summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/config.php2
-rw-r--r--index.php57
-rwxr-xr-xsystem/core/CodeIgniter.php44
-rwxr-xr-xsystem/core/Input.php111
-rwxr-xr-xsystem/core/Model.php21
-rwxr-xr-xsystem/core/Security.php11
-rwxr-xr-xsystem/database/DB.php54
-rw-r--r--system/database/DB_active_rec.php404
-rw-r--r--system/database/DB_cache.php49
-rw-r--r--system/database/DB_forge.php94
-rw-r--r--system/database/DB_result.php83
-rw-r--r--system/database/DB_utility.php159
-rw-r--r--user_guide_src/source/changelog.rst2
-rw-r--r--user_guide_src/source/libraries/security.rst4
14 files changed, 373 insertions, 722 deletions
diff --git a/application/config/config.php b/application/config/config.php
index bb35324c3..17b854b29 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -326,12 +326,14 @@ $config['global_xss_filtering'] = FALSE;
| 'csrf_token_name' = The token name
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
+| 'csrf_regenerate' = Regenerate token on every submission
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
*/
$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
+$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
/*
diff --git a/index.php b/index.php
index 4ae1ceebd..1712a7d66 100644
--- a/index.php
+++ b/index.php
@@ -5,9 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -41,7 +41,6 @@
* production
*
* NOTE: If you change these, also change the error_reporting() code below
- *
*/
define('ENVIRONMENT', 'development');
/*
@@ -60,12 +59,10 @@ if (defined('ENVIRONMENT'))
case 'development':
error_reporting(-1);
break;
-
case 'testing':
case 'production':
error_reporting(0);
break;
-
default:
exit('The application environment is not set correctly.');
}
@@ -79,7 +76,6 @@ if (defined('ENVIRONMENT'))
* This variable must contain the name of your "system" folder.
* Include the path if the folder is not in the same directory
* as this file.
- *
*/
$system_path = 'system';
@@ -90,30 +86,28 @@ if (defined('ENVIRONMENT'))
*
* If you want this front controller to use a different "application"
* folder then the default one you can set its name here. The folder
- * can also be renamed or relocated anywhere on your server. If
+ * can also be renamed or relocated anywhere on your server. If
* you do, use a full server path. For more info please see the user guide:
* http://codeigniter.com/user_guide/general/managing_apps.html
*
* NO TRAILING SLASH!
- *
*/
$application_folder = 'application';
-
+
/*
*---------------------------------------------------------------
* VIEW FOLDER NAME
*---------------------------------------------------------------
- *
- * If you want to move the view folder out of the application
+ *
+ * If you want to move the view folder out of the application
* folder set the path to the folder here. The folder can be renamed
- * and relocated anywhere on your server. If blank, it will default
- * to the standard location inside your application folder. If you
- * do move this, use the full server path to this folder
+ * and relocated anywhere on your server. If blank, it will default
+ * to the standard location inside your application folder. If you
+ * do move this, use the full server path to this folder.
*
* NO TRAILING SLASH!
- *
*/
- $view_folder = '';
+ $view_folder = '';
/*
@@ -123,18 +117,17 @@ if (defined('ENVIRONMENT'))
*
* Normally you will set your default controller in the routes.php file.
* You can, however, force a custom routing by hard-coding a
- * specific controller class/function here. For most applications, you
+ * specific controller class/function here. For most applications, you
* WILL NOT set your routing here, but it's an option for those
* special instances where you might want to override the standard
* routing in a specific front controller that shares a common CI installation.
*
- * IMPORTANT: If you set the routing here, NO OTHER controller will be
+ * IMPORTANT: If you set the routing here, NO OTHER controller will be
* callable. In essence, this preference limits your application to ONE
- * specific controller. Leave the function name blank if you need
+ * specific controller. Leave the function name blank if you need
* to call functions dynamically via the URI.
*
* Un-comment the $routing array below to use this feature
- *
*/
// The directory name, relative to the "controllers" folder. Leave blank
// if your controller is not in a sub-folder within the "controllers" folder
@@ -160,7 +153,6 @@ if (defined('ENVIRONMENT'))
* config values.
*
* Un-comment the $assign_to_config array below to use this feature
- *
*/
// $assign_to_config['name_of_config_item'] = 'value of config item';
@@ -193,7 +185,7 @@ if (defined('ENVIRONMENT'))
// Is the system path correct?
if ( ! is_dir($system_path))
{
- exit("Your system folder path does not appear to be set correctly. Please open the following file and correct this: ".pathinfo(__FILE__, PATHINFO_BASENAME));
+ exit('Your system folder path does not appear to be set correctly. Please open the following file and correct this: '.pathinfo(__FILE__, PATHINFO_BASENAME));
}
/*
@@ -209,7 +201,7 @@ if (defined('ENVIRONMENT'))
define('EXT', '.php');
// Path to the system folder
- define('BASEPATH', str_replace("\\", "/", $system_path));
+ define('BASEPATH', str_replace('\\', '/', $system_path));
// Path to the front controller (this file)
define('FCPATH', str_replace(SELF, '', __FILE__));
@@ -217,7 +209,6 @@ if (defined('ENVIRONMENT'))
// Name of the "system folder"
define('SYSDIR', trim(strrchr(trim(BASEPATH, '/'), '/'), '/'));
-
// The path to the "application" folder
if (is_dir($application_folder))
{
@@ -227,27 +218,26 @@ if (defined('ENVIRONMENT'))
{
if ( ! is_dir(BASEPATH.$application_folder.'/'))
{
- exit("Your application folder path does not appear to be set correctly. Please open the following file and correct this: ".SELF);
+ exit('Your application folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF);
}
define('APPPATH', BASEPATH.$application_folder.'/');
}
-
+
// The path to the "views" folder
- if (is_dir($view_folder))
+ if (is_dir($view_folder))
{
define ('VIEWPATH', $view_folder .'/');
}
- else
+ else
{
if ( ! is_dir(APPPATH.'views/'))
{
- exit("Your view folder path does not appear to be set correctly. Please open the following file and correct this: ".SELF);
+ exit('Your view folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF);
}
-
- define ('VIEWPATH', APPPATH.'views/' );
+
+ define ('VIEWPATH', APPPATH.'views/' );
}
-
/*
* --------------------------------------------------------------------
@@ -255,9 +245,8 @@ if (defined('ENVIRONMENT'))
* --------------------------------------------------------------------
*
* And away we go...
- *
*/
require_once BASEPATH.'core/CodeIgniter.php';
/* End of file index.php */
-/* Location: ./index.php */ \ No newline at end of file
+/* Location: ./index.php */
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 5152073d5..cb5d439bd 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -59,7 +59,7 @@
* Load the framework constants
* ------------------------------------------------------
*/
- if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
+ if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
{
require(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
}
@@ -91,12 +91,12 @@
* "libraries" folder. Since CI allows config items to be
* overriden via data set in the main index. php file,
* before proceeding we need to know if a subclass_prefix
- * override exists. If so, we will set this value now,
+ * override exists. If so, we will set this value now,
* before any classes are loaded
* Note: Since the config file data is cached it doesn't
* hurt to load it here.
*/
- if (isset($assign_to_config['subclass_prefix']) AND $assign_to_config['subclass_prefix'] != '')
+ if (isset($assign_to_config['subclass_prefix']) && $assign_to_config['subclass_prefix'] != '')
{
get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix']));
}
@@ -106,13 +106,10 @@
* Set a liberal script execution time limit
* ------------------------------------------------------
*/
- if (function_exists("set_time_limit") AND @ini_get("safe_mode") == 0)
+ if (function_exists('set_time_limit') && @ini_get('safe_mode') == 0
+ && php_sapi_name() !== 'cli') // Do not override the Time Limit value if running from Command Line
{
- // Do not override the Time Limit value if running from Command Line
- if(php_sapi_name() != 'cli')
- {
- @set_time_limit(300);
- }
+ @set_time_limit(300);
}
/*
@@ -162,7 +159,6 @@
* after the Config class is instantiated.
*
*/
-
$UNI =& load_class('Utf8', 'core');
/*
@@ -195,15 +191,13 @@
/*
* ------------------------------------------------------
- * Is there a valid cache file? If so, we're done...
+ * Is there a valid cache file? If so, we're done...
