summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/user_agents.php4
-rw-r--r--composer.json15
-rwxr-xr-xindex.php2
-rw-r--r--system/core/Common.php4
-rw-r--r--system/core/Input.php32
-rw-r--r--system/core/Security.php3
-rw-r--r--system/database/DB_driver.php16
-rw-r--r--system/helpers/form_helper.php14
-rw-r--r--system/libraries/Cart.php4
-rw-r--r--system/libraries/Encrypt.php2
-rw-r--r--system/libraries/Form_validation.php15
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php3
-rw-r--r--system/libraries/Upload.php15
-rw-r--r--tests/codeigniter/core/Loader_test.php2
-rw-r--r--tests/mocks/ci_testcase.php2
-rw-r--r--user_guide_src/source/changelog.rst7
-rw-r--r--user_guide_src/source/general/errors.rst4
-rw-r--r--user_guide_src/source/general/managing_apps.rst2
-rw-r--r--user_guide_src/source/general/routing.rst2
-rw-r--r--user_guide_src/source/general/security.rst3
-rw-r--r--user_guide_src/source/libraries/email.rst2
21 files changed, 96 insertions, 57 deletions
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
index 35c36cb42..0aae987a2 100644
--- a/application/config/user_agents.php
+++ b/application/config/user_agents.php
@@ -208,13 +208,15 @@ $mobiles = array(
$robots = array(
'googlebot' => 'Googlebot',
'msnbot' => 'MSNBot',
+ 'baiduspider' => 'Baiduspider',
'bingbot' => 'Bing',
'slurp' => 'Inktomi Slurp',
'yahoo' => 'Yahoo',
'askjeeves' => 'AskJeeves',
'fastcrawler' => 'FastCrawler',
'infoseek' => 'InfoSeek Robot 1.0',
- 'lycos' => 'Lycos'
+ 'lycos' => 'Lycos',
+ 'yandex' => 'YandexBot'
);
/* End of file user_agents.php */
diff --git a/composer.json b/composer.json
index e21aaed2e..29715763f 100644
--- a/composer.json
+++ b/composer.json
@@ -1,9 +1,10 @@
{
- "name" : "ellislab/codeigniter",
- "require": {
- "php": ">=5.2.4"
- },
- "require-dev": {
- "mikey179/vfsStream": "*"
- }
+ "description" : "Dependencies for CodeIgniter's testing environment",
+ "name" : "ellislab/codeigniter",
+ "require": {
+ "php": ">=5.2.4"
+ },
+ "require-dev": {
+ "mikey179/vfsStream": "*"
+ }
} \ No newline at end of file
diff --git a/index.php b/index.php
index c6314da1f..cfb003eb8 100755
--- a/index.php
+++ b/index.php
@@ -255,7 +255,7 @@ switch (ENVIRONMENT)
if (($_temp = realpath($view_folder)) !== FALSE)
{
- $view_folder = realpath($view_folder).'/';
+ $view_folder = $_temp.'/';
}
else
{
diff --git a/system/core/Common.php b/system/core/Common.php
index 10c22375e..b4f0c388e 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable'))
*/
if (is_dir($file))
{
- $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
+ $file = rtrim($file, '/').'/'.md5(mt_rand());
if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE)
{
return FALSE;
@@ -359,7 +359,7 @@ if ( ! function_exists('show_error'))
*
* This function lets us invoke the exception class and
* display errors using the standard error template located
- * in application/errors/errors.php
+ * in application/views/errors/error_general.php
* This function will send the error page directly to the
* browser and exit.
*
diff --git a/system/core/Input.php b/system/core/Input.php
index 8d491e055..6690b7f2e 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -153,17 +153,39 @@ class CI_Input {
*/
protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE)
{
- if ( ! isset($array[$index]))
+ if (isset($array[$index]))
{
- return NULL;
+ $value = $array[$index];
}
+ elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation
+ {
+ $value = $array;
+ for ($i = 0; $i < $count; $i++)
+ {
+ $key = trim($matches[0][$i], '[]');
+ if ($key === '') // Empty notation will return the value as array
+ {
+ break;
+ }
- if ($xss_clean === TRUE)
+ if (isset($value[$key]))
+ {
+ $value = $value[$key];
+ }
+ else
+ {
+ return NULL;
+ }
+ }
+ }
+ else
{
- return $this->security->xss_clean($array[$index]);
+ return NULL;
}
- return $array[$index];
+ return ($xss_clean === TRUE)
+ ? $this->security->xss_clean($value)
+ : $value;
}
// --------------------------------------------------------------------
diff --git a/system/core/Security.php b/system/core/Security.php
index 7aae54efc..196d61144 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -488,8 +488,7 @@ class CI_Security {
{
if ($this->_xss_hash === '')
{
- mt_srand();
- $this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
+ $this->_xss_hash = md5(uniqid(mt_rand()));
}
return $this->_xss_hash;
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index b78f35a65..9239dc154 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1208,13 +1208,8 @@ abstract class CI_DB_driver {
}
else
{
- /* We have no other choice but to just get the first element's key.
