diff options
31 files changed, 289 insertions, 333 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 9a05034ba..54b7e0923 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -699,6 +699,23 @@ class CI_Input { return (php_sapi_name() === 'cli' OR defined('STDIN')); } + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method + * + * @param bool uppercase or lowercase + * @return bool + */ + public function method($upper = FALSE) + { + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); + } + } /* End of file Input.php */ diff --git a/system/core/Loader.php b/system/core/Loader.php index 971d30325..3d91915c4 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -833,7 +833,7 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) + if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE) { echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); } diff --git a/system/core/Security.php b/system/core/Security.php index bf73bd15d..cd8a61028 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -138,8 +138,8 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) === 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index c7df81963..756709698 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -212,7 +212,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $this->_protect_identifiers($type.'('.trim($select).')').' AS '.$this->_protect_identifiers(trim($alias)); + $sql = $this->protect_identifiers($type.'('.trim($select).')').' AS '.$this->protect_identifiers(trim($alias)); $this->ar_select[] = $sql; if ($this->ar_caching === TRUE) @@ -279,7 +279,7 @@ class CI_DB_active_record extends CI_DB_driver { { $v = trim($v); $this->_track_aliases($v); - $v = $this->ar_from[] = $this->_protect_identifiers($v, TRUE, NULL, FALSE); + $v = $this->ar_from[] = $this->protect_identifiers($v, TRUE, NULL, FALSE); if ($this->ar_caching === TRUE) { @@ -295,7 +295,7 @@ class CI_DB_active_record extends CI_DB_driver { // Extract any aliases that might exist. We use this information // in the _protect_identifiers to know whether to add a table prefix $this->_track_aliases($val); - $this->ar_from[] = $val = $this->_protect_identifiers($val, TRUE, NULL, FALSE); + $this->ar_from[] = $val = $this->protect_identifiers($val, TRUE, NULL, FALSE); if ($this->ar_caching === TRUE) { @@ -343,11 +343,11 @@ class CI_DB_active_record extends CI_DB_driver { // Strip apart the condition and protect the identifiers if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match)) { - $cond = $this->_protect_identifiers($match[1]).$match[2].$this->_protect_identifiers($match[3]); + $cond = $this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3]); } // Assemble the JOIN statement - $this->ar_join[] = $join = $type.'JOIN '.$this->_protect_identifiers($table, TRUE, NULL, FALSE).' ON '.$cond; + $this->ar_join[] = $join = $type.'JOIN '.$this->protect_identifiers($table, TRUE, NULL, FALSE).' ON '.$cond; if ($this->ar_caching === TRUE) { @@ -433,7 +433,7 @@ class CI_DB_active_record extends CI_DB_driver { { if ($escape === TRUE) { - $k = $this->_protect_identifiers($k, FALSE, $escape); + $k = $this->protect_identifiers($k, FALSE, $escape); $v = ' '.$this->escape($v); } @@ -444,7 +444,7 @@ class CI_DB_active_record extends CI_DB_driver { } else { - $k = $this->_protect_identifiers($k, FALSE, $escape); + $k = $this->protect_identifiers($k, FALSE, $escape); } $this->ar_where[] = $prefix.$k.$v; @@ -562,7 +562,7 @@ class CI_DB_active_record extends CI_DB_driver { } $prefix = (count($this->ar_where) === 0) ? '' : $type; - $this->ar_where[] = $where_in = $prefix.$this->_protect_identifiers($key).$not.' IN ('.implode(', ', $this->ar_wherein).') '; + $this->ar_where[] = $where_in = $prefix.$this->protect_identifiers($key).$not.' IN ('.implode(', ', $this->ar_wherein).') '; if ($this->ar_caching === TRUE) { @@ -666,7 +666,7 @@ class CI_DB_active_record extends CI_DB_driver { foreach ($field as $k => $v) { - $k = $this->_protect_identifiers($k); + $k = $this->protect_identifiers($k); $prefix = (count($this->ar_like) === 0) ? '' : $type; $v = $this->escape_like_str($v); @@ -827,7 +827,7 @@ class CI_DB_active_record extends CI_DB_driver { if ($val != '') { - $this->ar_groupby[] = $val = $this->_protect_identifiers($val); + $this->ar_groupby[] = $val = $this->protect_identifiers($val); if ($this->ar_caching === TRUE) { @@ -896,7 +896,7 @@ class CI_DB_active_record extends CI_DB_driver { if ($escape === TRUE) { - $k = $this->_protect_identifiers($k); + $k = $this->protect_identifiers($k); } if ( ! $this->_has_operator($k)) @@ -951,7 +951,7 @@ class CI_DB_active_record extends CI_DB_driver { $part = trim($part); if ( ! in_array($part, $this->ar_aliased_tables)) { - $part = $this->_protect_identifiers(trim($part)); + $part = $this->protect_identifiers(trim($part)); } $temp[] = $part; @@ -963,7 +963,7 @@ class CI_DB_active_record extends CI_DB_driver { { if ($escape === TRUE) { - $orderby = $this->_protect_identifiers($orderby); + $orderby = $this->protect_identifiers($orderby); } } @@ -1036,11 +1036,11 @@ class CI_DB_active_record extends CI_DB_driver { { if ($escape === FALSE) { - $this->ar_set[$this->_protect_identifiers($k)] = $v; + $this->ar_set[$this->protect_identifiers($k)] = $v; } else { - $this->ar_set[$this->_protect_identifiers($k, FALSE, TRUE)] = $this->escape($v); + $this->ar_set[$this->protect_identifiers($k, FALSE, TRUE)] = $this->escape($v); } } @@ -1125,7 +1125,7 @@ class CI_DB_active_record extends CI_DB_driver { $this->from($table); } - $result = $this->query($this->_compile_select($this->_count_string.$this->_protect_identifiers('numrows'))); + $result = $this->query($this->_compile_select($this->_count_string.$this->protect_identifiers('numrows'))); $this->_reset_select(); if ($result->num_rows() === 0) @@ -1211,7 +1211,7 @@ class CI_DB_active_record extends CI_DB_driver { // Batch this baby for ($i = 0, $total = count($this->ar_set); $i < $total; $i += 100) { - $this->query($this->_insert_batch($this->_protect_identifiers($table, TRUE, NULL, FALSE), $this->ar_keys, array_slice($this->ar_set, $i, 100))); + $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), $this->ar_keys, array_slice($this->ar_set, $i, 100))); } $this->_reset_write(); @@ -1269,7 +1269,7 @@ class CI_DB_active_record extends CI_DB_driver { foreach ($keys as $k) { - $this->ar_keys[] = $this->_protect_identifiers($k); + $this->ar_keys[] = $this->protect_identifiers($k); } return $this; @@ -1295,9 +1295,7 @@ class CI_DB_active_record extends CI_DB_driver { } $sql = $this->_insert( - $this->_protect_identifiers( - $this->ar_from[0], TRUE, NULL, FALSE - ), + $this->protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set) ); @@ -1335,9 +1333,7 @@ class CI_DB_active_record extends CI_DB_driver { } $sql = $this->_insert( - $this->_protect_identifiers( - $this->ar_from[0], TRUE, NULL, FALSE - ), + $this->protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set) ); @@ -1414,7 +1410,7 @@ class CI_DB_active_record extends CI_DB_driver { $table = $this->ar_from[0]; } - $sql = $this->_replace($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); + $sql = $this->_replace($this->protect_identifiers($table, TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); $this->_reset_write(); return $this->query($sql); } @@ -1441,7 +1437,7 @@ class CI_DB_active_record extends CI_DB_driver { return FALSE; } - $sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); + $sql = $this->_update($this->protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); if ($reset === TRUE) { @@ -1488,7 +1484,7 @@ class CI_DB_active_record extends CI_DB_driver { $this->limit($limit); } - $sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit, $this->ar_like); + $sql = $this->_update($this->protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit, $this->ar_like); $this->_reset_write(); return $this->query($sql); } @@ -1573,7 +1569,7 @@ class CI_DB_active_record extends CI_DB_driver { // Batch this baby for ($i = 0, $total = count($this->ar_set); $i < $total; $i += 100) { - $this->query($this->_update_batch($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->ar_set, $i, 100), $this->_protect_identifiers($index), $this->ar_where)); + $this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->ar_set, $i, 100), $this->protect_identifiers($index), $this->ar_where)); } $this->_reset_write(); @@ -1614,7 +1610,7 @@ class CI_DB_active_record extends CI_DB_driver { $not[] = $k.'