* ------------------------------------------------------
*/
- if ($EXT->_call_hook('cache_override') === FALSE)
+ if ($EXT->_call_hook('cache_override') === FALSE
+ && $OUT->_display_cache($CFG, $URI) == TRUE)
{
- if ($OUT->_display_cache($CFG, $URI) == TRUE)
- {
- exit;
- }
+ exit;
}
/*
@@ -273,13 +267,13 @@
$method = $RTR->fetch_method();
if ( ! class_exists($class)
- OR strncmp($method, '_', 1) == 0
+ OR strpos($method, '_', 1) === 0
OR in_array(strtolower($method), array_map('strtolower', get_class_methods('CI_Controller')))
)
{
if ( ! empty($RTR->routes['404_override']))
{
- $x = explode('/', $RTR->routes['404_override']);
+ $x = explode('/', $RTR->routes['404_override'], 2);
$class = $x[0];
$method = (isset($x[1]) ? $x[1] : 'index');
if ( ! class_exists($class))
@@ -341,7 +335,7 @@
// Check and see if we are using a 404 override and use it.
if ( ! empty($RTR->routes['404_override']))
{
- $x = explode('/', $RTR->routes['404_override']);
+ $x = explode('/', $RTR->routes['404_override'], 2);
$class = $x[0];
$method = (isset($x[1]) ? $x[1] : 'index');
if ( ! class_exists($class))
@@ -367,7 +361,6 @@
call_user_func_array(array(&$CI, $method), array_slice($URI->rsegments, 2));
}
-
// Mark a benchmark end point
$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end');
@@ -400,11 +393,10 @@
* Close the DB connection if one exists
* ------------------------------------------------------
*/
- if (class_exists('CI_DB') AND isset($CI->db))
+ if (class_exists('CI_DB') && isset($CI->db))
{
$CI->db->close();
}
-
/* End of file CodeIgniter.php */
-/* Location: ./system/core/CodeIgniter.php */ \ No newline at end of file
+/* Location: ./system/core/CodeIgniter.php */
diff --git a/system/core/Input.php b/system/core/Input.php
index 7cfa4c63f..7a16e51ab 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -45,39 +45,39 @@ class CI_Input {
*
* @var string
*/
- var $ip_address = FALSE;
+ public $ip_address = FALSE;
/**
* user agent (web browser) being used by the current user
*
* @var string
*/
- var $user_agent = FALSE;
+ public $user_agent = FALSE;
/**
* If FALSE, then $_GET will be set to an empty array
*
* @var bool
*/
- var $_allow_get_array = TRUE;
+ protected $_allow_get_array = TRUE;
/**
* If TRUE, then newlines are standardized
*
* @var bool
*/
- var $_standardize_newlines = TRUE;
+ protected $_standardize_newlines = TRUE;
/**
* Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered
* Set automatically based on config setting
*
* @var bool
*/
- var $_enable_xss = FALSE;
+ protected $_enable_xss = FALSE;
/**
* Enables a CSRF cookie token to be set.
* Set automatically based on config setting
*
* @var bool
*/
- var $_enable_csrf = FALSE;
+ protected $_enable_csrf = FALSE;
/**
* List of all HTTP request headers
*
@@ -85,21 +85,19 @@ class CI_Input {
*/
protected $headers = array();
-
/**
* Constructor
*
* Sets whether to globally enable the XSS processing
* and whether to allow the $_GET array
- *
*/
public function __construct()
{
- log_message('debug', "Input Class Initialized");
+ log_message('debug', 'Input Class Initialized');
$this->_allow_get_array = (config_item('allow_get_array') === TRUE);
- $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
- $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
+ $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
+ $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
global $SEC;
$this->security =& $SEC;
@@ -122,7 +120,6 @@ class CI_Input {
*
* This is a helper function to retrieve values from global arrays
*
- * @access protected
* @param array
* @param string
* @param bool
@@ -148,7 +145,6 @@ class CI_Input {
/**
* Fetch an item from the GET array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -176,7 +172,6 @@ class CI_Input {
/**
* Fetch an item from the POST array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -205,21 +200,15 @@ class CI_Input {
/**
* Fetch an item from either the GET array or the POST
*
- * @access public
* @param string The index key
* @param bool XSS cleaning
* @return string
*/
public function get_post($index = '', $xss_clean = FALSE)
{
- if ( ! isset($_POST[$index]) )
- {
- return $this->get($index, $xss_clean);
- }
- else
- {
- return $this->post($index, $xss_clean);
- }
+ return ( ! isset($_POST[$index]))
+ ? $this->get($index, $xss_clean)
+ : $this->post($index, $xss_clean);
}
// --------------------------------------------------------------------
@@ -227,7 +216,6 @@ class CI_Input {
/**
* Fetch an item from the COOKIE array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -245,7 +233,6 @@ class CI_Input {
* Accepts six parameter, or you can submit an associative
* array in the first parameter containing all the values.
*
- * @access public
* @param mixed
* @param string the value of the cookie
* @param string the number of seconds until expiration
@@ -303,7 +290,6 @@ class CI_Input {
/**
* Fetch an item from the SERVER array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -318,7 +304,6 @@ class CI_Input {
/**
* Fetch the IP Address
*
- * @access public
* @return string
*/
public function ip_address()
@@ -335,7 +320,7 @@ class CI_Input {
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
- elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR'))
+ elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR'))
{
$this->ip_address = $_SERVER['REMOTE_ADDR'];
}
@@ -354,8 +339,7 @@ class CI_Input {
if ($this->ip_address === FALSE)
{
- $this->ip_address = '0.0.0.0';
- return $this->ip_address;
+ return $this->ip_address = '0.0.0.0';
}
if (strpos($this->ip_address, ',') !== FALSE)
@@ -366,7 +350,7 @@ class CI_Input {
if ( ! $this->valid_ip($this->ip_address))
{
- $this->ip_address = '0.0.0.0';
+ return $this->ip_address = '0.0.0.0';
}
return $this->ip_address;
@@ -379,7 +363,6 @@ class CI_Input {
*
* Updated version suggested by Geert De Deckere
*
- * @access public
* @param string
* @return bool
*/
@@ -394,7 +377,7 @@ class CI_Input {
$ip_segments = explode('.', $ip);
// Always 4 segments needed
- if (count($ip_segments) != 4)
+ if (count($ip_segments) !== 4)
{
return FALSE;
}
@@ -408,7 +391,7 @@ class CI_Input {
{
// IP segments must be digits and can not be
// longer than 3 digits or greater then 255
- if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3)
+ if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3)
{
return FALSE;
}
@@ -422,7 +405,6 @@ class CI_Input {
/**
* User Agent
*
- * @access public
* @return string
*/
public function user_agent()
@@ -432,9 +414,7 @@ class CI_Input {
return $this->user_agent;
}
- $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];
-
- return $this->user_agent;
+ return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];
}
// --------------------------------------------------------------------
@@ -444,22 +424,20 @@ class CI_Input {
*
* This function does the following:
*
- * Unsets $_GET data (if query strings are not enabled)
- *
- * Unsets all globals if register_globals is enabled
+ * - Unsets $_GET data (if query strings are not enabled)
+ * - Unsets all globals if register_globals is enabled
+ * - Standardizes newline characters to \n
*
- * Standardizes newline characters to \n
- *
- * @access private
* @return void
*/
- private function _sanitize_globals()
+ protected function _sanitize_globals()
{
// It would be "wrong" to unset any of these GLOBALS.
$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
- '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
- 'system_folder', 'application_folder', 'BM', 'EXT',
- 'CFG', 'URI', 'RTR', 'OUT', 'IN');
+ '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
+ 'system_folder', 'application_folder', 'BM', 'EXT',
+ 'CFG', 'URI', 'RTR', 'OUT', 'IN'
+ );
// Unset globals for securiy.
// This is effectively the same as register_globals = off
@@ -532,14 +510,13 @@ class CI_Input {
// Sanitize PHP_SELF
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
-
// CSRF Protection check
if ($this->_enable_csrf == TRUE)
{
$this->security->csrf_verify();
}
- log_message('debug', "Global POST and COOKIE data sanitized");
+ log_message('debug', 'Global POST and COOKIE data sanitized');
}
// --------------------------------------------------------------------
@@ -550,11 +527,10 @@ class CI_Input {
* This is a helper function. It escapes data and
* standardizes newline characters to \n
*
- * @access private
* @param string
* @return string
*/
- private function _clean_input_data($str)
+ protected function _clean_input_data($str)
{
if (is_array($str))
{
@@ -592,12 +568,9 @@ class CI_Input {
}
// Standardize newlines if needed
- if ($this->_standardize_newlines == TRUE)
+ if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE)
{
- if (strpos($str, "\r") !== FALSE)
- {
- $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str);
- }
+ return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str);
}
return $str;
@@ -612,13 +585,12 @@ class CI_Input {
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
- * @access private
* @param string
* @return string
*/
- private function _clean_input_keys($str)
+ protected function _clean_input_keys($str)
{
- if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
+ if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
{
exit('Disallowed Key Characters.');
}
@@ -626,7 +598,7 @@ class CI_Input {
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE)
{
- $str = $this->uni->clean_string($str);
+ return $this->uni->clean_string($str);
}
return $str;
@@ -640,10 +612,8 @@ class CI_Input {
* In Apache, you can simply call apache_request_headers(), however for
* people running other webservers the function is undefined.
*
- * @access public
* @param bool XSS cleaning
- *
- * @return array
+ * @return array
*/
public function request_headers($xss_clean = FALSE)
{
@@ -658,7 +628,7 @@ class CI_Input {
foreach ($_SERVER as $key => $val)
{
- if (strncmp($key, 'HTTP_', 5) === 0)
+ if (strpos($key, 'HTTP_') === 0)
{
$headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
}
@@ -684,7 +654,6 @@ class CI_Input {
*
* Returns the value of a single member of the headers class member
*
- * @access public
* @param string array key for $this->headers
* @param boolean XSS Clean or not
* @return mixed FALSE on failure, string on success
@@ -716,7 +685,6 @@ class CI_Input {
*
* Test to see if a request contains the HTTP_X_REQUESTED_WITH header
*
- * @access public
* @return boolean
*/
public function is_ajax_request()
@@ -731,12 +699,11 @@ class CI_Input {
*
* Test to see if a request was made from the command line
*
- * @access public
* @return boolean
*/
public function is_cli_request()
{
- return (php_sapi_name() == 'cli') or defined('STDIN');
+ return (php_sapi_name() === 'cli') or defined('STDIN');
}
}
diff --git a/system/core/Model.php b/system/core/Model.php
index fc640139a..a595a6ae2 100755
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -38,14 +38,9 @@
*/
class CI_Model {
- /**
- * Constructor
- *
- * @access public
- */
- function __construct()
+ public function __construct()
{
- log_message('debug', "Model Class Initialized");
+ log_message('debug', 'Model Class Initialized');
}
/**
@@ -55,15 +50,13 @@ class CI_Model {
* syntax as controllers.
