diff options
| -rw-r--r-- | application/config/config.php | 2 | ||||
| -rwxr-xr-x | system/core/Security.php | 12 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 19 | ||||
| -rw-r--r-- | system/helpers/date_helper.php | 172 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 7 | ||||
| -rw-r--r-- | system/helpers/typography_helper.php | 10 | ||||
| -rw-r--r-- | user_guide/changelog.html | 31 | ||||
| -rw-r--r-- | user_guide/installation/upgrade_210.html | 87 |
8 files changed, 226 insertions, 114 deletions
diff --git a/application/config/config.php b/application/config/config.php index 880393c29..a6d10d8dc 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -79,6 +79,8 @@ $config['language'] = 'english'; | This determines which character set is used by default in various methods | that require a character set to be provided. | +| See http://php.net/htmlspecialchars for a list of supported charsets. +| */ $config['charset'] = 'UTF-8'; diff --git a/system/core/Security.php b/system/core/Security.php index 342455f27..e99418bdd 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -525,9 +525,17 @@ class CI_Security { * @param string * @return string */ - public function entity_decode($str, $charset='UTF-8') + public function entity_decode($str, $charset = NULL) { - if (stristr($str, '&') === FALSE) return $str; + if (stristr($str, '&') === FALSE) + { + return $str; + } + + if (empty($charset)) + { + $charset = config_item('charset'); + } // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index f3e824daa..300ca2977 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -251,9 +251,10 @@ class CI_DB_driver { { if ($sql == '') { + log_message('error', 'Invalid query: '.$sql); + if ($this->db_debug) { - log_message('error', 'Invalid query: '.$sql); return $this->display_error('db_invalid_query'); } return FALSE; @@ -306,21 +307,23 @@ class CI_DB_driver { // This will trigger a rollback if transactions are being used $this->_trans_status = FALSE; + // Grab the error number and message now, as we might run some + // additional queries before displaying the error + $error_no = $this->_error_number(); + $error_msg = $this->_error_message(); + + // Log errors + log_message('error', 'Query error: '.$error_msg); + if ($this->db_debug) { - // grab the error number and message now, as we might run some - // additional queries before displaying the error - $error_no = $this->_error_number(); - $error_msg = $this->_error_message(); - // We call this function in order to roll-back queries // if transactions are enabled. If we don't call this here // the error message will trigger an exit, causing the // transactions to remain in limbo. $this->trans_complete(); - // Log and display errors - log_message('error', 'Query error: '.$error_msg); + // Display errors return $this->display_error( array( 'Error Number: '.$error_no, diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 6c559bb25..e14bc2f94 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -54,10 +54,8 @@ if ( ! function_exists('now')) return $system_time; } - else - { - return time(); - } + + return time(); } } @@ -85,12 +83,18 @@ if ( ! function_exists('mdate')) function mdate($datestr = '', $time = '') { if ($datestr == '') - return ''; + { + return ''; + } - if ($time == '') - $time = now(); + $time = ($time == '') ? now() : $time; + + $datestr = str_replace( + '%\\', + '', + preg_replace("/([a-z]+?){1}/i", "\\\\\\1", $datestr) + ); - $datestr = str_replace('%\\', '', preg_replace("/([a-z]+?){1}/i", "\\\\\\1", $datestr)); return date($datestr, $time); } } @@ -162,14 +166,7 @@ if ( ! function_exists('timespan')) $time = time(); } - if ($time <= $seconds) - { - $seconds = 1; - } - else - { - $seconds = $time - $seconds; - } + $seconds = ($time <= $seconds) ? 