-'.$v; } - $clean[$this->_protect_identifiers($k2)] = ($escape === FALSE) ? $v2 : $this->escape($v2); + $clean[$this->protect_identifiers($k2)] = ($escape === FALSE) ? $v2 : $this->escape($v2); } if ($index_set == FALSE) @@ -1651,7 +1647,7 @@ class CI_DB_active_record extends CI_DB_driver { } else { - $table = $this->_protect_identifiers($table, TRUE, NULL, FALSE); + $table = $this->protect_identifiers($table, TRUE, NULL, FALSE); } $sql = $this->_delete($table); @@ -1684,7 +1680,7 @@ class CI_DB_active_record extends CI_DB_driver { } else { - $table = $this->_protect_identifiers($table, TRUE, NULL, FALSE); + $table = $this->protect_identifiers($table, TRUE, NULL, FALSE); } $sql = $this->_truncate($table); @@ -1751,7 +1747,7 @@ class CI_DB_active_record extends CI_DB_driver { } else { - $table = $this->_protect_identifiers($table, TRUE, NULL, FALSE); + $table = $this->protect_identifiers($table, TRUE, NULL, FALSE); } if ($where != '') @@ -1894,7 +1890,7 @@ class CI_DB_active_record extends CI_DB_driver { foreach ($this->ar_select as $key => $val) { $no_escape = isset($this->ar_no_escape[$key]) ? $this->ar_no_escape[$key] : NULL; - $this->ar_select[$key] = $this->_protect_identifiers($val, FALSE, $no_escape); + $this->ar_select[$key] = $this->protect_identifiers($val, FALSE, $no_escape); } $sql .= implode(', ', $this->ar_select); diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 59018cc91..a04a65eeb 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1,13 +1,13 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Database Driver Class * @@ -42,48 +40,44 @@ */ class CI_DB_driver { - var $username; - var $password; - var $hostname; - var $database; - var $dbdriver = 'mysql'; - var $dbprefix = ''; - var $char_set = 'utf8'; - var $dbcollat = 'utf8_general_ci'; - var $autoinit = TRUE; // Whether to automatically initialize the DB - var $swap_pre = ''; - var $port = ''; - var $pconnect = FALSE; - var $conn_id = FALSE; - var $result_id = FALSE; - var $db_debug = FALSE; - var $benchmark = 0; - var $query_count = 0; - var $bind_marker = '?'; - var $save_queries = TRUE; - var $queries = array(); - var $query_times = array(); - var $data_cache = array(); - var $trans_enabled = TRUE; - var $trans_strict = TRUE; - var $_trans_depth = 0; - var $_trans_status = TRUE; // Used with transactions to determine if a rollback should occur - var $cache_on = FALSE; - var $cachedir = ''; - var $cache_autodel = FALSE; - var $CACHE; // The cache class object - - // Private variables - var $_protect_identifiers = TRUE; - var $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped - - /** - * Constructor. Accepts one parameter containing the database - * connection settings. - * - * @param array - */ - function __construct($params) + public $dsn; + public $username; + public $password; + public $hostname; + public $database; + public $dbdriver = 'mysql'; + public $dbprefix = ''; + public $char_set = 'utf8'; + public $dbcollat = 'utf8_general_ci'; + public $autoinit = TRUE; // Whether to automatically initialize the DB + public $swap_pre = ''; + public $port = ''; + public $pconnect = FALSE; + public $conn_id = FALSE; + public $result_id = FALSE; + public $db_debug = FALSE; + public $benchmark = 0; + public $query_count = 0; + public $bind_marker = '?'; + public $save_queries = TRUE; + public $queries = array(); + public $query_times = array(); + public $data_cache = array(); + + public $trans_enabled = TRUE; + public $trans_strict = TRUE; + protected $_trans_depth = 0; + protected $_trans_status = TRUE; // Used with transactions to determine if a rollback should occur + + public $cache_on = FALSE; + public $cachedir = ''; + public $cache_autodel = FALSE; + public $CACHE; // The cache class object + + protected $_protect_identifiers = TRUE; + protected $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped + + public function __construct($params) { if (is_array($params)) { @@ -205,10 +199,9 @@ class CI_DB_driver { /** * The name of the platform in use (mysql, mssql, etc...) * - * @access public * @return string */ - function platform() + public function platform() { return $this->dbdriver; } @@ -258,17 +251,16 @@ class CI_DB_driver { * Execute the query * * Accepts an SQL string as input and returns a result object upon - * successful execution of a "read" type query. Returns boolean TRUE + * successful execution of a "read" type query. Returns boolean TRUE * upon successful execution of a "write" type query. Returns boolean * FALSE upon failure, and if the $db_debug variable is set to TRUE * will raise an error. * - * @access public * @param string An SQL query string * @param array An array of binding data * @return mixed */ - function query($sql, $binds = FALSE, $return_object = TRUE) + public function query($sql, $binds = FALSE, $return_object = TRUE) { if ($sql == '') { @@ -293,7 +285,7 @@ class CI_DB_driver { $sql = $this->compile_binds($sql, $binds); } - // Is query caching enabled? If the query is a "read type" + // Is query caching enabled? If the query is a "read type" // we will load the caching class and return the previously // cached query if it exists if ($this->cache_on == TRUE AND stristr($sql, 'SELECT')) @@ -425,10 +417,9 @@ class CI_DB_driver { /** * Load the result drivers * - * @access public * @return string the name of the result class */ - function load_rdriver() + public function load_rdriver() { $driver = 'CI_DB_'.$this->dbdriver.'