diff options
| -rw-r--r-- | application/config/database.php | 4 | ||||
| -rw-r--r-- | system/core/Security.php | 13 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 2 | ||||
| -rw-r--r-- | system/helpers/security_helper.php | 3 | ||||
| -rw-r--r-- | system/helpers/url_helper.php | 14 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 4 | ||||
| -rw-r--r-- | tests/codeigniter/database/query_builder/get_test.php | 2 | ||||
| -rw-r--r-- | tests/mocks/autoloader.php | 11 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 6 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/pagination.rst | 22 |
10 files changed, 62 insertions, 19 deletions
diff --git a/application/config/database.php b/application/config/database.php index 19498735c..cb6ebad10 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -43,7 +43,7 @@ | ['password'] The password used to connect to the database | ['database'] The name of the database you want to connect to | ['dbdriver'] The database type. e.g.: mysql. Currently supported: -| cubrid, interbase, mssql, mysql, mysqli, oci8, +| cubrid, interbase, mssql, mysql, mysqli, oci8, | odbc, pdo, postgre, sqlite, sqlite3, sqlsrv | ['dbprefix'] You can add an optional prefix, which will be added | to the table name when using the Query Builder class @@ -84,7 +84,7 @@ $db['default'] = array( 'database' => '', 'dbdriver' => 'mysqli', 'dbprefix' => '', - 'pconnect' => FALSE, + 'pconnect' => TRUE, 'db_debug' => TRUE, 'cache_on' => FALSE, 'cachedir' => '', diff --git a/system/core/Security.php b/system/core/Security.php index 4593a1090..227217e75 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -561,6 +561,19 @@ class CI_Security { // ---------------------------------------------------------------- /** + * Strip Image Tags + * + * @param string + * @return string + */ + public function strip_image_tags($str) + { + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + } + + // ---------------------------------------------------------------- + + /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 4c43fe3c3..3982885e8 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1218,7 +1218,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string the offset clause * @return object */ - public function get_where($table = '', $where = null, $limit = null, $offset = null) + public function get_where($table = '', $where = NULL, $limit = NULL, $offset = NULL) { if ($table !== '') { diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 7968f9e9f..0e8e9f93d 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -108,7 +108,8 @@ if ( ! function_exists('strip_image_tags')) */ function strip_image_tags($str) { - return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + $CI =& get_instance(); + return $CI->security->strip_image_tags($str); } } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 40ce807df..39e6343a6 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -526,7 +526,7 @@ if ( ! function_exists('redirect')) * @param int * @return string */ - function redirect($uri = '', $method = 'auto', $http_response_code = 302) + function redirect($uri = '', $method = 'auto', $code = NULL) { if ( ! preg_match('#^https?://#i', $uri)) { @@ -538,14 +538,22 @@ if ( ! function_exists('redirect')) { $method = 'refresh'; } + elseif ($method !== 'refresh' && (empty($code) OR ! is_numeric($code))) + { + // Reference: http://en.wikipedia.org/wiki/Post/Redirect/Get + $code = (isset($_SERVER['REQUEST_METHOD'], $_SERVER['SERVER_PROTOCOL']) + && $_SERVER['REQUEST_METHOD'] === 'POST' + && $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1') + ? 303 : 302; + } - switch($method) + switch ($method) { case 'refresh': header('Refresh:0;url='.$uri); break; default: - header('Location: '.$uri, TRUE, $http_response_code); + header('Location: '.$uri, TRUE, $code); break; } exit; diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 4bb29e41b..e7b89d0c4 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1277,7 +1277,7 @@ class CI_Form_validation { */ public function is_natural_no_zero($str) { - return ($str !== 0 && preg_match('/^[0-9]+$/', $str)); + return ($str != 0 && preg_match('/^[0-9]+$/', $str)); } // -------------------------------------------------------------------- @@ -1360,7 +1360,7 @@ class CI_Form_validation { */ public function strip_image_tags($str) { - return $this->CI->input->strip_image_tags($str); + return $this->CI->security->strip_image_tags($str); } // -------------------------------------------------------------------- diff --git a/tests/codeigniter/database/query_builder/get_test.php b/tests/codeigniter/database/query_builder/get_test.php index 699d2906a..156027537 100644 --- a/tests/codeigniter/database/query_builder/get_test.php +++ b/tests/codeigniter/database/query_builder/get_test.php @@ -41,7 +41,7 @@ class Get_test extends CI_TestCase { */ public function test_get_where() { - $job1 = $this->db->get('job', array('id' => 1))->result_array(); + $job1 = $this->db->get_where('job', array('id' => 1))->result_array(); // Dummy jobs contain 1 rows $this->assertCount(1, $job1); diff --git a/tests/mocks/autoloader.php b/tests/mocks/autoloader.php index e3ff7a8bd..be1c2220c 100644 --- a/tests/mocks/autoloader.php +++ b/tests/mocks/autoloader.php @@ -69,16 +69,21 @@ function autoload($class) } } - $file = isset($file) ? $file : $dir.