*
* @param string
- * @access private
*/
- function __get($key)
+ public function __get($key)
{
$CI =& get_instance();
return $CI->$key;
}
}
-// END Model Class
/* End of file Model.php */
-/* Location: ./system/core/Model.php */ \ No newline at end of file
+/* Location: ./system/core/Model.php */
diff --git a/system/core/Security.php b/system/core/Security.php
index 272a8bf3f..f7998da60 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -180,9 +180,14 @@ class CI_Security {
// polute the _POST array
unset($_POST[$this->_csrf_token_name]);
- // Nothing should last forever
- unset($_COOKIE[$this->_csrf_cookie_name]);
- $this->_csrf_hash = '';
+ // Regenerate on every submission?
+ if (config_item('csrf_regenerate'))
+ {
+ // Nothing should last forever
+ unset($_COOKIE[$this->_csrf_cookie_name]);
+ $this->_csrf_hash = '';
+ }
+
$this->_csrf_set_hash();
$this->csrf_set_cookie();
diff --git a/system/database/DB.php b/system/database/DB.php
index a0106c133..ed6afd7ed 100755
--- a/system/database/DB.php
+++ b/system/database/DB.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Initialize the database
*
@@ -42,17 +40,15 @@ function &DB($params = '', $active_record_override = NULL)
if (is_string($params) AND strpos($params, '://') === FALSE)
{
// Is the config file in the environment folder?
- if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/database.php'))
+ if (( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/database.php'))
+ AND ! file_exists($file_path = APPPATH.'config/database.php'))
{
- if ( ! file_exists($file_path = APPPATH.'config/database.php'))
- {
- show_error('The configuration file database.php does not exist.');
- }
+ show_error('The configuration file database.php does not exist.');
}
include($file_path);
- if ( ! isset($db) OR count($db) == 0)
+ if ( ! isset($db) OR count($db) === 0)
{
show_error('No database connection settings were found in the database config file.');
}
@@ -78,33 +74,31 @@ function &DB($params = '', $active_record_override = NULL)
* parameter. DSNs must have this prototype:
* $dsn = 'driver://username:password@hostname/database';
*/
-
if (($dns = @parse_url($params)) === FALSE)
{
show_error('Invalid DB Connection String');
}
$params = array(
- 'dbdriver' => $dns['scheme'],
- 'hostname' => (isset($dns['host'])) ? rawurldecode($dns['host']) : '',
- 'username' => (isset($dns['user'])) ? rawurldecode($dns['user']) : '',
- 'password' => (isset($dns['pass'])) ? rawurldecode($dns['pass']) : '',
- 'database' => (isset($dns['path'])) ? rawurldecode(substr($dns['path'], 1)) : ''
- );
+ 'dbdriver' => $dns['scheme'],
+ 'hostname' => (isset($dns['host'])) ? rawurldecode($dns['host']) : '',
+ 'username' => (isset($dns['user'])) ? rawurldecode($dns['user']) : '',
+ 'password' => (isset($dns['pass'])) ? rawurldecode($dns['pass']) : '',
+ 'database' => (isset($dns['path'])) ? rawurldecode(substr($dns['path'], 1)) : ''
+ );
// were additional config items set?
if (isset($dns['query']))
{
parse_str($dns['query'], $extra);
-
foreach ($extra as $key => $val)
{
// booleans please
- if (strtoupper($val) == "TRUE")
+ if (strtoupper($val) === 'TRUE')
{
$val = TRUE;
}
- elseif (strtoupper($val) == "FALSE")
+ elseif (strtoupper($val) === 'FALSE')
{
$val = FALSE;
}
@@ -114,17 +108,15 @@ function &DB($params = '', $active_record_override = NULL)
}
}
- // No DB specified yet? Beat them senseless...
+ // No DB specified yet? Beat them senseless...
if ( ! isset($params['dbdriver']) OR $params['dbdriver'] == '')
{
show_error('You have not selected a database type to connect to.');
}
- // Load the DB classes. Note: Since the active record class is optional
+ // Load the DB classes. Note: Since the active record class is optional
// we need to dynamically create a class that extends proper parent class
// based on whether we're using the active record class or not.
- // Kudos to Paul for discovering this clever use of eval()
-
if ($active_record_override !== NULL)
{
$active_record = $active_record_override;
@@ -135,18 +127,14 @@ function &DB($params = '', $active_record_override = NULL)
if ( ! isset($active_record) OR $active_record == TRUE)
{
require_once(BASEPATH.'database/DB_active_rec.php');
-
if ( ! class_exists('CI_DB'))
{
class CI_DB extends CI_DB_active_record { }
}
}
- else
+ elseif ( ! class_exists('CI_DB'))
{
- if ( ! class_exists('CI_DB'))
- {
- class CI_DB extends CI_DB_driver { }
- }
+ class CI_DB extends CI_DB_driver { }
}
require_once(BASEPATH.'database/drivers/'.$params['dbdriver'].'/'.$params['dbdriver'].'_driver.php');
@@ -168,7 +156,5 @@ function &DB($params = '', $active_record_override = NULL)
return $DB;
}
-
-
/* End of file DB.php */
-/* Location: ./system/database/DB.php */ \ No newline at end of file
+/* Location: ./system/database/DB.php */
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php
index 486b4d775..71762a4de 100644
--- a/system/database/DB_active_rec.php
+++ b/system/database/DB_active_rec.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -43,23 +43,23 @@ class CI_DB_active_record extends CI_DB_driver {
protected $return_delete_sql = FALSE;
protected $reset_delete_data = FALSE;
- protected $ar_select = array();
- protected $ar_distinct = FALSE;
- protected $ar_from = array();
- protected $ar_join = array();
- protected $ar_where = array();
- protected $ar_like = array();
- protected $ar_groupby = array();
- protected $ar_having = array();
- protected $ar_keys = array();
- protected $ar_limit = FALSE;
- protected $ar_offset = FALSE;
- protected $ar_order = FALSE;
- protected $ar_orderby = array();
- protected $ar_set = array();
- protected $ar_wherein = array();
+ protected $ar_select = array();
+ protected $ar_distinct = FALSE;
+ protected $ar_from = array();
+ protected $ar_join = array();
+ protected $ar_where = array();
+ protected $ar_like = array();
+ protected $ar_groupby = array();
+ protected $ar_having = array();
+ protected $ar_keys = array();
+ protected $ar_limit = FALSE;
+ protected $ar_offset = FALSE;
+ protected $ar_order = FALSE;
+ protected $ar_orderby = array();
+ protected $ar_set = array();
+ protected $ar_wherein = array();
protected $ar_aliased_tables = array();
- protected $ar_store_array = array();
+ protected $ar_store_array = array();
protected $ar_where_group_started = FALSE;
protected $ar_where_group_count = 0;
@@ -77,9 +77,7 @@ class CI_DB_active_record extends CI_DB_driver {
protected $ar_cache_set = array();
protected $ar_no_escape = array();
- protected $ar_cache_no_escape = array();
-
- // --------------------------------------------------------------------
+ protected $ar_cache_no_escape = array();
/**
* Select
@@ -113,6 +111,7 @@ class CI_DB_active_record extends CI_DB_driver {
}
}
}
+
return $this;
}
@@ -188,7 +187,7 @@ class CI_DB_active_record extends CI_DB_driver {
* select_max()
* select_min()
* select_avg()
- * select_sum()
+ * select_sum()
*
* @param string the field
* @param string an alias
@@ -214,7 +213,6 @@ class CI_DB_active_record extends CI_DB_driver {
}
$sql = $this->_protect_identifiers($type.'('.trim($select).')').' AS '.$this->_protect_identifiers(trim($alias));
-
$this->ar_select[] = $sql;
if ($this->ar_caching === TRUE)
@@ -280,30 +278,27 @@ class CI_DB_active_record extends CI_DB_driver {
{
$v = trim($v);
$this->_track_aliases($v);
-
- $this->ar_from[] = $this->_protect_identifiers($v, TRUE, NULL, FALSE);
+ $v = $this->ar_from[] = $this->_protect_identifiers($v, TRUE, NULL, FALSE);
if ($this->ar_caching === TRUE)
{
- $this->ar_cache_from[] = $this->_protect_identifiers($v, TRUE, NULL, FALSE);
+ $this->ar_cache_from[] = $v;
$this->ar_cache_exists[] = 'from';
}
}
-
}
else
{
$val = trim($val);
- // Extract any aliases that might exist. We use this information
+ // Extract any aliases that might exist. We use this information
// in the _protect_identifiers to know whether to add a table prefix
$this->_track_aliases($val);
-
- $this->ar_from[] = $this->_protect_identifiers($val, TRUE, NULL, FALSE);
+ $this->ar_from[] = $val = $this->_protect_identifiers($val, TRUE, NULL, FALSE);
if ($this->ar_caching === TRUE)
{
- $this->ar_cache_from[] = $this->_protect_identifiers($val, TRUE, NULL, FALSE);
+ $this->ar_cache_from[] = $val;
$this->ar_cache_exists[] = 'from';
}
}
@@ -340,23 +335,19 @@ class CI_DB_active_record extends CI_DB_driver {
}
}
- // Extract any aliases that might exist. We use this information
+ // Extract any aliases that might exist. We use this information
// in the _protect_identifiers to know whether to add a table prefix
$this->_track_aliases($table);
// Strip apart the condition and protect the identifiers
if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match))
{
- $match[1] = $this->_protect_identifiers($match[1]);
- $match[3] = $this->_protect_identifiers($match[3]);
-
- $cond = $match[1].$match[2].$match[3];
