summaryrefslogtreecommitdiffstats
path: root/system/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'system/helpers')
-rw-r--r--system/helpers/date_helper.php17
-rw-r--r--system/helpers/file_helper.php10
-rw-r--r--system/helpers/form_helper.php76
-rw-r--r--system/helpers/security_helper.php10
-rw-r--r--system/helpers/string_helper.php7
-rw-r--r--system/helpers/text_helper.php11
6 files changed, 50 insertions, 81 deletions
diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php
index 51b2b76db..5d9251526 100644
--- a/system/helpers/date_helper.php
+++ b/system/helpers/date_helper.php
@@ -119,19 +119,16 @@ if ( ! function_exists('standard_date'))
*
* As of PHP 5.2, the DateTime extension provides constants that
* serve for the exact same purpose and are used with date().
- * Due to that, this function is DEPRECATED and should be removed
- * in CodeIgniter 3.1+.
*
- * Here are two examples of how you should replace it:
+ * @todo Remove in version 3.1+.
+ * @deprecated 3.0.0 Use PHP's native date() instead.
+ * @link http://www.php.net/manual/en/class.datetime.php#datetime.constants.types
*
- * date(DATE_RFC822, now()); // default
- * date(DATE_W3C, $time); // a different format and time
+ * @example date(DATE_RFC822, now()); // default
+ * @example date(DATE_W3C, $time); // a different format and time
*
- * Reference: http://www.php.net/manual/en/class.datetime.php#datetime.constants.types
- *
- * @deprecated
- * @param string the chosen format
- * @param int Unix timestamp
+ * @param string $fmt = 'DATE_RFC822' the chosen format
+ * @param int $time = NULL Unix timestamp
* @return string
*/
function standard_date($fmt = 'DATE_RFC822', $time = NULL)
diff --git a/system/helpers/file_helper.php b/system/helpers/file_helper.php
index 441345b05..8f23a3d54 100644
--- a/system/helpers/file_helper.php
+++ b/system/helpers/file_helper.php
@@ -44,12 +44,10 @@ if ( ! function_exists('read_file'))
*
* Opens the file specfied in the path and returns it as a string.
*
- * This function is DEPRECATED and should be removed in
- * CodeIgniter 3.1+. Use file_get_contents() instead.
- *
- * @deprecated
- * @param string path to file
- * @return string
+ * @todo Remove in version 3.1+.
+ * @deprecated 3.0.0 It is now just an alias for PHP's native file_get_contents().
+ * @param string $file Path to file
+ * @return string File contents
*/
function read_file($file)
{
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 1bccac35c..622622c0e 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -149,7 +149,7 @@ if ( ! function_exists('form_hidden'))
if ( ! is_array($value))
{
- $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name)."\" />\n";
+ $form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value)."\" />\n";
}
else
{
@@ -263,7 +263,7 @@ if ( ! function_exists('form_textarea'))
}
$name = is_array($data) ? $data['name'] : $data;
- return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, $name)."</textarea>\n";
+ return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.html_escape($val)."</textarea>\n";
}
}
@@ -298,10 +298,10 @@ if ( ! function_exists('form_dropdown'))
/**
* Drop-down Menu
*
- * @param string
- * @param array
- * @param string
- * @param string
+ * @param mixed $name = ''
+ * @param mixed $options = array()
+ * @param mixed $selected = array()
+ * @param mixed $extra = array()
* @return string
*/
function form_dropdown($name = '', $options = array(), $selected = array(), $extra = '')
@@ -316,10 +316,7 @@ if ( ! function_exists('form_dropdown'))
return form_dropdown($name['name'], $name['options'], $name['selected'], $name['extra']);
}
- if ( ! is_array($selected))
- {
- $selected = array($selected);
- }
+ is_array($selected) OR $selected = array($selected);
// If no selected state was submitted we will attempt to set it automatically
if (count($selected) === 0 && isset($_POST[$name]))
@@ -352,14 +349,17 @@ if ( ! function_exists('form_dropdown'))
foreach ($val as $optgroup_key => $optgroup_val)
{
$sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : '';
- $form .= '<option value="'.$optgroup_key.'"'.$sel.'>'.(string) $optgroup_val."</option>\n";
+ $form .= '<option value="'.html_escape($optgroup_key).'"'.$sel.'>'
+ .(string) $optgroup_val."</option>\n";
}
$form .= "</optgroup>\n";
}
else
{
- $form .= '<option value="'.$key.'"'.(in_array($key, $selected) ? ' selected="selected"' : '').'>'.(string) $val."</option>\n";
+ $form .= '<option value="'.html_escape($key).'"'
