summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-06-28 13:08:40 +0200
committerAndrey Andreev <narf@bofh.bg>2012-06-28 13:08:40 +0200
commit89db8ee4c16c5cdd589e51f27fcd3fc23cf41aae (patch)
tree0a667b4e332fe5181bba4531d025740bc892821a /system
parentcbd78d826b965ad6dfc953686594749cbdf21af3 (diff)
parentd580999cead0aa37d705c2f32e02712a2d522deb (diff)
Merge branch 'develop' of github.com:EllisLab/CodeIgniter into feature/db_subdrivers
Diffstat (limited to 'system')
-rw-r--r--system/core/Security.php13
-rw-r--r--system/database/DB_driver.php22
-rw-r--r--system/database/DB_query_builder.php2
-rw-r--r--system/database/drivers/oci8/oci8_driver.php18
-rw-r--r--system/helpers/email_helper.php4
-rw-r--r--system/helpers/security_helper.php3
-rw-r--r--system/helpers/url_helper.php14
-rw-r--r--system/libraries/Email.php4
-rw-r--r--system/libraries/Form_validation.php12
-rw-r--r--system/libraries/Ftp.php2
10 files changed, 61 insertions, 33 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 4593a1090..227217e75 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -561,6 +561,19 @@ class CI_Security {
// ----------------------------------------------------------------
/**
+ * Strip Image Tags
+ *
+ * @param string
+ * @return string
+ */
+ public function strip_image_tags($str)
+ {
+ return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ }
+
+ // ----------------------------------------------------------------
+
+ /**
* Compact Exploded Words
*
* Callback function for xss_clean() to remove whitespace from
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d326282c8..295b109f7 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -296,7 +296,7 @@ abstract class CI_DB_driver {
* @param array An array of binding data
* @return mixed
*/
- public function query($sql, $binds = FALSE, $return_object = TRUE)
+ public function query($sql, $binds = FALSE, $return_object = NULL)
{
if ($sql === '')
{
@@ -304,6 +304,10 @@ abstract class CI_DB_driver {
return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE;
}
+ elseif ( ! is_bool($return_object))
+ {
+ $return_object = ! $this->is_write_type($sql);
+ }
// Verify table prefix and replace if necessary
if ($this->dbprefix !== '' && $this->swap_pre !== '' && $this->dbprefix !== $this->swap_pre)
@@ -320,7 +324,7 @@ abstract class CI_DB_driver {
// Is query caching enabled? If the query is a "read type"
// we will load the caching class and return the previously
// cached query if it exists
- if ($this->cache_on === TRUE && stripos($sql, 'SELECT') !== FALSE && $this->_cache_init())
+ if ($this->cache_on === TRUE && $return_object === TRUE && $this->_cache_init())
{
$this->load_rdriver();
if (FALSE !== ($cache = $this->CACHE->read($sql)))
@@ -329,7 +333,7 @@ abstract class CI_DB_driver {
}
}
- // Save the query for debugging
+ // Save the query for debugging
if ($this->save_queries === TRUE)
{
$this->queries[] = $sql;
@@ -353,7 +357,7 @@ abstract class CI_DB_driver {
$error = $this->error();
// Log errors
- log_message('error', 'Query error: '.$error['message'] . ' - Invalid query: ' . $sql);
+ log_message('error', 'Query error: '.$error['message'].' - Invalid query: '.$sql);
if ($this->db_debug)
{
@@ -382,12 +386,10 @@ abstract class CI_DB_driver {
// Increment the query counter
$this->query_count++;
- // Was the query a "write" type?
- // If so we'll simply return true
- if ($this->is_write_type($sql) === TRUE)
+ // Will we have a result object instantiated? If not - we'll simply return TRUE
+ if ($return_object !== TRUE)
{
- // If caching is enabled we'll auto-cleanup any
- // existing files related to this particular URI
+ // If caching is enabled we'll auto-cleanup any existing files related to this particular URI
if ($this->cache_on === TRUE && $this->cache_autodel === TRUE && $this->_cache_init())
{
$this->CACHE->delete();
@@ -397,8 +399,6 @@ abstract class CI_DB_driver {
}
// Return TRUE if we don't need to create a result object
- // Currently only the Oracle driver uses this when stored
- // procedures are used
if ($return_object !== TRUE)
{
return TRUE;
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 4c43fe3c3..3982885e8 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1218,7 +1218,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
* @param string the offset clause
* @return object
*/
- public function get_where($table = '', $where = null, $limit = null, $offset = null)
+ public function get_where($table = '', $where = NULL, $limit = NULL, $offset = NULL)
{
if ($table !== '')
{
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 67bb0403b..691247fee 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -158,6 +158,8 @@ class CI_DB_oci8_driver extends CI_DB {
$this->dsn = '';
}
+ // --------------------------------------------------------------------
+
/**
* Non-persistent database connection
*
@@ -179,9 +181,9 @@ class CI_DB_oci8_driver extends CI_DB {
*/
public function db_pconnect()
{
- return ( ! empty($this->char_set))
- ? @oci_pconnect($this->username, $this->password, $this->dsn, $this->char_set)
- : @oci_pconnect($this->username, $this->password, $this->dsn);
+ return empty($this->char_set)
+ ? @oci_pconnect($this->username, $this->password, $this->dsn)
+ : @oci_pconnect($this->username, $this->password, $this->dsn, $this->char_set);
}
// --------------------------------------------------------------------
@@ -217,6 +219,8 @@ class CI_DB_oci8_driver extends CI_DB {
return @oci_execute($this->stmt_id, $this->commit_mode);
}
+ // --------------------------------------------------------------------
+
/**
* Generate a statement ID
*
@@ -236,7 +240,7 @@ class CI_DB_oci8_driver extends CI_DB {
/**
* Get cursor. Returns a cursor from the database
*
- * @return cursor id
+ * @return resource
*/
public function get_cursor()
{
@@ -300,6 +304,7 @@ class CI_DB_oci8_driver extends CI_DB {
/**
* Bind parameters
*
+ * @param array
* @return void
*/
protected function _bind_params($params)
@@ -328,6 +333,7 @@ class CI_DB_oci8_driver extends CI_DB {
/**
* Begin Transaction
*
+ * @param bool
* @return bool
*/
public function trans_begin($test_mode = FALSE)
@@ -636,8 +642,8 @@ class CI_DB_oci8_driver extends CI_DB {
protected function _limit($sql, $limit, $offset)
{
$this->limit_used = TRUE;
- return 'SELECT * FROM (SELECT inner_query.*, rownum rnum FROM ('.$sql.') inner_query WHERE rownum < '.($offset + $limit).')'