+ $cond = $this->_protect_identifiers($match[1]).$match[2].$this->_protect_identifiers($match[3]);
}
// Assemble the JOIN statement
- $join = $type.'JOIN '.$this->_protect_identifiers($table, TRUE, NULL, FALSE).' ON '.$cond;
+ $this->ar_join[] = $join = $type.'JOIN '.$this->_protect_identifiers($table, TRUE, NULL, FALSE).' ON '.$cond;
- $this->ar_join[] = $join;
if ($this->ar_caching === TRUE)
{
$this->ar_cache_join[] = $join;
@@ -429,7 +420,7 @@ class CI_DB_active_record extends CI_DB_driver {
foreach ($key as $k => $v)
{
- $prefix = (count($this->ar_where) == 0 AND count($this->ar_cache_where) == 0) ? '' : $type;
+ $prefix = (count($this->ar_where) === 0 AND count($this->ar_cache_where) === 0) ? '' : $type;
if (is_null($v) && ! $this->_has_operator($k))
{
@@ -442,7 +433,6 @@ class CI_DB_active_record extends CI_DB_driver {
if ($escape === TRUE)
{
$k = $this->_protect_identifiers($k, FALSE, $escape);
-
$v = ' '.$this->escape($v);
}
@@ -457,7 +447,6 @@ class CI_DB_active_record extends CI_DB_driver {
}
$this->ar_where[] = $prefix.$k.$v;
-
if ($this->ar_caching === TRUE)
{
$this->ar_cache_where[] = $prefix.$k.$v;
@@ -571,11 +560,9 @@ class CI_DB_active_record extends CI_DB_driver {
$this->ar_wherein[] = $this->escape($value);
}
- $prefix = (count($this->ar_where) == 0) ? '' : $type;
-
- $where_in = $prefix . $this->_protect_identifiers($key) . $not . " IN (" . implode(", ", $this->ar_wherein) . ") ";
+ $prefix = (count($this->ar_where) === 0) ? '' : $type;
+ $this->ar_where[] = $where_in = $prefix.$this->_protect_identifiers($key).$not.' IN ('.implode(', ', $this->ar_wherein).') ';
- $this->ar_where[] = $where_in;
if ($this->ar_caching === TRUE)
{
$this->ar_cache_where[] = $where_in;
@@ -679,20 +666,18 @@ class CI_DB_active_record extends CI_DB_driver {
foreach ($field as $k => $v)
{
$k = $this->_protect_identifiers($k);
-
- $prefix = (count($this->ar_like) == 0) ? '' : $type;
-
+ $prefix = (count($this->ar_like) === 0) ? '' : $type;
$v = $this->escape_like_str($v);
- if ($side == 'none')
+ if ($side === 'none')
{
$like_statement = $prefix." $k $not LIKE '{$v}'";
}
- elseif ($side == 'before')
+ elseif ($side === 'before')
{
$like_statement = $prefix." $k $not LIKE '%{$v}'";
}
- elseif ($side == 'after')
+ elseif ($side === 'after')
{
$like_statement = $prefix." $k $not LIKE '{$v}%'";
}
@@ -715,6 +700,7 @@ class CI_DB_active_record extends CI_DB_driver {
}
}
+
return $this;
}
@@ -730,13 +716,10 @@ class CI_DB_active_record extends CI_DB_driver {
public function group_start($not = '', $type = 'AND ')
{
$type = $this->_group_get_type($type);
-
$this->ar_where_group_started = TRUE;
+ $prefix = (count($this->ar_where) === 0 AND count($this->ar_cache_where) === 0) ? '' : $type;
+ $this->ar_where[] = $value = $prefix.$not.str_repeat(' ', ++$this->ar_where_group_count).' (';
- $prefix = (count($this->ar_where) == 0 AND count($this->ar_cache_where) == 0) ? '' : $type;
- $value = $prefix . $not . str_repeat(' ', ++$this->ar_where_group_count) . ' (';
-
- $this->ar_where[] = $value;
if ($this->ar_caching)
{
$this->ar_cache_where[] = $value;
@@ -790,16 +773,14 @@ class CI_DB_active_record extends CI_DB_driver {
*/
public function group_end()
{
- $value = str_repeat(' ', $this->ar_where_group_count--) . ')';
+ $this->ar_where_group_started = FALSE;
+ $this->ar_where[] = $value = str_repeat(' ', $this->ar_where_group_count--) . ')';
- $this->ar_where[] = $value;
if ($this->ar_caching)
{
$this->ar_cache_where[] = $value;
}
- $this->ar_where_group_started = FALSE;
-
return $this;
}
@@ -845,15 +826,16 @@ class CI_DB_active_record extends CI_DB_driver {
if ($val != '')
{
- $this->ar_groupby[] = $this->_protect_identifiers($val);
+ $this->ar_groupby[] = $val = $this->_protect_identifiers($val);
if ($this->ar_caching === TRUE)
{
- $this->ar_cache_groupby[] = $this->_protect_identifiers($val);
+ $this->ar_cache_groupby[] = $val;
$this->ar_cache_exists[] = 'groupby';
}
}
}
+
return $this;
}
@@ -909,7 +891,7 @@ class CI_DB_active_record extends CI_DB_driver {
foreach ($key as $k => $v)
{
- $prefix = (count($this->ar_having) == 0) ? '' : $type;
+ $prefix = (count($this->ar_having) === 0) ? '' : $type;
if ($escape === TRUE)
{
@@ -949,7 +931,7 @@ class CI_DB_active_record extends CI_DB_driver {
*/
public function order_by($orderby, $direction = '', $escape = TRUE)
{
- if (strtolower($direction) == 'random')
+ if (strtolower($direction) === 'random')
{
$orderby = ''; // Random results want or don't need a field name
$direction = $this->_random_keyword;
@@ -960,7 +942,7 @@ class CI_DB_active_record extends CI_DB_driver {
}
- if ((strpos($orderby, ',') !== FALSE) && ($escape === TRUE))
+ if ((strpos($orderby, ',') !== FALSE) && $escape === TRUE)
{
$temp = array();
foreach (explode(',', $orderby) as $part)
@@ -976,7 +958,7 @@ class CI_DB_active_record extends CI_DB_driver {
$orderby = implode(', ', $temp);
}
- else if ($direction != $this->_random_keyword)
+ elseif ($direction != $this->_random_keyword)
{
if ($escape === TRUE)
{
@@ -984,9 +966,8 @@ class CI_DB_active_record extends CI_DB_driver {
}
}
- $orderby_statement = $orderby.$direction;
+ $this->ar_orderby[] = $orderby_statement = $orderby.$direction;
- $this->ar_orderby[] = $orderby_statement;
if ($this->ar_caching === TRUE)
{
$this->ar_cache_orderby[] = $orderby_statement;
@@ -1121,9 +1102,7 @@ class CI_DB_active_record extends CI_DB_driver {
$this->limit($limit, $offset);
}
- $sql = $this->_compile_select();
-
- $result = $this->query($sql);
+ $result = $this->query($this->_compile_select());
$this->_reset_select();
return $result;
}
@@ -1145,12 +1124,10 @@ class CI_DB_active_record extends CI_DB_driver {
$this->from($table);
}
- $sql = $this->_compile_select($this->_count_string . $this->_protect_identifiers('numrows'));
-
- $query = $this->query($sql);
+ $result = $this->query($this->_compile_select($this->_count_string.$this->_protect_identifiers('numrows')));
$this->_reset_select();
- if ($query->num_rows() == 0)
+ if ($query->num_rows() === 0)
{
return 0;
}
@@ -1188,9 +1165,7 @@ class CI_DB_active_record extends CI_DB_driver {
$this->limit($limit, $offset);
}
- $sql = $this->_compile_select();
-
- $result = $this->query($sql);
+ $result = $this->query($this->_compile_select());
$this->_reset_select();
return $result;
}
@@ -1213,11 +1188,11 @@ class CI_DB_active_record extends CI_DB_driver {
$this->set_insert_batch($set);
}
- if (count($this->ar_set) == 0)
+ if (count($this->ar_set) === 0)
{
if ($this->db_debug)
{
- //No valid data array. Folds in cases where keys and values did not match up
+ // No valid data array. Folds in cases where keys and values did not match up
return $this->display_error('db_must_use_set');
}
return FALSE;
@@ -1227,30 +1202,19 @@ class CI_DB_active_record extends CI_DB_driver {
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
$table = $this->ar_from[0];
}
// Batch this baby
- for ($i = 0, $total = count($this->ar_set); $i < $total; $i = $i + 100)
+ for ($i = 0, $total = count($this->ar_set); $i < $total; $i += 100)
{
-
- $sql = $this->_insert_batch($this->_protect_identifiers($table, TRUE, NULL, FALSE), $this->ar_keys, array_slice($this->ar_set, $i, 100));
-
- //echo $sql;
-
- $this->query($sql);
+ $this->query($this->_insert_batch($this->_protect_identifiers($table, TRUE, NULL, FALSE), $this->ar_keys, array_slice($this->ar_set, $i, 100)));
}
$this->_reset_write();
-
-
return TRUE;
}
@@ -1294,7 +1258,6 @@ class CI_DB_active_record extends CI_DB_driver {
else
{
$clean = array();
-
foreach ($row as $value)
{
$clean[] = $this->escape($value);
@@ -1398,24 +1361,16 @@ class CI_DB_active_record extends CI_DB_driver {
*/
protected function _validate_insert($table = '')
{
- if (count($this->ar_set) == 0)
+ if (count($this->ar_set) === 0)
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_use_set');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_use_set') : FALSE;
}
if ($table == '')
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
}
else
@@ -1444,31 +1399,22 @@ class CI_DB_active_record extends CI_DB_driver {
$this->set($set);
}
- if (count($this->ar_set) == 0)
+ if (count($this->ar_set) === 0)
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_use_set');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_use_set') : FALSE;
}
if ($table == '')
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
$table = $this->ar_from[0];
}
$sql = $this->_replace($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set));
-
$this->_reset_write();
return $this->query($sql);
}
@@ -1543,7 +1489,6 @@ class CI_DB_active_record extends CI_DB_driver {
}
$sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit, $this->ar_like);
-
$this->_reset_write();
return $this->query($sql);
}
@@ -1559,34 +1504,28 @@ class CI_DB_active_record extends CI_DB_driver {
*
* @access public
* @param string the table to update data on
- * @return string
+ * @return bool
