diff options
| -rw-r--r-- | application/config/user_agents.php | 4 | ||||
| -rw-r--r-- | composer.json | 15 | ||||
| -rwxr-xr-x | index.php | 2 | ||||
| -rw-r--r-- | system/core/Common.php | 4 | ||||
| -rw-r--r-- | system/core/Input.php | 32 | ||||
| -rw-r--r-- | system/core/Security.php | 3 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 16 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 14 | ||||
| -rw-r--r-- | system/libraries/Cart.php | 4 | ||||
| -rw-r--r-- | system/libraries/Encrypt.php | 2 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 15 | ||||
| -rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 3 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 15 | ||||
| -rw-r--r-- | tests/codeigniter/core/Loader_test.php | 2 | ||||
| -rw-r--r-- | tests/mocks/ci_testcase.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 7 | ||||
| -rw-r--r-- | user_guide_src/source/general/errors.rst | 4 | ||||
| -rw-r--r-- | user_guide_src/source/general/managing_apps.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/general/routing.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/general/security.rst | 3 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/email.rst | 2 |
21 files changed, 96 insertions, 57 deletions
diff --git a/application/config/user_agents.php b/application/config/user_agents.php index 35c36cb42..0aae987a2 100644 --- a/application/config/user_agents.php +++ b/application/config/user_agents.php @@ -208,13 +208,15 @@ $mobiles = array( $robots = array( 'googlebot' => 'Googlebot', 'msnbot' => 'MSNBot', + 'baiduspider' => 'Baiduspider', 'bingbot' => 'Bing', 'slurp' => 'Inktomi Slurp', 'yahoo' => 'Yahoo', 'askjeeves' => 'AskJeeves', 'fastcrawler' => 'FastCrawler', 'infoseek' => 'InfoSeek Robot 1.0', - 'lycos' => 'Lycos' + 'lycos' => 'Lycos', + 'yandex' => 'YandexBot' ); /* End of file user_agents.php */ diff --git a/composer.json b/composer.json index e21aaed2e..29715763f 100644 --- a/composer.json +++ b/composer.json @@ -1,9 +1,10 @@ { - "name" : "ellislab/codeigniter", - "require": { - "php": ">=5.2.4" - }, - "require-dev": { - "mikey179/vfsStream": "*" - } + "description" : "Dependencies for CodeIgniter's testing environment", + "name" : "ellislab/codeigniter", + "require": { + "php": ">=5.2.4" + }, + "require-dev": { + "mikey179/vfsStream": "*" + } }
\ No newline at end of file @@ -255,7 +255,7 @@ switch (ENVIRONMENT) if (($_temp = realpath($view_folder)) !== FALSE) { - $view_folder = realpath($view_folder).'/'; + $view_folder = $_temp.'/'; } else { diff --git a/system/core/Common.php b/system/core/Common.php index 10c22375e..b4f0c388e 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable')) */ if (is_dir($file)) { - $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); + $file = rtrim($file, '/').'/'.md5(mt_rand()); if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; @@ -359,7 +359,7 @@ if ( ! function_exists('show_error')) * * This function lets us invoke the exception class and * display errors using the standard error template located - * in application/errors/errors.php + * in application/views/errors/error_general.php * This function will send the error page directly to the * browser and exit. * diff --git a/system/core/Input.php b/system/core/Input.php index 8d491e055..6690b7f2e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -153,17 +153,39 @@ class CI_Input { */ protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { - if ( ! isset($array[$index])) + if (isset($array[$index])) { - return NULL; + $value = $array[$index]; } + elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation + { + $value = $array; + for ($i = 0; $i < $count; $i++) + { + $key = trim($matches[0][$i], '[]'); + if ($key === '') // Empty notation will return the value as array + { + break; + } - if ($xss_clean === TRUE) + if (isset($value[$key])) + { + $value = $value[$key]; + } + else + { + return NULL; + } + } + } + else { - return $this->security->xss_clean($array[$index]); + return NULL; } - return $array[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($value) + : $value; } // -------------------------------------------------------------------- diff --git a/system/core/Security.php b/system/core/Security.php index 7aae54efc..196d61144 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -488,8 +488,7 @@ class CI_Security { { if ($this->_xss_hash === '') { - mt_srand(); - $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); + $this->_xss_hash = md5(uniqid(mt_rand())); } return $this->_xss_hash; diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index b78f35a65..9239dc154 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1208,13 +1208,8 @@ abstract class CI_DB_driver { } else { - /* We have no other choice but to just get the first element's key. - * Due to array_shift() accepting it's argument by reference, if - * E_STRICT is on, this would trigger a warning. So we'll have to - * assign it first. - */ - $key = array_keys($row); - $key = array_shift($key); + // We have no other choice but to just get the first element's key. + $key = key($row); } } @@ -1614,7 +1609,7 @@ abstract class CI_DB_driver { * @param string the error message * @param string any "swap" values * @param bool whether to localize the message - * @return string sends the application/error_db.php template + * @return string sends the application/views/errors/error_db.php template */ public function display_error($error = '', $swap = '', $native = FALSE) { @@ -1711,7 +1706,10 @@ abstract class CI_DB_driver { // If a parenthesis is found we know that we do not need to // escape the data or add a prefix. There's probably a more graceful // way to deal with this, but I'm not thinking of it -- Rick - if (strpos($item, '(') !== FALSE) + // + // Added exception for single quotes as well, we don't want to alter + // literal strings. -- Narf + if (strpos($item, '(') !== FALSE OR strpos($item, "'") !== FALSE) { return $item; } diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 692909c79..2002d4269 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -261,7 +261,6 @@ if ( ! function_exists('form_textarea')) unset($data['value']); // textareas don't use the value attribute } - $name = is_array($data) ? $data['name'] : $data; return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, TRUE)."</textarea>\n"; } } @@ -642,14 +641,13 @@ if ( ! function_exists('set_value')) */ function set_value($field = '', $default = '', $is_textarea = FALSE) { - if (FALSE === ($OBJ =& _get_validation_object())) - { - return isset($_POST[$field]) - ? form_prep($_POST[$field], $is_textarea) - : form_prep($default, $is_textarea); - } + $CI =& get_instance(); + + $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field)) + ? $CI->form_validation->set_value($field, $default) + : $CI->input->post($field, FALSE); - return form_prep($OBJ->set_value($field, $default), $is_textarea); + return form_prep($value === NULL ? $default : $value, $is_textarea); } } diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index b7b0697fb..edc300bd7 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -51,7 +51,7 @@ class CI_Cart { * * @var string */ - public $product_name_rules = '\.\:\-_ a-z0-9'; + public $product_name_rules = '\w \-\.\:'; /** * only allow safe product names @@ -214,7 +214,7 @@ class CI_Cart { // Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods. // Note: These can be user-specified by setting the $this->product_name_rules variable. - if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name'])) + if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name'])) { log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); return FALSE; diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c6a1cb175..8ac5420de 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -244,7 +244,7 @@ class CI_Encrypt { $rand = ''; do { - $rand .= mt_rand(0, mt_getrandmax()); + $rand .= mt_rand(); } while (strlen($rand) < 32); diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 172e799f6..1ed50844c 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -836,6 +836,21 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * Checks if the rule is present within the validator + * + * Permits you to check if a rule is present within the validator + * + * @param string the field name + * @return bool + */ + public function has_rule($field) + { + return isset($this->_field_data[$field]); + } + + // -------------------------------------------------------------------- + + /** * Get the value from a form * * Permits you to repopulate a form field with the value it was submitted diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 0e8644102..7174d63c8 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver { $new_sessid = ''; do { - $new_sessid .= mt_rand(0, mt_getrandmax()); + $new_sessid .