_result'; @@ -445,15 +436,14 @@ class CI_DB_driver { /** * Simple Query - * This is a simplified version of the query() function. Internally + * This is a simplified version of the query() function. Internally * we only use it when running transaction commands since they do * not require all the features of the main query() function. * - * @access public * @param string the sql query * @return mixed */ - function simple_query($sql) + public function simple_query($sql) { if ( ! $this->conn_id) { @@ -469,10 +459,9 @@ class CI_DB_driver { * Disable Transactions * This permits transactions to be disabled at run-time. * - * @access public * @return void */ - function trans_off() + public function trans_off() { $this->trans_enabled = FALSE; } @@ -486,10 +475,9 @@ class CI_DB_driver { * If strict mode is disabled, each group is treated autonomously, meaning * a failure of one group will not affect any others * - * @access public * @return void */ - function trans_strict($mode = TRUE) + public function trans_strict($mode = TRUE) { $this->trans_strict = is_bool($mode) ? $mode : TRUE; } @@ -499,10 +487,9 @@ class CI_DB_driver { /** * Start Transaction * - * @access public * @return void */ - function trans_start($test_mode = FALSE) + public function trans_start($test_mode = FALSE) { if ( ! $this->trans_enabled) { @@ -525,10 +512,9 @@ class CI_DB_driver { /** * Complete Transaction * - * @access public * @return bool */ - function trans_complete() + public function trans_complete() { if ( ! $this->trans_enabled) { @@ -572,10 +558,9 @@ class CI_DB_driver { /** * Lets you retrieve the transaction flag to determine if it has failed * - * @access public * @return bool */ - function trans_status() + public function trans_status() { return $this->_trans_status; } @@ -585,12 +570,11 @@ class CI_DB_driver { /** * Compile Bindings * - * @access public * @param string the sql statement * @param array an array of bind data * @return string */ - function compile_binds($sql, $binds) + public function compile_binds($sql, $binds) { if (strpos($sql, $this->bind_marker) === FALSE) { @@ -641,11 +625,10 @@ class CI_DB_driver { /** * Calculate the aggregate query elapsed time * - * @access public - * @param integer The number of decimal places - * @return integer + * @param int The number of decimal places + * @return int */ - function elapsed_time($decimals = 6) + public function elapsed_time($decimals = 6) { return number_format($this->benchmark, $decimals); } @@ -655,10 +638,9 @@ class CI_DB_driver { /** * Returns the total number of queries * - * @access public - * @return integer + * @return int */ - function total_queries() + public function total_queries() { return $this->query_count; } @@ -668,10 +650,9 @@ class CI_DB_driver { /** * Returns the last query that was executed * - * @access public - * @return void + * @return string */ - function last_query() + public function last_query() { return end($this->queries); } @@ -684,11 +665,10 @@ class CI_DB_driver { * Escapes data based on type * Sets boolean and null types * - * @access public * @param string * @return mixed */ - function escape($str) + public function escape($str) { if (is_string($str)) { @@ -714,11 +694,10 @@ class CI_DB_driver { * Calls the individual driver for platform * specific escaping for LIKE conditions * - * @access public * @param string * @return mixed */ - function escape_like_str($str) + public function escape_like_str($str) { return $this->escape_str($str, TRUE); } @@ -728,14 +707,13 @@ class CI_DB_driver { /** * Primary * - * Retrieves the primary key. It assumes that the row in the first + * Retrieves the primary key. It assumes that the row in the first * position is the primary key * - * @access public * @param string the table name * @return string */ - function primary($table = '') + public function primary($table = '') { $fields = $this->list_fields($table); @@ -752,10 +730,9 @@ class CI_DB_driver { /** * Returns an array of table names * - * @access public * @return array */ - function list_tables($constrain_by_prefix = FALSE) + public function list_tables($constrain_by_prefix = FALSE) { // Is there a cached result? if (isset($this->data_cache['table_names'])) @@ -793,7 +770,7 @@ class CI_DB_driver { } $this->data_cache['table_names'] = $retval; - + return $this->data_cache['table_names']; } @@ -801,12 +778,12 @@ class CI_DB_driver { /** * Determine if a particular table exists - * @access public - * @return boolean + * + * @return bool */ - function table_exists($table_name) + public function table_exists($table_name) { - return ( ! in_array($this->_protect_identifiers($table_name, TRUE, FALSE, FALSE), $this->list_tables())) ? FALSE : TRUE; + return in_array($this->protect_identifiers($table_name, TRUE, FALSE, FALSE), $this->list_tables()); } // -------------------------------------------------------------------- @@ -814,11 +791,10 @@ class CI_DB_driver { /** * Fetch MySQL Field Names * - * @access public * @param string the table name * @return array */ - function list_fields($table = '') + public function list_fields($table = '') { // Is there a cached result? if (isset($this->data_cache['field_names'][$table])) @@ -867,12 +843,12 @@ class CI_DB_driver { /** * Determine if a particular field exists - * @access public + * * @param string * @param string - * @return boolean + * @return bool */ - function field_exists($field_name, $table_name) + public function field_exists($field_name, $table_name) { return ( ! in_array($field_name, $this->list_fields($table_name))) ? FALSE : TRUE; } @@ -882,11 +858,10 @@ class CI_DB_driver { /** * Returns an object with field data * - * @access public * @param string the table name * @return object */ - function field_data($table = '') + public function field_data($table = '') { if ($table == '') { @@ -897,7 +872,7 @@ class CI_DB_driver { return FALSE; } - $query = $this->query($this->_field_data($this->_protect_identifiers($table, TRUE, NULL, FALSE))); + $query = $this->query($this->_field_data($this->protect_identifiers($table, TRUE, NULL, FALSE))); return $query->field_data(); } @@ -907,12 +882,11 @@ class CI_DB_driver { /** * Generate an insert string * - * @access public * @param string the table upon which the query will be performed * @param array an associative array data of key/values * @return string */ - function insert_string($table, $data) + public function insert_string($table, $data) { $fields = array(); $values = array(); @@ -923,7 +897,7 @@ class CI_DB_driver { $values[] = $this->escape($val); } - return $this->_insert($this->_protect_identifiers($table, TRUE, NULL, FALSE), $fields, $values); + return $this->_insert($this->protect_identifiers($table, TRUE, NULL, FALSE), $fields, $values); } // -------------------------------------------------------------------- @@ -931,23 +905,22 @@ class CI_DB_driver { /** * Generate an update string * - * @access public * @param string the table upon which the query will be performed * @param array an associative array data of key/values * @param mixed the "where" statement * @return string */ - function update_string($table, $data, $where) + public function update_string($table, $data, $where) { if ($where == '') { - return false; + return FALSE; } $fields = array(); foreach ($data as $key => $val) { - $fields[$this->_protect_identifiers($key)] = $this->escape($val); + $fields[$this->protect_identifiers($key)] = $this->escape($val); } if ( ! is_array($where)) @@ -960,7 +933,7 @@ class CI_DB_driver { foreach ($where as $key => $val) { $prefix = (count($dest) == 0) ? '' : ' AND '; - $key = $this->_protect_identifiers($key); + $key = $this->protect_identifiers($key); if ($val !== '') { @@ -976,7 +949,7 @@ class CI_DB_driver { } } - return $this->_update($this->_protect_identifiers($table, TRUE, NULL, FALSE), $fields, $dest); + return $this->_update($this->protect_identifiers($table, TRUE, NULL, FALSE), $fields, $dest); } // -------------------------------------------------------------------- @@ -984,11 +957,10 @@ class CI_DB_driver { /** * Tests whether the string has an SQL operator * - * @access private * @param string * @return bool */ - function _has_operator($str) + protected function _has_operator($str) { $str = trim($str); if ( ! preg_match("/(\s|<|>|!