*/
protected function _validate_update($table = '')
{
if (count($this->ar_set) == 0)
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_use_set');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_use_set') : FALSE;
}
if ($table == '')
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
}
else
{
$this->ar_from[0] = $table;
}
+
+ return TRUE;
}
// --------------------------------------------------------------------
@@ -1599,7 +1538,7 @@ class CI_DB_active_record extends CI_DB_driver {
* @param string the table to retrieve the results from
* @param array an associative array of update values
* @param string the where key
- * @return object
+ * @return bool
*/
public function update_batch($table = '', $set = NULL, $index = NULL)
{
@@ -1608,12 +1547,7 @@ class CI_DB_active_record extends CI_DB_driver {
if (is_null($index))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_use_index');
- }
-
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_use_index') : FALSE;
}
if ( ! is_null($set))
@@ -1621,39 +1555,29 @@ class CI_DB_active_record extends CI_DB_driver {
$this->set_update_batch($set, $index);
}
- if (count($this->ar_set) == 0)
+ if (count($this->ar_set) === 0)
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_use_set');
- }
-
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_use_set') : FALSE;
}
if ($table == '')
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
$table = $this->ar_from[0];
}
// Batch this baby
- for ($i = 0, $total = count($this->ar_set); $i < $total; $i = $i + 100)
+ for ($i = 0, $total = count($this->ar_set); $i < $total; $i += 100)
{
- $sql = $this->_update_batch($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->ar_set, $i, 100), $this->_protect_identifiers($index), $this->ar_where);
-
- $this->query($sql);
+ $this->query($this->_update_batch($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->ar_set, $i, 100), $this->_protect_identifiers($index), $this->ar_where));
}
$this->_reset_write();
+ return TRUE;
}
// --------------------------------------------------------------------
@@ -1679,7 +1603,6 @@ class CI_DB_active_record extends CI_DB_driver {
{
$index_set = FALSE;
$clean = array();
-
foreach ($v as $k2 => $v2)
{
if ($k2 == $index)
@@ -1691,14 +1614,7 @@ class CI_DB_active_record extends CI_DB_driver {
$not[] = $k.'-'.$v;
}
- if ($escape === FALSE)
- {
- $clean[$this->_protect_identifiers($k2)] = $v2;
- }
- else
- {
- $clean[$this->_protect_identifiers($k2)] = $this->escape($v2);
- }
+ $clean[$this->_protect_identifiers($k2)] = ($escape === FALSE) ? $v2 : $this->escape($v2);
}
if ($index_set == FALSE)
@@ -1728,11 +1644,7 @@ class CI_DB_active_record extends CI_DB_driver {
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
$table = $this->ar_from[0];
@@ -1743,9 +1655,7 @@ class CI_DB_active_record extends CI_DB_driver {
}
$sql = $this->_delete($table);
-
$this->_reset_write();
-
return $this->query($sql);
}
@@ -1767,11 +1677,7 @@ class CI_DB_active_record extends CI_DB_driver {
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
$table = $this->ar_from[0];
@@ -1782,9 +1688,7 @@ class CI_DB_active_record extends CI_DB_driver {
}
$sql = $this->_truncate($table);
-
$this->_reset_write();
-
return $this->query($sql);
}
@@ -1830,11 +1734,7 @@ class CI_DB_active_record extends CI_DB_driver {
{
if ( ! isset($this->ar_from[0]))
{
- if ($this->db_debug)
- {
- return $this->display_error('db_must_set_table');
- }
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_must_set_table') : FALSE;
}
$table = $this->ar_from[0];
@@ -1864,29 +1764,18 @@ class CI_DB_active_record extends CI_DB_driver {
$this->limit($limit);
}
- if (count($this->ar_where) == 0 && count($this->ar_wherein) == 0 && count($this->ar_like) == 0)
+ if (count($this->ar_where) === 0 && count($this->ar_wherein) === 0 && count($this->ar_like) === 0)
{
- if ($this->db_debug)
- {
- return $this->display_error('db_del_must_use_where');
- }
-
- return FALSE;
+ return ($this->db_debug) ? $this->display_error('db_del_must_use_where') : FALSE;
}
$sql = $this->_delete($table, $this->ar_where, $this->ar_like, $this->ar_limit);
-
if ($reset_data)
{
$this->_reset_write();
}
- if ($this->return_delete_sql === true)
- {
- return $sql;
- }
-
- return $this->query($sql);
+ return ($this->return_delete_sql === TRUE) ? $sql : $this->query($sql);
}
// --------------------------------------------------------------------
@@ -1953,13 +1842,13 @@ class CI_DB_active_record extends CI_DB_driver {
}
// if a table alias is used we can recognize it by a space
- if (strpos($table, " ") !== FALSE)
+ if (strpos($table, ' ') !== FALSE)
{
// if the alias is written with the AS keyword, remove it
$table = preg_replace('/ AS /i', ' ', $table);
// Grab the alias
- $table = trim(strrchr($table, " "));
+ $table = trim(strrchr($table, ' '));
// Store the alias, if it doesn't already exist
if ( ! in_array($table, $this->ar_aliased_tables))
@@ -1984,10 +1873,7 @@ class CI_DB_active_record extends CI_DB_driver {
// Combine any cached components with the current statements
$this->_merge_cache();
- // ----------------------------------------------------------------
-
// Write the "select" portion of the query
-
if ($select_override !== FALSE)
{
$sql = $select_override;
@@ -1996,7 +1882,7 @@ class CI_DB_active_record extends CI_DB_driver {
{
$sql = ( ! $this->ar_distinct) ? 'SELECT ' : 'SELECT DISTINCT ';
- if (count($this->ar_select) == 0)
+ if (count($this->ar_select) === 0)
{
$sql .= '*';
}
@@ -2015,32 +1901,19 @@ class CI_DB_active_record extends CI_DB_driver {
}
}
- // ----------------------------------------------------------------
-
// Write the "FROM" portion of the query
-
if (count($this->ar_from) > 0)
{
- $sql .= "\nFROM ";
-
- $sql .= $this->_from_tables($this->ar_from);
+ $sql .= "\nFROM ".$this->_from_tables($this->ar_from);
}
- // ----------------------------------------------------------------
-
// Write the "JOIN" portion of the query
-
if (count($this->ar_join) > 0)
{
- $sql .= "\n";
-
- $sql .= implode("\n", $this->ar_join);
+ $sql .= "\n".implode("\n", $this->ar_join);
}
- // ----------------------------------------------------------------
-
// Write the "WHERE" portion of the query
-
if (count($this->ar_where) > 0 OR count($this->ar_like) > 0)
{
$sql .= "\nWHERE ";
@@ -2048,10 +1921,7 @@ class CI_DB_active_record extends CI_DB_driver {
$sql .= implode("\n", $this->ar_where);
- // ----------------------------------------------------------------
-
// Write the "LIKE" portion of the query
-
if (count($this->ar_like) > 0)
{
if (count($this->ar_where) > 0)
@@ -2062,50 +1932,32 @@ class CI_DB_active_record extends CI_DB_driver {
$sql .= implode("\n", $this->ar_like);
}
- // ----------------------------------------------------------------
-
// Write the "GROUP BY" portion of the query
-
if (count($this->ar_groupby) > 0)
{
- $sql .= "\nGROUP BY ";
-
- $sql .= implode(', ', $this->ar_groupby);
+ $sql .= "\nGROUP BY ".implode(', ', $this->ar_groupby);
}
- // ----------------------------------------------------------------
-
// Write the "HAVING" portion of the query
-
if (count($this->ar_having) > 0)
{
- $sql .= "\nHAVING ";
- $sql .= implode("\n", $this->ar_having);
+ $sql .= "\nHAVING ".implode("\n", $this->ar_having);
}
- // ----------------------------------------------------------------
-
// Write the "ORDER BY" portion of the query
-
if (count($this->ar_orderby) > 0)
{
- $sql .= "\nORDER BY ";
- $sql .= implode(', ', $this->ar_orderby);
-
+ $sql .= "\nORDER BY ".implode(', ', $this->ar_orderby);
if ($this->ar_order !== FALSE)
{
$sql .= ($this->ar_order == 'desc') ? ' DESC' : ' ASC';
}
}
- // ----------------------------------------------------------------
-
// Write the "LIMIT" portion of the query
-
if (is_numeric($this->ar_limit))
{
- $sql .= "\n";
- $sql = $this->_limit($sql, $this->ar_limit, $this->ar_offset);
+ return $this->_limit($sql."\n", $this->ar_limit, $this->ar_offset);
}
return $sql;
@@ -2165,14 +2017,12 @@ class CI_DB_active_record extends CI_DB_driver {
foreach ($fields as $val)
{
// There are some built in keys we need to ignore for this conversion
- if ($val != '_parent_name')
+ if ($val !== '_parent_name')
{
-
$i = 0;
foreach ($out[$val] as $data)
{
- $array[$i][$val] = $data;
- $i++;
+ $array[$i++][$val] = $data;
}
}
}
@@ -2247,7 +2097,7 @@ class CI_DB_active_record extends CI_DB_driver {
*/
protected function _merge_cache()
{
- if (count($this->ar_cache_exists) == 0)
+ if (count($this->ar_cache_exists) === 0)
{
return;
}
@@ -2257,7 +2107,7 @@ class CI_DB_active_record extends CI_DB_driver {
$ar_variable = 'ar_'.$val;
$ar_cache_var = 'ar_cache_'.$val;
- if (count($this->$ar_cache_var) == 0)
+ if (count($this->$ar_cache_var) === 0)
{
continue;
}
@@ -2282,7 +2132,6 @@ class CI_DB_active_record extends CI_DB_driver {
*
* Publicly-visible method to reset the AR values.
