bug where an undefined class variable was referenced in database drivers.</li>
+			<li>Modified the database errors to show the filename and line number of the problematic query.</li>
 			<li>Removed the following deprecated functions: orwhere, orlike, groupby, orhaving, orderby, getwhere.</li>
 			<li>Removed deprecated _drop_database() and _create_database() functions from the db utility drivers.</li>
 		</ul>
@@ -175,6 +177,7 @@ Hg Tag: </p>
 	<li>Fixed a bug where extending the Controller class would result in a fatal PHP error.</li>
 	<li>Fixed a PHP Strict Standards Error in the index.php file.</li>
 	<li>Fixed a bug where getimagesize() was being needlessly checked on non-image files in is_allowed_type().</li>
+	<li>Fixed a bug in the Encryption library where an empty key was not triggering an error.</li>
 </ul>
 
 <h2>Version 1.7.2</h2>
diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html
index 9a2ca939c..a8e3b3496 100644
--- a/user_guide/libraries/sessions.html
+++ b/user_guide/libraries/sessions.html
@@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel
 <p class="important"><strong>Note:</strong> The Session class does <strong>not</strong> utilize native PHP sessions. It
 generates its own session data, offering more flexibility for developers.</p>
 
+<p class="important"><strong>Note:</strong> Even if you are not using encrypted sessions, you must set
+an <a href="./encryption.html">encryption key</a> in your config file which is used to aid in preventing session data manipulation.</p>
+
 <h2>Initializing a Session</h2>
 
 <p>Sessions will typically run globally with each page load, so the session class must either be