|=|is null|is not null)/i", $str)) @@ -1004,12 +976,11 @@ class CI_DB_driver { /** * Enables a native PHP function to be run, using a platform agnostic wrapper. * - * @access public * @param string the function name * @param mixed any parameters needed by the function * @return mixed */ - function call_function($function) + public function call_function($function) { $driver = ($this->dbdriver == 'postgre') ? 'pg_' : $this->dbdriver.'_'; @@ -1046,11 +1017,10 @@ class CI_DB_driver { /** * Set Cache Directory Path * - * @access public * @param string the path to the cache directory * @return void */ - function cache_set_path($path = '') + public function cache_set_path($path = '') { $this->cachedir = $path; } @@ -1060,10 +1030,9 @@ class CI_DB_driver { /** * Enable Query Caching * - * @access public - * @return void + * @return bool cache_on value */ - function cache_on() + public function cache_on() { $this->cache_on = TRUE; return TRUE; @@ -1074,10 +1043,9 @@ class CI_DB_driver { /** * Disable Query Caching * - * @access public - * @return void + * @return bool cache_on value */ - function cache_off() + public function cache_off() { $this->cache_on = FALSE; return FALSE; @@ -1089,10 +1057,9 @@ class CI_DB_driver { /** * Delete the cache files associated with a particular URI * - * @access public - * @return void + * @return bool */ - function cache_delete($segment_one = '', $segment_two = '') + public function cache_delete($segment_one = '', $segment_two = '') { if ( ! $this->_cache_init()) { @@ -1106,10 +1073,9 @@ class CI_DB_driver { /** * Delete All cache files * - * @access public - * @return void + * @return bool */ - function cache_delete_all() + public function cache_delete_all() { if ( ! $this->_cache_init()) { @@ -1124,10 +1090,9 @@ class CI_DB_driver { /** * Initialize the Cache Class * - * @access private - * @return void + * @return bool */ - function _cache_init() + protected function _cache_init() { if (is_object($this->CACHE) AND class_exists('CI_DB_Cache')) { @@ -1151,10 +1116,9 @@ class CI_DB_driver { /** * Close DB Connection * - * @access public * @return void */ - function close() + public function close() { if (is_resource($this->conn_id) OR is_object($this->conn_id)) { @@ -1168,13 +1132,12 @@ class CI_DB_driver { /** * Display an error message * - * @access public * @param string the error message * @param string any "swap" values - * @param boolean whether to localize the message + * @param bool whether to localize the message * @return string sends the application/error_db.php template */ - function display_error($error = '', $swap = '', $native = FALSE) + public function display_error($error = '', $swap = '', $native = FALSE) { $LANG =& load_class('Lang', 'core'); $LANG->load('db'); @@ -1218,27 +1181,11 @@ class CI_DB_driver { /** * Protect Identifiers * - * This function adds backticks if appropriate based on db type - * - * @access private - * @param mixed the item to escape - * @return mixed the item with backticks - */ - function protect_identifiers($item, $prefix_single = FALSE) - { - return $this->_protect_identifiers($item, $prefix_single); - } - - // -------------------------------------------------------------------- - - /** - * Protect Identifiers - * * This function is used extensively by the Active Record class, and by * a couple functions in this class. * It takes a column or table name (optionally with an alias) and inserts * the table prefix onto it. Some logic is necessary in order to deal with - * column names that include the path. Consider a query like this: + * column names that include the path. Consider a query like this: * * SELECT * FROM hostname.database.table.column AS c FROM hostname.database.table * @@ -1251,14 +1198,13 @@ class CI_DB_driver { * insert the table prefix (if it exists) in the proper position, and escape only * the correct identifiers. * - * @access private * @param string * @param bool * @param mixed * @param bool * @return string */ - function _protect_identifiers($item, $prefix_single = FALSE, $protect_identifiers = NULL, $field_exists = TRUE) + public function protect_identifiers($item, $prefix_single = FALSE, $protect_identifiers = NULL, $field_exists = TRUE) { if ( ! is_bool($protect_identifiers)) { @@ -1268,10 +1214,9 @@ class CI_DB_driver { if (is_array($item)) { $escaped_array = array(); - foreach ($item as $k => $v) { - $escaped_array[$this->_protect_identifiers($k)] = $this->_protect_identifiers($v); + $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v); } return $escaped_array; @@ -1291,7 +1236,7 @@ class CI_DB_driver { // This is basically a bug fix for queries that use MAX, MIN, etc. // If a parenthesis is found we know that we do not need to - // escape the data or add a prefix. There's probably a more graceful + // escape the data or add a prefix. There's probably a more graceful // way to deal with this, but I'm not thinking of it -- Rick if (strpos($item, '(') !== FALSE) { @@ -1306,7 +1251,7 @@ class CI_DB_driver { $parts = explode('.', $item); // Does the first segment of the exploded item match - // one of the aliases previously identified? If so, + // one of the aliases previously identified? If so, // we have nothing more to do other than escape the item if (in_array($parts[0], $this->ar_aliased_tables)) { @@ -1325,7 +1270,7 @@ class CI_DB_driver { return $item.$alias; } - // Is there a table prefix defined in the config file? If not, no need to do anything + // Is there a table prefix defined in the config file? If not, no need to do anything if ($this->dbprefix != '') { // We now add the table prefix based on some logic. @@ -1379,7 +1324,7 @@ class CI_DB_driver { return $item.$alias; } - // Is there a table prefix? If not, no need to insert it + // Is there a table prefix? If not, no need to insert it if ($this->dbprefix != '') { // Verify table prefix and replace if necessary @@ -1402,7 +1347,7 @@ class CI_DB_driver { return $item.$alias; } - + // -------------------------------------------------------------------- /** @@ -1410,12 +1355,10 @@ class CI_DB_driver { * * This function is used extensively by every db driver. * - * @access private * @return void */ protected function _reset_select() { - } } diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php index 1c65cbdd3..244707395 100644 --- a/system/database/drivers/cubrid/cubrid_driver.php +++ b/system/database/drivers/cubrid/cubrid_driver.php @@ -378,9 +378,8 @@ class CI_DB_cubrid_driver extends CI_DB { { return 0; } - - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { return 0; @@ -427,7 +426,7 @@ class CI_DB_cubrid_driver extends CI_DB { */ function _list_columns($table = '') { - return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE); + return 'SHOW COLUMNS FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/cubrid/cubrid_forge.php b/system/database/drivers/cubrid/cubrid_forge.php index 293613e69..7d606ea36 100644 --- a/system/database/drivers/cubrid/cubrid_forge.php +++ b/system/database/drivers/cubrid/cubrid_forge.php @@ -93,11 +93,11 @@ class CI_DB_cubrid_forge extends CI_DB_forge { { $attributes = array_change_key_case($attributes, CASE_UPPER); - $sql .= "\n\t\"" . $this->db->_protect_identifiers($field) . "\""; + $sql .= "\n\t\"".$this->db->protect_identifiers($field).'"'; if (array_key_exists('NAME', $attributes)) { - $sql .