1 : $time - $seconds; $str = ''; $years = floor($seconds / 31536000); @@ -303,9 +300,18 @@ if ( ! function_exists('local_to_gmt')) function local_to_gmt($time = '') { if ($time == '') + { $time = time(); - - return mktime( gmdate("H", $time), gmdate("i", $time), gmdate("s", $time), gmdate("m", $time), gmdate("d", $time), gmdate("Y", $time)); + } + + return mktime( + gmdate("H", $time), + gmdate("i", $time), + gmdate("s", $time), + gmdate("m", $time), + gmdate("d", $time), + gmdate("Y", $time) + ); } } @@ -366,14 +372,14 @@ if ( ! function_exists('mysql_to_unix')) $time = str_replace(' ', '', $time); // YYYYMMDDHHMMSS - return mktime( - substr($time, 8, 2), - substr($time, 10, 2), - substr($time, 12, 2), - substr($time, 4, 2), - substr($time, 6, 2), - substr($time, 0, 4) - ); + return mktime( + substr($time, 8, 2), + substr($time, 10, 2), + substr($time, 12, 2), + substr($time, 4, 2), + substr($time, 6, 2), + substr($time, 0, 4) + ); } } @@ -475,13 +481,19 @@ if ( ! function_exists('human_to_unix')) $ampm = strtolower($split['2']); if (substr($ampm, 0, 1) == 'p' AND $hour < 12) - $hour = $hour + 12; + { + $hour = $hour + 12; + } if (substr($ampm, 0, 1) == 'a' AND $hour == 12) + { $hour = '00'; - + } + if (strlen($hour) == 1) - $hour = '0'.$hour; + { + $hour = '0'.$hour; + } } return mktime($hour, $min, $sec, $month, $day, $year); @@ -501,16 +513,16 @@ if ( ! function_exists('human_to_unix')) */ if ( ! function_exists('nice_date')) { - function nice_date($bad_date='', $format=false) + function nice_date($bad_date = '', $format = FALSE) { if (empty($bad_date)) { return 'Unknown'; } + // Date like: YYYYMM - if (preg_match('/^\d{6}$/',$bad_date)) + if (preg_match('/^\d{6}$/', $bad_date)) { - //echo $bad_date." "; if (in_array(substr($bad_date, 0, 2),array('19', '20'))) { $year = substr($bad_date, 0, 4); @@ -521,8 +533,8 @@ if ( ! function_exists('nice_date')) $month = substr($bad_date, 0, 2); $year = substr($bad_date, 2, 4); } + return date($format, strtotime($year . '-' . $month . '-01')); - } // Date Like: YYYYMMDD @@ -531,6 +543,7 @@ if ( ! function_exists('nice_date')) $month = substr($bad_date, 0, 2); $day = substr($bad_date, 2, 2); $year = substr($bad_date, 4, 4); + return date($format, strtotime($month . '/01/' . $year)); } @@ -574,8 +587,7 @@ if ( ! function_exists('timezone_menu')) $CI =& get_instance(); $CI->lang->load('date'); - if ($default == 'GMT') - $default = 'UTC'; + $default = ($default == 'GMT') ? 'UTC' : $default; $menu = '<select name="'.$name.'"'; @@ -618,60 +630,58 @@ if ( ! function_exists('timezones')) // some items appear to be in the wrong order $zones = array( - 'UM12' => -12, - 'UM11' => -11, - 'UM10' => -10, - 'UM95' => -9.5, - 'UM9' => -9, - 'UM8' => -8, - 'UM7' => -7, - 'UM6' => -6, - 'UM5' => -5, - 'UM45' => -4.5, - 'UM4' => -4, - 'UM35' => -3.5, - 'UM3' => -3, - 'UM2' => -2, - 'UM1' => -1, - 'UTC' => 0, - 'UP1' => +1, - 'UP2' => +2, - 'UP3' => +3, - 'UP35' => +3.5, - 'UP4' => +4, - 'UP45' => +4.5, - 'UP5' => +5, - 'UP55' => +5.5, - 'UP575' => +5.75, - 'UP6' => +6, - 'UP65' => +6.5, - 'UP7' => +7, - 'UP8' => +8, - 'UP875' => +8.75, - 'UP9' => +9, - 'UP95' => +9.5, - 'UP10' => +10, - 'UP105' => +10.5, - 'UP11' => +11, - 'UP115' => +11.5, - 'UP12' => +12, - 'UP1275' => +12.75, - 'UP13' => +13, - 'UP14' => +14 - ); + 'UM12' => -12, + 'UM11' => -11, + 'UM10' => -10, + 'UM95' => -9.5, + 'UM9' => -9, + 'UM8' => -8, + 'UM7' => -7, + 'UM6' => -6, + 'UM5' => -5, + 'UM45' => -4.5, + 'UM4' => -4, + 'UM35' => -3.5, + 'UM3' => -3, + 'UM2' => -2, + 'UM1' => -1, + 'UTC' => 0, + 'UP1' => +1, + 'UP2' => +2, + 'UP3' => +3, + 'UP35' => +3.5, + 'UP4' => +4, + 'UP45' => +4.5, + 'UP5' => +5, + 'UP55' => +5.5, + 'UP575' => +5.75, + 'UP6' => +6, + 'UP65' => +6.5, + 'UP7' => +7, + 'UP8' => +8, + 'UP875' => +8.75, + 'UP9' => +9, + 'UP95' => +9.5, + 'UP10' => +10, + 'UP105' => +10.5, + 'UP11' => +11, + 'UP115' => +11.5, + 'UP12' => +12, + 'UP1275' => +12.75, + 'UP13' => +13, + 'UP14' => +14 + ); if ($tz == '') { return $zones; } - - if ($tz == 'GMT') - $tz = 'UTC'; - + + $tz = ($tz == 'GMT') ? 'UTC' : $tz; + return ( ! isset($zones[$tz])) ? 0 : $zones[$tz]; } } - /* End of file date_helper.php */ /* Location: ./system/helpers/date_helper.php */
