diff options
21 files changed, 412 insertions, 180 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php index 12daaa928..20cf7ef33 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -833,7 +833,7 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) + if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE) { echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); } diff --git a/system/core/Security.php b/system/core/Security.php index 1007f61f4..6f25fb5bb 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Security Class * @@ -106,23 +104,27 @@ class CI_Security { public function __construct() { - // CSRF config - foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) + // Is CSRF protection enabled? + if (config_item('csrf_protection') === TRUE) { - if (FALSE !== ($val = config_item($key))) + // CSRF config + foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) { - $this->{'_'.$key} = $val; + if (FALSE !== ($val = config_item($key))) + { + $this->{'_'.$key} = $val; + } } - } - // Append application specific cookie prefix - if (config_item('cookie_prefix')) - { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; - } + // Append application specific cookie prefix + if (config_item('cookie_prefix')) + { + $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + } - // Set the CSRF hash - $this->_csrf_set_hash(); + // Set the CSRF hash + $this->_csrf_set_hash(); + } log_message('debug', 'Security Class Initialized'); } @@ -189,7 +191,7 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS'])) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) { return FALSE; } @@ -358,7 +360,7 @@ class CI_Security { foreach ($words as $word) { - $word = implode("\s*", str_split($word)) . "\s*"; + $word = implode('\s*', str_split($word)).'\s*'; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" @@ -425,7 +427,6 @@ class CI_Security { '\\1\\2(\\3)', $str); - // Final clean up // This adds a bit of extra precaution in case // something got through the above filters @@ -601,7 +602,7 @@ class CI_Security { } // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -633,7 +634,7 @@ class CI_Security { { return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace // encode captured opening or closing brace to prevent recursive vectors: - . str_replace(array('>', '<'), array('>', '<'), $matches[4]); + .str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index eaae23f30..f648e5591 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -341,7 +341,7 @@ class CI_DB_active_record extends CI_DB_driver { $this->_track_aliases($table); // Strip apart the condition and protect the identifiers - if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match)) + if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match)) { $cond = $this->_protect_identifiers($match[1]).$match[2].$this->_protect_identifiers($match[3]); } diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 2daf8eaa0..8d297caf9 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -75,17 +75,6 @@ class CI_DB_driver { protected $_protect_identifiers = TRUE; protected $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped - // These are used with Oracle - public $stmt_id; - public $curs_id; - public $limit_used; - - /** - * Constructor. Accepts one parameter containing the database - * connection settings. - * - * @param array - */ public function __construct($params) { if (is_array($params)) @@ -288,6 +277,12 @@ class CI_DB_driver { $sql = preg_replace('/(\W)'.$this->swap_pre.'(\S+?)/', '\\1'.$this->dbprefix.'\\2', $sql); } + // Compile binds if needed + if ($binds !== FALSE) + { + $sql = $this->compile_binds($sql, $binds); + } + // Is query caching enabled? If the query is a "read type" // we will load the caching class and return the previously // cached query if it exists @@ -300,13 +295,7 @@ class CI_DB_driver { } } - // Compile binds if needed - if ($binds !== FALSE) - { - $sql = $this->compile_binds($sql, $binds); - } - - // Save the query for debugging + // Save the query for debugging if ($this->save_queries == TRUE) { $this->queries[] = $sql; @@ -383,19 +372,8 @@ class CI_DB_driver { // Load and instantiate the result driver $driver = $this->load_rdriver(); - $RES = new $driver(); - $RES->conn_id = $this->conn_id; - $RES->result_id = $this->result_id; + $RES = new $driver($this); - if ($this->dbdriver === 'oci8') - { - $RES->stmt_id = $this->stmt_id; - $RES->curs_id = $this->curs_id; - $RES->limit_used = $this->limit_used; - $this->stmt_id = FALSE; - } - - // oci8 vars must be set before calling this $RES->num_rows = $RES->num_rows(); // Is query caching enabled? If so, we'll serialize the @@ -1354,7 +1332,7 @@ class CI_DB_driver { return $item.