diff options
| -rwxr-xr-x | index.php | 123 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 29 | ||||
| -rw-r--r-- | system/libraries/Migration.php | 98 | ||||
| -rw-r--r-- | system/libraries/Session/Session.php | 18 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 13 | ||||
| -rw-r--r-- | user_guide_src/source/installation/downloads.rst | 3 | ||||
| -rw-r--r-- | user_guide_src/source/installation/upgrade_306.rst | 34 | ||||
| -rw-r--r-- | user_guide_src/source/installation/upgrade_307.rst | 14 | ||||
| -rw-r--r-- | user_guide_src/source/installation/upgrading.rst | 1 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 8 |
10 files changed, 231 insertions, 110 deletions
@@ -91,24 +91,25 @@ switch (ENVIRONMENT) /* *--------------------------------------------------------------- - * SYSTEM FOLDER NAME + * SYSTEM DIRECTORY NAME *--------------------------------------------------------------- * - * This variable must contain the name of your "system" folder. - * Include the path if the folder is not in the same directory - * as this file. + * This variable must contain the name of your "system" directory. + * Set the path if it is not in the same directory as this file. */ $system_path = 'system'; /* *--------------------------------------------------------------- - * APPLICATION FOLDER NAME + * APPLICATION DIRECTORY NAME *--------------------------------------------------------------- * * If you want this front controller to use a different "application" - * folder than the default one you can set its name here. The folder - * can also be renamed or relocated anywhere on your server. If - * you do, use a full server path. For more info please see the user guide: + * directory than the default one you can set its name here. The directory + * can also be renamed or relocated anywhere on your server. If you do, + * use an absolute (full) server path. + * For more info please see the user guide: + * * https://codeigniter.com/user_guide/general/managing_apps.html * * NO TRAILING SLASH! @@ -117,14 +118,14 @@ switch (ENVIRONMENT) /* *--------------------------------------------------------------- - * VIEW FOLDER NAME + * VIEW DIRECTORY NAME *--------------------------------------------------------------- * - * If you want to move the view folder out of the application - * folder set the path to the folder here. The folder can be renamed + * If you want to move the view directory out of the application + * directory, set the path to it here. The directory can be renamed * and relocated anywhere on your server. If blank, it will default - * to the standard location inside your application folder. If you - * do move this, use the full server path to this folder. + * to the standard location inside your application directory. + * If you do move this, use an absolute (full) server path. * * NO TRAILING SLASH! */ @@ -150,8 +151,8 @@ switch (ENVIRONMENT) * * Un-comment the $routing array below to use this feature */ - // The directory name, relative to the "controllers" folder. Leave blank - // if your controller is not in a sub-folder within the "controllers" folder + // The directory name, relative to the "controllers" directory. Leave blank + // if your controller is not in a sub-directory within the "controllers" one // $routing['directory'] = ''; // The controller class file name. Example: mycontroller @@ -197,12 +198,16 @@ switch (ENVIRONMENT) if (($_temp = realpath($system_path)) !== FALSE) { - $system_path = $_temp.'/'; + $system_path = $_temp.DIRECTORY_SEPARATOR; } else { // Ensure there's a trailing slash - $system_path = rtrim($system_path, '/').'/'; + $system_path = strtr( + rtrim($system_path, '/\\'), + '/\\', + DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR + ).DIRECTORY_SEPARATOR; } // Is the system path correct? @@ -221,66 +226,84 @@ switch (ENVIRONMENT) // The name of THIS file define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME)); - // Path to the system folder - define('BASEPATH', str_replace('\\', '/', $system_path)); + // Path to the system directory + define('BASEPATH', $system_path); - // Path to the front controller (this file) - define('FCPATH', dirname(__FILE__).'/'); + // Path to the front controller (this file) directory + define('FCPATH', dirname(__FILE__).DIRECTORY_SEPARATOR); - // Name of the "system folder" - define('SYSDIR', trim(strrchr(trim(BASEPATH, '/'), '/'), '/')); + // Name of the "system" directory + define('SYSDIR', basename(BASEPATH)); - // The path to the "application" folder + // The path to the "application" directory if (is_dir($application_folder)) { if (($_temp = realpath($application_folder)) !== FALSE) { $application_folder = $_temp; } - - define('APPPATH', $application_folder.DIRECTORY_SEPARATOR); + else + { + $application_folder = strtr( + rtrim($application_folder, '/\\'), + '/\\', + DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR + ); + } + } + elseif (is_dir(BASEPATH.