\ No newline at end of file diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d9305c00b..130daee6a 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -642,11 +642,8 @@ if ( ! function_exists('form_prep')) { return $str; } - - $str = htmlspecialchars($str); - - // In case htmlspecialchars misses these. - $str = str_replace(array("'", '"'), array("'", """), $str); + + $str = html_escape($str); if ($field_name != '') { diff --git a/system/helpers/typography_helper.php b/system/helpers/typography_helper.php index 19b4eec03..82e686e53 100644 --- a/system/helpers/typography_helper.php +++ b/system/helpers/typography_helper.php @@ -39,9 +39,7 @@ if ( ! function_exists('nl2br_except_pre')) function nl2br_except_pre($str) { $CI =& get_instance(); - $CI->load->library('typography'); - return $CI->typography->nl2br_except_pre($str); } } @@ -82,9 +80,15 @@ if ( ! function_exists('auto_typography')) */ if ( ! function_exists('entity_decode')) { - function entity_decode($str, $charset='UTF-8') + function entity_decode($str, $charset = NULL) { global $SEC; + + if (empty($charset)) + { + $charset = config_item('charset'); + } + return $SEC->entity_decode($str, $charset); } } diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 978b710be..e2ef2f455 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -65,42 +65,42 @@ Change Log <ul> <li>General Changes <ul> - <li class="reactor">Added Android to the list of user agents.</li> - <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> - <li class="reactor">Ability to log certain error types, not all under a threshold.</li> - <li class="reactor">Added html_escape() to <a href="general/common_functions.html">Common functions</a> to escape HTML output for preventing XSS.</li> + <li>Added Android to the list of user agents.</li> + <li>Callback validation rules can now accept parameters like any other validation rule.</li> + <li>Ability to log certain error types, not all under a threshold.</li> + <li>Added html_escape() to <a href="general/common_functions.html">Common functions</a> to escape HTML output for preventing XSS.</li> </ul> </li> <li>Helpers <ul> - <li class="reactor">Added <samp>increment_string()</samp> to <a href="helpers/string_helper.html">String Helper</a> to turn "foo" into "foo-1" or "foo-1" into "foo-2".</li> + <li>Added <samp>increment_string()</samp> to <a href="helpers/string_helper.html">String Helper</a> to turn "foo" into "foo-1" or "foo-1" into "foo-2".</li> <li>Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)</li> <li><samp>url_title()</samp> will now trim extra dashes from beginning and end.</li> </ul> </li> <li>Database <ul> - <li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="database/index.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> - <li class="reactor">Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li> - <li class="reactor"> + <li>Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="database/index.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> + <li>Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li> + <li> Added additional option 'none' for the optional third argument for <kbd>$this->db->like()</kbd> in the <a href="database/active_record.html">Database Driver</a>. </li> </ul> </li> <li>Libraries <ul> - <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> - <li class="reactor">Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation Library</a>.</li> - <li class="reactor">Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li> - <li class="reactor">Driver children can be located in any package path.</li> - <li class="reactor">Added max_filename_increment config setting for Upload library.</li> + <li>Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> + <li>Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation Library</a>.</li> + <li>Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li> + <li>Driver children can be located in any package path.</li> + <li>Added max_filename_increment config setting for Upload library.