diff options
| -rw-r--r-- | system/libraries/Form_validation.php | 55 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 19 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 7 |
3 files changed, 32 insertions, 49 deletions
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index ebbf123fd..3c9285294 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -230,7 +230,6 @@ class CI_Form_validation { { $this->_error_prefix = $prefix; $this->_error_suffix = $suffix; - return $this; } @@ -360,7 +359,7 @@ class CI_Form_validation { $this->set_rules($this->_config_rules); } - // We're we able to set the rules correctly? + // Were we able to set the rules correctly? if (count($this->_field_data) === 0) { log_message('debug', 'Unable to find validation rules'); @@ -377,7 +376,6 @@ class CI_Form_validation { { // Fetch the data from the corresponding $_POST or validation array and cache it in the _field_data array. // Depending on whether the field name is an array or a string will determine where we get it from. - if ($row['is_array'] === TRUE) { $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']); @@ -392,7 +390,6 @@ class CI_Form_validation { // Did we end up with any errors? $total_errors = count($this->_error_array); - if ($total_errors > 0) { $this->_safe_form_data = TRUE; @@ -506,8 +503,6 @@ class CI_Form_validation { return; } - // -------------------------------------------------------------------- - // If the field is blank, but NOT required, no further tests are necessary $callback = FALSE; if ( ! in_array('required', $rules) && is_null($postdata)) @@ -524,8 +519,6 @@ class CI_Form_validation { } } - // -------------------------------------------------------------------- - // Isset Test. Typically this rule will only apply to checkboxes. if (is_null($postdata) && $callback === FALSE) { @@ -587,11 +580,9 @@ class CI_Form_validation { $postdata = $this->_field_data[$row['field']]['postdata']; } - // -------------------------------------------------------------------- - // Is the rule a callback? $callback = FALSE; - if (substr($rule, 0, 9) === 'callback_') + if (strpos($rule, 'callback_') === 0) { $rule = substr($rule, 9); $callback = TRUE; @@ -611,11 +602,14 @@ class CI_Form_validation { { if ( ! method_exists($this->CI, $rule)) { - continue; + log_message('debug', 'Unable to find callback validation rule: '.$rule); + $result = FALSE; + } + else + { + // Run the function and grab the result + $result = $this->CI->$rule($postdata, $param); } - - // Run the function and grab the result - $result = $this->CI->$rule($postdata, $param); // Re-assign the result to the master data array if ($_in_array === TRUE) @@ -639,7 +633,7 @@ class CI_Form_validation { // Users can use any native PHP function call that has one param. if (function_exists($rule)) { - $result = $rule($postdata); + $result = ($param !== FALSE) ? $rule($postdata, $param) : $rule($postdata); if ($_in_array === TRUE) { @@ -653,6 +647,7 @@ class CI_Form_validation { else { log_message('debug', 'Unable to find validation rule: '.$rule); + $result = FALSE; } continue; @@ -721,7 +716,7 @@ class CI_Form_validation { { // Do we need to translate the field name? // We look for the prefix lang: to determine this - if (substr($fieldname, 0, 5) === 'lang:') + if (strpos($fieldname, 'lang:') === 0) { // Grab the variable $line = substr($fieldname, 5); @@ -785,7 +780,6 @@ class CI_Form_validation { } $field = $this->_field_data[$field]['postdata']; - if (is_array($field)) { if ( ! in_array($value, $field)) @@ -821,7 +815,6 @@ class CI_Form_validation { } $field = $this->_field_data[$field]['postdata']; - if (is_array($field)) { if ( ! in_array($value, $field)) @@ -829,12 +822,9 @@ class CI_Form_validation { return ''; } } - else + elseif (($field == '' OR $value == '') OR ($field != $value)) { - if (($field == '' OR $value == '') OR ($field != $value)) - { - return ''; - } + return ''; } return ' checked="checked"'; @@ -1099,19 +1089,6 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** - * Is Numeric - * - * @param string - * @return bool - */ - public function is_numeric($str) - { - return is_numeric($str); - } - - // -------------------------------------------------------------------- - - /** * Integer * * @param string @@ -1270,12 +1247,12 @@ class CI_Form_validation { */ public function prep_url($str = '') { - if ($str == 'http://' OR $str == '') + if ($str === 'http://' OR $str == '') { return ''; } - if (substr($str, 0, 7) !== 'http://' && substr($str, 0, 8) !== 'https://') + if (strpos($str, 'http://') !== 0 && strpos($str, 'https://') !== 0) { return 'http://'.$str; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index fe0670a82..9929cc368 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -101,7 +101,7 @@ Release Date: Not Released - It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites. - Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe" - Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability - - Image manipulation library changes include: + - :doc:`Image Manipulation library <libraries/image_lib>` changes include: - The initialize() method now only sets existing class properties. - Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them. - Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method @@ -110,13 +110,17 @@ Release Date: Not Released - Minor speed optimizations and method & property visibility declarations in the Calendar Library. - Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`. - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional. + - :doc:`Form Validation library <libraries/form_validation>` changes include: + - Added method error_array() to return all error messages as an array. + - Added method set_data() to set an alternative data array to be validated instead of the default $_POST. + - Added method reset_validation(), which resets internal validation variables in case of multiple validation routines. + - Added support for setting error delimiters in the config file via $config['error_prefix'] and $config['error_suffix']. + - _execute() now considers input data to be invalid if a specified rule is not found. + - Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (the 'is_numeric' rule itself is deprecated since 1.6.1). + - Native PHP functions used as rules can now accept an additional parameter, other than the data itself. + - Changed the :doc:`Session Library <libraries/sessions>` to select only one row when using database sessions. - Added all_flashdata() method to session class. Returns an associative array of only flashdata. - Allowed for setting table class defaults in a config file. - - Form Validation library now allows setting of error delimiters in the config file via $config['error_prefix'] and $config['error_suffix']. - - Added function error_array() to return all error messages as an array in the Form_validation class. - - Added function set_data() to Form_validation library, which can be used in place of the default $_POST array. - - Added function reset_validation() to form validation library, which resets internal validation variables in case of multiple validation routines. - - Changed the Session library to select only one row when using database sessions. - Added a Wincache driver to the `Caching Library <libraries/caching>`. - Added dsn (delivery status notification) option to the :doc:`Email Library <libraries/email>`. @@ -189,11 +193,12 @@ Bug fixes for 3.0 - Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set. - Fixed a bug (#1238) - delete_all() in the `Database Caching Library <database/caching>` used to delete .htaccess and index.html files, which is a potential security risk. - Fixed a bug in :doc:`Trackback Library <libraries/trackback>` method validate_url() where it didn't actually do anything, due to input not being passed by reference. +- Fixed a bug (#11, #183, #863) - CI_Form_validation::_execute() silently continued to the next rule, if a rule method/function is not found. Version 2.1.1 ============= -Release Date: Not Released +Release Date: November 14, 2011 - General Changes - Fixed support for docx, xlsx files in mimes.php. diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 3e8855f60..ef4be5601 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -321,7 +321,7 @@ password to MD5, and running the username through the "xss_clean" function, which removes malicious data. **Any native PHP function that accepts one parameter can be used as a -rule, like htmlspecialchars, trim, MD5, etc.** +rule, like htmlspecialchars, trim, md5, etc.** .. note:: You will generally want to use the prepping functions **after** the validation rules so if there is an error, the original @@ -892,8 +892,9 @@ Rule Parameter Description $this->form_validation->required($string); -.. note:: You can also use any native PHP functions that permit one - parameter. +.. note:: You can also use any native PHP functions that permit up + to two parameters, where at least one is required (to pass + the field data). ****************** Prepping Reference |