- * Due to array_shift() accepting it's argument by reference, if
- * E_STRICT is on, this would trigger a warning. So we'll have to
- * assign it first.
- */
- $key = array_keys($row);
- $key = array_shift($key);
+ // We have no other choice but to just get the first element's key.
+ $key = key($row);
}
}
@@ -1614,7 +1609,7 @@ abstract class CI_DB_driver {
* @param string the error message
* @param string any "swap" values
* @param bool whether to localize the message
- * @return string sends the application/error_db.php template
+ * @return string sends the application/views/errors/error_db.php template
*/
public function display_error($error = '', $swap = '', $native = FALSE)
{
@@ -1711,7 +1706,10 @@ abstract class CI_DB_driver {
// If a parenthesis is found we know that we do not need to
// escape the data or add a prefix. There's probably a more graceful
// way to deal with this, but I'm not thinking of it -- Rick
- if (strpos($item, '(') !== FALSE)
+ //
+ // Added exception for single quotes as well, we don't want to alter
+ // literal strings. -- Narf
+ if (strpos($item, '(') !== FALSE OR strpos($item, "'") !== FALSE)
{
return $item;
}
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 692909c79..2002d4269 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -261,7 +261,6 @@ if ( ! function_exists('form_textarea'))
unset($data['value']); // textareas don't use the value attribute
}
- $name = is_array($data) ? $data['name'] : $data;
return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, TRUE)."</textarea>\n";
}
}
@@ -642,14 +641,13 @@ if ( ! function_exists('set_value'))
*/
function set_value($field = '', $default = '', $is_textarea = FALSE)
{
- if (FALSE === ($OBJ =& _get_validation_object()))
- {
- return isset($_POST[$field])
- ? form_prep($_POST[$field], $is_textarea)
- : form_prep($default, $is_textarea);
- }
+ $CI =& get_instance();
+
+ $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
+ ? $CI->form_validation->set_value($field, $default)
+ : $CI->input->post($field, FALSE);
- return form_prep($OBJ->set_value($field, $default), $is_textarea);
+ return form_prep($value === NULL ? $default : $value, $is_textarea);
}
}
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php
index b7b0697fb..edc300bd7 100644
--- a/system/libraries/Cart.php
+++ b/system/libraries/Cart.php
@@ -51,7 +51,7 @@ class CI_Cart {
*
* @var string
*/
- public $product_name_rules = '\.\:\-_ a-z0-9';
+ public $product_name_rules = '\w \-\.\:';
/**
* only allow safe product names
@@ -214,7 +214,7 @@ class CI_Cart {
// Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods.
// Note: These can be user-specified by setting the $this->product_name_rules variable.