= ' '.$this->db->_protect_identifiers($attributes['NAME']).' '; + $sql .= ' '.$this->db->protect_identifiers($attributes['NAME']).' '; } if (array_key_exists('TYPE', $attributes)) @@ -197,10 +197,9 @@ class CI_DB_cubrid_forge extends CI_DB_forge { // If there is a PK defined if (count($primary_keys) > 0) { - $key_name = "pk_" . $table . "_" . - $this->db->_protect_identifiers(implode('_', $primary_keys)); - - $primary_keys = $this->db->_protect_identifiers($primary_keys); + $key_name = 'pk_'.$table.'_'.$this->db->protect_identifiers(implode('_', $primary_keys)); + + $primary_keys = $this->db->protect_identifiers($primary_keys); $sql .= ",\n\tCONSTRAINT " . $key_name . " PRIMARY KEY(" . implode(', ', $primary_keys) . ")"; } @@ -210,15 +209,15 @@ class CI_DB_cubrid_forge extends CI_DB_forge { { if (is_array($key)) { - $key_name = $this->db->_protect_identifiers(implode('_', $key)); - $key = $this->db->_protect_identifiers($key); + $key_name = $this->db->protect_identifiers(implode('_', $key)); + $key = $this->db->protect_identifiers($key); } else { - $key_name = $this->db->_protect_identifiers($key); + $key_name = $this->db->protect_identifiers($key); $key = array($key_name); } - + $sql .= ",\n\tKEY \"{$key_name}\" (" . implode(', ', $key) . ")"; } } @@ -258,19 +257,19 @@ class CI_DB_cubrid_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $fields, $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type "; + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '; // DROP has everything it needs now. if ($alter_type == 'DROP') { - return $sql.$this->db->_protect_identifiers($fields); + return $sql.$this->db->protect_identifiers($fields); } $sql .= $this->_process_fields($fields); if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -290,11 +289,10 @@ class CI_DB_cubrid_forge extends CI_DB_forge { */ function _rename_table($table_name, $new_table_name) { - $sql = 'RENAME TABLE '.$this->db->_protect_identifiers($table_name)." AS ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'RENAME TABLE '.$this->db->protect_identifiers($table_name).' AS '.$this->db->protect_identifiers($new_table_name); } } /* End of file cubrid_forge.php */ -/* Location: ./system/database/drivers/cubrid/cubrid_forge.php */
\ No newline at end of file +/* Location: ./system/database/drivers/cubrid/cubrid_forge.php */ diff --git a/system/database/drivers/interbase/interbase_driver.php b/system/database/drivers/interbase/interbase_driver.php index 3e2ca4955..a9a647202 100644 --- a/system/database/drivers/interbase/interbase_driver.php +++ b/system/database/drivers/interbase/interbase_driver.php @@ -320,8 +320,7 @@ class CI_DB_interbase_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . ' FROM ' . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); - + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { return 0; diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 534e8d9a8..b6b64cc44 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -365,8 +365,7 @@ class CI_DB_mssql_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); - + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { return 0; diff --git a/system/database/drivers/mssql/mssql_forge.php b/system/database/drivers/mssql/mssql_forge.php index 50db595bf..4a8089bb1 100644 --- a/system/database/drivers/mssql/mssql_forge.php +++ b/system/database/drivers/mssql/mssql_forge.php @@ -113,7 +113,7 @@ class CI_DB_mssql_forge extends CI_DB_forge { { $attributes = array_change_key_case($attributes, CASE_UPPER); - $sql .= "\n\t".$this->db->_protect_identifiers($field); + $sql .= "\n\t".$this->db->protect_identifiers($field); $sql .= ' '.$attributes['TYPE']; @@ -156,7 +156,7 @@ class CI_DB_mssql_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - $primary_keys = $this->db->_protect_identifiers($primary_keys); + $primary_keys = $this->db->protect_identifiers($primary_keys); $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; } @@ -166,11 +166,11 @@ class CI_DB_mssql_forge extends CI_DB_forge { { if (is_array($key)) { - $key = $this->db->_protect_identifiers($key); + $key = $this->db->protect_identifiers($key); } else { - $key = array($this->db->_protect_identifiers($key)); + $key = array($this->db->protect_identifiers($key)); } $sql .= ",\n\tFOREIGN KEY (" . implode(', ', $key) . ")"; @@ -202,7 +202,7 @@ class CI_DB_mssql_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type ".$this->db->_protect_identifiers($column_name); + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '.$this->db->protect_identifiers($column_name); // DROP has everything it needs now. if ($alter_type == 'DROP') @@ -228,7 +228,7 @@ class CI_DB_mssql_forge extends CI_DB_forge { if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -250,11 +250,10 @@ class CI_DB_mssql_forge extends CI_DB_forge { function _rename_table($table_name, $new_table_name) { // I think this syntax will work, but can find little documentation on renaming tables in MSSQL - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } } /* End of file mssql_forge.php */ -/* Location: ./system/database/drivers/mssql/mssql_forge.php */
\ No newline at end of file +/* Location: ./system/database/drivers/mssql/mssql_forge.php */ diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 76fb057ea..7f4a4f2ca 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -416,7 +416,7 @@ class CI_DB_mysql_driver extends CI_DB { return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; } - $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $this->query('DESCRIBE '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); $query = $query->result_object(); $retval = array(); diff --git a/system/database/drivers/mysql/mysql_forge.php b/system/database/drivers/mysql/mysql_forge.php index 3cd96a8a2..004a5a103 100644 --- a/system/database/drivers/mysql/mysql_forge.php +++ b/system/database/drivers/mysql/mysql_forge.php @@ -151,7 +151,7 @@ class CI_DB_mysql_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - $key_name = $this->db->_protect_identifiers(implode('_', $primary_keys)); + $key_name = $this->db->protect_identifiers(implode('_', $primary_keys)); $sql .= ",\n\tPRIMARY KEY ".$key_name.' ('.implode(', ', $this->db->protect_identifiers($primary_keys)).')'; } @@ -161,12 +161,12 @@ class CI_DB_mysql_forge extends CI_DB_forge { { if (is_array($key)) { - $key_name = $this->db->_protect_identifiers(implode('_', $key)); - $key = $this->db->_protect_identifiers($key); + $key_name = $this->db->protect_identifiers(implode('_', $key)); + $key = $this->db->protect_identifiers($key); } else { - $key_name = $this->db->_protect_identifiers($key); + $key_name = $this->db->protect_identifiers($key); $key = array($key_name); } diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index e0b2065a1..846ec0340 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -353,7 +353,7 @@ class CI_DB_mysqli_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string.$this->_protect_identifiers('numrows').' FROM '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { return 0; @@ -399,7 +399,7 @@ class CI_DB_mysqli_driver extends CI_DB { */ protected function _list_columns($table = '') { - return 'SHOW COLUMNS FROM '.