summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Form_validation.php59
-rw-r--r--user_guide_src/source/changelog.rst19
-rw-r--r--user_guide_src/source/libraries/form_validation.rst7
3 files changed, 34 insertions, 51 deletions
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index ebbf123fd..c2c978a5e 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -230,7 +230,6 @@ class CI_Form_validation {
{
$this->_error_prefix = $prefix;
$this->_error_suffix = $suffix;
-
return $this;
}
@@ -360,7 +359,7 @@ class CI_Form_validation {
$this->set_rules($this->_config_rules);
}
- // We're we able to set the rules correctly?
+ // Were we able to set the rules correctly?
if (count($this->_field_data) === 0)
{
log_message('debug', 'Unable to find validation rules');
@@ -377,7 +376,6 @@ class CI_Form_validation {
{
// Fetch the data from the corresponding $_POST or validation array and cache it in the _field_data array.
// Depending on whether the field name is an array or a string will determine where we get it from.
-
if ($row['is_array'] === TRUE)
{
$this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']);
@@ -392,7 +390,6 @@ class CI_Form_validation {
// Did we end up with any errors?
$total_errors = count($this->_error_array);
-
if ($total_errors > 0)
{
$this->_safe_form_data = TRUE;
@@ -506,8 +503,6 @@ class CI_Form_validation {
return;
}
- // --------------------------------------------------------------------
-
// If the field is blank, but NOT required, no further tests are necessary
$callback = FALSE;
if ( ! in_array('required', $rules) && is_null($postdata))
@@ -524,8 +519,6 @@ class CI_Form_validation {
}
}
- // --------------------------------------------------------------------
-
// Isset Test. Typically this rule will only apply to checkboxes.
if (is_null($postdata) && $callback === FALSE)
{
@@ -587,11 +580,9 @@ class CI_Form_validation {
$postdata = $this->_field_data[$row['field']]['postdata'];
}
- // --------------------------------------------------------------------
-
// Is the rule a callback?
$callback = FALSE;
- if (substr($rule, 0, 9) === 'callback_')
+ if (strpos($rule, 'callback_') === 0)
{
$rule = substr($rule, 9);
$callback = TRUE;
@@ -611,11 +602,14 @@ class CI_Form_validation {
{
if ( ! method_exists($this->CI, $rule))
{
- continue;
+ log_message('debug', 'Unable to find callback validation rule: '.$rule);
+ $result = FALSE;
+ }
+ else
+ {
+ // Run the function and grab the result
+ $result = $this->CI->$rule($postdata, $param);
}
-
- // Run the function and grab the result
- $result = $this->CI->$rule($postdata, $param);
// Re-assign the result to the master data array
if ($_in_array === TRUE)
@@ -639,7 +633,7 @@ class CI_Form_validation {
// Users can use any native PHP function call that has one param.
if (function_exists($rule))
{
- $result = $rule($postdata);
+ $result = ($param !== FALSE) ? $rule($postdata, $param) : $rule($postdata);
if ($_in_array === TRUE)
{
@@ -647,12 +641,13 @@ class CI_Form_validation {
}
else
{
- $this->_field_data[$row['field']]['postdata'] = is_bool($result) ? $postdata : $result;
+ log_message('debug', 'Unable to find validation rule: '.$rule);
+ $result = FALSE;
}
}
else
{
- log_message('debug', 'Unable to find validation rule: '.$rule);
+ $result = $this->$rule($postdata, $param);
}
continue;
@@ -721,7 +716,7 @@ class CI_Form_validation {
{
// Do we need to translate the field name?