- if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name']))
+ if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name']))
{
log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces');
return FALSE;
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
index c6a1cb175..8ac5420de 100644
--- a/system/libraries/Encrypt.php
+++ b/system/libraries/Encrypt.php
@@ -244,7 +244,7 @@ class CI_Encrypt {
$rand = '';
do
{
- $rand .= mt_rand(0, mt_getrandmax());
+ $rand .= mt_rand();
}
while (strlen($rand) < 32);
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 172e799f6..1ed50844c 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -836,6 +836,21 @@ class CI_Form_validation {
// --------------------------------------------------------------------
/**
+ * Checks if the rule is present within the validator
+ *
+ * Permits you to check if a rule is present within the validator
+ *
+ * @param string the field name
+ * @return bool
+ */
+ public function has_rule($field)
+ {
+ return isset($this->_field_data[$field]);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Get the value from a form
*
* Permits you to repopulate a form field with the value it was submitted
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 0e8644102..7174d63c8 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver {
$new_sessid = '';
do
{
- $new_sessid .= mt_rand(0, mt_getrandmax());
+ $new_sessid .= mt_rand();
}
while (strlen($new_sessid) < 32);
@@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver {
$probability = ini_get('session.gc_probability');
$divisor = ini_get('session.gc_divisor');
- srand(time());
if ((mt_rand(0, $divisor) / $divisor) < $probability)
{
$expire = $this->now - $this->sess_expiration;
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 1c14f99ed..7c48b4294 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -366,25 +366,25 @@ class CI_Upload {
switch ($error)
{
- case 1: // UPLOAD_ERR_INI_SIZE
+ case UPLOAD_ERR_INI_SIZE:
$this->set_error('upload_file_exceeds_limit');
break;
- case 2: // UPLOAD_ERR_FORM_SIZE
+ case UPLOAD_ERR_FORM_SIZE:
$this->set_error('upload_file_exceeds_form_limit');
break;
- case 3: // UPLOAD_ERR_PARTIAL
+ case UPLOAD_ERR_PARTIAL:
$this->set_error('upload_file_partial');
break;
- case 4: // UPLOAD_ERR_NO_FILE
+ case UPLOAD_ERR_NO_FILE:
$this->set_error('upload_no_file_selected');
break;
- case 6: // UPLOAD_ERR_NO_TMP_DIR
+ case UPLOAD_ERR_NO_TMP_DIR:
$this->set_error('upload_no_temp_directory');
break;
- case 7: // UPLOAD_ERR_CANT_WRITE
+ case UPLOAD_ERR_CANT_WRITE:
$this->set_error('upload_unable_to_write_file');
break;
- case 8: // UPLOAD_ERR_EXTENSION
+ case UPLOAD_ERR_EXTENSION:
$this->set_error('upload_stopped_by_extension');
break;
default:
@@ -604,7 +604,6 @@ class CI_Upload {
{
if ($this->encrypt_name === TRUE)
{
- mt_srand();
$filename = md5(uniqid(mt_rand())).$this->file_ext;
}
diff --git a/tests/codeigniter/core/Loader_test.php b/tests/codeigniter/core/Loader_test.php
index dea01a555..e75d0d564 100644
--- a/tests/codeigniter/core/Loader_test.php
+++ b/tests/codeigniter/core/Loader_test.php
@@ -220,7 +220,7 @@ class Loader_test extends CI_TestCase {
// Test name conflict
$obj = 'conflict';
- $this->ci_obj->$obj = new StdClass();
+ $this->ci_obj->$obj = new stdClass();
$this->setExpectedException(
'RuntimeException',
'CI Error: The model name you are loading is the name of a resource that is already being used: '.$obj
diff --git a/tests/mocks/ci_testcase.php b/tests/mocks/ci_testcase.php
index f16492945..ad4fe5ac3 100644
--- a/tests/mocks/ci_testcase.php
+++ b/tests/mocks/ci_testcase.php
@@ -27,7 +27,7 @@ class CI_TestCase extends PHPUnit_Framework_TestCase {
public function __construct()
{
parent::__construct();
- $this->ci_instance = new StdClass();
+ $this->ci_instance = new stdClass();
}
// --------------------------------------------------------------------
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 0e45a0e8f..86907ca53 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -221,6 +221,7 @@ Release Date: Not Released
- *Product Name* strictness can be disabled by switching the ``$product_name_safe`` property to FALSE.
- Added method ``remove()`` to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility.
- Added method ``get_item()`` to enable retrieving data for a single cart item.
+ - Added unicode support for product names.
- :doc:`Image Manipulation library <libraries/image_lib>` changes include:
- The ``initialize()`` method now only sets existing class properties.
- Added support for 3-length hex color values for *wm_font_color* and *wm_shadow_color* properties, as well as validation for them.
@@ -304,6 +305,7 @@ Release Date: Not Released
- Changed method ``valid_ip()`` to use PHP's native ``filter_var()`` function.
- Changed internal method ``_sanitize_globals()`` to skip enforcing reversal of *register_globals* in PHP 5.4+, where this functionality no longer exists.
- Changed methods ``get()``, ``post()``, ``get_post()``, ``cookie()``, ``server()``, ``user_agent()`` to return NULL instead of FALSE when no value is found.
+ - Changed method ``_fetch_from_array()`` to parse array notation in field name.
- :doc:`Common functions <general/common_functions>` changes include:
- Added function :php:func:`get_mimes()` to return the *application/config/mimes.php* array.
- Added support for HTTP code 303 ("See Other") in :php:func:`set_status_header()`.