- .($offset ? ' WHERE rnum >= '.$offset : '');
+ return 'SELECT * FROM (SELECT inner_query.*, rownum rnum FROM ('.$sql.') inner_query WHERE rownum < '.($offset + $limit + 1).')'
+ .($offset ? ' WHERE rnum >= '.($offset + 1): '');
}
// --------------------------------------------------------------------
diff --git a/system/helpers/email_helper.php b/system/helpers/email_helper.php
index 0516e938a..2a63b36c9 100644
--- a/system/helpers/email_helper.php
+++ b/system/helpers/email_helper.php
@@ -45,9 +45,9 @@ if ( ! function_exists('valid_email'))
* @param string
* @return bool
*/
- function valid_email($address)
+ function valid_email($email)
{
- return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $address);
+ return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
}
}
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php
index 7968f9e9f..0e8e9f93d 100644
--- a/system/helpers/security_helper.php
+++ b/system/helpers/security_helper.php
@@ -108,7 +108,8 @@ if ( ! function_exists('strip_image_tags'))
*/
function strip_image_tags($str)
{
- return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ $CI =& get_instance();
+ return $CI->security->strip_image_tags($str);
}
}
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 40ce807df..39e6343a6 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -526,7 +526,7 @@ if ( ! function_exists('redirect'))
* @param int
* @return string
*/
- function redirect($uri = '', $method = 'auto', $http_response_code = 302)
+ function redirect($uri = '', $method = 'auto', $code = NULL)
{
if ( ! preg_match('#^https?://#i', $uri))
{
@@ -538,14 +538,22 @@ if ( ! function_exists('redirect'))
{
$method = 'refresh';
}
+ elseif ($method !== 'refresh' && (empty($code) OR ! is_numeric($code)))
+ {
+ // Reference: http://en.wikipedia.org/wiki/Post/Redirect/Get
+ $code = (isset($_SERVER['REQUEST_METHOD'], $_SERVER['SERVER_PROTOCOL'])
+ && $_SERVER['REQUEST_METHOD'] === 'POST'
+ && $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1')
+ ? 303 : 302;
+ }
- switch($method)
+ switch ($method)
{
case 'refresh':
header('Refresh:0;url='.$uri);
break;
default:
- header('Location: '.$uri, TRUE, $http_response_code);
+ header('Location: '.$uri, TRUE, $code);
break;
}
exit;
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index dd5477e05..fdb9be4da 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -706,9 +706,9 @@ class CI_Email {
* @param string
* @return bool
*/
- public function valid_email($address)
+ public function valid_email($email)
{
- return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $address);
+ return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 4bb29e41b..353624100 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1076,7 +1076,7 @@ class CI_Form_validation {
*/
public function valid_email($str)
{
- return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $str);
+ return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);
}
// --------------------------------------------------------------------
@@ -1129,7 +1129,7 @@ class CI_Form_validation {
*/
public function alpha($str)
{
- return (bool) preg_match('/^[a-z]+$/i', $str);
+ return ctype_alpha($str);
}
// --------------------------------------------------------------------
@@ -1142,7 +1142,7 @@ class CI_Form_validation {
*/
public function alpha_numeric($str)
{
- return (bool) preg_match('/^[a-z0-9]+$/i', $str);
+ return ctype_alnum((string) $str);
}
// --------------------------------------------------------------------
@@ -1264,7 +1264,7 @@ class CI_Form_validation {
*/
public function is_natural($str)
{
- return (bool) preg_match('/^[0-9]+$/', $str);
+ return ctype_digit((string) $str);
}
// --------------------------------------------------------------------
@@ -1277,7 +1277,7 @@ class CI_Form_validation {
*/
public function is_natural_no_zero($str)
{
- return ($str !== 0 && preg_match('/^[0-9]+$/', $str));
+ return ($str != 0 && ctype_digit((string) $str));
}
// --------------------------------------------------------------------
@@ -1360,7 +1360,7 @@ class CI_Form_validation {
*/
public function strip_image_tags($str)
{
- return $this->CI->input->strip_image_tags($str);
+ return $this->CI->security->strip_image_tags($str);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Ftp.php b/system/libraries/Ftp.php
index 461e884fb..76f5e151a 100644
--- a/system/libraries/Ftp.php
+++ b/system/libraries/Ftp.php
@@ -445,7 +445,7 @@ class CI_FTP {
* Set file permissions
*
* @param string the file path
- * @param string the permissions
+ * @param int the permissions
* @return bool
*/
public function chmod($path, $perm)