summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2007-07-11 23:59:12 +0200
committerDerek Jones <derek.jones@ellislab.com>2007-07-11 23:59:12 +0200
commit1f2fd2d5db0ff9e91388cec079a9ff58392ab654 (patch)
treed64ffe5491f0c1314938e72b9c52e73f8755a892
parent9687c493de92eb71a91ed89723abd4ede977bb3d (diff)
adding type casting of $title argument in URL helper functions to a string. A numeric 0 sent to these functions would evaluate if ($title == '') as TRUE, and type casting seems the more appropriate fix than simply using $title === '', since we're expecting and treating $title as a string.
-rw-r--r--system/helpers/url_helper.php8
-rw-r--r--user_guide/changelog.html1
2 files changed, 9 insertions, 0 deletions
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index c05bc2088..01cd3458d 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -90,6 +90,8 @@ function index_page()
*/
function anchor($uri = '', $title = '', $attributes = '')
{
+ $title = (string) $title;
+
if ( ! is_array($uri))
{
$site_url = ( ! preg_match('!^\w+://!i', $uri)) ? site_url($uri) : $uri;
@@ -132,6 +134,8 @@ function anchor($uri = '', $title = '', $attributes = '')
*/
function anchor_popup($uri = '', $title = '', $attributes = FALSE)
{
+ $title = (string) $title;
+
$site_url = ( ! preg_match('!^\w+://!i', $uri)) ? site_url($uri) : $uri;
if ($title == '')
@@ -170,6 +174,8 @@ function anchor_popup($uri = '', $title = '', $attributes = FALSE)
*/
function mailto($email, $title = '', $attributes = '')
{
+ $title = (string) $title;
+
if ($title == "")
{
$title = $email;
@@ -195,6 +201,8 @@ function mailto($email, $title = '', $attributes = '')
*/
function safe_mailto($email, $title = '', $attributes = '')
{
+ $title = (string) $title;
+
if ($title == "")
{
$title = $email;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index eb57d487e..67baae43e 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -89,6 +89,7 @@ Change Log
<li>Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.</li>
<li>Modified the is_image() method in the Upload library to take into account Windows IE 6/7 eccentricities when dealing with MIMEs</li>
<li>Modified XSS Cleaning routine to be more performance friendly and compatible with PHP 5.2's new PCRE backtrack and recursion limits.</li>
+ <li>Modified the URL Helper to type cast the $title as a string in case a numeric value is supplied</li>
<li>Deprecated the use if <kbd>is_numeric()</kbd> in various places since it allows periods. Due to compatibility problems with <kbd>ctype_digit()</kbd>, making it unreliable in some installations, the following regular expression was used instead: <kbd>preg_match("/[^0-9]/", $n)</kbd></li>
<li>Deprecated: APPVER has been deprecated and replaced with CI_VERSION for clarity. </li>
</ul>