$application_folder.DIRECTORY_SEPARATOR)) + { + $application_folder = BASEPATH.strtr( + trim($application_folder, '/\\'), + '/\\', + DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR + ); } else { - if ( ! is_dir(BASEPATH.$application_folder.DIRECTORY_SEPARATOR)) - { - header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); - echo 'Your application folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF; - exit(3); // EXIT_CONFIG - } - - define('APPPATH', BASEPATH.$application_folder.DIRECTORY_SEPARATOR); + header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); + echo 'Your application folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF; + exit(3); // EXIT_CONFIG } - // The path to the "views" folder - if ( ! is_dir($view_folder)) + define('APPPATH', $application_folder.DIRECTORY_SEPARATOR); + + // The path to the "views" directory + if ( ! isset($view_folder[0]) && is_dir(APPPATH.'views'.DIRECTORY_SEPARATOR)) { - if ( ! empty($view_folder) && is_dir(APPPATH.$view_folder.DIRECTORY_SEPARATOR)) - { - $view_folder = APPPATH.$view_folder; - } - elseif ( ! is_dir(APPPATH.'views'.DIRECTORY_SEPARATOR)) + $view_folder = APPPATH.'views'; + } + elseif (is_dir($view_folder)) + { + if (($_temp = realpath($view_folder)) !== FALSE) { - header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); - echo 'Your view folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF; - exit(3); // EXIT_CONFIG + $view_folder = $_temp; } else { - $view_folder = APPPATH.'views'; + $view_folder = strtr( + rtrim($view_folder, '/\\'), + '/\\', + DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR + ); } } - - if (($_temp = realpath($view_folder)) !== FALSE) + elseif (is_dir(APPPATH.$view_folder.DIRECTORY_SEPARATOR)) { - $view_folder = $_temp.DIRECTORY_SEPARATOR; + $view_folder = APPPATH.strtr( + trim($view_folder, '/\\'), + '/\\', + DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR + ); } else { - $view_folder = rtrim($view_folder, '/\\').DIRECTORY_SEPARATOR; + header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); + echo 'Your view folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF; + exit(3); // EXIT_CONFIG } - define('VIEWPATH', $view_folder); + define('VIEWPATH', $view_folder.DIRECTORY_SEPARATOR); /* * -------------------------------------------------------------------- diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 9fb686892..e4a518957 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -486,7 +486,7 @@ class CI_Form_validation { } // Now we need to re-set the POST data with the new, processed data - $this->_reset_post_array(); + empty($this->validation_data) && $this->_reset_post_array(); return ($total_errors === 0); } @@ -527,10 +527,7 @@ class CI_Form_validation { { if ($row['is_array'] === FALSE) { - if (isset($_POST[$row['field']])) - { - $_POST[$row['field']] = $row['postdata']; - } + isset($_POST[$field]) && $_POST[$field] = $row['postdata']; } else { @@ -550,20 +547,7 @@ class CI_Form_validation { } } - if (is_array($row['postdata'])) - { - $array = array(); - foreach ($row['postdata'] as $k => $v) - { - $array[$k] = $v; - } - - $post_ref = $array; - } - else - { - $post_ref = $row['postdata']; - } + $post_ref = $row['postdata']; } } } @@ -1515,10 +1499,11 @@ class CI_Form_validation { * This function allows HTML to be safely shown in a form. * Special characters are converted. * - * @param string - * @return string + * @deprecated 3.0.6 Not used anywhere within the framework and pretty much useless + * @param mixed $data Input data + * @return mixed */ - public function prep_for_form($data = '') + public function prep_for_form($data) { if ($this->_safe_form_data === FALSE OR empty($data)) { diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index 7aefb6c23..316c94ae3 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -96,9 +96,9 @@ class CI_Migration { /** * Migration basename regex * - * @var bool + * @var string */ - protected $_migration_regex = NULL; + protected $_migration_regex; /** * Error message @@ -217,31 +217,66 @@ class CI_Migration { if ($target_version > $current_version) { - // Moving Up $method = 'up'; } - else + elseif ($target_version < $current_version) { - // Moving Down, apply in reverse order $method = 'down'; + // We need this so that migrations are applied in reverse order krsort($migrations); } - - if (empty($migrations)) + else { + // Well, there's nothing to migrate then ... return TRUE; } - $previous = FALSE; - - // Validate all available migrations, and run the ones within our target range + // Validate all available migrations within our target range. + // + // Unfortunately, we'll have to use another loop to run them + // in order to avoid leaving the procedure in a broken state. + // + // See https://github.com/bcit-ci/CodeIgniter/issues/4539 + $pending = array(); foreach ($migrations as $number => $file) { + // Ignore versions out of our range. + // + // Because we've previously sorted the $migrations array depending on the direction, + // we can safely break the loop once we reach $target_version ... + if ($method === 'up') + { + if ($number <= $current_version) + { + continue; + } + elseif ($number > $target_version) + { + break; + } + } + else + { + if ($number > $current_version) + { + continue; + } + elseif ($number <= $target_version) + { + break; + } + } + // Check for sequence gaps - if ($this->_migration_type === 'sequential' && $previous !