diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-03-08 00:42:59 +0100 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-03-08 00:42:59 +0100 |
commit | 7203d54604a372fd8dd0b30bd8d4cdbd0af738bc (patch) | |
tree | af3bac1918ebd0fbd3d7564fc7c5fca34e6c2733 /user_guide_src/source/libraries | |
parent | 51a22815994cfd4522c78177e41f064ab8e53415 (diff) | |
parent | ad9cd5938fe3c0859445e43c893c18ed172a33ce (diff) |
Merge upstream branch
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 115 | ||||
-rw-r--r-- | user_guide_src/source/libraries/input.rst | 16 | ||||
-rw-r--r-- | user_guide_src/source/libraries/security.rst | 4 |
3 files changed, 102 insertions, 33 deletions
diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index e7875bc22..5aa64d032 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -579,7 +579,30 @@ must supply it as an array to the function. Example:: For more info please see the :ref:`using-arrays-as-field-names` section below. -.. _saving-groups: +Validating an Array (other than $_POST) +======================================= + +Sometimes you may want to validate an array that does not originate from $_POST data. + +In this case, you can specify the array to be validated:: + + $data = array( + 'username' => 'johndoe', + 'password' => 'mypassword', + 'passconf' => 'mypassword' + ); + + $this->form_validation->set_data($data); + +Creating validation rules, running the validation and retrieving error messages works the same whether you are +validating $_POST data or an array. + +**Important Note:** If you want to validate more than one array during a single execution, then you should +call the reset_validation() function before setting up rules and validating the new array. + +For more info please see the :ref:`function-reference` section below. + +-.. _saving-groups: ************************************************ Saving Sets of Validation Rules to a Config File @@ -823,34 +846,40 @@ Rule Reference The following is a list of all the native rules that are available to use: -======================= ========== ============================================================================================= ======================= -Rule Parameter Description Example -======================= ========== ============================================================================================= ======================= -**required** No Returns FALSE if the form element is empty. -**matches** Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item] -**is_unique** Yes Returns FALSE if the form element is not unique to the is_unique[table.field] - table and field name in the parameter. is_unique[table.field] -**max_length** Yes Returns FALSE if the form element is longer then the parameter value. max_length[12] -**exact_length** Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8] -**greater_than** Yes Returns FALSE if the form element is less than the parameter value or not numeric. greater_than[8] -**less_than** Yes Returns FALSE if the form element is greater than the parameter value or not numeric. less_than[8] -**alpha** No Returns FALSE if the form element contains anything other than alphabetical characters. -**alpha_numeric** No Returns FALSE if the form element contains anything other than alpha-numeric characters. -**alpha_dash** No Returns FALSE if the form element contains anything other than alpha-numeric characters, - underscores or dashes. -**numeric** No Returns FALSE if the form element contains anything other than numeric characters. -**integer** No Returns FALSE if the form element contains anything other than an integer. -**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. -**is_natural** No Returns FALSE if the form element contains anything other than a natural number: - 0, 1, 2, 3, etc. -**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural - number, but not zero: 1, 2, 3, etc. -**is_unique** Yes Returns FALSE if the form element is not unique in a database table. is_unique[table.field] -**valid_email** No Returns FALSE if the form element does not contain a valid email address. -**valid_emails** No Returns FALSE if any value provided in a comma separated list is not a valid email. -**valid_ip** No Returns FALSE if the supplied IP is not valid. -**valid_base64** No Returns FALSE if the supplied string contains anything other than valid Base64 characters. -======================= ========== ============================================================================================= ======================= +========================= ========== ============================================================================================= ======================= +Rule Parameter Description Example +========================= ========== ============================================================================================= ======================= +**required** No Returns FALSE if the form element is empty. +**matches** Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item] +**is_unique** Yes Returns FALSE if the form element is not unique to the is_unique[table.field] + table and field