$class.'.php'; + $file = (isset($file)) ? $file : $dir.$class.'.php'; if ( ! file_exists($file)) { $trace = debug_backtrace(); - // If the autoload call came from `class_exists` or `file_exists`, - // we skipped and return FALSE if ($trace[2]['function'] === 'class_exists' OR $trace[2]['function'] === 'file_exists') { + // If the autoload call came from `class_exists` or `file_exists`, + // we skipped and return FALSE + return FALSE; + } + elseif (($autoloader = spl_autoload_functions()) && end($autoloader) !== __FUNCTION__) + { + // If there was other custom autoloader, passed away return FALSE; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index e6afd350a..c0fa9d7f7 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -57,6 +57,7 @@ Release Date: Not Released - ``url_title()`` will now trim extra dashes from beginning and end. - ``anchor_popup()`` will now fill the "href" attribute with the URL and its JS code will return false instead. - Added JS window name support to ``anchor_popup()`` function. + - Added support (auto-detection) for HTTP/1.1 response code 303 in ``redirect()``. - Added XHTML Basic 1.1 doctype to :doc:`HTML Helper <helpers/html_helper>`. - Changed ``humanize()`` to include a second param for the separator. - Refactored ``plural()`` and ``singular()`` to avoid double pluralization and support more words. @@ -70,7 +71,8 @@ Release Date: Not Released - ``set_realpath()`` can now also handle file paths as opposed to just directories. - Added an optional paramater to ``delete_files()`` to enable it to skip deleting files such as .htaccess and index.html. - ``read_file()`` is now a deprecated alias of ``file_get_contents()``. - - :doc:`Date Helper <helpers/date_helper>` Added optional fourth parameter to ``timezone_menu()`` that allows more attributes to be added to the generated select tag + - Added an optional parameter to :doc:`Date Helper <helpers/date_helper>` function ``timezone_menu()`` that allows more attributes to be added to the generated select tag. + - :doc:`Security Helper <helpers/security_helper>` function ``strip_image_tags()`` is now an alias for the same method in the :doc:`Security Library <libraries/security>`. - Database @@ -190,6 +192,7 @@ Release Date: Not Released - $config['time_reference'] now supports all timezone strings supported by PHP. - Added support for HTTP code 303 ("See Other") in set_status_header(). - Changed :doc:`Config Library <libraries/config>` method site_url() to accept an array as well. + - Added method ``strip_image_tags()`` to the :doc:`Security Library <libraries/security>`. Bug fixes for 3.0 ------------------ @@ -294,6 +297,7 @@ Bug fixes for 3.0 - Fixed a bug where :doc:`URL Helper <helpers/url_helper>` function anchor_popup() ignored the attributes argument if it is not an array. - Fixed a bug (#1328) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly check the type of the form fields before processing them. - Fixed a bug (#79) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly validate array fields that use associative keys or have custom indexes. +- Fixed a bug (#427) - :doc:`Form Validation Library <libraries/form_validation>` method ``strip_image_tags()`` was an alias to a non-existent method. Version 2.1.1 ============= diff --git a/user_guide_src/source/libraries/pagination.rst b/user_guide_src/source/libraries/pagination.rst index a7e4c84c9..7d750bd23 100644 --- a/user_guide_src/source/libraries/pagination.rst +++ b/user_guide_src/source/libraries/pagination.rst @@ -21,9 +21,9 @@ Here is a simple example showing how to create pagination in one of your $config['base_url'] = 'http://example.com/index.php/test/page/'; $config['total_rows'] = 200; - $config['per_page'] = 20; + $config['per_page'] = 20; - $this->pagination->initialize($config); + $this->pagination->initialize($config); echo $this->pagination->create_links(); @@ -115,9 +115,9 @@ configured using $config['query_string_segment'] = 'your_string' $config['reuse_query_string'] = FALSE; ====================================== -By default your Query String arguments (nothing to do with other -query string options) will be ignored. Setting this config to -TRUE will add existing query string arguments back into the +By default your Query String arguments (nothing to do with other +query string options) will be ignored. Setting this config to +TRUE will add existing query string arguments back into the URL after the URI segment and before the suffix :: @@ -127,6 +127,18 @@ URL after the URI segment and before the suffix This helps you mix together normal :doc:`URI Segments <../general/urls>` as well as query string arguments, which until 3.0 was not possible. +$config['prefix'] = ''; +================================== + +A custom prefix added to the path. The prefix value will be right before +the offset segment. + +$config['suffix'] = ''; +================================== + +A custom suffix added to the path. The sufix value will be right after +the offset segment. + *********************** Adding Enclosing Markup *********************** |