summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Funk <mfunk@xulonpress.com>2012-03-08 15:01:40 +0100
committerMike Funk <mfunk@xulonpress.com>2012-03-08 15:01:40 +0100
commit98626f1b4b3002c64364d82080246b91aa5e4bd2 (patch)
tree5216da502b1d077570832417f4253cd45e55da70
parent7f42d060fb828bfb0bd857ad1a17b91070e52628 (diff)
parent5d27c43d29fc049497010ea62ac7877a64bfed92 (diff)
Merge branch 'develop' of https://github.com/EllisLab/CodeIgniter into feature/form_val_config
-rwxr-xr-xsystem/core/Input.php17
-rwxr-xr-xsystem/core/Security.php4
-rw-r--r--system/helpers/captcha_helper.php13
-rw-r--r--system/libraries/Form_validation.php20
-rw-r--r--user_guide_src/source/changelog.rst3
-rw-r--r--user_guide_src/source/libraries/input.rst16
6 files changed, 50 insertions, 23 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index ee15f4013..5a4659a5a 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -699,6 +699,23 @@ class CI_Input {
return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Get Request Method
+ *
+ * Return the Request Method
+ *
+ * @param bool uppercase or lowercase
+ * @return bool
+ */
+ public function method($upper = FALSE)
+ {
+ return ($upper)
+ ? strtoupper($this->server('REQUEST_METHOD'))
+ : strtolower($this->server('REQUEST_METHOD'));
+ }
+
}
/* End of file Input.php */
diff --git a/system/core/Security.php b/system/core/Security.php
index 6f25fb5bb..2bffa41b7 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -138,8 +138,8 @@ class CI_Security {
*/
public function csrf_verify()
{
- // If no POST data exists we will set the CSRF cookie
- if (count($_POST) === 0)
+ // If it's not a POST request we will set the CSRF cookie
+ if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
{
return $this->csrf_set_cookie();
}
diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php
index 668b034d4..4a48df27e 100644
--- a/system/helpers/captcha_helper.php
+++ b/system/helpers/captcha_helper.php
@@ -5,9 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -94,16 +94,15 @@ if ( ! function_exists('create_captcha'))
// Remove old images
// -----------------------------------
- list($usec, $sec) = explode(" ", microtime());
- $now = ((float)$usec + (float)$sec);
+ $now = microtime(TRUE);
$current_dir = @opendir($img_path);
while ($filename = @readdir($current_dir))
{
- if ($filename != "." and $filename != ".." and $filename != "index.html")
+ if ($filename != '.' && $filename != '..' && $filename != 'index.html')
{
- $name = str_replace(".jpg", "", $filename);
+ $name = str_replace('.jpg', '', $filename);
if (($name + $expiration) < $now)
{
@@ -198,7 +197,7 @@ if ( ! function_exists('create_captcha'))
// Write the text
// -----------------------------------
- $use_font = ($font_path != '' AND file_exists($font_path) AND function_exists('imagettftext')) ? TRUE : FALSE;
+ $use_font = ($font_path != '' && file_exists($font_path) && function_exists('imagettftext')) ? TRUE : FALSE;
if ($use_font == FALSE)
{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 3e16d69ed..7e8cac6b0 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -77,7 +77,7 @@ class CI_Form_validation {
mb_internal_encoding($this->CI->config->item('charset'));
}
- log_message('debug', "Form Validation Class Initialized");
+ log_message('debug', 'Form Validation Class Initialized');
}
// --------------------------------------------------------------------
@@ -96,7 +96,7 @@ class CI_Form_validation {
{
// No reason to set rules if we have no POST data
// or a validation array has not been specified
- if (count($_POST) === 0 && count($this->validation_data) === 0)
+ if ($this->CI->input->method() !== 'post' && empty($this->validation_data))
{
return $this;
}
@@ -177,9 +177,9 @@ class CI_Form_validation {
*
* If an array is set through this method, then this array will
* be used instead of the $_POST array
- *
- * Note that if you are validating multiple arrays, then the
- * reset_validation() function should be called after validating
+ *
+ * Note that if you are validating multiple arrays, then the
+ * reset_validation() function should be called after validating
* each array due to the limitations of CI's singleton
*
* @param array $data
@@ -1168,15 +1168,14 @@ class CI_Form_validation {
}
// --------------------------------------------------------------------
-
+
/**
* Equal to or Greater than
*
- * @access public
* @param string
* @return bool
*/
- function greater_than_equal_to($str, $min)
+ public function greater_than_equal_to($str, $min)
{
if ( ! is_numeric($str))
{
@@ -1207,11 +1206,10 @@ class CI_Form_validation {
/**
* Equal to or Less than
*
- * @access public
* @param string
* @return bool
*/
- function less_than_equal_to($str, $max)
+ public function less_than_equal_to($str, $max)
{
if ( ! is_numeric($str))
{
@@ -1363,7 +1361,7 @@ class CI_Form_validation {
* Prevents subsequent validation routines from being affected by the
* results of any previous validation routine due to the CI singleton.
*
- * @return void
+ * @return void
*/
public function reset_validation()
{
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index ed151bfdb..a21ef2531 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -98,6 +98,7 @@ Release Date: Not Released
- Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars().
- is_loaded() function from system/core/Commons.php now returns a reference.
- $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available.
+ - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD'].
Bug fixes for 3.0
------------------
@@ -147,6 +148,8 @@ Bug fixes for 3.0
- Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL.
- Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition.
- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right.
+- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`.
+- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.
Version 2.1.1
=============
diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst
index bcf117358..1f2ea650a 100644
--- a/user_guide_src/source/libraries/input.rst
+++ b/user_guide_src/source/libraries/input.rst
@@ -99,7 +99,7 @@ The function returns FALSE (boolean) if there are no items in the POST.
::
- $this->input->post(NULL, TRUE); // returns all POST items with XSS filter
+ $this->input->post(NULL, TRUE); // returns all POST items with XSS filter
$this->input->post(); // returns all POST items without XSS filter
$this->input->get()
@@ -119,9 +119,9 @@ The function returns FALSE (boolean) if there are no items in the GET.
::
- $this->input->get(NULL, TRUE); // returns all GET items with XSS filter
+ $this->input->get(NULL, TRUE); // returns all GET items with XSS filter
$this->input->get(); // returns all GET items without XSS filtering
-
+
$this->input->get_post()
=========================
@@ -298,3 +298,13 @@ see if PHP is being run on the command line.
$this->input->is_cli_request()
+$this->input->method();
+=====================================
+
+Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase).
+
+::
+
+ echo $this->input->method(TRUE); // Outputs: POST
+ echo $this->input->method(FALSE); // Outputs: post
+ echo $this->input->method(); // Outputs: post