// We look for the prefix lang: to determine this
- if (substr($fieldname, 0, 5) === 'lang:')
+ if (strpos($fieldname, 'lang:') === 0)
{
// Grab the variable
$line = substr($fieldname, 5);
@@ -785,7 +780,6 @@ class CI_Form_validation {
}
$field = $this->_field_data[$field]['postdata'];
-
if (is_array($field))
{
if ( ! in_array($value, $field))
@@ -821,7 +815,6 @@ class CI_Form_validation {
}
$field = $this->_field_data[$field]['postdata'];
-
if (is_array($field))
{
if ( ! in_array($value, $field))
@@ -829,12 +822,9 @@ class CI_Form_validation {
return '';
}
}
- else
+ elseif (($field == '' OR $value == '') OR ($field != $value))
{
- if (($field == '' OR $value == '') OR ($field != $value))
- {
- return '';
- }
+ return '';
}
return ' checked="checked"';
@@ -1099,19 +1089,6 @@ class CI_Form_validation {
// --------------------------------------------------------------------
/**
- * Is Numeric
- *
- * @param string
- * @return bool
- */
- public function is_numeric($str)
- {
- return is_numeric($str);
- }
-
- // --------------------------------------------------------------------
-
- /**
* Integer
*
* @param string
@@ -1270,12 +1247,12 @@ class CI_Form_validation {
*/
public function prep_url($str = '')
{
- if ($str == 'http://' OR $str == '')
+ if ($str === 'http://' OR $str == '')
{
return '';
}
- if (substr($str, 0, 7) !== 'http://' && substr($str, 0, 8) !== 'https://')
+ if (strpos($str, 'http://') !== 0 && strpos($str, 'https://') !== 0)
{
return 'http://'.$str;
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index fe0670a82..9929cc368 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -101,7 +101,7 @@ Release Date: Not Released
- It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites.
- Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe"
- Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability
- - Image manipulation library changes include:
+ - :doc:`Image Manipulation library <libraries/image_lib>` changes include:
- The initialize() method now only sets existing class properties.
- Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them.
- Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method
@@ -110,13 +110,17 @@ Release Date: Not Released
- Minor speed optimizations and method & property visibility declarations in the Calendar Library.
- Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`.
- Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional.
+ - :doc:`Form Validation library <libraries/form_validation>` changes include:
+ - Added method error_array() to return all error messages as an array.
+ - Added method set_data() to set an alternative data array to be validated instead of the default $_POST.
+ - Added method reset_validation(), which resets internal validation variables in case of multiple validation routines.
+ - Added support for setting error delimiters in the config file via $config['error_prefix'] and $config['error_suffix'].
+ - _execute() now considers input data to be invalid if a specified rule is not found.
+ - Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (the 'is_numeric' rule itself is deprecated since 1.6.1).
+ - Native PHP functions used as rules can now accept an additional parameter, other than the data itself.
+ - Changed the :doc:`Session Library <libraries/sessions>` to select only one row when using database sessions.
- Added all_flashdata() method to session class. Returns an associative array of only flashdata.
- Allowed for setting table class defaults in a config file.
- - Form Validation library now allows setting of error delimiters in the config file via $config['error_prefix'] and $config['error_suffix'].
- - Added function error_array() to return all error messages as an array in the Form_validation class.
- - Added function set_data() to Form_validation library, which can be used in place of the default $_POST array.
- - Added function reset_validation() to form validation library, which resets internal validation variables in case of multiple validation routines.
- - Changed the Session library to select only one row when using database sessions.
- Added a Wincache driver to the `Caching Library <libraries/caching>`.
- Added dsn (delivery status notification) option to the :doc:`Email Library <libraries/email>`.
@@ -189,11 +193,12 @@ Bug fixes for 3.0
- Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set.
- Fixed a bug (#1238) - delete_all() in the `Database Caching Library <database/caching>` used to delete .htaccess and index.html files, which is a potential security risk.
- Fixed a bug in :doc:`Trackback Library <libraries/trackback>` method validate_url() where it didn't actually do anything, due to input not being passed by reference.
+- Fixed a bug (#11, #183, #863) - CI_Form_validation::_execute() silently continued to the next rule, if a rule method/function is not found.
Version 2.1.1
=============
-Release Date: Not Released
+Release Date: November 14, 2011
- General Changes
- Fixed support for docx, xlsx files in mimes.php.
diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst
index 3e8855f60..ef4be5601 100644
--- a/user_guide_src/source/libraries/form_validation.rst
+++ b/user_guide_src/source/libraries/form_validation.rst
@@ -321,7 +321,7 @@ password to MD5, and running the username through the "xss_clean"
function, which removes malicious data.
**Any native PHP function that accepts one parameter can be used as a
-rule, like htmlspecialchars, trim, MD5, etc.**
+rule, like htmlspecialchars, trim, md5, etc.**
.. note:: You will generally want to use the prepping functions
**after** the validation rules so if there is an error, the original
@@ -892,8 +892,9 @@ Rule Parameter Description
$this->form_validation->required($string);
-.. note:: You can also use any native PHP functions that permit one
- parameter.
+.. note:: You can also use any native PHP functions that permit up
+ to two parameters, where at least one is required (to pass
+ the field data).
******************
Prepping Reference