*
- * @access public
* @return void
*/
public function reset_query()
@@ -2319,25 +2168,24 @@ class CI_DB_active_record extends CI_DB_driver {
*/
protected function _reset_select()
{
- $ar_reset_items = array(
- 'ar_select' => array(),
- 'ar_from' => array(),
- 'ar_join' => array(),
- 'ar_where' => array(),
- 'ar_like' => array(),
- 'ar_groupby' => array(),
- 'ar_having' => array(),
- 'ar_orderby' => array(),
- 'ar_wherein' => array(),
- 'ar_aliased_tables' => array(),
- 'ar_no_escape' => array(),
- 'ar_distinct' => FALSE,
- 'ar_limit' => FALSE,
- 'ar_offset' => FALSE,
- 'ar_order' => FALSE,
- );
-
- $this->_reset_run($ar_reset_items);
+ $this->_reset_run(array(
+ 'ar_select' => array(),
+ 'ar_from' => array(),
+ 'ar_join' => array(),
+ 'ar_where' => array(),
+ 'ar_like' => array(),
+ 'ar_groupby' => array(),
+ 'ar_having' => array(),
+ 'ar_orderby' => array(),
+ 'ar_wherein' => array(),
+ 'ar_aliased_tables' => array(),
+ 'ar_no_escape' => array(),
+ 'ar_distinct' => FALSE,
+ 'ar_limit' => FALSE,
+ 'ar_offset' => FALSE,
+ 'ar_order' => FALSE
+ )
+ );
}
// --------------------------------------------------------------------
@@ -2351,19 +2199,19 @@ class CI_DB_active_record extends CI_DB_driver {
*/
protected function _reset_write()
{
- $ar_reset_items = array(
- 'ar_set' => array(),
- 'ar_from' => array(),
- 'ar_where' => array(),
- 'ar_like' => array(),
- 'ar_orderby' => array(),
- 'ar_keys' => array(),
- 'ar_limit' => FALSE,
- 'ar_order' => FALSE
- );
-
- $this->_reset_run($ar_reset_items);
+ $this->_reset_run(array(
+ 'ar_set' => array(),
+ 'ar_from' => array(),
+ 'ar_where' => array(),
+ 'ar_like' => array(),
+ 'ar_orderby' => array(),
+ 'ar_keys' => array(),
+ 'ar_limit' => FALSE,
+ 'ar_order' => FALSE
+ )
+ );
}
+
}
/* End of file DB_active_rec.php */
diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php
index 1ff046c21..79651fcb0 100644
--- a/system/database/DB_cache.php
+++ b/system/database/DB_cache.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Database Cache Class
*
@@ -36,19 +34,12 @@
*/
class CI_DB_Cache {
- var $CI;
- var $db; // allows passing of db object so that multiple database connections and returned db objects can be supported
+ public $CI;
+ public $db; // allows passing of db object so that multiple database connections and returned db objects can be supported
- /**
- * Constructor
- *
- * Grabs the CI super object instance so we can access it.
- *
- */
- function __construct(&$db)
+ public function __construct(&$db)
{
- // Assign the main CI object to $this->CI
- // and load the file helper since we use it a lot
+ // Assign the main CI object to $this->CI and load the file helper since we use it a lot
$this->CI =& get_instance();
$this->db =& $db;
$this->CI->load->helper('file');
@@ -59,11 +50,10 @@ class CI_DB_Cache {
/**
* Set Cache Directory Path
*
- * @access public
* @param string the path to the cache directory
* @return bool
*/
- function check_path($path = '')
+ public function check_path($path = '')
{
if ($path == '')
{
@@ -76,7 +66,7 @@ class CI_DB_Cache {
}
// Add a trailing slash to the path if needed
- $path = preg_replace("/(.+?)\/*$/", "\\1/", $path);
+ $path = preg_replace('/(.+?)\/*$/', '\\1/', $path);
if ( ! is_dir($path) OR ! is_really_writable($path))
{
@@ -96,10 +86,9 @@ class CI_DB_Cache {
* The URI being requested will become the name of the cache sub-folder.
* An MD5 hash of the SQL statement will become the cache file name
*
- * @access public
* @return string
*/
- function read($sql)
+ public function read($sql)
{
if ( ! $this->check_path())
{
@@ -107,9 +96,7 @@ class CI_DB_Cache {
}
$segment_one = ($this->CI->uri->segment(1) == FALSE) ? 'default' : $this->CI->uri->segment(1);
-
$segment_two = ($this->CI->uri->segment(2) == FALSE) ? 'index' : $this->CI->uri->segment(2);
-
$filepath = $this->db->cachedir.$segment_one.'+'.$segment_two.'/'.md5($sql);
if (FALSE === ($cachedata = read_file($filepath)))
@@ -125,10 +112,9 @@ class CI_DB_Cache {
/**
* Write a query to a cache file
*
- * @access public
* @return bool
*/
- function write($sql, $object)
+ public function write($sql, $object)
{
if ( ! $this->check_path())
{
@@ -136,11 +122,8 @@ class CI_DB_Cache {
}
$segment_one = ($this->CI->uri->segment(1) == FALSE) ? 'default' : $this->CI->uri->segment(1);
-
$segment_two = ($this->CI->uri->segment(2) == FALSE) ? 'index' : $this->CI->uri->segment(2);
-
$dir_path = $this->db->cachedir.$segment_one.'+'.$segment_two.'/';
-
$filename = md5($sql);
if ( ! @is_dir($dir_path))
@@ -167,10 +150,9 @@ class CI_DB_Cache {
/**
* Delete cache files within a particular directory
*
- * @access public
* @return bool
*/
- function delete($segment_one = '', $segment_two = '')
+ public function delete($segment_one = '', $segment_two = '')
{
if ($segment_one == '')
{
@@ -183,7 +165,6 @@ class CI_DB_Cache {
}
$dir_path = $this->db->cachedir.$segment_one.'+'.$segment_two.'/';
-
delete_files($dir_path, TRUE);
}
@@ -192,16 +173,14 @@ class CI_DB_Cache {
/**
* Delete all existing cache files
*
- * @access public
* @return bool
*/
- function delete_all()
+ public function delete_all()
{
delete_files($this->db->cachedir, TRUE);
}
}
-
/* End of file DB_cache.php */
-/* Location: ./system/database/DB_cache.php */ \ No newline at end of file
+/* Location: ./system/database/DB_cache.php */
diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php
index 762d18a46..336e9497d 100644
--- a/system/database/DB_forge.php
+++ b/system/database/DB_forge.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -36,23 +36,17 @@
*/
class CI_DB_forge {
- var $fields = array();
- var $keys = array();
- var $primary_keys = array();
- var $db_char_set = '';
+ public $fields = array();
+ public $keys = array();
+ public $primary_keys = array();
+ public $db_char_set = '';
- /**
- * Constructor
- *
- * Grabs the CI super object instance so we can access it.