$this->_protect_identifiers($table, TRUE, NULL, FALSE); + return 'SHOW COLUMNS FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE); } // -------------------------------------------------------------------- @@ -417,7 +417,7 @@ class CI_DB_mysqli_driver extends CI_DB { return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; } - $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $this->query('DESCRIBE '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); $query = $query->result_object(); $retval = array(); diff --git a/system/database/drivers/mysqli/mysqli_forge.php b/system/database/drivers/mysqli/mysqli_forge.php index deb8c0d9e..4ab7a639d 100644 --- a/system/database/drivers/mysqli/mysqli_forge.php +++ b/system/database/drivers/mysqli/mysqli_forge.php @@ -183,7 +183,7 @@ class CI_DB_mysqli_forge extends CI_DB_forge { */ public function _alter_table($alter_type, $table, $fields, $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table).' '.$alter_type.' '; + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '; // DROP has everything it needs now. if ($alter_type === 'DROP') diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 048149f30..070d58a34 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -458,8 +458,7 @@ class CI_DB_oci8_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); - + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query == FALSE) { return 0; diff --git a/system/database/drivers/oci8/oci8_forge.php b/system/database/drivers/oci8/oci8_forge.php index e9c30e140..7fcc8094d 100644 --- a/system/database/drivers/oci8/oci8_forge.php +++ b/system/database/drivers/oci8/oci8_forge.php @@ -172,7 +172,7 @@ class CI_DB_oci8_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type ".$this->db->_protect_identifiers($column_name); + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '.$this->db->protect_identifiers($column_name); // DROP has everything it needs now. if ($alter_type == 'DROP') @@ -198,7 +198,7 @@ class CI_DB_oci8_forge extends CI_DB_forge { if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -219,11 +219,9 @@ class CI_DB_oci8_forge extends CI_DB_forge { */ function _rename_table($table_name, $new_table_name) { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } - } /* End of file oci8_forge.php */ diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 84e9a9801..acc2838e3 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -313,7 +313,7 @@ class CI_DB_odbc_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $this->query($this->_count_string . $this->protect_identifiers('numrows') . " FROM " . $this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { diff --git a/system/database/drivers/odbc/odbc_forge.php b/system/database/drivers/odbc/odbc_forge.php index d5c42518a..acc2cadee 100644 --- a/system/database/drivers/odbc/odbc_forge.php +++ b/system/database/drivers/odbc/odbc_forge.php @@ -112,7 +112,7 @@ class CI_DB_odbc_forge extends CI_DB_forge { { $attributes = array_change_key_case($attributes, CASE_UPPER); - $sql .= "\n\t".$this->db->_protect_identifiers($field); + $sql .= "\n\t".$this->db->protect_identifiers($field); $sql .= ' '.$attributes['TYPE']; @@ -155,7 +155,7 @@ class CI_DB_odbc_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - $primary_keys = $this->db->_protect_identifiers($primary_keys); + $primary_keys = $this->db->protect_identifiers($primary_keys); $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; } @@ -165,11 +165,11 @@ class CI_DB_odbc_forge extends CI_DB_forge { { if (is_array($key)) { - $key = $this->db->_protect_identifiers($key); + $key = $this->db->protect_identifiers($key); } else { - $key = array($this->db->_protect_identifiers($key)); + $key = array($this->db->protect_identifiers($key)); } $sql .= ",\n\tFOREIGN KEY (" . implode(', ', $key) . ")"; @@ -219,7 +219,7 @@ class CI_DB_odbc_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type ".$this->db->_protect_identifiers($column_name); + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '.$this->db->protect_identifiers($column_name); // DROP has everything it needs now. if ($alter_type == 'DROP') @@ -245,7 +245,7 @@ class CI_DB_odbc_forge extends CI_DB_forge { if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -267,12 +267,10 @@ class CI_DB_odbc_forge extends CI_DB_forge { */ function _rename_table($table_name, $new_table_name) { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } - } /* End of file odbc_forge.php */ -/* Location: ./system/database/drivers/odbc/odbc_forge.php */
\ No newline at end of file +/* Location: ./system/database/drivers/odbc/odbc_forge.php */ diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index c86d9df60..09764779a 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -59,8 +59,7 @@ class CI_DB_pdo_driver extends CI_DB { var $_count_string = "SELECT COUNT(*) AS "; var $_random_keyword; - // need to track the pdo DSN, driver and options - var $dsn; + // need to track the pdo driver and options var $pdodriver; var $options = array(); @@ -530,8 +529,7 @@ class CI_DB_pdo_driver extends CI_DB { return 0; } - $sql = $this->_count_string.$this->_protect_identifiers('numrows').' FROM '; - $sql .= $this->_protect_identifiers($table, TRUE, NULL, FALSE); + $sql = $this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE); $query = $this->query($sql); if ($query->num_rows() == 0) diff --git a/system/database/drivers/pdo/pdo_forge.php b/system/database/drivers/pdo/pdo_forge.php index 7c238473e..87b638570 100644 --- a/system/database/drivers/pdo/pdo_forge.php +++ b/system/database/drivers/pdo/pdo_forge.php @@ -113,7 +113,7 @@ class CI_DB_pdo_forge extends CI_DB_forge { $attributes = array_change_key_case($attributes, CASE_UPPER); $numeric = array('SERIAL', 'INTEGER'); - $sql .= "\n\t".$this->db->_protect_identifiers($field); + $sql .= "\n\t".$this->db->protect_identifiers($field); $sql .= ' '.$attributes['TYPE']; @@ -160,7 +160,7 @@ class CI_DB_pdo_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - $primary_keys = $this->db->_protect_identifiers($primary_keys); + $primary_keys = $this->db->protect_identifiers($primary_keys); $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; } @@ -170,11 +170,11 @@ class CI_DB_pdo_forge extends CI_DB_forge { { if (is_array($key)) { - $key = $this->db->_protect_identifiers($key); + $key = $this->db->protect_identifiers($key); } else { - $key = array($this->db->_protect_identifiers($key)); + $key = array($this->db->protect_identifiers($key)); } $sql .= ",\n\tFOREIGN KEY (" . implode(', ', $key) . ")"; @@ -224,7 +224,7 @@ class CI_DB_pdo_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') { - $sql = 'ALTER TABLE `'.$this->db->_protect_identifiers($table)."` $alter_type ".$this->db->_protect_identifiers($column_name); + $sql = 'ALTER TABLE `'.$this->db->protect_identifiers($table).'` '.$alter_type.' '.$this->db->protect_identifiers($column_name); // DROP has everything it needs now. if ($alter_type == 'DROP') @@ -250,7 +250,7 @@ class CI_DB_pdo_forge extends CI_DB_forge { if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -272,11 +272,10 @@ class CI_DB_pdo_forge extends CI_DB_forge { */ function _rename_table($table_name, $new_table_name) { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } } /* End of file pdo_forge.php */ -/* Location: ./system/database/drivers/pdo/pdo_forge.php */