$alias; } - + // -------------------------------------------------------------------- /** @@ -1362,12 +1340,10 @@ class CI_DB_driver { * * This function is used extensively by every db driver. * - * @access private * @return void */ protected function _reset_select() { - } } diff --git a/system/database/DB_result.php b/system/database/DB_result.php index 730443222..61aa56121 100644 --- a/system/database/DB_result.php +++ b/system/database/DB_result.php @@ -47,6 +47,12 @@ class CI_DB_result { public $num_rows = 0; public $row_data = NULL; + public function __construct(&$driver_object) + { + $this->conn_id = $driver_object->conn_id; + $this->result_id = $driver_object->result_id; + } + /** * Query result. Acts as a wrapper function for the following functions. * diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 84f7791c7..7fd08a6ed 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -404,16 +404,35 @@ class CI_DB_mysql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Field data query - * - * Generates a platform-specific query so that the column data can be retrieved + * Returns an object with field data * * @param string the table name - * @return string + * @return object */ - public function _field_data($table) + public function field_data($table = '') { - return 'DESCRIBE '.$table; + if ($table == '') + { + return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; + } + + $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $query->result_object(); + + $retval = array(); + for ($i = 0, $c = count($query); $i < $c; $i++) + { + preg_match('/([a-z]+)(\(\d+\))?/', $query[$i]->Type, $matches); + + $retval[$i] = new stdClass(); + $retval[$i]->name = $query[$i]->Field; + $retval[$i]->type = empty($matches[1]) ? NULL : $matches[1]; + $retval[$i]->default = $query[$i]->Default; + $retval[$i]->max_length = empty($matches[2]) ? NULL : preg_replace('/[^\d]/', '', $matches[2]); + $retval[$i]->primary_key = (int) ($query[$i]->Key === 'PRI'); + } + + return $retval; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 19353944d..25b6ceca1 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -405,16 +405,35 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Field data query - * - * Generates a platform-specific query so that the column data can be retrieved + * Returns an object with field data * * @param string the table name - * @return string + * @return object */ - protected function _field_data($table) + public function field_data($table = '') { - return 'DESCRIBE '.$table; + if ($table == '') + { + return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; + } + + $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $query->result_object(); + + $retval = array(); + for ($i = 0, $c = count($query); $i < $c; $i++) + { + preg_match('/([a-z]+)(\(\d+\))?/', $query[$i]->Type, $matches); + + $retval[$i] = new stdClass(); + $retval[$i]->name = $query[$i]->Field; + $retval[$i]->type = empty($matches[1]) ? NULL : $matches[1]; + $retval[$i]->default = $query[$i]->Default; + $retval[$i]->max_length = empty($matches[2]) ? NULL : preg_replace('/[^\d]/', '', $matches[2]); + $retval[$i]->primary_key = (int) ($query[$i]->Key === 'PRI'); + } + + return $retval; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index 0f69fa9ef..383b9f1a0 100644 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -38,9 +38,18 @@ */ class CI_DB_oci8_result extends CI_DB_result { - var $stmt_id; - var $curs_id; - var $limit_used; + public $stmt_id; + public $curs_id; + public $limit_used; + + public function __construct(&$driver_object) + { + parent::__construct($driver_object); + $this->stmt_id = $driver_object->stmt_id; + $this->curs_id = $driver_object->curs_id; + $this->limit_used = $driver_object->limit_used; + $driver_object->stmt_id = FALSE; + } /** * Number of rows in the result set. diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 779b0c62f..a6e08cf2f 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -287,12 +287,11 @@ class CI_DB_odbc_driver extends CI_DB { /** * Insert ID * - * @access public - * @return integer + * @return bool */ - function insert_id() + public function insert_id() { - return @odbc_insert_id($this->conn_id); + return ($this->db->db_debug) ? $this->db->display_error('db_unsuported_feature') : FALSE; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/odbc/odbc_result.php b/system/database/drivers/odbc/odbc_result.php index 572e110ca..de2c58cb9 100644 --- a/system/database/drivers/odbc/odbc_result.php +++ b/system/database/drivers/odbc/odbc_result.php @@ -245,8 +245,77 @@ class CI_DB_odbc_result extends CI_DB_result { return $rs_assoc; } -} + // -------------------------------------------------------------------- + + /** + * Query result. Array version. + * + * @return array + */ + public function result_array() + { + if (count($this->result_array) > 0) + { + return $this->result_array; + } + elseif (($c = count($this->result_object)) > 0) + { + for ($i = 0; $i < $c; $i++) + { + $this->result_array[$i] = (array) $this->result_object[$i]; + } + } + elseif ($this->result_id === FALSE) + { + return array(); + } + else + { + while ($row = $this->_fetch_assoc()) + { + $this->result_array[] = $row; + } + } + return $this->result_array; + } + + // -------------------------------------------------------------------- + + /** + * Query result. Object version. + * + * @return array + */ + public function result_object() + { + if (count($this->result_object) > 0) + { + return $this->result_object; + } + elseif (($c = count($this->result_array)) > 0) + { + for ($i = 0; $i < $c; $i++) + { + $this->result_object[$i] = (object) $this->result_array[$i]; + } + } + elseif ($this->result_id === FALSE) + { + return array(); + } + else + { + while ($row = $this->_fetch_object()) + { + $this->result_object[] = $row; + } + } + + return $this->result_object; + } + +} /* End of file odbc_result.php */ /* Location: ./system/database/drivers/odbc/odbc_result.php */ diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index df0f50da5..5b248e9bc 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -587,16 +587,10 @@ class CI_DB_postgre_driver extends CI_DB { $valstr[] = $key." = ".$val; } - $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; - - $orderby = (count($orderby) >= 1)?' ORDER BY '.implode(", ", $orderby):''; - $sql = "UPDATE ".$table." SET ".implode(', ', $valstr); $sql .= ($where != '' AND count($where) >=1) ? " WHERE ".implode(" ", $where) : ''; - $sql .= $orderby.$limit; - return $sql; } @@ -647,9 +641,7 @@ class CI_DB_postgre_driver extends CI_DB { $conditions .= implode("\n", $like); } - $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; - - return "DELETE FROM ".$table.$conditions.$limit; + return "DELETE FROM ".$table.$conditions; } // -------------------------------------------------------------------- diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index bed2cb297..6efef2324 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -22,7 +22,6 @@ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 - * @filesource */ // ------------------------------------------------------------------------ @@ -72,8 +71,8 @@ if ( ! function_exists('form_open')) $form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n"; - // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites - if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"'))) + // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites + if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 2cbcd9dbf..3f0fef58e 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -470,39 +470,35 @@ if ( ! function_exists('prep_url')) * Create URL Title * * Takes a "title" string as input and creates a - * human-friendly URL string with either a dash - * or an underscore as the word separator. + * human-friendly URL string with a "separator" string + * as the word separator. * * @access public * @param string the string - * @param string the separator: dash, or underscore + * @param string the separator * @return string */ if ( ! function_exists('url_title')) { - function url_title($str, $separator = 'dash', $lowercase = FALSE) + function url_title($str, $separator = '-', $lowercase = FALSE) { if ($separator === 'dash') { - $search = '_'; - $replace = '-'; + $separator = '-'; } - else + else if ($separator == 'underscore') { - $search = '-'; - $replace = '_'; + $separator = '_'; } + + $q_separator = preg_quote($separator); $trans = array( - '&\#\d+?;' => '', - '&\S+?;' => '', - '\s+' => $replace, - '[^a-z0-9\-\._]' => '', - $replace.'+' => $replace, - $replace.'$' => $replace, - '^'.$replace => $replace, - '\.+$' => '' - ); + '&.+?;' => '', + '[^a-z0-9 _-]' => '', + '\s+' => $separator, + '('.$q_separator.')