== FALSE && abs($number - $previous) > 1) + if ($this->_migration_type === 'sequential') { - $this->_error_string = sprintf($this->lang->line('migration_sequence_gap'), $number); - return FALSE; + if (isset($previous) && abs($number - $previous) > 1) + { + $this->_error_string = sprintf($this->lang->line('migration_sequence_gap'), $number); + return FALSE; + } + + $previous = $number; } include_once($file); @@ -253,27 +288,27 @@ class CI_Migration { $this->_error_string = sprintf($this->lang->line('migration_class_doesnt_exist'), $class); return FALSE; } + // method_exists() returns true for non-public methods, + // while is_callable() can't be used without instantiating. + // Only get_class_methods() satisfies both conditions. + elseif ( ! in_array($method, array_map('strtolower', get_class_methods($class)))) + { + $this->_error_string = sprintf($this->lang->line('migration_missing_'.$method.'_method'), $class); + return FALSE; + } - $previous = $number; + $pending[$number] = array($class, $method); + } - // Run migrations that are inside the target range - if ( - ($method === 'up' && $number > $current_version && $number <= $target_version) OR - ($method === 'down' && $number <= $current_version && $number > $target_version) - ) - { - $instance = new $class(); - if ( ! is_callable(array($instance, $method))) - { - $this->_error_string = sprintf($this->lang->line('migration_missing_'.$method.'_method'), $class); - return FALSE; - } + // Now just run the necessary migrations + foreach ($pending as $number => $migration) + { + log_message('debug', 'Migrating '.$method.' from version '.$current_version.' to version '.$number); - log_message('debug', 'Migrating '.$method.' from version '.$current_version.' to version '.$number); - call_user_func(array($instance, $method)); - $current_version = $number; - $this->_update_version($current_version); - } + $migration[0] = new $migration[0]; + call_user_func($migration); + $current_version = $number; + $this->_update_version($current_version); } // This is necessary when moving down, since the the last migration applied @@ -285,7 +320,6 @@ class CI_Migration { } log_message('debug', 'Finished migrating to '.$current_version); - return $current_version; } diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 77c56ae70..c9d2e8adc 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -584,6 +584,24 @@ class CI_Session { // ------------------------------------------------------------------------ /** + * __isset() + * + * @param string $key 'session_id' or a session data key + * @return bool + */ + public function __isset($key) + { + if ($key === 'session_id') + { + return (session_status() === PHP_SESSION_ACTIVE); + } + + return isset($_SESSION[$key]); + } + + // ------------------------------------------------------------------------ + + /** * __set() * * @param string $key Session data key diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a9614cf84..20c7c795d 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -38,19 +38,30 @@ Bug fixes for 3.1.0 - Fixed a bug (#4528) - :doc:`Cache Library <libraries/caching>` stored all scalar values as strings with the 'redis' driver. -Version 3.0.6 +Version 3.0.7 ============= Release Date: Not Released + +Version 3.0.6 +============= + +Release Date: March 21, 2016 + - General Changes - Added a destructor to :doc:`Cache Library <libraries/caching>` 'memcached' driver to ensure that Memcache(d) connections are properly closed. + - Deprecated :doc:`Form Validation Library <libraries/form_validation>` method ``prep_for_form()``. Bug fixes for 3.0.6 ------------------- - Fixed a bug (#4516) - :doc:`Form Validation Library <libraries/form_validation>` always accepted empty array inputs. +- Fixed a bug where :doc:`Session Library <libraries/sessions>` allowed accessing ``$_SESSION`` values as class properties but ``isset()`` didn't work on them. +- Fixed a bug where :doc:`Form Validation Library <libraries/form_validation>` modified the ``$_POST`` array when the data being validated was actually provided via ``set_data()``. +- Fixed a bug (#4539) - :doc:`Migration Library <libraries/migration>` applied migrations before validating that all migrations within the requested version range are valid. +- Fixed a bug (#4539) - :doc:`Migration Library <libraries/migration>` triggered failures for migrations that are out of the requested version range. Version 3.0.5 ============= diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index 8c2a56c5b..29f1a6d87 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -3,7 +3,8 @@ Downloading CodeIgniter ####################### - `CodeIgniter v3.1.0-dev (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/develop>`_ -- `CodeIgniter v3.0.6-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_ +- `CodeIgniter v3.0.7-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_ +- `CodeIgniter v3.0.6 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.6>`_ - `CodeIgniter v3.0.5 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.5>`_ - `CodeIgniter v3.0.4 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.4>`_ - `CodeIgniter v3.0.