\ No newline at end of file +/* Location: ./system/database/drivers/pdo/pdo_forge.php */ diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index b8abbd742..5d22af2e6 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -383,8 +383,7 @@ class CI_DB_postgre_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); - + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { return 0; diff --git a/system/database/drivers/postgre/postgre_forge.php b/system/database/drivers/postgre/postgre_forge.php index 216b4967c..577100544 100644 --- a/system/database/drivers/postgre/postgre_forge.php +++ b/system/database/drivers/postgre/postgre_forge.php @@ -88,7 +88,7 @@ class CI_DB_postgre_forge extends CI_DB_forge { { $attributes = array_change_key_case($attributes, CASE_UPPER); - $sql .= "\n\t".$this->db->_protect_identifiers($field); + $sql .= "\n\t".$this->db->protect_identifiers($field); $is_unsigned = (array_key_exists('UNSIGNED', $attributes) && $attributes['UNSIGNED'] === TRUE); @@ -203,10 +203,10 @@ class CI_DB_postgre_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - // Something seems to break when passing an array to _protect_identifiers() + // Something seems to break when passing an array to protect_identifiers() foreach ($primary_keys as $index => $key) { - $primary_keys[$index] = $this->db->_protect_identifiers($key); + $primary_keys[$index] = $this->db->protect_identifiers($key); } $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; @@ -220,11 +220,11 @@ class CI_DB_postgre_forge extends CI_DB_forge { { if (is_array($key)) { - $key = $this->db->_protect_identifiers($key); + $key = $this->db->protect_identifiers($key); } else { - $key = array($this->db->_protect_identifiers($key)); + $key = array($this->db->protect_identifiers($key)); } foreach ($key as $field) @@ -267,19 +267,19 @@ class CI_DB_postgre_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $fields, $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type "; + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '; // DROP has everything it needs now. if ($alter_type == 'DROP') { - return $sql.$this->db->_protect_identifiers($fields); + return $sql.$this->db->protect_identifiers($fields); } $sql .= $this->_process_fields($fields); if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -299,10 +299,9 @@ class CI_DB_postgre_forge extends CI_DB_forge { */ function _rename_table($table_name, $new_table_name) { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } } /* End of file postgre_forge.php */ -/* Location: ./system/database/drivers/postgre/postgre_forge.php */
\ No newline at end of file +/* Location: ./system/database/drivers/postgre/postgre_forge.php */ diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index efb372707..55d9bfdb8 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -343,8 +343,7 @@ class CI_DB_sqlite_driver extends CI_DB { return 0; } - $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); - + $query = $this->query($this->_count_string.$this->protect_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); if ($query->num_rows() == 0) { return 0; diff --git a/system/database/drivers/sqlite/sqlite_forge.php b/system/database/drivers/sqlite/sqlite_forge.php index 3e9e5d4ab..7fc531463 100644 --- a/system/database/drivers/sqlite/sqlite_forge.php +++ b/system/database/drivers/sqlite/sqlite_forge.php @@ -110,7 +110,7 @@ class CI_DB_sqlite_forge extends CI_DB_forge { { $attributes = array_change_key_case($attributes, CASE_UPPER); - $sql .= "\n\t".$this->db->_protect_identifiers($field); + $sql .= "\n\t".$this->db->protect_identifiers($field); $sql .= ' '.$attributes['TYPE']; @@ -153,7 +153,7 @@ class CI_DB_sqlite_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - $primary_keys = $this->db->_protect_identifiers($primary_keys); + $primary_keys = $this->db->protect_identifiers($primary_keys); $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; } @@ -163,11 +163,11 @@ class CI_DB_sqlite_forge extends CI_DB_forge { { if (is_array($key)) { - $key = $this->db->_protect_identifiers($key); + $key = $this->db->protect_identifiers($key); } else { - $key = array($this->db->_protect_identifiers($key)); + $key = array($this->db->protect_identifiers($key)); } $sql .= ",\n\tUNIQUE (" . implode(', ', $key) . ")"; @@ -218,7 +218,7 @@ class CI_DB_sqlite_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type ".$this->db->_protect_identifiers($column_name); + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '.$this->db->protect_identifiers($column_name); // DROP has everything it needs now. if ($alter_type == 'DROP') @@ -247,7 +247,7 @@ class CI_DB_sqlite_forge extends CI_DB_forge { if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -268,9 +268,9 @@ class CI_DB_sqlite_forge extends CI_DB_forge { */ function _rename_table($table_name, $new_table_name) { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } + } /* End of file sqlite_forge.php */ diff --git a/system/database/drivers/sqlsrv/sqlsrv_forge.php b/system/database/drivers/sqlsrv/sqlsrv_forge.php index e00fc7d74..cd061dd23 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_forge.php +++ b/system/database/drivers/sqlsrv/sqlsrv_forge.php @@ -113,7 +113,7 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { { $attributes = array_change_key_case($attributes, CASE_UPPER); - $sql .= "\n\t".$this->db->_protect_identifiers($field); + $sql .= "\n\t".$this->db->protect_identifiers($field); $sql .= ' '.$attributes['TYPE']; @@ -156,7 +156,7 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { if (count($primary_keys) > 0) { - $primary_keys = $this->db->_protect_identifiers($primary_keys); + $primary_keys = $this->db->protect_identifiers($primary_keys); $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; } @@ -166,11 +166,11 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { { if (is_array($key)) { - $key = $this->db->_protect_identifiers($key); + $key = $this->db->protect_identifiers($key); } else { - $key = array($this->db->_protect_identifiers($key)); + $key = array($this->db->protect_identifiers($key)); } $sql .= ",\n\tFOREIGN KEY (" . implode(', ', $key) . ")"; @@ -202,7 +202,7 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { */ function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') { - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type ".$this->db->_protect_identifiers($column_name); + $sql = 'ALTER TABLE '.$this->db->protect_identifiers($table).' '.$alter_type.' '.$this->db->protect_identifiers($column_name); // DROP has everything it needs now. if ($alter_type == 'DROP') @@ -228,7 +228,7 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { if ($after_field != '') { - $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + return $sql.' AFTER '.$this->db->protect_identifiers($after_field); } return $sql; @@ -250,11 +250,10 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { function _rename_table($table_name, $new_table_name) { // I think this syntax will work, but can find little documentation on renaming tables in MSSQL - $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); - return $sql; + return 'ALTER TABLE '.$this->db->protect_identifiers($table_name).' RENAME TO '.$this->db->protect_identifiers($new_table_name); } } -/* End of file mssql_forge.php */ -/* Location: ./system/database/drivers/mssql/mssql_forge.php */