name in the parameter. is_unique[table.field] +**max_length** Yes Returns FALSE if the form element is longer then the parameter value. max_length[12] +**exact_length** Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8] +**greater_than** Yes Returns FALSE if the form element is less than or equal to the parameter value or not greater_than[8] + numeric. +**greater_than_equal_to** Yes Returns FALSE if the form element is less than the parameter value, greater_than_equal_to[8] + or not numeric. +**less_than** Yes Returns FALSE if the form element is greater than or equal to the parameter value or less_than[8] + not numeric. +**less_than_equal_to** Yes Returns FALSE if the form element is greater than the parameter value, less_than_equal_to[8] + or not numeric. +**alpha** No Returns FALSE if the form element contains anything other than alphabetical characters. +**alpha_numeric** No Returns FALSE if the form element contains anything other than alpha-numeric characters. +**alpha_dash** No Returns FALSE if the form element contains anything other than alpha-numeric characters, + underscores or dashes. +**numeric** No Returns FALSE if the form element contains anything other than numeric characters. +**integer** No Returns FALSE if the form element contains anything other than an integer. +**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. +**is_natural** No Returns FALSE if the form element contains anything other than a natural number: + 0, 1, 2, 3, etc. +**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural + number, but not zero: 1, 2, 3, etc. +**is_unique** Yes Returns FALSE if the form element is not unique in a database table. is_unique[table.field] +**valid_email** No Returns FALSE if the form element does not contain a valid email address. +**valid_emails** No Returns FALSE if any value provided in a comma separated list is not a valid email. +**valid_ip** No Returns FALSE if the supplied IP is not valid. +**valid_base64** No Returns FALSE if the supplied string contains anything other than valid Base64 characters. +========================= ========== ============================================================================================= ======================= .. note:: These rules can also be called as discrete functions. For example:: @@ -930,6 +959,33 @@ $this->form_validation->set_message(); Permits you to set custom error messages. See :ref:`setting-error-messages` +$this->form_validation->set_data(); +======================================== + + .. php:method:: set_data ($data = '') + + :param array $data: The data to validate + + Permits you to set an array for validation, instead of using the default + $_POST array. + +$this->form_validation->reset_validation(); +======================================== + + .. php:method:: reset_validation () + + Permits you to reset the validation when you validate more than one array. + This function should be called before validating each new array. + +$this->form_validation->error_array(); +======================================== + + .. php:method:: error_array () + + :rtype: Array + + Returns the error messages as an array. + .. _helper-functions: **************** @@ -1011,4 +1067,3 @@ This function is identical to the **set_checkbox()** function above. <input type="radio" name="myradio" value="1" <?php echo set_radio('myradio', '1', TRUE); ?> /> <input type="radio" name="myradio" value="2" <?php echo set_radio('myradio', '2'); ?> /> - diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index bcf117358..1f2ea650a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -99,7 +99,7 @@ The function returns FALSE (boolean) if there are no items in the POST. :: - $this->input->post(NULL, TRUE); // returns all POST items with XSS filter + $this->input->post(NULL, TRUE); // returns all POST items with XSS filter $this->input->post(); // returns all POST items without XSS filter $this->input->get() @@ -119,9 +119,9 @@ The function returns FALSE (boolean) if there are no items in the GET. :: - $this->input->get(NULL, TRUE); // returns all GET items with XSS filter + $this->input->get(NULL, TRUE); // returns all GET items with XSS filter $this->input->get(); // returns all GET items without XSS filtering - + $this->input->get_post() ========================= @@ -298,3 +298,13 @@ see if PHP is being run on the command line. $this->input->is_cli_request() +$this->input->method(); +===================================== + +Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase). + +:: + + echo $this->input->method(TRUE); // Outputs: POST + echo $this->input->method(FALSE); // Outputs: post + echo $this->input->method(); // Outputs: post diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 8ee0c6e77..e7d25555f 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -85,6 +85,10 @@ If you use the :doc:`form helper <../helpers/form_helper>` the form_open() function will automatically insert a hidden csrf field in your forms. +Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter:: + + $config['csrf_regeneration'] = TRUE; + Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:: |