summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Cart.php28
-rw-r--r--user_guide_src/source/changelog.rst1
2 files changed, 24 insertions, 5 deletions
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php
index a0e1bb91e..13485a3ee 100644
--- a/system/libraries/Cart.php
+++ b/system/libraries/Cart.php
@@ -41,6 +41,7 @@ class CI_Cart {
// These are the regular expression rules that we use to validate the product ID and product name
var $product_id_rules = '\.a-z0-9_-'; // alpha-numeric, dashes, underscores, or periods
var $product_name_rules = '\.\:\-_ a-z0-9'; // alpha-numeric, dashes, underscores, colons or periods
+ var $product_name_safe = true; // only allow safe product names
// Private variables. Do not change!
var $CI;
@@ -195,10 +196,13 @@ class CI_Cart {
// Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods.
// Note: These can be user-specified by setting the $this->product_name_rules variable.
- if ( ! preg_match("/^[".$this->product_name_rules."]+$/i", $items['name']))
+ if($this->product_name_safe)
{
- log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces');
- return FALSE;
+ if ( ! preg_match("/^[".$this->product_name_rules."]+$/i", $items['name']))
+ {
+ log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces');
+ return FALSE;
+ }
}
// --------------------------------------------------------------------
@@ -242,7 +246,18 @@ class CI_Cart {
// --------------------------------------------------------------------
// Now that we have our unique "row ID", we'll add our cart items to the master array
-
+ // grab quantity if it's already there and add it on
+ if(isset($this->_cart_contents[$rowid]['qty']))
+ {
+ // set our old quantity
+ $old_quantity = (int)$this->_cart_contents[$rowid]['qty'];
+ }
+ else
+ {
+ // we have no old quantity but - we don't want to throw an error
+ $old_quantity = 0;
+ }
+
// let's unset this first, just to make sure our index contains only the data from this submission
unset($this->_cart_contents[$rowid]);
@@ -254,7 +269,10 @@ class CI_Cart {
{
$this->_cart_contents[$rowid][$key] = $val;
}
-
+
+ // add old quantity back in
+ $this->_cart_contents[$rowid]['qty'] = ($this->_cart_contents[$rowid]['qty'] + $old_quantity);
+
// Woot!
return $rowid;
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 6f41f4519..71104418a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -47,6 +47,7 @@ Release Date: Not Released
- CI_Loader::_ci_autoloader() is now a protected method.
- Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Form Validation library <libraries/form_validation>`.
- Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname)
+ - The Cart library now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites.
- Core