+' => $separator + ); $str = strip_tags($str); foreach ($trans as $key => $val) @@ -515,7 +511,7 @@ if ( ! function_exists('url_title')) $str = strtolower($str); } - return trim(trim(stripslashes($str)), $replace); + return trim(trim($str, $separator)); } } diff --git a/system/language/english/form_validation_lang.php b/system/language/english/form_validation_lang.php index 6afa37a29..ea589618a 100644 --- a/system/language/english/form_validation_lang.php +++ b/system/language/english/form_validation_lang.php @@ -25,30 +25,32 @@ * @filesource */ -$lang['required'] = "The %s field is required."; -$lang['isset'] = "The %s field must have a value."; -$lang['valid_email'] = "The %s field must contain a valid email address."; -$lang['valid_emails'] = "The %s field must contain all valid email addresses."; -$lang['valid_url'] = "The %s field must contain a valid URL."; -$lang['valid_ip'] = "The %s field must contain a valid IP."; -$lang['min_length'] = "The %s field must be at least %s characters in length."; -$lang['max_length'] = "The %s field cannot exceed %s characters in length."; -$lang['exact_length'] = "The %s field must be exactly %s characters in length."; -$lang['alpha'] = "The %s field may only contain alphabetical characters."; -$lang['alpha_numeric'] = "The %s field may only contain alpha-numeric characters."; -$lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, underscores, and dashes."; -$lang['numeric'] = "The %s field must contain only numbers."; -$lang['is_numeric'] = "The %s field must contain only numeric characters."; -$lang['integer'] = "The %s field must contain an integer."; -$lang['regex_match'] = "The %s field is not in the correct format."; -$lang['matches'] = "The %s field does not match the %s field."; -$lang['is_unique'] = "The %s field must contain a unique value."; -$lang['is_natural'] = "The %s field must contain only positive numbers."; -$lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero."; -$lang['decimal'] = "The %s field must contain a decimal number."; -$lang['less_than'] = "The %s field must contain a number less than %s."; -$lang['greater_than'] = "The %s field must contain a number greater than %s."; +$lang['required'] = "The %s field is required."; +$lang['isset'] = "The %s field must have a value."; +$lang['valid_email'] = "The %s field must contain a valid email address."; +$lang['valid_emails'] = "The %s field must contain all valid email addresses."; +$lang['valid_url'] = "The %s field must contain a valid URL."; +$lang['valid_ip'] = "The %s field must contain a valid IP."; +$lang['min_length'] = "The %s field must be at least %s characters in length."; +$lang['max_length'] = "The %s field cannot exceed %s characters in length."; +$lang['exact_length'] = "The %s field must be exactly %s characters in length."; +$lang['alpha'] = "The %s field may only contain alphabetical characters."; +$lang['alpha_numeric'] = "The %s field may only contain alpha-numeric characters."; +$lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, underscores, and dashes."; +$lang['numeric'] = "The %s field must contain only numbers."; +$lang['is_numeric'] = "The %s field must contain only numeric characters."; +$lang['integer'] = "The %s field must contain an integer."; +$lang['regex_match'] = "The %s field is not in the correct format."; +$lang['matches'] = "The %s field does not match the %s field."; +$lang['is_unique'] = "The %s field must contain a unique value."; +$lang['is_natural'] = "The %s field must contain only positive numbers."; +$lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero."; +$lang['decimal'] = "The %s field must contain a decimal number."; +$lang['less_than'] = "The %s field must contain a number less than %s."; +$lang['less_than_equal_to'] = "The %s field must contain a number less than or equal to %s."; +$lang['greater_than'] = "The %s field must contain a number greater than %s."; +$lang['greater_than_equal_to'] = "The %s field must contain a number greater than or equal to %s."; /* End of file form_validation_lang.php */ -/* Location: ./system/language/english/form_validation_lang.php */
\ No newline at end of file +/* Location: ./system/language/english/form_validation_lang.php */ diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 5069a44c1..cdb3d3d62 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -47,10 +47,8 @@ class CI_Form_validation { protected $_error_suffix = '</p>'; protected $error_string = ''; protected $_safe_form_data = FALSE; + protected $validation_data = array(); - /** - * Constructor - */ public function __construct($rules = array()) { $this->CI =& get_instance(); @@ -85,7 +83,8 @@ class CI_Form_validation { public function set_rules($field, $label = '', $rules = '') { // No reason to set rules if we have no POST data - if (count($_POST) === 0) + // or a validation array has not been specified + if (count($_POST) === 0 && count($this->validation_data) === 0) { return $this; } @@ -162,10 +161,33 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * By default, form validation uses the $_POST array to validate + * + * If an array is set through this method, then this array will + * be used instead of the $_POST array + * + * Note that if you are validating multiple arrays, then the + * reset_validation() function should be called after validating + * each array due to the limitations of CI's singleton + * + * @param array $data + * @return void + */ + public function set_data($data = '') + { + if ( ! empty($data) && is_array($data)) + { + $this->validation_data = $data; + } + } + + // -------------------------------------------------------------------- + + /** * Set Error Message * * Lets users set their own error messages on the fly. Note: The key - * name has to match the function name that it corresponds to. + * name has to match the function name that it corresponds to. * * @param string * @param string @@ -300,7 +322,8 @@ class CI_Form_validation { public function run($group = '') { // Do we even have any data to process? Mm? - if (count($_POST) === 0) + $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST; + if (count($validation_array) === 0) { return FALSE; } @@ -342,18 +365,18 @@ class CI_Form_validation { // corresponding $_POST item and test for errors foreach ($this->_field_data as $field => $row) { - // Fetch the data from the corresponding $_POST array and cache it in the _field_data array. + // Fetch the data from the corresponding $_POST or validation array and cache it in the _field_data array. // Depending on whether the field name is an array or a string will determine where we get it from. if ($row['is_array'] === TRUE) { - $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); + $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']); } else { - if (isset($_POST[$field]) AND $_POST[$field] != "") + if (isset($validation_array[$field]) AND $validation_array[$field] != "") { - $this->_field_data[$field]['postdata'] = $_POST[$field]; + $this->_field_data[$field]['postdata'] = $validation_array[$field]; } } @@ -867,12 +890,13 @@ class CI_Form_validation { */ public function matches($str, $field) { - if ( ! isset($_POST[$field])) + $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST; + if ( ! isset($validation_array[$field])) { return FALSE; } - return ($str === $_POST[$field]); + return ($str === $validation_array[$field]); } // -------------------------------------------------------------------- @@ -1117,7 +1141,7 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** - * Greather than + * Greater than * * @param string * @return bool @@ -1132,6 +1156,24 @@ class CI_Form_validation { } // -------------------------------------------------------------------- + + /** + * Equal to or Greater than + * + * @access public + * @param string + * @return bool + */ + function greater_than_equal_to($str, $min) + { + if ( ! is_numeric($str)) + { + return FALSE; + } + return $str >= $min; + } + + // -------------------------------------------------------------------- /** * Less than @@ -1151,6 +1193,24 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * Equal to or Less than + * + * @access public + * @param string + * @return bool + */ + function less_than_equal_to($str, $max) + { + if ( ! is_numeric($str)) + { + return FALSE; + } + return $str <= $max; + } + + // -------------------------------------------------------------------- + + /** * Is a Natural number (0,1,2,3, etc.) * * @param string @@ -1283,6 +1343,25 @@ class CI_Form_validation { return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); } + // -------------------------------------------------------------------- + + /** + * Reset validation vars + * + * Prevents subsequent validation routines from being affected by the + * results of any previous validation routine due to the CI singleton. + * + * @return void + */ + public function reset_validation() + { + $this->_field_data = array(); + $this->_config_rules = array(); + $this->_error_array = array(); + $this->_error_messages = array(); + $this->error_string = ''; + } + } /* End of file Form_validation.php */ diff --git a/system/libraries/Session.php b/system/libraries/Session.php index dd50a91e1..104b88810 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -454,7 +454,7 @@ class CI_Session { */ public function userdata($item) { - return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item]; + return isset($this->userdata[$item]) ? $this->userdata[$item] : FALSE; } // -------------------------------------------------------------------- @@ -729,7 +729,7 @@ class CI_Session { */ protected function _unserialize($data) { - $data = @unserialize(strip_slashes($data)); + $data = @unserialize(strip_slashes(trim($data))); if (is_array($data)) { @@ -737,9 +737,11 @@ class CI_Session { return $data; } - return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data; + return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data; } + // -------------------------------------------------------------------- + /** * Unescape slashes * @@ -779,7 +781,7 @@ class CI_Session { { $expire = $this->now - $this->sess_expiration; - $this->CI->db->where("last_activity < {$expire}"); + $this->CI->db->where('last_activity < '.