@@ -481,13 +483,16 @@ Bug fixes for 3.0
- Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array.
- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE.
- Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values.
-- Fixed a bug - :doc:`DB result <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
+- Fixed a bug - :doc:`Database Results <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
- Fixed a bug (#73) - :doc:`Security Library <libraries/security>` method ``sanitize_filename()`` could be tricked by an XSS attack.
- Fixed a bug (#2211) - :doc:`Migration Library <libraries/migration>` extensions couldn't execute ``CI_Migration::__construct()``.
- Fixed a bug (#2255) - :doc:`Email Library <libraries/email>` didn't apply ``smtp_timeout`` to socket reads and writes.
- Fixed a bug (#2239) - :doc:`Email Library <libraries/email>` improperly handled the Subject when used with ``bcc_batch_mode`` resulting in E_WARNING messages and an empty Subject.
- Fixed a bug (#2234) - :doc:`Query Builder <database/query_builder>` didn't reset JOIN cache for write-type queries.
- Fixed a bug (#2298) - :doc:`Database Results <database/results>` method `next_row()` kept returning the last row, allowing for infinite loops.
+- Fixed a bug (#2236) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't parse array notation for keys if the rule was not present in the :doc:`Form Validation Library <libraries/form_validation>`.
+- Fixed a bug (#2353) - :doc:`Query Builder <database/query_builder>` erroneously prefixed literal strings with **dbprefix**.
+- Fixed a bug (#78) - :doc:`Cart Library <libraries/cart>` didn't allow non-English letters in product names.
Version 2.1.3
=============
diff --git a/user_guide_src/source/general/errors.rst b/user_guide_src/source/general/errors.rst
index 441cedb80..a247c1b9f 100644
--- a/user_guide_src/source/general/errors.rst
+++ b/user_guide_src/source/general/errors.rst
@@ -42,7 +42,7 @@ show_error()
This function will display the error message supplied to it using the
following error template::
- application/errors/error_general.php
+ application/views/errors/error_general.php
The optional parameter ``$status_code`` determines what HTTP status
code should be sent with the error. If ``$status_code`` is less than 100,
@@ -64,7 +64,7 @@ show_404()
This function will display the 404 error message supplied to it using
the following error template::
- application/errors/error_404.php
+ application/views/errors/error_404.php
The function expects the string passed to it to be the file path to the
page that isn't found. The exit status code will be set to ``EXIT_UNKNOWN_FILE``.
diff --git a/user_guide_src/source/general/managing_apps.rst b/user_guide_src/source/general/managing_apps.rst
index afb1aba2e..3ca0e03a7 100644
--- a/user_guide_src/source/general/managing_apps.rst
+++ b/user_guide_src/source/general/managing_apps.rst
@@ -21,7 +21,7 @@ Relocating your Application Directory
=====================================
It is possible to move your application directory to a different
-location on your server than your system directory. To do so open
+location on your server than your web root. To do so open
your main index.php and set a *full server path* in the
``$application_folder`` variable::
diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst
index 0c6dfe888..123257fc8 100644
--- a/user_guide_src/source/general/routing.rst
+++ b/user_guide_src/source/general/routing.rst
@@ -163,7 +163,7 @@ This route indicates which controller class should be loaded if the
requested controller is not found. It will override the default 404
error page. It won't affect to the ``show_404()`` function, which will
continue loading the default *error_404.php* file at
-*application/errors/error_404.php*.
+*application/views/errors/error_404.php*.
.. important:: The reserved routes must come before any wildcard or
regular expression routes. \ No newline at end of file
diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst
index 984ca840b..3f93443bb 100644
--- a/user_guide_src/source/general/security.rst
+++ b/user_guide_src/source/general/security.rst
@@ -15,11 +15,12 @@ the following:
- Alpha-numeric text (latin characters only)
- Tilde: ~
+- Percent sign: %
- Period: .
- Colon: :
- Underscore: \_
- Dash: -
-- Pipe: |
+- Space
Register_globals
=================
diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst
index a55f1895d..39629ece1 100644
--- a/user_guide_src/source/libraries/email.rst
+++ b/user_guide_src/source/libraries/email.rst
@@ -43,7 +43,7 @@ This example assumes you are sending the email from one of your
Setting Email Preferences
=========================
-There are 17 different preferences available to tailor how your email
+There are 21 different preferences available to tailor how your email
messages are sent. You can either set them manually as described here,
or automatically via preferences stored in your config file, described
below: