diff options
| -rw-r--r-- | system/core/Loader.php | 15 | ||||
| -rw-r--r-- | system/database/DB_active_rec.php | 2 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 4 | ||||
| -rw-r--r-- | system/helpers/html_helper.php | 4 | ||||
| -rw-r--r-- | system/libraries/Cart.php | 12 | ||||
| -rw-r--r-- | system/libraries/Email.php | 118 | ||||
| -rw-r--r-- | user_guide/changelog.html | 6 | ||||
| -rw-r--r-- | user_guide/libraries/cart.html | 25 | ||||
| -rw-r--r-- | user_guide/libraries/loader.html | 6 |
9 files changed, 112 insertions, 80 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php index 721c196cc..7c8b298ac 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -389,6 +389,21 @@ class CI_Loader { // -------------------------------------------------------------------- /** + * Get Variable + * + * Check if a variable is set and retrieve it. + * + * @param array + * @return void + */ + public function get_var($key) + { + return isset($this->_ci_cached_vars[$key]) ? $this->_ci_cached_vars[$key] : NULL; + } + + // -------------------------------------------------------------------- + + /** * Load Helper * * This function loads the specified helper file. diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index bc11ff436..0a25b3cb5 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -790,7 +790,7 @@ class CI_DB_active_record extends CI_DB_driver { if ($v != '') { - $v = ' '.$this->escape_str($v); + $v = ' '.$this->escape($v); } $this->ar_having[] = $prefix.$k.$v; diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 2925d3c7c..5720a06ec 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -64,8 +64,8 @@ if ( ! function_exists('form_open')) $form .= '>'; - // CSRF - if ($CI->config->item('csrf_protection') === TRUE) + // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites + if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } diff --git a/system/helpers/html_helper.php b/system/helpers/html_helper.php index 080f622dd..b64b60650 100644 --- a/system/helpers/html_helper.php +++ b/system/helpers/html_helper.php @@ -124,6 +124,10 @@ if ( ! function_exists('_list')) } $attributes = $atts; } + elseif (is_string($attributes) AND strlen($attributes) > 0) + { + $attributes = ' '. $attributes; + } // Write the opening list tag $out .= "<".$type.$attributes.">\n"; diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index 7f65b48b9..ab5a70c98 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -99,7 +99,7 @@ class CI_Cart { $save_cart = FALSE; if (isset($items['id'])) { - if ($this->_insert($items) == TRUE) + if (($rowid = $this->_insert($items))) { $save_cart = TRUE; } @@ -110,7 +110,7 @@ class CI_Cart { { if (is_array($val) AND isset($val['id'])) { - if ($this->_insert($val) == TRUE) + if ($this->_insert($val)) { $save_cart = TRUE; } @@ -122,7 +122,7 @@ class CI_Cart { if ($save_cart == TRUE) { $this->_save_cart(); - return TRUE; + return isset($rowid) ? $rowid : TRUE; } return FALSE; @@ -244,7 +244,7 @@ class CI_Cart { } // Woot! - return TRUE; + return $rowid; } // -------------------------------------------------------------------- @@ -374,6 +374,7 @@ class CI_Cart { // Lets add up the individual prices and set the cart sub-total $total = 0; + $items = 0; foreach ($this->_cart_contents as $key => $val) { // We make sure the array contains the proper indexes @@ -383,13 +384,14 @@ class CI_Cart { } $total += ($val['price'] * $val['qty']); + $items += $val['qty']; // Set the subtotal $this->_cart_contents[$key]['subtotal'] = ($this->_cart_contents[$key]['price'] * $this->_cart_contents[$key]['qty']); } // Set the cart total and total items. - $this->_cart_contents['total_items'] = count($this->_cart_contents); + $this->_cart_contents['total_items'] = $items; $this->_cart_contents['cart_total'] = $total; // Is our cart empty? If so we delete it from the session diff --git a/system/libraries/Email.php b/system/libraries/Email.php index cd89f8f3d..9b3bc75e1 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -405,12 +405,12 @@ class CI_Email { /** * Add a Header Item * - * @access private + * @access protected * @param string * @param string * @return void */ - private function _set_header($header, $value) + protected function _set_header($header, $value) { $this->_headers[$header] = $value; } @@ -420,11 +420,11 @@ class CI_Email { /** * Convert a String to an Array * - * @access private + * @access protected * @param string * @return array */ - private function _str_to_array($email) + protected function _str_to_array($email) { if ( ! is_array($email)) { @@ -577,10 +577,10 @@ class CI_Email { /** * Set Message Boundary * - * @access private + * @access protected * @return void */ - private function _set_boundaries() + protected function _set_boundaries() { $this->_alt_boundary = "B_ALT_".uniqid(''); // multipart/alternative $this->_atc_boundary = "B_ATC_".uniqid(''); // attachment boundary @@ -591,10 +591,10 @@ class CI_Email { /** * Get the Message ID * - * @access private + * @access protected * @return string */ - private function _get_message_id() + protected function _get_message_id() { $from = $this->_headers['Return-Path']; $from = str_replace(">", "", $from); @@ -608,11 +608,11 @@ class CI_Email { /** * Get Mail Protocol * - * @access private + * @access protected * @param bool * @return string */ - private function _get_protocol($return = TRUE) + protected function _get_protocol($return = TRUE) { $this->protocol = strtolower($this->protocol); $this->protocol = ( ! in_array($this->protocol, $this->_protocols, TRUE)) ? 'mail' : $this->protocol; @@ -628,11 +628,11 @@ class CI_Email { /** * Get Mail Encoding * - * @access private + * @access protected * @param bool * @return string */ - private function _get_encoding($return = TRUE) + protected function _get_encoding($return = TRUE) { $this->_encoding = ( ! in_array($this->_encoding, $this->_bit_depths)) ? '8bit' : $this->_encoding; @@ -655,10 +655,10 @@ class CI_Email { /** * Get content type (text/html/attachment) * - * @access private + * @access protected * @return string */ - private function _get_content_type() + protected function _get_content_type() { if ($this->mailtype == 'html' && count($this->_attach_name) == 0) { @@ -683,10 +683,10 @@ class CI_Email { /** * Set RFC 822 Date * - * @access private + * @access protected * @return string */ - private function _set_date() + protected function _set_date() { $timezone = date("Z"); $operator = (strncmp($timezone, '-', 1) == 0) ? '-' : '+'; @@ -701,10 +701,10 @@ class CI_Email { /** * Mime message * - * @access private + * @access protected * @return string */ - private function _get_mime_message() + protected function _get_mime_message() { return "This is a multi-part message in MIME format.".$this->newline."Your email application may not support this format."; } @@ -802,10 +802,10 @@ class CI_Email { * If the user hasn't specified his own alternative message * it creates one by stripping the HTML * - * @access private + * @access protected * @return string */ - private function _get_alt_message() + protected function _get_alt_message() { if ($this->alt_message != "") { @@ -941,11 +941,11 @@ class CI_Email { /** * Build final headers * - * @access private + * @access protected * @param string * @return string */ - private function _build_headers() + protected function _build_headers() { $this->_set_header('X-Sender', $this->clean_email($this->_headers['From'])); $this->_set_header('X-Mailer', $this->useragent); @@ -959,10 +959,10 @@ class CI_Email { /** * Write Headers as a string * - * @access private + * @access protected * @return void */ - private function _write_headers() + protected function _write_headers() { if ($this->protocol == 'mail') { @@ -994,10 +994,10 @@ class CI_Email { /** * Build Final Body and attachments * - * @access private + * @access protected * @return void */ - private function _build_message() + protected function _build_message() { if ($this->wordwrap === TRUE AND $this->mailtype != 'html') { @@ -1177,12 +1177,12 @@ class CI_Email { * Prepares string for Quoted-Printable Content-Transfer-Encoding * Refer to RFC 2045 http://www.ietf.org/rfc/rfc2045.txt * - * @access private + * @access protected * @param string * @param integer * @return string */ - private function _prep_quoted_printable($str, $charlim = '') + protected function _prep_quoted_printable($str, $charlim = '') { // Set the character limit // Don't allow over 76, as that will make servers and MUAs barf @@ -1275,7 +1275,7 @@ class CI_Email { * @param bool // set to TRUE for processing From: headers * @return str */ - private function _prep_q_encoding($str, $from = FALSE) + protected function _prep_q_encoding($str, $from = FALSE) { $str = str_replace(array("\r", "\n"), array('', ''), $str); @@ -1440,10 +1440,10 @@ class CI_Email { /** * Unwrap special elements * - * @access private + * @access protected * @return void */ - private function _unwrap_specials() + protected function _unwrap_specials() { $this->_finalbody = preg_replace_callback("/\{unwrap\}(.*?)\{\/unwrap\}/si", array($this, '_remove_nl_callback'), $this->_finalbody); } @@ -1453,10 +1453,10 @@ class CI_Email { /** * Strip line-breaks via callback * - * @access private + * @access protected * @return string */ - private function _remove_nl_callback($matches) + protected function _remove_nl_callback($matches) { if (strpos($matches[1], "\r") !== FALSE OR strpos($matches[1], "\n") !== FALSE) { @@ -1471,10 +1471,10 @@ class CI_Email { /** * Spool mail to the mail server * - * @access private + * @access protected * @return bool */ - private function _spool_email() + protected function _spool_email() { $this->_unwrap_specials(); @@ -1516,10 +1516,10 @@ class CI_Email { /** * Send using mail() * - * @access private + * @access protected * @return bool */ - private function _send_with_mail() + protected function _send_with_mail() { if ($this->_safe_mode == TRUE) { @@ -1553,10 +1553,10 @@ class CI_Email { /** * Send using Sendmail * - * @access private + * @access protected * @return bool */ - private function _send_with_sendmail() + protected function _send_with_sendmail() { $fp = @popen($this->mailpath . " -oi -f ".$this->clean_email($this->_headers['From'])." -t", 'w'); @@ -1591,10 +1591,10 @@ class CI_Email { /** * Send using SMTP * - * @access private + * @access protected * @return bool */ - private function _send_with_smtp() + protected function _send_with_smtp() { if ($this->smtp_host == '') { @@ -1660,11 +1660,11 @@ class CI_Email { /** * SMTP Connect * - * @access private + * @access protected * @param string * @return string */ - private function _smtp_connect() + protected function _smtp_connect() { $this->_smtp_connect = fsockopen($this->smtp_host, $this->smtp_port, @@ -1687,12 +1687,12 @@ class CI_Email { /** * Send SMTP command * - * @access private + * @access protected * @param string * @param string * @return string */ - private function _send_command($cmd, $data = '') + protected function _send_command($cmd, $data = '') { switch ($cmd) { @@ -1754,10 +1754,10 @@ class CI_Email { /** * SMTP Authenticate * - * @access private + * @access protected * @return bool */ - private function _smtp_authenticate() + protected function _smtp_authenticate() { if ( ! $this->_smtp_auth) { @@ -1808,10 +1808,10 @@ class CI_Email { /** * Send SMTP data * - * @access private + * @access protected * @return bool */ - private function _send_data($data) + protected function _send_data($data) { if ( ! fwrite($this->_smtp_connect, $data . $this->newline)) { @@ -1829,10 +1829,10 @@ class CI_Email { /** * Get SMTP data * - * @access private + * @access protected * @return string */ - private function _get_smtp_data() + protected function _get_smtp_data() { $data = ""; @@ -1854,10 +1854,10 @@ class CI_Email { /** * Get Hostname * - * @access private + * @access protected * @return string */ - private function _get_hostname() + protected function _get_hostname() { return (isset($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : 'localhost.localdomain'; } @@ -1867,10 +1867,10 @@ class CI_Email { /** * Get IP * - * @access private + * @access protected * @return string */ - private function _get_ip() + protected function _get_ip() { if ($this->_IP !== FALSE) { @@ -1933,11 +1933,11 @@ class CI_Email { /** * Set Message * - * @access private + * @access protected * @param string * @return string */ - private function _set_error_message($msg, $val = '') + protected function _set_error_message($msg, $val = '') { $CI =& get_instance(); $CI->lang->load('email'); @@ -1957,11 +1957,11 @@ class CI_Email { /** * Mime Types * - * @access private + * @access protected * @param string * @return string */ - private function _mime_types($ext = "") + protected function _mime_types($ext = "") { $mimes = array( 'hqx' => 'application/mac-binhex40', 'cpt' => 'application/mac-compactpro', diff --git a/user_guide/changelog.html b/user_guide/changelog.html index d6116d0ce..4cf40a153 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -75,11 +75,13 @@ Change Log <li>Removed internal usage of the <samp>EXT</samp> constant.</li> <li>Visual updates to the welcome_message view file and default error templates. Thanks to <a href="https://bitbucket.org/danijelb">danijelb</a> for the pull request.</li> <li>Added <samp>insert_batch()</samp> function to the PostgreSQL database driver. Thanks to epallerols for the patch.</li> + <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> </ul> </li> <li>Helpers <ul> <li>Added an optional third parameter to <samp>heading()</samp> which allows adding html attributes to the rendered heading tag.</li> + <li class="reactor"><kbd>form_open()</kbd> now only adds a hidden (Cross-site Reference Forgery) protection field when the form's action is internal and is set to the post method. (Reactor #165)</li> </ul> </li> <li>Libraries @@ -87,6 +89,9 @@ Change Log <li>Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.</li> <li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> <li class="reactor">Added <kbd>$this->db->set_dbprefix()</kbd> to the <a href="database/queries.html">Database Driver</a>.</li> + <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> + <li class="reactor">Added <kbd>$this->load->get_var()</kbd> to the <a href="libraries/loader.html">Loader library</a> to retrieve global vars set with <kbd>$this->load->view()</kbd> and <kbd>$this->load->vars()</kbd>.</li> + <li>Changed <kbd>$this->db->having()</kbd> to insert quotes using escape() rather than escape_str().</li> <li class="reactor">Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation library</a>.</li> </ul> </li> @@ -100,6 +105,7 @@ Change Log <li>Fixed a bug (Reactor #231) where Sessions Library database table example SQL did not contain an index on last_activity. See <a href="installation/upgrade_203.html">Upgrade Notes</a>.</li> <li>Fixed a bug (Reactor #229) where the Sessions Library example SQL in the documentation contained incorrect SQL.</li> <li>Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped.</li> + <li class="reactor">Fixed a bug where the method <kbd>$this->cart->total_items()</kbd> from <a href="libraries/cart.html">Cart Library</a> now returns the sum of the quantity of all items in the cart instead of your total count.</li> </ul> <h2>Version 2.0.2</h2> diff --git a/user_guide/libraries/cart.html b/user_guide/libraries/cart.html index f084d5dcf..81b43e363 100644 --- a/user_guide/libraries/cart.html +++ b/user_guide/libraries/cart.html @@ -61,7 +61,7 @@ Shopping Cart Class <p>The Cart Class permits items to be added to a session that stays active while a user is browsing your site. These items can be retrieved and displayed in a standard "shopping cart" format, allowing the user to update the quantity or remove items from the cart.</p> -<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p> +<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p> <h2>Initializing the Shopping Cart Class</h2> @@ -106,20 +106,19 @@ It is intended to be used in cases where your product has options associated wit <li><strong>qty</strong> - The quantity being purchased. <li><strong>price</strong> - The price of the item. <li><strong>name</strong> - The name of the item. -<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array. +<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array. </ul> -<p>In addition to the five indexes above, there are two reserved words: <dfn>rowid</dfn> and <dfn>subtotal</dfn>. These are used internally by the Cart class, so -please do NOT use those words as index names when inserting data into the cart.</p> +<p>In addition to the five indexes above, there are two reserved words: <dfn>rowid</dfn> and <dfn>subtotal</dfn>. These are used internally by the Cart class, so please do NOT use those words as index names when inserting data into the cart.</p> -<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among -all your products in order to make displaying the information in a table easier.</p> +<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among all your products in order to make displaying the information in a table easier.</p> + +<p>The insert() method will return the $rowid if you successfully insert a single item.</p> <h2>Adding Multiple Items to The Cart</h2> -<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow -people to select from among several items on the same page.</p> +<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow people to select from among several items on the same page.</p> <code> @@ -265,11 +264,11 @@ $this->cart->update($data); </code> -<p><strong>What is a Row ID?</strong> The <kbd>row ID</kbd> is a unique identifier that is generated by the cart code when an item is added to the cart. The reason a +<p><strong>What is a Row ID?</strong> The <kbd>row ID</kbd> is a unique identifier that is generated by the cart code when an item is added to the cart. The reason a unique ID is created is so that identical products with different options can be managed by the cart.</p> -<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be -identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this +<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be +identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this difference so that the two sizes of shirts can be managed independently. It does so by creating a unique "row ID" based on the product ID and any options associated with it.</p> <p>In nearly all cases, updating the cart will be something the user does via the "view cart" page, so as a developer, it is unlikely that you will ever have to concern yourself @@ -311,7 +310,7 @@ function when the update form is submitted. Please examine the construction of t <h2>$this->cart->has_options(rowid);</h2> -<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p> +<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p> <h2>$this->cart->product_options(rowid);</h2> @@ -322,7 +321,7 @@ function when the update form is submitted. Please examine the construction of t <h2>$this->cart->destroy();</h2> -<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p> +<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p> diff --git a/user_guide/libraries/loader.html b/user_guide/libraries/loader.html index 1d93af5ed..a472730ca 100644 --- a/user_guide/libraries/loader.html +++ b/user_guide/libraries/loader.html @@ -175,6 +175,12 @@ and merged into one array for conversion to variables. </p> +<h2>$this->load->get_var(<samp>$key</samp>)</h2> + +<p>This function checks the associative array of variables available to your views. This is useful if for any reason a var is set in a library or another controller method using $this->load->vars(). +</p> + + <h2>$this->load->helper('<var>file_name</var>')</h2> <p>This function loads helper files, where <var>file_name</var> is the name of the file, without the <kbd>_helper.php</kbd> extension.</p> |