diff options
| -rw-r--r-- | application/config/config.php | 2 | ||||
| -rw-r--r-- | system/core/Common.php | 16 | ||||
| -rw-r--r-- | system/core/Loader.php | 40 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 15 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 16 | ||||
| -rw-r--r-- | tests/README.md | 2 | ||||
| -rw-r--r-- | tests/codeigniter/core/Loader_test.php | 4 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 5 | ||||
| -rw-r--r-- | user_guide_src/source/database/results.rst | 88 |
9 files changed, 147 insertions, 41 deletions
diff --git a/application/config/config.php b/application/config/config.php index f4ba70a4e..a4d883fab 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -480,6 +480,8 @@ $config['time_reference'] = 'local'; | can rewrite the tags on-the-fly, enabling you to utilize that syntax | in your view files. Options are TRUE or FALSE (boolean) | +| Note: You need to have eval() enabled for this to work. +| */ $config['rewrite_short_tags'] = FALSE; diff --git a/system/core/Common.php b/system/core/Common.php index b850fd39a..ce324a1cc 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -833,19 +833,9 @@ if ( ! function_exists('function_usable')) { if ( ! isset($_suhosin_func_blacklist)) { - if (extension_loaded('suhosin')) - { - $_suhosin_func_blacklist = explode(',', trim(ini_get('suhosin.executor.func.blacklist'))); - - if ( ! in_array('eval', $_suhosin_func_blacklist, TRUE) && ini_get('suhosin.executor.disable_eval')) - { - $_suhosin_func_blacklist[] = 'eval'; - } - } - else - { - $_suhosin_func_blacklist = array(); - } + $_suhosin_func_blacklist = extension_loaded('suhosin') + ? explode(',', trim(ini_get('suhosin.executor.func.blacklist'))) + : array(); } return ! in_array($function_name, $_suhosin_func_blacklist, TRUE); diff --git a/system/core/Loader.php b/system/core/Loader.php index 9205ad1b6..1f48c0782 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -272,7 +272,7 @@ class CI_Loader { $CI =& get_instance(); if (isset($CI->$name)) { - show_error('The model name you are loading is the name of a resource that is already being used: '.$name); + throw new RuntimeException('The model name you are loading is the name of a resource that is already being used: '.$name); } if ($db_conn !== FALSE && ! class_exists('CI_DB', FALSE)) @@ -291,23 +291,37 @@ class CI_Loader { } $model = ucfirst(strtolower($model)); - - foreach ($this->_ci_model_paths as $mod_path) + if ( ! class_exists($model)) { - if ( ! file_exists($mod_path.'models/'.$path.$model.'.php')) + foreach ($this->_ci_model_paths as $mod_path) { - continue; - } + if ( ! file_exists($mod_path.'models/'.$path.$model.'.php')) + { + continue; + } - require_once($mod_path.'models/'.$path.$model.'.php'); + require_once($mod_path.'models/'.$path.$model.'.php'); + if ( ! class_exists($model, FALSE)) + { + throw new RuntimeException($mod_path."models/".$path.$model.".php exists, but doesn't declare class ".$model); + } - $this->_ci_models[] = $name; - $CI->$name = new $model(); - return $this; + break; + } + + if ( ! class_exists($model, FALSE)) + { + throw new RuntimeException('Unable to locate the model you have specified: '.$model); + } + } + elseif ( ! is_subclass_of($model, 'CI_Model')) + { + throw new RuntimeException("Class ".$model." already exists and doesn't extend CI_Model"); } - // couldn't find the model - show_error('Unable to locate the model you have specified: '.$model); + $this->_ci_models[] = $name; + $CI->$name = new $model(); + return $this; } // -------------------------------------------------------------------- @@ -905,7 +919,7 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ( ! is_php('5.4') && ! ini_get('short_open_tag') && config_item('rewrite_short_tags') === TRUE && function_usable('eval')) + if ( ! is_php('5.4') && ! ini_get('short_open_tag') && config_item('rewrite_short_tags') === TRUE) { echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); } diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index fc2d5901e..e53fb5478 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1276,8 +1276,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { foreach ($key as $k => $v) { - $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = ($escape) - ? $this->escape($v) : $v; + $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = $this->escape($v); } return $this; @@ -1516,15 +1515,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { ksort($row); // puts $row in the same order as our keys - if ($escape !== FALSE) + foreach ($row as $k => $v) { - $clean = array(); - foreach ($row as $value) - { - $clean[] = $this->escape($value); - } - - $row = $clean; + $row[$k] = $this->escape($v); } $this->qb_set[] = '('.implode(',', $row).')'; @@ -1945,7 +1938,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $index_set = TRUE; } - $clean[$this->protect_identifiers($k2, FALSE, $escape)] = ($escape === FALSE) ? $v2 : $this->escape($v2); + $clean[$this->protect_identifiers($k2, FALSE, $escape)] = $this->escape($v2); } if ($index_set === FALSE) diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 51232f8a7..20ddfc145 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -695,6 +695,22 @@ class CI_Upload { // -------------------------------------------------------------------- /** + * Set Maximum File Size + * + * An internal alias to set_max_filesize() to help with configuration + * as initialize() will look for a set_<property_name>() method ... + * + * @param int $n + * @return CI_Upload + */ + protected function set_max_size($n) + { + return $this->set_max_filesize($n); + } + + // -------------------------------------------------------------------- + + /** * Set Maximum File Name Length * * @param int $n diff --git a/tests/README.md b/tests/README.md index 47b5241d1..04dfbc3d8 100644 --- a/tests/README.md +++ b/tests/README.md @@ -6,7 +6,7 @@ Status : [; $this->setExpectedException( 'RuntimeException', - 'CI Error: The model name you are loading is the name of a resource that is already being used: '.