- *
- */
- function __construct()
+ public function __construct()
{
// Assign the main database object to $this->db
$CI =& get_instance();
$this->db =& $CI->db;
- log_message('debug', "Database Forge Class Initialized");
+ log_message('debug', 'Database Forge Class Initialized');
}
// --------------------------------------------------------------------
@@ -60,20 +54,13 @@ class CI_DB_forge {
/**
* Create database
*
- * @access public
* @param string the database name
* @return bool
*/
- function create_database($db_name)
+ public function create_database($db_name)
{
$sql = $this->_create_database($db_name);
-
- if (is_bool($sql))
- {
- return $sql;
- }
-
- return $this->db->query($sql);
+ return is_bool($sql) ? $sql : $this->db->query($sql);
}
// --------------------------------------------------------------------
@@ -81,20 +68,13 @@ class CI_DB_forge {
/**
* Drop database
*
- * @access public
* @param string the database name
* @return bool
*/
- function drop_database($db_name)
+ public function drop_database($db_name)
{
$sql = $this->_drop_database($db_name);
-
- if (is_bool($sql))
- {
- return $sql;
- }
-
- return $this->db->query($sql);
+ return is_bool($sql) ? $sql : $this->db->query($sql);
}
// --------------------------------------------------------------------
@@ -152,7 +132,7 @@ class CI_DB_forge {
if (is_string($field))
{
- if ($field == 'id')
+ if ($field === 'id')
{
$this->add_field(array(
'id' => array(
@@ -178,7 +158,7 @@ class CI_DB_forge {
{
$this->fields = array_merge($this->fields, $field);
}
-
+
return $this;
}
@@ -197,21 +177,14 @@ class CI_DB_forge {
show_error('A table name is required for that operation.');
}
- if (count($this->fields) == 0)
+ if (count($this->fields) === 0)
{
show_error('Field information is required.');
}
$sql = $this->_create_table($this->db->dbprefix.$table, $this->fields, $this->primary_keys, $this->keys, $if_not_exists);
-
$this->_reset();
-
- if (is_bool($sql))
- {
- return $sql;
- }
-
- return $this->db->query($sql);
+ return is_bool($sql) ? $sql : $this->db->query($sql);
}
// --------------------------------------------------------------------
@@ -225,13 +198,7 @@ class CI_DB_forge {
public function drop_table($table_name)
{
$sql = $this->_drop_table($this->db->dbprefix.$table_name);
-
- if (is_bool($sql))
- {
- return $sql;
- }
-
- return $this->db->query($sql);
+ return is_bool($sql) ? $sql : $this->db->query($sql);
}
// --------------------------------------------------------------------
@@ -250,8 +217,7 @@ class CI_DB_forge {
show_error('A table name is required for that operation.');
}
- $sql = $this->_rename_table($this->db->dbprefix.$table_name, $this->db->dbprefix.$new_table_name);
- return $this->db->query($sql);
+ return $this->db->query($this->_rename_table($this->db->dbprefix.$table_name, $this->db->dbprefix.$new_table_name));
}
// --------------------------------------------------------------------
@@ -273,8 +239,7 @@ class CI_DB_forge {
// add field info into field array, but we can only do one at a time
// so we cycle through
-
- foreach ($field as $k => $v)
+ foreach (array_keys($field) as $k)
{
$this->add_field(array($k => $field[$k]));
@@ -284,7 +249,6 @@ class CI_DB_forge {
}
$sql = $this->_alter_table('ADD', $this->db->dbprefix.$table, $this->fields, $after_field);
-
$this->_reset();
if ($this->db->query($sql) === FALSE)
@@ -307,7 +271,6 @@ class CI_DB_forge {
*/
public function drop_column($table = '', $column_name = '')
{
-
if ($table == '')
{
show_error('A table name is required for that operation.');
@@ -318,9 +281,7 @@ class CI_DB_forge {
show_error('A column name is required for that operation.');
}
- $sql = $this->_alter_table('DROP', $this->db->dbprefix.$table, $column_name);
-
- return $this->db->query($sql);
+ return $this->db->query($this->_alter_table('DROP', $this->db->dbprefix.$table, $column_name));
}
// --------------------------------------------------------------------
@@ -342,8 +303,7 @@ class CI_DB_forge {
// add field info into field array, but we can only do one at a time
// so we cycle through
-
- foreach ($field as $k => $v)
+ foreach (array_keys($field) as $k)
{
// If no name provided, use the current name
if ( ! isset($field[$k]['name']))
@@ -352,14 +312,12 @@ class CI_DB_forge {
}
$this->add_field(array($k => $field[$k]));
-
- if (count($this->fields) == 0)
+ if (count($this->fields) === 0)
{
show_error('Field information is required.');
}
$sql = $this->_alter_table('CHANGE', $this->db->dbprefix.$table, $this->fields);
-
$this->_reset();
if ($this->db->query($sql) === FALSE)
@@ -382,12 +340,10 @@ class CI_DB_forge {
*/
protected function _reset()
{
- $this->fields = array();
- $this->keys = array();
- $this->primary_keys = array();
+ $this->fields = $this->keys = $this->primary_keys = array();
}
}
/* End of file DB_forge.php */
-/* Location: ./system/database/DB_forge.php */ \ No newline at end of file
+/* Location: ./system/database/DB_forge.php */
diff --git a/system/database/DB_result.php b/system/database/DB_result.php
index c4ed20b76..730443222 100644
--- a/system/database/DB_result.php
+++ b/system/database/DB_result.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Database Result Class
*
@@ -40,27 +38,25 @@
*/
class CI_DB_result {
- var $conn_id = NULL;
- var $result_id = NULL;
- var $result_array = array();
- var $result_object = array();
- var $custom_result_object = array();
- var $current_row = 0;
- var $num_rows = 0;
- var $row_data = NULL;
-
+ public $conn_id = NULL;
+ public $result_id = NULL;
+ public $result_array = array();
+ public $result_object = array();
+ public $custom_result_object = array();
+ public $current_row = 0;
+ public $num_rows = 0;
+ public $row_data = NULL;
/**
* Query result. Acts as a wrapper function for the following functions.
*
- * @access public
* @param string can be "object" or "array"
* @return mixed either a result object or array
*/
public function result($type = 'object')
{
- if ($type == 'array') return $this->result_array();
- else if ($type == 'object') return $this->result_object();
+ if ($type === 'array') return $this->result_array();
+ elseif ($type === 'object') return $this->result_object();
else return $this->custom_result_object($type);
}
@@ -69,8 +65,8 @@ class CI_DB_result {
/**
* Custom query result.
*
- * @param class_name A string that represents the type of object you want back
- * @return array of objects
+ * @param string A string that represents the type of object you want back
+ * @return array of objects
*/
public function custom_result_object($class_name)
{
@@ -91,7 +87,6 @@ class CI_DB_result {
while ($row = $this->_fetch_object())
{
$object = new $class_name();
-
foreach ($row as $key => $value)
{
$object->$key = $value;
@@ -109,7 +104,6 @@ class CI_DB_result {
/**
* Query result. "object" version.
*
- * @access public
* @return object
*/
public function result_object()
@@ -141,7 +135,6 @@ class CI_DB_result {
/**
* Query result. "array" version.
*
- * @access public
* @return array
*/
public function result_array()
@@ -173,7 +166,6 @@ class CI_DB_result {
/**
* Query result. Acts as a wrapper function for the following functions.
*
- * @access public
* @param string
* @param string can be "object" or "array"
* @return mixed either a result object or array
@@ -197,8 +189,8 @@ class CI_DB_result {
$n = 0;
}
- if ($type == 'object') return $this->row_object($n);
- else if ($type == 'array') return $this->row_array($n);
+ if ($type === 'object') return $this->row_object($n);
+ elseif ($type === 'array') return $this->row_array($n);
else return $this->custom_row_object($n, $type);
}
@@ -207,8 +199,7 @@ class CI_DB_result {
/**
* Assigns an item into a particular column slot
*
- * @access public
- * @return object
+ * @return void
*/
public function set_row($key, $value = NULL)
{
@@ -224,7 +215,6 @@ class CI_DB_result {
{
$this->row_data[$k] = $v;
}
-
return;
}
@@ -239,14 +229,12 @@ class CI_DB_result {
/**
* Returns a single result row - custom object version
*
- * @access public
* @return object
*/
public function custom_row_object($n, $type)
{
$result = $this->custom_result_object($type);
-
- if (count($result) == 0)
+ if (count($result) === 0)
{
return $result;
}
@@ -262,14 +250,12 @@ class CI_DB_result {
/**
* Returns a single result row - object version
*
- * @access public
* @return object
*/
public function row_object($n = 0)
{
$result = $this->result_object();
-
- if (count($result) == 0)
+ if (count($result) === 0)
{
return $result;
}
@@ -287,14 +273,12 @@ class CI_DB_result {
/**
* Returns a single result row - array version
*
- * @access public
* @return array
*/
public function row_array($n = 0)
{
$result = $this->result_array();
-
- if (count($result) == 0)
+ if (count($result) === 0)
{
return $result;
}
@@ -313,18 +297,12 @@ class CI_DB_result {
/**
* Returns the "first" row
*
- * @access public
* @return object
*/
public function first_row($type = 'object')
{
$result = $this->result($type);
-
- if (count($result) == 0)
- {
- return $result;
- }
- return $result[0];
+ return (count($result) === 0) ? $result : $result[0];
}
// --------------------------------------------------------------------
@@ -332,18 +310,12 @@ class CI_DB_result {
/**
* Returns the "last" row
*
- * @access public
* @return object
*/
public function last_row($type = 'object')
{
$result = $this->result($type);
-
- if (count($result) == 0)
- {
- return $result;
- }
- return $result[count($result) -1];
+ return (count($result) === 0) ? $result : $result[count($result) - 1];
}
// --------------------------------------------------------------------
@@ -351,14 +323,12 @@ class CI_DB_result {
/**
* Returns the "next" row
*
- * @access public
* @return object
*/
public function next_row($type = 'object')
{
$result = $this->result($type);
-
- if (count($result) == 0)
+ if (count($result) === 0)
{
return $result;
}
@@ -376,14 +346,12 @@ class CI_DB_result {
/**
* Returns the "previous" row
*
- * @access public
* @return object
*/
public function previous_row($type = 'object')
{
$result = $this->result($type);
-
- if (count($result) == 0)
+ if (count($result) === 0)
{
return $result;
}
@@ -416,7 +384,6 @@ class CI_DB_result {
protected function _fetch_object() { return array(); }
}
-// END DB_result class
/* End of file DB_result.php */
/* Location: ./system/database/DB_result.php */
diff --git a/system/database/DB_utility.php b/system/database/DB_utility.php
index 8db4f3bac..4c881d8a1 100644
--- a/system/database/DB_utility.php
+++ b/system/database/DB_utility.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Database Utility Class
*
@@ -36,22 +34,15 @@
*/
class CI_DB_utility extends CI_DB_forge {
- var $db;
- var $data_cache = array();
+ public $db;
+ public $data_cache = array();
- /**
- * Constructor
- *
- * Grabs the CI super object instance so we can access it.
