diff options
| -rw-r--r-- | application/config/config.php | 14 | ||||
| -rw-r--r-- | application/config/user_agents.php | 2 | ||||
| -rw-r--r-- | system/core/Input.php | 47 | ||||
| -rw-r--r-- | system/helpers/cookie_helper.php | 3 | ||||
| -rw-r--r-- | system/helpers/url_helper.php | 3 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 26 | ||||
| -rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 25 | ||||
| -rw-r--r-- | system/libraries/User_agent.php | 30 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 13 | ||||
| -rw-r--r-- | user_guide_src/source/installation/upgrade_300.rst | 65 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 33 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/input.rst | 3 |
12 files changed, 222 insertions, 42 deletions
diff --git a/application/config/config.php b/application/config/config.php index 8d08a7401..cd2ca479b 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -327,6 +327,20 @@ $config['cookie_httponly'] = FALSE; /* |-------------------------------------------------------------------------- +| Standardize newlines +|-------------------------------------------------------------------------- +| +| Determines whether to standardize newline characters in input data, +| meaning to replace \r\n, \r, \n occurences with the PHP_EOL value. +| +| This is particularly useful for portability between UNIX-based OSes, +| (usually \n) and Windows (\r\n). +| +*/ +$config['standardize_newlines'] = TRUE; + +/* +|-------------------------------------------------------------------------- | Global XSS Filtering |-------------------------------------------------------------------------- | diff --git a/application/config/user_agents.php b/application/config/user_agents.php index e555d77c6..2af70bf9c 100644 --- a/application/config/user_agents.php +++ b/application/config/user_agents.php @@ -85,6 +85,8 @@ $browsers = array( 'OPR' => 'Opera', 'Flock' => 'Flock', 'Chrome' => 'Chrome', + // Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string + 'Opera.*?Version' => 'Opera', 'Opera' => 'Opera', 'MSIE' => 'Internet Explorer', 'Internet Explorer' => 'Internet Explorer', diff --git a/system/core/Input.php b/system/core/Input.php index 164867636..ccb70daec 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -63,7 +63,7 @@ class CI_Input { protected $_allow_get_array = TRUE; /** - * Standartize new lines flag + * Standardize new lines flag * * If set to TRUE, then newlines are standardized. * @@ -121,9 +121,10 @@ class CI_Input { { log_message('debug', 'Input Class Initialized'); - $this->_allow_get_array = (config_item('allow_get_array') === TRUE); - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_allow_get_array = (config_item('allow_get_array') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_sandardize_newlines = (bool) config_item('standardize_newlines'); global $SEC; $this->security =& $SEC; @@ -151,8 +152,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + if (isset($array[$index])) { $value = $array[$index]; @@ -197,8 +200,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + // Check if a field has been provided if ($index === NULL) { @@ -229,8 +234,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + // Check if a field has been provided if ($index === NULL) { @@ -261,8 +268,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function post_get($index = '', $xss_clean = FALSE) + public function post_get($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return isset($_POST[$index]) ? $this->post($index, $xss_clean) : $this->get($index, $xss_clean); @@ -277,8 +286,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return isset($_GET[$index]) ? $this->get($index, $xss_clean) : $this->post($index, $xss_clean); @@ -293,8 +304,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -307,8 +320,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function server($index = '', $xss_clean = FALSE) + public function server($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -323,8 +338,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function input_stream($index = '', $xss_clean = FALSE) + public function input_stream($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + // The input stream can only be read once, so we'll need to check // if we have already done that first. if (is_array($this->_input_stream)) @@ -760,12 +777,6 @@ class CI_Input { // Remove control characters $str = remove_invisible_characters($str, FALSE); - // Should we filter the input data? - if ($this->_enable_xss === TRUE) - { - $str = $this->security->xss_clean($str); - } - // Standardize newlines if needed if ($this->_standardize_newlines === TRUE) { diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php index 5cdcdd137..a79083a63 100644 --- a/system/helpers/cookie_helper.php +++ b/system/helpers/cookie_helper.php @@ -74,8 +74,9 @@ if ( ! function_exists('get_cookie')) * @param bool * @return mixed */ - function get_cookie($index, $xss_clean = FALSE) + function get_cookie($index, $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = (config_item('global_xss_filtering') === TRUE); $prefix = isset($_COOKIE[$index]) ? '' : config_item('cookie_prefix'); return get_instance()->input->cookie($prefix.