$expire); $this->CI->db->delete($this->sess_table_name); log_message('debug', 'Session garbage collection performed.'); diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index ac29c1bdd..89575c849 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1101,7 +1101,7 @@ class CI_Upload { $proc = @popen($cmd, 'r'); if (is_resource($proc)) { - $mime = @fread($test, 512); + $mime = @fread($proc, 512); @pclose($proc); if ($mime !== FALSE) { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index cb33336a1..37016f832 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -62,6 +62,8 @@ Release Date: Not Released - pg_version() is now used to get the database version number, when possible. - Added db_set_charset() support. - Added _optimize_table() support for the :doc:`Database Utility Class <database/utilities>` (rebuilds table indexes). + - Added a constructor to the DB_result class and moved all driver-specific properties and logic out of the base DB_driver class to allow better abstraction. + - Removed limit() and order_by() support for UPDATE and DELETE queries in PostgreSQL driver. Postgres does not support those features. - Libraries @@ -83,6 +85,8 @@ Release Date: Not Released - Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`. - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional. - Added function error_array() to return all error messages as an array in the Form_validation class. + - Added function set_data() to Form_validation library, which can be used in place of the default $_POST array. + - Added function reset_validation() to form validation library, which resets internal validation variables in case of multiple validation routines. - Changed the Session library to select only one row when using database sessions. - Core @@ -91,6 +95,7 @@ Release Date: Not Released - Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions). - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). - is_loaded() function from system/core/Commons.php now returns a reference. + - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available. Bug fixes for 3.0 ------------------ @@ -135,6 +140,11 @@ Bug fixes for 3.0 - Fixed a bug (#1101) - MySQL/MySQLi result method field_data() was implemented as if it was handling a DESCRIBE result instead of the actual result set. - Fixed a bug in Oracle's :doc:`Database Forge Class <database/forge>` method _create_table() where it failed with AUTO_INCREMENT as it's not supported. - Fixed a bug (#1080) - When using the SMTP protocol, the :doc:`Email Library <libraries/email>` send() method was returning TRUE even if the connection/authentication against the server failed. +- Fixed a bug (#499) - a CSRF cookie was created even with CSRF protection being disabled. +- Fixed a bug (#306) - ODBC's insert_id() method was calling non-existent function odbc_insert_id(), which resulted in a fatal error. +- Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL. +- Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. +- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. Version 2.1.1 ============= @@ -147,6 +157,8 @@ Release Date: Not Released - Libraries - Further improved MIME type detection in the :doc:`File Uploading Library <libraries/file_uploading>`. +- Helpers + - url_title() performance and output improved. You can now use any string as the word delimiter, but 'dash' and 'underscore' are still supported. Bug fixes for 2.1.1 ------------------- @@ -155,6 +167,7 @@ Bug fixes for 2.1.1 - Fixed a bug - form_open() compared $action against site_url() instead of base_url(). - Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE. - Fixed a bug (#538) - Windows paths were ignored when using the :doc:`Image Manipulation Library <libraries/image_lib>` to create a new file. +- Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found Version 2.1.0 ============= diff --git a/user_guide_src/source/database/results.rst b/user_guide_src/source/database/results.rst index 4f93c794d..865345762 100644 --- a/user_guide_src/source/database/results.rst +++ b/user_guide_src/source/database/results.rst @@ -150,6 +150,12 @@ is the variable that the query result object is assigned to:: echo $query->num_rows(); +.. note:: + Not all database drivers have a native way of getting the total + number of rows for a result set. When this is the case, all of + the data is prefetched and count() is manually called on the + resulting array in order to achieve the same functionality. + $query->num_fields() ===================== @@ -182,5 +188,4 @@ Example:: $row = $query2->row(); echo $row->name; - $query2->free_result();// The $query2 result object will no longer be available - + $query2->free_result(); // The $query2 result object will no longer be available diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 09a192bb0..5aa64d032 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -579,7 +579,30 @@ must supply it as an array to the function. Example:: For more info please see the :ref:`using-arrays-as-field-names` section below. -.. _saving-groups: +Validating an Array (other than $_POST) +======================================= + +Sometimes you may want to validate an array that does not originate from $_POST data. + +In this case, you can specify the array to be validated:: + + $data = array( + 'username' => 'johndoe', + 'password' => 'mypassword', + 'passconf' => 'mypassword' + ); + + $this->form_validation->set_data($data); + +Creating validation rules, running the validation and retrieving error messages works the same whether you are +validating $_POST data or an array. + +**Important Note:** If you want to validate more than one array during a single execution, then you should +call the reset_validation() function before setting up rules and validating the new array. + +For more info please see the :ref:`function-reference` section below. + +-.. _saving-groups: ************************************************ Saving Sets of Validation Rules to a Config File @@ -823,34 +846,40 @@ Rule Reference The following is a list of all the native rules that are available to use: -======================= ========== ============================================================================================= ======================= -Rule Parameter Description Example -======================= ========== ============================================================================================= ======================= -**required** No Returns FALSE if the form element is empty. -**matches** Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item] -**is_unique** Yes Returns FALSE if the form element is not unique to the is_unique[table.field] - table and field name in the parameter. is_unique[table.field] -**max_length** Yes Returns FALSE if the form element is longer then the parameter value. max_length[12] -**exact_length** Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8] -**greater_than** Yes Returns FALSE if the form element is less than the parameter value or not numeric. greater_than[8] -**less_than** Yes Returns FALSE if the form element is greater than the parameter value or not numeric. less_than[8] -**alpha** No Returns FALSE if the form element contains anything other than alphabetical characters. -**alpha_numeric** No Returns FALSE if the form element contains anything other than alpha-numeric characters. -**alpha_dash** No Returns FALSE if the form element contains anything other than alpha-numeric characters, - underscores or dashes. -**numeric** No Returns FALSE if the form element contains anything other than numeric characters. -**integer** No Returns FALSE if the form element contains anything other than an integer. -**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. -**is_natural** No Returns FALSE if the form element contains anything other than a natural number: - 0, 1, 2, 3, etc. -**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural - number, but not zero: 1, 2, 3, etc. -**is_unique** Yes Returns FALSE if the form element is not unique in a database table. is_unique[table.field] -**valid_email** No Returns FALSE if the form element does not contain a valid email address. -**valid_emails** No Returns FALSE if any value provided in a comma separated list is not a valid email. -**valid_ip** No Returns FALSE if the supplied IP is not valid. -**valid_base64** No Returns FALSE if the supplied string contains anything other than valid Base64 characters. -======================= ========== ============================================================================================= ======================= +========================= ========== ============================================================================================= ======================= +Rule