- *
- */
- function __construct()
+ public function __construct()
{
// Assign the main database object to $this->db
$CI =& get_instance();
$this->db =& $CI->db;
-
- log_message('debug', "Database Utility Class Initialized");
+ log_message('debug', 'Database Utility Class Initialized');
}
// --------------------------------------------------------------------
@@ -59,10 +50,9 @@ class CI_DB_utility extends CI_DB_forge {
/**
* List databases
*
- * @access public
* @return bool
*/
- function list_databases()
+ public function list_databases()
{
// Is there a cached result?
if (isset($this->data_cache['db_names']))
@@ -80,8 +70,7 @@ class CI_DB_utility extends CI_DB_forge {
}
}
- $this->data_cache['db_names'] = $dbs;
- return $this->data_cache['db_names'];
+ return $this->data_cache['db_names'] = $dbs;
}
// --------------------------------------------------------------------
@@ -89,11 +78,10 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Determine if a particular database exists
*
- * @access public
* @param string
* @return boolean
*/
- function database_exists($database_name)
+ public function database_exists($database_name)
{
// Some databases won't have access to the list_databases() function, so
// this is intended to allow them to override with their own functions as
@@ -114,17 +102,17 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Optimize Table
*
- * @access public
* @param string the table name
* @return bool
*/
- function optimize_table($table_name)
+ public function optimize_table($table_name)
{
$sql = $this->_optimize_table($table_name);
if (is_bool($sql))
{
- show_error('db_must_use_set');
+ show_error('db_must_use_set');
+ return FALSE;
}
$query = $this->db->query($sql);
@@ -140,10 +128,9 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Optimize Database
*
- * @access public
* @return array
*/
- function optimize_database()
+ public function optimize_database()
{
$result = array();
foreach ($this->db->list_tables() as $table_name)
@@ -177,11 +164,10 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Repair Table
*
- * @access public
* @param string the table name
* @return bool
*/
- function repair_table($table_name)
+ public function repair_table($table_name)
{
$sql = $this->_repair_table($table_name);
@@ -203,14 +189,13 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Generate CSV from a query result object
*
- * @access public
* @param object The query result object
* @param string The delimiter - comma by default
* @param string The newline character - \n by default
* @param string The enclosure - double quote by default
* @return string
*/
- function csv_from_result($query, $delim = ",", $newline = "\n", $enclosure = '"')
+ public function csv_from_result($query, $delim = ',', $newline = "\n", $enclosure = '"')
{
if ( ! is_object($query) OR ! method_exists($query, 'list_fields'))
{
@@ -218,15 +203,13 @@ class CI_DB_utility extends CI_DB_forge {
}
$out = '';
-
// First generate the headings from the table column names
foreach ($query->list_fields() as $name)
{
$out .= $enclosure.str_replace($enclosure, $enclosure.$enclosure, $name).$enclosure.$delim;
}
- $out = rtrim($out);
- $out .= $newline;
+ $out = rtrim($out).$newline;
// Next blast through the result array and build out the rows
foreach ($query->result_array() as $row)
@@ -235,8 +218,7 @@ class CI_DB_utility extends CI_DB_forge {
{
$out .= $enclosure.str_replace($enclosure, $enclosure.$enclosure, $item).$enclosure.$delim;
}
- $out = rtrim($out);
- $out .= $newline;
+ $out = rtrim($out).$newline;
}
return $out;
@@ -247,12 +229,11 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Generate XML data from a query result object
*
- * @access public
* @param object The query result object
* @param array Any preferences
* @return string
*/
- function xml_from_result($query, $params = array())
+ public function xml_from_result($query, $params = array())
{
if ( ! is_object($query) OR ! method_exists($query, 'list_fields'))
{
@@ -280,16 +261,14 @@ class CI_DB_utility extends CI_DB_forge {
foreach ($query->result_array() as $row)
{
$xml .= $tab."<{$element}>".$newline;
-
foreach ($row as $key => $val)
{
$xml .= $tab.$tab."<{$key}>".xml_convert($val)."</{$key}>".$newline;
}
$xml .= $tab."</{$element}>".$newline;
}
- $xml .= "</$root>".$newline;
- return $xml;
+ return $xml .= "</$root>".$newline;
}
// --------------------------------------------------------------------
@@ -297,10 +276,9 @@ class CI_DB_utility extends CI_DB_forge {
/**
* Database Backup
*
- * @access public
* @return void
*/
- function backup($params = array())
+ public function backup($params = array())
{
// If the parameters have not been submitted as an
// array then we know that it is simply the table
@@ -314,14 +292,14 @@ class CI_DB_utility extends CI_DB_forge {
// Set up our default preferences
$prefs = array(
- 'tables' => array(),
- 'ignore' => array(),
- 'filename' => '',
- 'format' => 'gzip', // gzip, zip, txt
- 'add_drop' => TRUE,
- 'add_insert' => TRUE,
- 'newline' => "\n"
- );
+ 'tables' => array(),
+ 'ignore' => array(),
+ 'filename' => '',
+ 'format' => 'gzip', // gzip, zip, txt
+ 'add_drop' => TRUE,
+ 'add_insert' => TRUE,
+ 'newline' => "\n"
+ );
// Did the user submit any preferences? If so set them....
if (count($params) > 0)
@@ -335,29 +313,23 @@ class CI_DB_utility extends CI_DB_forge {
}
}
- // ------------------------------------------------------
-
// Are we backing up a complete database or individual tables?
// If no table names were submitted we'll fetch the entire table list
- if (count($prefs['tables']) == 0)
+ if (count($prefs['tables']) === 0)
{
$prefs['tables'] = $this->db->list_tables();
}
- // ------------------------------------------------------
-
// Validate the format
if ( ! in_array($prefs['format'], array('gzip', 'zip', 'txt'), TRUE))
{
$prefs['format'] = 'txt';
}
- // ------------------------------------------------------
-
- // Is the encoder supported? If not, we'll either issue an
+ // Is the encoder supported? If not, we'll either issue an
// error or use plain text depending on the debug settings
- if (($prefs['format'] == 'gzip' AND ! @function_exists('gzencode'))
- OR ($prefs['format'] == 'zip' AND ! @function_exists('gzcompress')))
+ if (($prefs['format'] === 'gzip' AND ! @function_exists('gzencode'))
+ OR ($prefs['format'] === 'zip' AND ! @function_exists('gzcompress')))
{
if ($this->db->db_debug)
{
@@ -367,60 +339,49 @@ class CI_DB_utility extends CI_DB_forge {
$prefs['format'] = 'txt';
}
- // ------------------------------------------------------
-
- // Set the filename if not provided - Only needed with Zip files
- if ($prefs['filename'] == '' AND $prefs['format'] == 'zip')
- {
- $prefs['filename'] = (count($prefs['tables']) == 1) ? $prefs['tables'] : $this->db->database;
- $prefs['filename'] .= '_'.date('Y-m-d_H-i', time());
- }
-
- // ------------------------------------------------------
-
- // Was a Gzip file requested?
- if ($prefs['format'] == 'gzip')
- {
- return gzencode($this->_backup($prefs));
- }
-
- // ------------------------------------------------------
-
- // Was a text file requested?
- if ($prefs['format'] == 'txt')
- {
- return $this->_backup($prefs);
- }
-
- // ------------------------------------------------------
-
// Was a Zip file requested?
- if ($prefs['format'] == 'zip')
+ if ($prefs['format'] === 'zip')
{
- // If they included the .zip file extension we'll remove it
- if (preg_match("|.+?\.zip$|", $prefs['filename']))
+ // Set the filename if not provided (only needed with Zip files)
+ if ($prefs['filename'] == '')
{
- $prefs['filename'] = str_replace('.zip', '', $prefs['filename']);
+ $prefs['filename'] = (count($prefs['tables']) === 1 ? $prefs['tables'] : $this->db->database)
+ .date('Y-m-d_H-i', time()).'.sql';
}
-
- // Tack on the ".sql" file extension if needed
- if ( ! preg_match("|.+?\.sql$|", $prefs['filename']))
+ else
{
- $prefs['filename'] .= '.sql';
+ // If they included the .zip file extension we'll remove it
+ if (preg_match('|.+?\.zip$|', $prefs['filename']))
+ {
+ $prefs['filename'] = str_replace('.zip', '', $prefs['filename']);
+ }
+
+ // Tack on the ".sql" file extension if needed
+ if ( ! preg_match('|.+?\.sql$|', $prefs['filename']))
+ {
+ $prefs['filename'] .= '.sql';
+ }
}
// Load the Zip class and output it
-
$CI =& get_instance();
$CI->load->library('zip');
$CI->zip->add_data($prefs['filename'], $this->_backup($prefs));
return $CI->zip->get_zip();
}
+ elseif ($prefs['format'] == 'txt') // Was a text file requested?
+ {
+ return $this->_backup($prefs);
+ }
+ elseif ($prefs['format'] === 'gzip') // Was a Gzip file requested?
+ {
+ return gzencode($this->_backup($prefs));
+ }
+ return;
}
}
-
/* End of file DB_utility.php */
-/* Location: ./system/database/DB_utility.php */ \ No newline at end of file
+/* Location: ./system/database/DB_utility.php */
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 803bfcc68..b28e5b7e8 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -71,6 +71,8 @@ Release Date: Not Released
if they are set manually after initialization.
- Minor speed optimizations and method & property visibility declarations in the Calendar Library.
- Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`.
+ - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional.
+
- Core
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index 8ee0c6e77..e7d25555f 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -85,6 +85,10 @@ If you use the :doc:`form helper <../helpers/form_helper>` the
form_open() function will automatically insert a hidden csrf field in
your forms.
+Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter::
+
+ $config['csrf_regeneration'] = TRUE;
+
Select URIs can be whitelisted from csrf protection (for example API
endpoints expecting externally POSTed content). You can add these URIs
by editing the 'csrf_exclude_uris' config parameter::