$obj + 'The model name you are loading is the name of a resource that is already being used: '.$obj ); $this->load->model('not_real', $obj); } @@ -240,7 +240,7 @@ class Loader_test extends CI_TestCase { { $this->setExpectedException( 'RuntimeException', - 'CI Error: Unable to locate the model you have specified: Ci_test_nonexistent_model.php' + 'Unable to locate the model you have specified: Ci_test_nonexistent_model.php' ); $this->load->model('ci_test_nonexistent_model.php'); diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 22243cf04..ee52d2e49 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -34,6 +34,7 @@ Release Date: Not Released - Core - Added support for defining a list of specific query parameters in ``$config['cache_query_string']`` for the :doc:`Output Library <libraries/output>`. + - Added class existence and inheritance checks to ``CI_Loader::model()`` in order to ease debugging in case of name collisions. Bug fixes for 3.0.1 ------------------- @@ -67,8 +68,10 @@ Bug fixes for 3.0.1 - Fixed a bug (#3704) - :doc:`Database <database/index>` method ``stored_procedure()`` in the 'oci8' driver didn't properly bind parameters. - Fixed a bug (#3778) - :doc:`Download Helper <helpers/download_helper>` function :php:func:`force_download()` incorrectly sent a *Pragma* response header. - Fixed a bug (#3752) - ``$routing['directory']`` overrides were not properly handled and always resulted in a 404 "Not Found" error. -- Fixed an internal bug in :doc:`Query Builder <database/query_builder>` escaping logic where if field name escaping is force-disabled, methods ``where()`` and ``having()`` will also treat values as fields. +- Fixed an internal bug (#3989) - :doc:`Query Builder <database/query_builder>` escaping logic where if field name escaping is force-disabled, would also treat values as fields in methods ``where()``, ``having()``, ``set()``, ``set_insert_batch()``, ``set_update_batch()``. - Fixed a bug (#3279) - :doc:`Query Builder <database/query_builder>` methods ``update()`` and ``get_compiled_update()`` did double escaping on the table name if it was provided via ``from()``. +- Fixed a bug (#3991) - ``$config['rewrite_short_tags']`` never worked due to ``function_exists('eval')`` always returning FALSE. +- Fixed a bug where the :doc:`File Uploadin Library <libraries/file_uploading>` library will not properly configure its maximum file size unless the input value is of type integer. Version 3.0.0 ============= diff --git a/user_guide_src/source/database/results.rst b/user_guide_src/source/database/results.rst index ac44566d3..5f5fafd38 100644 --- a/user_guide_src/source/database/results.rst +++ b/user_guide_src/source/database/results.rst @@ -173,6 +173,94 @@ the returned value's type:: $query->unbuffered_row('array'); // associative array ********************* +Custom Result Objects +********************* + +You can have the results returned as an instance of a custom class instead +of a ``stdClass`` or array, as the ``result()`` and ``result_array()`` +methods allow. This requires that the class is already loaded into memory. +The object will have all values returned from the database set as properties. +If these have been declared and are non-public then you should provide a +``__set()`` method to allow them to be set. + +Example:: + + class User { + + public $id; + public $email; + public $username; + + protected $last_login; + + public function last_login($format) + { + return $this->last_login->format($format); + } + + public function __set($name, $value) + { + if ($name === 'last_login') + { + $this->last_login = DateTime::createFromFormat('U', $value); + } + } + + public function __get($name) + { + if (isset($this->$name)) + { + return $this->$name; + } + } + } + +In addition to the two methods listed below, the following methods also can +take a class name to return the results as: ``first_row()``, ``last_row()``, +``next_row()``, and ``previous_row()``. + +**custom_result_object()** + +Returns the entire result set as an array of instances of the class requested. +The only parameter is the name of the class to instantiate. + +Example:: + + $query = $this->db->query("YOUR QUERY"); + + $rows = $query->custom_result_object('User'); + + foreach ($rows as $row) + { + echo $row->id; + echo $row->email; + echo $row->last_login('Y-m-d'); + } + +**custom_row_object()** + +Returns a single row from your query results. The first parameter is the row +number of the results. The second parameter is the class name to instantiate. + +Example:: + + $query = $this->db->query("YOUR QUERY"); + + $row = $query->custom_row_object(0, 'User'); + + if (isset($row)) + { + echo $row->email; // access attributes + echo $row->last_login('Y-m-d'); // access class methods + } + +You can also use the ``row()`` method in exactly the same way. + +Example:: + + $row = $query->custom_row_object(0, 'User'); + +********************* Result Helper Methods ********************* |