Parameter Description Example +========================= ========== ============================================================================================= ======================= +**required** No Returns FALSE if the form element is empty. +**matches** Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item] +**is_unique** Yes Returns FALSE if the form element is not unique to the is_unique[table.field] + table and field name in the parameter. is_unique[table.field] +**max_length** Yes Returns FALSE if the form element is longer then the parameter value. max_length[12] +**exact_length** Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8] +**greater_than** Yes Returns FALSE if the form element is less than or equal to the parameter value or not greater_than[8] + numeric. +**greater_than_equal_to** Yes Returns FALSE if the form element is less than the parameter value, greater_than_equal_to[8] + or not numeric. +**less_than** Yes Returns FALSE if the form element is greater than or equal to the parameter value or less_than[8] + not numeric. +**less_than_equal_to** Yes Returns FALSE if the form element is greater than the parameter value, less_than_equal_to[8] + or not numeric. +**alpha** No Returns FALSE if the form element contains anything other than alphabetical characters. +**alpha_numeric** No Returns FALSE if the form element contains anything other than alpha-numeric characters. +**alpha_dash** No Returns FALSE if the form element contains anything other than alpha-numeric characters, + underscores or dashes. +**numeric** No Returns FALSE if the form element contains anything other than numeric characters. +**integer** No Returns FALSE if the form element contains anything other than an integer. +**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. +**is_natural** No Returns FALSE if the form element contains anything other than a natural number: + 0, 1, 2, 3, etc. +**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural + number, but not zero: 1, 2, 3, etc. +**is_unique** Yes Returns FALSE if the form element is not unique in a database table. is_unique[table.field] +**valid_email** No Returns FALSE if the form element does not contain a valid email address. +**valid_emails** No Returns FALSE if any value provided in a comma separated list is not a valid email. +**valid_ip** No Returns FALSE if the supplied IP is not valid. +**valid_base64** No Returns FALSE if the supplied string contains anything other than valid Base64 characters. +========================= ========== ============================================================================================= ======================= .. note:: These rules can also be called as discrete functions. For example:: @@ -930,6 +959,24 @@ $this->form_validation->set_message(); Permits you to set custom error messages. See :ref:`setting-error-messages` +$this->form_validation->set_data(); +======================================== + + .. php:method:: set_data ($data = '') + + :param array $data: The data to validate + + Permits you to set an array for validation, instead of using the default + $_POST array. + +$this->form_validation->reset_validation(); +======================================== + + .. php:method:: reset_validation () + + Permits you to reset the validation when you validate more than one array. + This function should be called before validating each new array. + $this->form_validation->error_array(); ======================================== @@ -1020,4 +1067,3 @@ This function is identical to the **set_checkbox()** function above. <input type="radio" name="myradio" value="1" <?php echo set_radio('myradio', '1', TRUE); ?> /> <input type="radio" name="myradio" value="2" <?php echo set_radio('myradio', '2'); ?> /> - diff --git a/user_guide_src/source/overview/at_a_glance.rst b/user_guide_src/source/overview/at_a_glance.rst index 31f0b4dd9..6dcfdbb14 100644 --- a/user_guide_src/source/overview/at_a_glance.rst +++ b/user_guide_src/source/overview/at_a_glance.rst @@ -41,7 +41,7 @@ CodeIgniter Uses M-V-C CodeIgniter uses the Model-View-Controller approach, which allows great separation between logic and presentation. This is particularly good for projects in which designers are working with your template files, as the -code these file contain will be minimized. We describe MVC in more +code these files contain will be minimized. We describe MVC in more detail on its own page. CodeIgniter Generates Clean URLs |