$index, $xss_clean); } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 2d9289791..f819b96e9 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -91,7 +91,8 @@ if ( ! function_exists('current_url')) */ function current_url() { - return get_instance()->config->site_url($CI->uri->uri_string()); + $CI =& get_instance(); + return $CI->config->site_url($CI->uri->uri_string()); } } diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 852fc7144..58485916c 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -144,14 +144,16 @@ class CI_Form_validation { * Set Rules * * This function takes an array of field names and validation - * rules as input, validates the info, and stores it + * rules as input, any custom error messages, validates the info, + * and stores it * * @param mixed $field * @param string $label * @param mixed $rules + * @param array $errors * @return CI_Form_validation */ - public function set_rules($field, $label = '', $rules = '') + public function set_rules($field, $label = '', $rules = '', $errors = array()) { // No reason to set rules if we have no POST data // or a validation array has not been specified @@ -175,8 +177,11 @@ class CI_Form_validation { // If the field label wasn't passed we use the field name $label = isset($row['label']) ? $row['label'] : $row['field']; + // Add the custom error message array + $errors = (isset($row['errors']) && is_array($row['errors'])) ? $row['errors'] : array(); + // Here we go! - $this->set_rules($row['field'], $label, $row['rules']); + $this->set_rules($row['field'], $label, $row['rules'], $errors); } return $this; @@ -224,6 +229,7 @@ class CI_Form_validation { 'field' => $field, 'label' => $label, 'rules' => $rules, + 'errors' => $errors, 'is_array' => $is_array, 'keys' => $indexes, 'postdata' => NULL, @@ -602,7 +608,12 @@ class CI_Form_validation { // Set the message type $type = in_array('required', $rules) ? 'required' : 'isset'; - if (isset($this->_error_messages[$type])) + // Check if a custom message is defined + if (isset($this->_field_data[$row['field']]['errors'][$type])) + { + $line = $this->_field_data[$row['field']]['errors'][$type]; + } + elseif (isset($this->_error_messages[$type])) { $line = $this->_error_messages[$type]; } @@ -746,7 +757,12 @@ class CI_Form_validation { // Did the rule test negatively? If so, grab the error. if ($result === FALSE) { - if ( ! isset($this->_error_messages[$rule])) + // Check if a custom message is defined + if (isset($this->_field_data[$row['field']]['errors'][$rule])) + { + $line = $this->_field_data[$row['field']]['errors'][$rule]; + } + elseif ( ! isset($this->_error_messages[$rule])) { if (FALSE === ($line = $this->CI->lang->line('form_validation_'.$rule)) // DEPRECATED support for non-prefixed keys diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index dc75d8e8e..971dfeabe 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -165,6 +165,8 @@ class CI_Session_cookie extends CI_Session_driver { */ public $now; + // ------------------------------------------------------------------------ + /** * Default userdata keys * @@ -185,6 +187,15 @@ class CI_Session_cookie extends CI_Session_driver { protected $data_dirty = FALSE; /** + * Standardize newlines flag + * + * @var bool + */ + protected $_standardize_newlines; + + // ------------------------------------------------------------------------ + + /** * Initialize session driver object * * @return void @@ -209,9 +220,11 @@ class CI_Session_cookie extends CI_Session_driver { 'sess_time_to_update', 'time_reference', 'cookie_prefix', - 'encryption_key' + 'encryption_key', ); + $this->_standardize_newlines = (bool) config_item('standardize_newlines'); + foreach ($prefs as $key) { $this->$key = isset($this->_parent->params[$key]) @@ -695,6 +708,16 @@ class CI_Session_cookie extends CI_Session_driver { ? array_intersect_key($this->userdata, $this->defaults) : $this->userdata; + // The Input class will do this and since we use HMAC verification, + // unless we standardize here as well, the hash won't match. + if ($this->_standardize_newlines) + { + foreach (array_keys($this->userdata) as $key) + { + $this->userdata[$key] = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $this->userdata[$key]); + } + } + // Serialize the userdata for the cookie $cookie_data = serialize($cookie_data); diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php index 50ac9be98..3a6b6bc98 100644 --- a/system/libraries/User_agent.php +++ b/system/libraries/User_agent.php @@ -282,7 +282,7 @@ class CI_User_agent { { foreach ($this->browsers as $key => $val) { - if (preg_match('|'.preg_quote($key).'.*?([0-9\.]+)|i', $this->agent, $match)) + if (preg_match('|'.$key.'.*?([0-9\.]