= mt_rand(); } while (strlen($new_sessid) < 32); @@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver { $probability = ini_get('session.gc_probability'); $divisor = ini_get('session.gc_divisor'); - srand(time()); if ((mt_rand(0, $divisor) / $divisor) < $probability) { $expire = $this->now - $this->sess_expiration; diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1c14f99ed..7c48b4294 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -366,25 +366,25 @@ class CI_Upload { switch ($error) { - case 1: // UPLOAD_ERR_INI_SIZE + case UPLOAD_ERR_INI_SIZE: $this->set_error('upload_file_exceeds_limit'); break; - case 2: // UPLOAD_ERR_FORM_SIZE + case UPLOAD_ERR_FORM_SIZE: $this->set_error('upload_file_exceeds_form_limit'); break; - case 3: // UPLOAD_ERR_PARTIAL + case UPLOAD_ERR_PARTIAL: $this->set_error('upload_file_partial'); break; - case 4: // UPLOAD_ERR_NO_FILE + case UPLOAD_ERR_NO_FILE: $this->set_error('upload_no_file_selected'); break; - case 6: // UPLOAD_ERR_NO_TMP_DIR + case UPLOAD_ERR_NO_TMP_DIR: $this->set_error('upload_no_temp_directory'); break; - case 7: // UPLOAD_ERR_CANT_WRITE + case UPLOAD_ERR_CANT_WRITE: $this->set_error('upload_unable_to_write_file'); break; - case 8: // UPLOAD_ERR_EXTENSION + case UPLOAD_ERR_EXTENSION: $this->set_error('upload_stopped_by_extension'); break; default: @@ -604,7 +604,6 @@ class CI_Upload { { if ($this->encrypt_name === TRUE) { - mt_srand(); $filename = md5(uniqid(mt_rand())).$this->file_ext; } diff --git a/tests/codeigniter/core/Loader_test.php b/tests/codeigniter/core/Loader_test.php index dea01a555..e75d0d564 100644 --- a/tests/codeigniter/core/Loader_test.php +++ b/tests/codeigniter/core/Loader_test.php @@ -220,7 +220,7 @@ class Loader_test extends CI_TestCase { // Test name conflict $obj = 'conflict'; - $this->ci_obj->$obj = new StdClass(); + $this->ci_obj->$obj = new stdClass(); $this->setExpectedException( 'RuntimeException', 'CI Error: The model name you are loading is the name of a resource that is already being used: '.$obj diff --git a/tests/mocks/ci_testcase.php b/tests/mocks/ci_testcase.php index f16492945..ad4fe5ac3 100644 --- a/tests/mocks/ci_testcase.php +++ b/tests/mocks/ci_testcase.php @@ -27,7 +27,7 @@ class CI_TestCase extends PHPUnit_Framework_TestCase { public function __construct() { parent::__construct(); - $this->ci_instance = new StdClass(); + $this->ci_instance = new stdClass(); } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 0e45a0e8f..86907ca53 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -221,6 +221,7 @@ Release Date: Not Released - *Product Name* strictness can be disabled by switching the ``$product_name_safe`` property to FALSE. - Added method ``remove()`` to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility. - Added method ``get_item()`` to enable retrieving data for a single cart item. + - Added unicode support for product names. - :doc:`Image Manipulation library <libraries/image_lib>` changes include: - The ``initialize()`` method now only sets existing class properties. - Added support for 3-length hex color values for *wm_font_color* and *wm_shadow_color* properties, as well as validation for them. @@ -304,6 +305,7 @@ Release Date: Not Released - Changed method ``valid_ip()`` to use PHP's native ``filter_var()`` function. - Changed internal method ``_sanitize_globals()`` to skip enforcing reversal of *register_globals* in PHP 5.4+, where this functionality no longer exists. - Changed methods ``get()``, ``post()``, ``get_post()``, ``cookie()``, ``server()``, ``user_agent()`` to return NULL instead of FALSE when no value is found. + - Changed method ``_fetch_from_array()`` to parse array notation in field name. - :doc:`Common functions <general/common_functions>` changes include: - Added function :php:func:`get_mimes()` to return the *application/config/mimes.php* array. - Added support for HTTP code 303 ("See Other") in :php:func:`set_status_header()`. @@ -481,13 +483,16 @@ Bug fixes for 3.0 - Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array. - Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE. - Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values. -- Fixed a bug - :doc:`DB result <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers. +- Fixed a bug - :doc:`Database Results <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers. - Fixed a bug (#73) - :doc:`Security Library <libraries/security>` method ``sanitize_filename()`` could be tricked by an XSS attack. - Fixed a bug (#2211) - :doc:`Migration Library <libraries/migration>` extensions couldn't execute ``CI_Migration::__construct()``. - Fixed a bug (#2255) - :doc:`Email Library <libraries/email>` didn't apply ``smtp_timeout`` to socket reads and writes. - Fixed a bug (#2239) - :doc:`Email Library <libraries/email>` improperly handled the Subject when used with ``bcc_batch_mode`` resulting in E_WARNING messages and an empty Subject. - Fixed a bug (#2234) - :doc:`Query Builder <database/query_builder>` didn't reset JOIN cache for write-type queries. - Fixed a bug (#2298) - :doc:`Database Results <database/results>` method `next_row()` kept returning the last row, allowing for infinite loops. +- Fixed a bug (#2236) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't parse array notation for keys if the rule was not present in the :doc:`Form Validation Library <libraries/form_validation>`. +- Fixed a bug (#2353) - :doc:`Query Builder <database/query_builder>` erroneously prefixed literal strings with **dbprefix**. +- Fixed a bug (#78) - :doc:`Cart Library <libraries/cart>` didn't allow non-English letters in product names. Version 2.1.3 ============= diff --git a/user_guide_src/source/general/errors.rst b/user_guide_src/source/general/errors.rst index 441cedb80..a247c1b9f 100644 --- a/user_guide_src/source/general/errors.rst +++ b/user_guide_src/source/general/errors.rst @@ -42,7 +42,7 @@ show_error() This function will display the error message supplied to it using the following error template:: - application/errors/error_general.php + application/views/errors/error_general.php The optional parameter ``$status_code`` determines what HTTP status code should be sent with the error. If ``$status_code`` is less than 100, @@ -64,7 +64,7 @@ show_404() This function will display the 404 error message supplied to it using the following error template:: - application/errors/error_404.php + application/views/errors/error_404.php The function expects the string passed to it to be the file path to the page that isn't found. The exit status code will be set to ``EXIT_UNKNOWN_FILE``. diff --git a/user_guide_src/source/general/managing_apps.rst b/user_guide_src/source/general/managing_apps.rst index afb1aba2e..3ca0e03a7 100644 --- a/user_guide_src/source/general/managing_apps.rst +++ b/user_guide_src/source/general/managing_apps.rst @@ -21,7 +21,7 @@ Relocating your Application Directory ===================================== It is possible to move your application directory to a different -location on your server than your system directory. To do so open +location on your server than your web root. To do so open your main index.php and set a *full server path* in the ``$application_folder`` variable:: diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst index 0c6dfe888..123257fc8 100644 --- a/user_guide_src/source/general/routing.rst +++ b/user_guide_src/source/general/routing.rst @@ -163,7 +163,7 @@ This route indicates which controller class should be loaded if the requested controller is not found. It will override the default 404 error page. It won't affect to the ``show_404()`` function, which will continue loading the default *error_404.php* file at -*application/errors/error_404.php*. +*application/views/errors/error_404.php*. .. important:: The reserved routes must come before any wildcard or regular expression routes.
\ No newline at end of file diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index 984ca840b..3f93443bb 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -15,11 +15,12 @@ the following: - Alpha-numeric text (latin characters only) - Tilde: ~ +- Percent sign: % - Period: . - Colon: : - Underscore: \_ - Dash: - -- Pipe: | +- Space Register_globals ================= diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst index a55f1895d..39629ece1 100644 --- a/user_guide_src/source/libraries/email.rst +++ b/user_guide_src/source/libraries/email.rst @@ -43,7 +43,7 @@ This example assumes you are sending the email from one of your Setting Email Preferences ========================= -There are 17 different preferences available to tailor how your email +There are 21 different preferences available to tailor how your email messages are sent. You can either set them manually as described here, or automatically via preferences stored in your config file, described below: |