diff options
| -rw-r--r-- | system/core/Common.php | 2 | ||||
| -rw-r--r-- | system/core/Security.php | 3 | ||||
| -rw-r--r-- | system/libraries/Cart.php | 4 | ||||
| -rw-r--r-- | system/libraries/Encrypt.php | 2 | ||||
| -rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 3 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 15 | ||||
| -rw-r--r-- | tests/codeigniter/core/Loader_test.php | 2 | ||||
| -rw-r--r-- | tests/mocks/ci_testcase.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/general/security.rst | 3 |
10 files changed, 19 insertions, 19 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index efa7a9380..b4f0c388e 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable')) */ if (is_dir($file)) { - $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); + $file = rtrim($file, '/').'/'.md5(mt_rand()); if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; diff --git a/system/core/Security.php b/system/core/Security.php index 7aae54efc..196d61144 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -488,8 +488,7 @@ class CI_Security { { if ($this->_xss_hash === '') { - mt_srand(); - $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); + $this->_xss_hash = md5(uniqid(mt_rand())); } return $this->_xss_hash; diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index b7b0697fb..edc300bd7 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -51,7 +51,7 @@ class CI_Cart { * * @var string */ - public $product_name_rules = '\.\:\-_ a-z0-9'; + public $product_name_rules = '\w \-\.\:'; /** * only allow safe product names @@ -214,7 +214,7 @@ class CI_Cart { // Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods. // Note: These can be user-specified by setting the $this->product_name_rules variable. - if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name'])) + if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name'])) { log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); return FALSE; diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c6a1cb175..8ac5420de 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -244,7 +244,7 @@ class CI_Encrypt { $rand = ''; do { - $rand .= mt_rand(0, mt_getrandmax()); + $rand .= mt_rand(); } while (strlen($rand) < 32); diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 0e8644102..7174d63c8 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver { $new_sessid = ''; do { - $new_sessid .= mt_rand(0, mt_getrandmax()); + $new_sessid .= mt_rand(); } while (strlen($new_sessid) < 32); @@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver { $probability = ini_get('session.gc_probability'); $divisor = ini_get('session.gc_divisor'); - srand(time()); if ((mt_rand(0, $divisor) / $divisor) < $probability) { $expire = $this->now - $this->sess_expiration; diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1c14f99ed..7c48b4294 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -366,25 +366,25 @@ class CI_Upload { switch ($error) { - case 1: // UPLOAD_ERR_INI_SIZE + case UPLOAD_ERR_INI_SIZE: $this->set_error('upload_file_exceeds_limit'); break; - case 2: // UPLOAD_ERR_FORM_SIZE + case UPLOAD_ERR_FORM_SIZE: $this->set_error('upload_file_exceeds_form_limit'); break; - case 3: // UPLOAD_ERR_PARTIAL + case UPLOAD_ERR_PARTIAL: $this->set_error('upload_file_partial'); break; - case 4: // UPLOAD_ERR_NO_FILE + case UPLOAD_ERR_NO_FILE: $this->set_error('upload_no_file_selected'); break; - case 6: // UPLOAD_ERR_NO_TMP_DIR + case UPLOAD_ERR_NO_TMP_DIR: $this->set_error('upload_no_temp_directory'); break; - case 7: // UPLOAD_ERR_CANT_WRITE + case UPLOAD_ERR_CANT_WRITE: $this->set_error('upload_unable_to_write_file'); break; - case 8: // UPLOAD_ERR_EXTENSION + case UPLOAD_ERR_EXTENSION: $this->set_error('upload_stopped_by_extension'); break; default: @@ -604,7 +604,6 @@ class CI_Upload { { if ($this->encrypt_name === TRUE) { - mt_srand(); $filename = md5(uniqid(mt_rand())).$this->file_ext; } diff --git a/tests/codeigniter/core/Loader_test.php b/tests/codeigniter/core/Loader_test.php index dea01a555..e75d0d564 100644 --- a/tests/codeigniter/core/Loader_test.php +++ b/tests/codeigniter/core/Loader_test.php @@ -220,7 +220,7 @@ class Loader_test extends CI_TestCase { // Test name conflict $obj = 'conflict'; - $this->ci_obj->$obj = new StdClass(); + $this->ci_obj->$obj = new stdClass(); $this->setExpectedException( 'RuntimeException', 'CI Error: The model name you are loading is the name of a resource that is already being used: '.$obj diff --git a/tests/mocks/ci_testcase.php b/tests/mocks/ci_testcase.php index f16492945..ad4fe5ac3 100644 --- a/tests/mocks/ci_testcase.php +++ b/tests/mocks/ci_testcase.php @@ -27,7 +27,7 @@ class CI_TestCase extends PHPUnit_Framework_TestCase { public function __construct() { parent::__construct(); - $this->ci_instance = new StdClass(); + $this->ci_instance = new stdClass(); } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 21d0bde63..86907ca53 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -221,6 +221,7 @@ Release Date: Not Released - *Product Name* strictness can be disabled by switching the ``$product_name_safe`` property to FALSE. - Added method ``remove()`` to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility. - Added method ``get_item()`` to enable retrieving data for a single cart item. + - Added unicode support for product names. - :doc:`Image Manipulation library <libraries/image_lib>` changes include: - The ``initialize()`` method now only sets existing class properties. - Added support for 3-length hex color values for *wm_font_color* and *wm_shadow_color* properties, as well as validation for them. @@ -491,6 +492,7 @@ Bug fixes for 3.0 - Fixed a bug (#2298) - :doc:`Database Results <database/results>` method `next_row()` kept returning the last row, allowing for infinite loops. - Fixed a bug (#2236) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't parse array notation for keys if the rule was not present in the :doc:`Form Validation Library <libraries/form_validation>`. - Fixed a bug (#2353) - :doc:`Query Builder <database/query_builder>` erroneously prefixed literal strings with **dbprefix**. +- Fixed a bug (#78) - :doc:`Cart Library <libraries/cart>` didn't allow non-English letters in product names. Version 2.1.3 ============= diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index 984ca840b..3f93443bb 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -15,11 +15,12 @@ the following: - Alpha-numeric text (latin characters only) - Tilde: ~ +- Percent sign: % - Period: . - Colon: : - Underscore: \_ - Dash: - -- Pipe: | +- Space Register_globals ================= |