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.3>`_ diff --git a/user_guide_src/source/installation/upgrade_306.rst b/user_guide_src/source/installation/upgrade_306.rst index e9c4bdd79..3863e0afa 100644 --- a/user_guide_src/source/installation/upgrade_306.rst +++ b/user_guide_src/source/installation/upgrade_306.rst @@ -12,3 +12,37 @@ Replace all files and directories in your *system/* directory. .. note:: If you have any custom developed files in these directories, please make copies of them first. + +Step 2: Update your index.php file (optional) +============================================= + +We've made some tweaks to the index.php file, mostly related to proper +usage of directory separators (i.e. use the ``DIRECTORY_SEPARATOR`` +constant instead of a hard coded forward slash "/"). + +Nothing will break if you skip this step, but if you're running Windows +or just want to be up to date with every change - we do recommend that +you update your index.php file. + +*Tip: Just copy the ``ENVIRONMENT``, ``$system_path``, ``$application_folder`` +and ``$view_folder`` declarations from the old file and put them into the +new one, replacing the defaults.* + +Step 3: Remove 'prep_for_form' usage (deprecation) +================================================== + +The :doc:`Form Validation Library <../libraries/form_validation>` has a +``prep_for_form()`` method, which is/can also be used as a rule in +``set_rules()`` to automatically perform HTML encoding on input data. + +Automatically encoding input (instead of output) data is a bad practice in +the first place, and CodeIgniter and PHP itself offer other alternatives +to this method anyway. +For example, :doc:`Form Helper <../helpers/form_helper>` functions will +automatically perform HTML escaping when necessary. + +Therefore, the *prep_for_form* method/rule is pretty much useless and is now +deprecated and scheduled for removal in 3.1+. + +.. note:: The method is still available, but you're strongly encouraged to + remove its usage sooner rather than later. diff --git a/user_guide_src/source/installation/upgrade_307.rst b/user_guide_src/source/installation/upgrade_307.rst new file mode 100644 index 000000000..ee957aabf --- /dev/null +++ b/user_guide_src/source/installation/upgrade_307.rst @@ -0,0 +1,14 @@ +############################# +Upgrading from 3.0.6 to 3.0.7 +############################# + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index 12a30d181..f42db7be5 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -9,6 +9,7 @@ upgrading from. :titlesonly: Upgrading from 3.0.x to 3.1.x <upgrade_310> + Upgrading from 3.0.6 to 3.0.7 <upgrade_307> Upgrading from 3.0.5 to 3.0.6 <upgrade_306> Upgrading from 3.0.4 to 3.0.5 <upgrade_305> Upgrading from 3.0.3 to 3.0.4 <upgrade_304> diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 9189d082e..44adfd715 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -1007,14 +1007,14 @@ Prepping Reference The following is a list of all the prepping methods that are available to use: -==================== ========= ======================================================================================================= +==================== ========= ============================================================================================================== Name Parameter Description -==================== ========= ======================================================================================================= -**prep_for_form** No Converts special characters so that HTML data can be shown in a form field without breaking it. +==================== ========= ============================================================================================================== +**prep_for_form** No DEPRECATED: Converts special characters so that HTML data can be shown in a form field without breaking it. **prep_url** No Adds "\http://" to URLs if missing. **strip_image_tags** No Strips the HTML from image tags leaving the raw URL. **encode_php_tags** No Converts PHP tags to entities. -==================== ========= ======================================================================================================= +==================== ========= ============================================================================================================== .. note:: You can also use any native PHP functions that permits one parameter, like ``trim()``, ``htmlspecialchars()``, ``urldecode()``, |