+)|i', $this->agent, $match)) { $this->is_browser = TRUE; $this->version = $match[1]; @@ -634,6 +634,34 @@ class CI_User_agent { return in_array(strtolower($charset), $this->charsets(), TRUE); } + // -------------------------------------------------------------------- + + /** + * Parse a custom user-agent string + * + * @param string $string + * @return void + */ + public function parse($string) + { + // Reset values + $this->is_browser = FALSE; + $this->is_robot = FALSE; + $this->is_mobile = FALSE; + $this->browser = ''; + $this->version = ''; + $this->mobile = ''; + $this->robot = ''; + + // Set the new user-agent string and parse it, unless empty + $this->agent = $string; + + if ( ! empty($string)) + { + $this->_compile_data(); + } + } + } /* End of file User_agent.php */ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index ff7c09b48..c186781d1 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -20,6 +20,7 @@ Release Date: Not Released - PHP 5.1.6 is no longer supported. CodeIgniter now requires PHP 5.2.4. - Changed filenaming convention (class file names now must be Ucfirst and everything else in lowercase). + - Changed the default database driver to 'mysqli' (the old 'mysql' driver is DEPRECATED). - ``$_SERVER['CI_ENV']`` can now be set to control the ``ENVIRONMENT`` constant. - Added an optional backtrace to php-error template. - Added Android to the list of user agents. @@ -58,6 +59,7 @@ Release Date: Not Released - Added support non-HTML error templates for CLI applications. - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required. - Added support for changing the file extension of log files using ``$config['log_file_extension']``. + - Added support for turning newline standardization on/off via ``$config['standardize_newlines']``. - Helpers @@ -138,6 +140,7 @@ Release Date: Not Released - Database + - DEPRECATED the 'mysql', 'sqlite', 'mssql' and 'pdo/dblib' (also known as 'pdo/mssql' or 'pdo/sybase') drivers. - Added **dsn** configuration setting for drivers that support DSN strings (PDO, PostgreSQL, Oracle, ODBC, CUBRID). - Added **schema** configuration setting (defaults to *public*) for drivers that might need it (currently used by PostgreSQL and ODBC). - Added subdrivers support (currently only used by PDO). @@ -316,6 +319,7 @@ Release Date: Not Released - Added support for named parameters in error messages. - :doc:`Language <libraries/language>` line keys must now be prefixed with **form_validation_**. - Added rule **alpha_numeric_spaces**. + - Added support for custom error messages per field rule. - :doc:`Caching Library <libraries/caching>` changes include: @@ -371,7 +375,11 @@ Release Date: Not Released - Added the ability to use a proxy. - Added Basic HTTP authentication support. - - :doc:`User Agent Library <libraries/user_agent>` will now check if robots are pretending to be mobile clients (helps with e.g. Google indexing mobile website versions). + - :doc:`User Agent Library <libraries/user_agent>` changes include: + + - Added check to detect if robots are pretending to be mobile clients (helps with e.g. Google indexing mobile website versions). + - Added method ``parse()`` to allow parsing a custom user-agent string, different from the current visitor's. + - Added support for setting :doc:`Table <libraries/table>` class defaults in a config file. - :doc:`Zip Library <libraries/zip>` method ``read_file()`` can now also alter the original file path/name while adding files to an archive. @@ -407,6 +415,7 @@ Release Date: Not Released - Changed method ``valid_ip()`` to use PHP's native ``filter_var()`` function. - Changed internal method ``_sanitize_globals()`` to skip enforcing reversal of *register_globals* in PHP 5.4+, where this functionality no longer exists. - Changed methods ``get()``, ``post()``, ``get_post()``, ``cookie()``, ``server()``, ``user_agent()`` to return NULL instead of FALSE when no value is found. + - Changed default value of the ``$xss_clean`` parameter to NULL for all methods that utilize it, the default value is now determined by the ``$config['global_xss_filtering']`` setting. - Added method ``post_get()`` and changed ``get_post()`` to search in GET data first. Both methods' names now properly match their GET/POST data search priorities. - Changed method ``_fetch_from_array()`` to parse array notation in field name. - Added an option for ``_clean_input_keys()`` to return FALSE instead of terminating the whole script. @@ -651,6 +660,8 @@ Bug fixes for 3.0 - Fixed a bug (#2143) - :doc:`Form Validation Library <libraries/form_validation>` didn't check for rule groups named in a *controller/method* manner when trying to load from a config file. - Fixed a bug (#2762) - :doc:`Hooks Class <general/hooks>` didn't properly check if the called class/function exists. - Fixed a bug (#148) - while sanitizing input data, ``CI_Input::_clean_input_data()`` assumed that it is URL-encoded, stripping certain character sequences from it. +- Fixed a bug (#346) - with ``$config['global_xss_filtering']`` turned