diff options
| -rw-r--r-- | system/libraries/Cart.php | 28 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 24 insertions, 5 deletions
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index a0e1bb91e..13485a3ee 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -41,6 +41,7 @@ class CI_Cart { // These are the regular expression rules that we use to validate the product ID and product name var $product_id_rules = '\.a-z0-9_-'; // alpha-numeric, dashes, underscores, or periods var $product_name_rules = '\.\:\-_ a-z0-9'; // alpha-numeric, dashes, underscores, colons or periods + var $product_name_safe = true; // only allow safe product names // Private variables. Do not change! var $CI; @@ -195,10 +196,13 @@ class CI_Cart { // Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods. // Note: These can be user-specified by setting the $this->product_name_rules variable. - if ( ! preg_match("/^[".$this->product_name_rules."]+$/i", $items['name'])) + if($this->product_name_safe) { - log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); - return FALSE; + if ( ! preg_match("/^[".$this->product_name_rules."]+$/i", $items['name'])) + { + log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); + return FALSE; + } } // -------------------------------------------------------------------- @@ -242,7 +246,18 @@ class CI_Cart { // -------------------------------------------------------------------- // Now that we have our unique "row ID", we'll add our cart items to the master array - + // grab quantity if it's already there and add it on + if(isset($this->_cart_contents[$rowid]['qty'])) + { + // set our old quantity + $old_quantity = (int)$this->_cart_contents[$rowid]['qty']; + } + else + { + // we have no old quantity but - we don't want to throw an error + $old_quantity = 0; + } + // let's unset this first, just to make sure our index contains only the data from this submission unset($this->_cart_contents[$rowid]); @@ -254,7 +269,10 @@ class CI_Cart { { $this->_cart_contents[$rowid][$key] = $val; } - + + // add old quantity back in + $this->_cart_contents[$rowid]['qty'] = ($this->_cart_contents[$rowid]['qty'] + $old_quantity); + // Woot! return $rowid; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6f41f4519..71104418a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -47,6 +47,7 @@ Release Date: Not Released - CI_Loader::_ci_autoloader() is now a protected method. - Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Form Validation library <libraries/form_validation>`. - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname) + - The Cart library now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites. - Core |