</li> <li><samp>CI_Loader::_ci_autoloader()</samp> is now a protected method.</li> - <li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> + <li>Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> </ul> </li> <li>Core <ul> - <li class="reactor">Changed private functions in CI_URI to protected so MY_URI can override them.</li> + <li>Changed private functions in CI_URI to protected so MY_URI can override them.</li> </ul> </li> </ul> @@ -112,6 +112,7 @@ Change Log <li class="reactor">Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.</li> <li class="rector">Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.</li> <li class="reactor">Fixed a bug (#200) where MySQL queries would be malformed after calling <samp>count_all()</samp> then <samp>db->get()</samp></li> + <li class="reactor">Fixed bug #105 that stopped query errors from being logged unless database debugging was enabled</li> <li>Fixed a bug (#181) where a mis-spelling was in the form validation language file.</li> <li>Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.</li> <li>Fixed a bug (#150) - <samp>field_data()</samp> now correctly returns column length.</li> diff --git a/user_guide/installation/upgrade_210.html b/user_guide/installation/upgrade_210.html new file mode 100644 index 000000000..9f8204a7c --- /dev/null +++ b/user_guide/installation/upgrade_210.html @@ -0,0 +1,87 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<title>Upgrading from 2.0.3 to 2.1.0 : CodeIgniter User Guide</title> + +<style type='text/css' media='all'>@import url('../userguide.css');</style> +<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' /> + +<script type="text/javascript" src="../nav/nav.js"></script> +<script type="text/javascript" src="../nav/prototype.lite.js"></script> +<script type="text/javascript" src="../nav/moo.fx.js"></script> +<script type="text/javascript" src="../nav/user_guide_menu.js"></script> + +<meta http-equiv='expires' content='-1' /> +<meta http-equiv= 'pragma' content='no-cache' /> +<meta name='robots' content='all' /> +<meta name='author' content='ExpressionEngine Dev Team' /> +<meta name='description' content='CodeIgniter User Guide' /> + +</head> +<body> + +<!-- START NAVIGATION --> +<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div> +<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div> +<div id="masthead"> +<table cellpadding="0" cellspacing="0" border="0" style="width:100%"> +<tr> +<td><h1>CodeIgniter User Guide Version 2.1.0</h1></td> +<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> +</tr> +</table> +</div> +<!-- END NAVIGATION --> + + +<!-- START BREADCRUMB --> +<table cellpadding="0" cellspacing="0" border="0" style="width:100%"> +<tr> +<td id="breadcrumb"> +<a href="http://codeigniter.com/">CodeIgniter Home</a> › +<a href="../index.html">User Guide Home</a> › +Upgrading from 2.0.3 to 2.1.0 +</td> +<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td> +</tr> +</table> +<!-- END BREADCRUMB --> + +<br clear="all" /> + + +<!-- START CONTENT --> +<div id="content"> + +<h1>Upgrading from 2.0.3 to 2.1.0</h1> + +<p>Before performing an update you should take your site offline by replacing the index.php file with a static one.</p> + +<h2>Step 1: Update your CodeIgniter files</h2> + +<p>Replace all files and directories in your "system" folder and replace your index.php file. If any modifications were made to your index.php they will need to be made fresh in this new one.</p> + +<p class="important"><strong>Note:</strong> If you have any custom developed files in these folders please make copies of them first.</p> + + + + +</div> +<!-- END CONTENT --> + + +<div id="footer"> +<p> +Previous Topic: <a href="index.html">Installation Instructions</a> + · +<a href="#top">Top of Page</a> · +<a href="../index.html">User Guide Home</a> · +Next Topic: <a href="troubleshooting.html">Troubleshooting</a> +</p> +<p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2011 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> +</div> + +</body> +</html>
\ No newline at end of file |