on, the ``$_GET``, ``$_POST``, ``$_COOKIE`` and ``$_SERVER`` superglobals were overwritten during initialization time, resulting in XSS filtering being either performed twice or there was no possible way to get the original data, even though options for this do exist. +- Fixed an edge case (#555) - incorrect browser version was reported for Opera 10+ due to a non-standard user-agent string. Version 2.1.4 ============= diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 41153df16..ca7569b57 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -188,8 +188,39 @@ Many methods and functions now return NULL instead of FALSE when the required it - element() - elements() +******************************* +Step 11: Usage of XSS filtering +******************************* + +Many functions in CodeIgniter allow you to use its XSS filtering feature +on demand by passing a boolean parameter. The default value of that +parameter used to be boolean FALSE, but it is now changed to NULL and it +will be dynamically determined by your ``$config['global_xss_filtering']`` +value. + +If you used to manually pass a boolean value for the ``$xss_filter`` +parameter or if you've always had ``$config['global_xss_filtering']`` set +to FALSE, then this change doesn't concern you. + +Otherwise however, please review your usage of the following functions: + + - :doc:`Input Library <../libraries/input>` + + - input->get() + - input->post() + - input->get_post() + - input->cookie() + - input->server() + - input->input_stream() + + - :doc:`Cookie Helper <../helpers/cookie_helper>` :func:`get_cookie()` + +.. important:: Another related change is that the ``$_GET``, ``$_POST``, + ``$_COOKIE`` and ``$_SERVER`` superglobals are no longer + automatically overwritten when global XSS filtering is turned on. + ******************************************************** -Step 11: Update usage of Input Class's get_post() method +Step 12: Update usage of Input Class's get_post() method ******************************************************** Previously, the :doc:`Input Class <../libraries/input>` method ``get_post()`` @@ -200,14 +231,14 @@ A method has been added, ``post_get()``, which searches in POST then in GET, as ``get_post()`` was doing before. *********************************************************************** -Step 12: Update usage of Directory Helper's directory_map() function +Step 13: Update usage of Directory Helper's directory_map() function *********************************************************************** In the resulting array, directories now end with a trailing directory separator (i.e. a slash, usually). ************************************************************* -Step 13: Update usage of Database Forge's drop_table() method +Step 14: Update usage of Database Forge's drop_table() method ************************************************************* Up until now, ``drop_table()`` added an IF EXISTS clause by default or it didn't work @@ -229,7 +260,7 @@ If your application relies on IF EXISTS, you'll have to change its usage. all drivers with the exception of ODBC. *********************************************************** -Step 14: Change usage of Email library with multiple emails +Step 15: Change usage of Email library with multiple emails *********************************************************** The :doc:`Email Library <../libraries/email>` will automatically clear the @@ -244,7 +275,7 @@ pass FALSE as the first parameter in the ``send()`` method: } *************************************************** -Step 15: Update your Form_validation language lines +Step 16: Update your Form_validation language lines *************************************************** Two improvements have been made to the :doc:`Form Validation Library @@ -275,7 +306,7 @@ files and error messages format: later. **************************************************************** -Step 16: Remove usage of (previously) deprecated functionalities +Step 17: Remove usage of (previously) deprecated functionalities **************************************************************** In addition to the ``$autoload['core']`` configuration setting, there's a @@ -302,6 +333,26 @@ Smiley helper js_insert_smiley() :doc:`Smiley Helper <../helpers/smiley_helper>` function ``js_insert_smiley()`` has been deprecated since CodeIgniter 1.7.2 and is now removed. You'll need to switch to ``smiley_js()`` instead. +Database drivers 'mysql', 'sqlite', 'mssql', 'pdo/dblib' +======================================================== + +The **mysql** driver utilizes the old 'mysql' PHP extension, known for its aging code base and +many low-level problems. The extension is deprecated as of PHP 5.5 and CodeIgniter deprecates +it in version 3.0, switching the default configured MySQL driver to **mysqli**. + +Please use either the 'mysqli' or 'pdo/mysql' drivers for MySQL. The old 'mysql' driver will be +removed at some point in the future. + +The **sqlite**, **mssql** and **pdo/dblib** (also known as pdo/mssql or pdo/sybase) drivers +all depend on PHP extensions that for different reasons no longer exist since PHP 5.3. + +Therefore we are now deprecating these drivers as we will have to remove them in one of the next +CodeIgniter versions. You should use the more advanced, **sqlite3**, **sqlsrv** or **pdo/sqlsrv** +drivers respectively. + +.. note:: These drivers are still available, but you're strongly encouraged to switch to other ones + sooner rather than later. + Security helper do_hash() ========================= @@ -491,7 +542,7 @@ CodeIgniter 3.1+. sooner rather than later. *********************************************************** -Step 17: Check your usage of Text helper highlight_phrase() +Step 18: Check your usage of Text helper highlight_phrase() *********************************************************** The default HTML tag used by :doc:`Text Helper <../helpers/text_helper>` function diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 8534175bb..1076b1433 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -200,6 +200,7 @@ The above method takes **three** parameters as input: message. For example, if your field is named "user" you might give it a human name of "Username". #. The validation rules for this form field. +#. (optional) Set custom error messages on any rules given for current field. If not provided will use the default one. .. note:: If you would like the field name to be stored in a language file, please see :ref:`translating-field-names`. @@ -225,7 +226,9 @@ Your controller should now look like this:: $this->load->library('form_validation'); $this->form_validation->set_rules('username', 'Username', 'required'); - $this->form_validation->set_rules('password', 'Password', 'required'); + $this->form_validation->set_rules('password', 'Password', 'required', + array('required' => 'You must provide a %s.') + ); $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required'); $this->form_validation->set_rules('email', 'Email', 'required'); @@ -263,7 +266,10 @@ you use this approach, you must name your array keys as indicated:: array( 'field' => 'password', 'label' => 'Password', - 'rules' => 'required' + 'rules' => 'required', + 'errors' => array( + 'required' => 'You must provide a %s.', + ), ), array( 'field' => 'passconf', @@ -285,7 +291,14 @@ Cascading Rules CodeIgniter lets you pipe multiple rules together. Let's try it. Change your rules in the third parameter of rule setting method, like this:: - $this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]|is_unique[users.username]'); + $this->form_validation->set_rules( + 'username', 'Username', + 'required|min_length[5]|max_length[12]|is_unique[users.username]', + array( + 'required' => 'You have not provided %s.', + 'is_unique' => 'This %s already exists.' + ) + ); $this->form_validation->set_rules('password', 'Password', 'required'); $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required|matches[password]'); $this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]'); @@ -469,11 +482,18 @@ Setting Error Messages All of the native error messages are located in the following language file: **system/language/english/form_validation_lang.php** -To set your own custom message you can either edit that file, or use the -following method:: +To set your own global custom message for a rule, you can either +edit that file, or use the following method:: $this->form_validation->set_message('rule', 'Error Message'); +If you need to set a custom error message for a particular field on +some particular rule, use the set_rules() method:: + + $this->form_validation->set_rules('field_name', 'Field Label', 'rule1|rule2|rule3', + array('rule2' => 'Error Message on rule2 for this field_name') + ); + Where rule corresponds to the name of a particular rule, and Error Message is the text you would like displayed. @@ -941,11 +961,12 @@ The following methods are intended for use in your controller. $this->form_validation->set_rules() =================================== - .. php:method:: set_rules ($field, $label = '', $rules = '') + .. php:method:: set_rules ($field, $label = '', $rules = '', $errors = array()) :param string $field: The field name :param string $label: The field label :param mixed $rules: The rules, as a string with rules separated by a pipe "|", or an array or rules. + :param array $errors: Custom error messages :rtype: Object Permits you to set validation rules, as described in the tutorial diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index b58ed2f0d..72746c147 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -25,7 +25,8 @@ following: (and a few other) characters. - Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request. -- Standardizes newline characters to \\n(In Windows \\r\\n) +- Standardizes newline characters to ``PHP_EOL`` (\\n in UNIX-based OSes, + \\r\\n under Windows). This is configurable. XSS Filtering ============= |