\ No newline at end of file +/* End of file sqlsrv_forge.php */ +/* Location: ./system/database/drivers/sqlsrv/sqlsrv_forge.php */ diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 583c2f10f..578796573 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -5,9 +5,9 @@ * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -94,16 +94,15 @@ if ( ! function_exists('create_captcha')) // Remove old images // ----------------------------------- - list($usec, $sec) = explode(" ", microtime()); - $now = ((float)$usec + (float)$sec); + $now = microtime(TRUE); $current_dir = @opendir($img_path); while ($filename = @readdir($current_dir)) { - if ($filename != "." and $filename != ".." and $filename != "index.html") + if ($filename != '.' && $filename != '..' && $filename != 'index.html') { - $name = str_replace(".jpg", "", $filename); + $name = str_replace('.jpg', '', $filename); if (($name + $expiration) < $now) { @@ -198,7 +197,7 @@ if ( ! function_exists('create_captcha')) // Write the text // ----------------------------------- - $use_font = ($font_path != '' AND file_exists($font_path) AND function_exists('imagettftext')) ? TRUE : FALSE; + $use_font = ($font_path != '' && file_exists($font_path) && function_exists('imagettftext')) ? TRUE : FALSE; if ($use_font == FALSE) { diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 8153af706..4ad31ebfa 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -65,7 +65,7 @@ class CI_Form_validation { mb_internal_encoding($this->CI->config->item('charset')); } - log_message('debug', "Form Validation Class Initialized"); + log_message('debug', 'Form Validation Class Initialized'); } // -------------------------------------------------------------------- @@ -84,7 +84,7 @@ class CI_Form_validation { { // No reason to set rules if we have no POST data // or a validation array has not been specified - if (count($_POST) === 0 && count($this->validation_data) === 0) + if ($this->CI->input->method() !== 'post' && empty($this->validation_data)) { return $this; } @@ -165,9 +165,9 @@ class CI_Form_validation { * * If an array is set through this method, then this array will * be used instead of the $_POST array - * - * Note that if you are validating multiple arrays, then the - * reset_validation() function should be called after validating + * + * Note that if you are validating multiple arrays, then the + * reset_validation() function should be called after validating * each array due to the limitations of CI's singleton * * @param array $data @@ -1156,15 +1156,14 @@ class CI_Form_validation { } // -------------------------------------------------------------------- - + /** * Equal to or Greater than * - * @access public * @param string * @return bool */ - function greater_than_equal_to($str, $min) + public function greater_than_equal_to($str, $min) { if ( ! is_numeric($str)) { @@ -1195,11 +1194,10 @@ class CI_Form_validation { /** * Equal to or Less than * - * @access public * @param string * @return bool */ - function less_than_equal_to($str, $max) + public function less_than_equal_to($str, $max) { if ( ! is_numeric($str)) { @@ -1351,7 +1349,7 @@ class CI_Form_validation { * Prevents subsequent validation routines from being affected by the * results of any previous validation routine due to the CI singleton. * - * @return void + * @return void */ public function reset_validation() { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 7670da10d..aee992e67 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -65,6 +65,7 @@ Release Date: Not Released - Added _optimize_table() support for the :doc:`Database Utility Class <database/utilities>` (rebuilds table indexes). - Added a constructor to the DB_result class and moved all driver-specific properties and logic out of the base DB_driver class to allow better abstraction. - Removed limit() and order_by() support for UPDATE and DELETE queries in PostgreSQL driver. Postgres does not support those features. + - Removed protect_identifiers() and renamed _protect_identifiers() to it instead - it was just an alias. - Libraries @@ -96,6 +97,8 @@ Release Date: Not Released - Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions). - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). - is_loaded() function from system/core/Commons.php now returns a reference. + - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available. + - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD']. Bug fixes for 3.0 ------------------ @@ -145,6 +148,8 @@ Bug fixes for 3.0 - Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL. - Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. - Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. +- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`. +- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. Version 2.1.1 ============= diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index bc545b483..673fbd4bb 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -188,17 +188,23 @@ application/libraries/MY_Email.php, and declare your class with:: } -Note: If you need to use a constructor in your class make sure you +If you need to use a constructor in your class make sure you extend the parent constructor:: class MY_Email extends CI_Email { - public function __construct() - { - parent::__construct(); - } + public function __construct($config = array()) + { + parent::__construct($config); + } + } +.. note:: + Not all of the libraries have the same (or any) parameters + in their constructor. Take a look at the library that you're + extending first to see how it should be implemented. + Loading Your Sub-class ---------------------- diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 5aa64d032..39b389f09 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -869,7 +869,7 @@ Rule Parameter Description underscores or dashes. **numeric** No Returns FALSE if the form element contains anything other than numeric characters. **integer** No Returns FALSE if the form element contains anything other than an integer. -**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. +**decimal** No Returns FALSE if the form element contains anything other than a decimal number. **is_natural** No Returns FALSE if the form element contains anything other than a natural number: 0, 1, 2, 3, etc. **is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index bcf117358..1f2ea650a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -99,7 +99,7 @@ The function returns FALSE (boolean) if there are no items in the POST. :: - $this->input->post(NULL, TRUE); // returns all POST items with XSS filter + $this->input->post(NULL, TRUE); // returns all POST items with XSS filter $this->input->post(); // returns all POST items without XSS filter $this->input->get() @@ -119,9 +119,9 @@ The function returns FALSE (boolean) if there are no items in the GET. :: - $this->input->get(NULL, TRUE); // returns all GET items with XSS filter + $this->input->get(NULL, TRUE); // returns all GET items with XSS filter $this->input->get(); // returns all GET items without XSS filtering - + $this->input->get_post() ========================= @@ -298,3 +298,13 @@ see if PHP is being run on the command line. $this->input->is_cli_request() +$this->input->method(); +===================================== + +Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase). + +:: + + echo $this->input->method(TRUE); // Outputs: POST + echo $this->input->method(FALSE); // Outputs: post + echo $this->input->method(); // Outputs: post |