+ .(in_array($key, $selected) ? ' selected="selected"' : '').'>'
+ .(string) $val."</option>\n";
}
}
@@ -600,44 +600,16 @@ if ( ! function_exists('form_prep'))
*
* Formats text so that it can be safely placed in a form field in the event it has HTML tags.
*
- * @param string
- * @param string
+ * @todo Remove in version 3.1+.
+ * @deprecated 3.0.0 This function has been broken for a long time
+ * and is now just an alias for html_escape(). It's
+ * second argument is ignored.
+ * @param string $str = ''
+ * @param string $field_name = ''
* @return string
*/
function form_prep($str = '', $field_name = '')
{
- static $prepped_fields = array();
-
- // if the field name is an array we do this recursively
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = form_prep($val);
- }
-
- return $str;
- }
-
- if ($str === '')
- {
- return '';
- }
-
- // we've already prepped a field with this name
- // @todo need to figure out a way to namespace this so
- // that we know the *exact* field and not just one with
- // the same name
- if (isset($prepped_fields[$field_name]))
- {
- return $str;
- }
-
- if ($field_name !== '')
- {
- $prepped_fields[$field_name] = $field_name;
- }
-
return html_escape($str);
}
}
@@ -663,13 +635,13 @@ if ( ! function_exists('set_value'))
{
if ( ! isset($_POST[$field]))
{
- return $default;
+ return html_escape($default);
}
- return form_prep($_POST[$field], $field);
+ return html_escape($_POST[$field]);
}
- return form_prep($OBJ->set_value($field, $default), $field);
+ return html_escape($OBJ->set_value($field, $default));
}
}
@@ -919,7 +891,11 @@ if ( ! function_exists('_parse_form_attributes'))
{
if ($key === 'value')
{
- $val = form_prep($val, $default['name']);
+ $val = html_escape($val);
+ }
+ elseif ($key === 'name' && ! strlen($default['name']))
+ {
+ continue;
}
$att .= $key.'="'.$val.'" ';
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php
index 5ecc960bc..8bbd06684 100644
--- a/system/helpers/security_helper.php
+++ b/system/helpers/security_helper.php
@@ -77,12 +77,10 @@ if ( ! function_exists('do_hash'))
/**
* Hash encode a string
*
- * This function is DEPRECATED and should be removed in
- * CodeIgniter 3.1+. Use hash() instead.
- *
- * @deprecated
- * @param string
- * @param string
+ * @todo Remove in version 3.1+.
+ * @deprecated 3.0.0 Use PHP's native hash() instead.
+ * @param string $str
+ * @param string $type = 'sha1'
* @return string
*/
function do_hash($str, $type = 'sha1')
diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php
index 4eee2a262..c5c493452 100644
--- a/system/helpers/string_helper.php
+++ b/system/helpers/string_helper.php
@@ -276,8 +276,11 @@ if ( ! function_exists('repeater'))
/**
* Repeater function
*
- * @param string
- * @param int number of repeats
+ * @todo Remove in version 3.1+.
+ * @deprecated 3.0.0 This is just an alias for PHP's native str_repeat()
+ *
+ * @param string $data String to repeat
+ * @param int $num Number of repeats
* @return string
*/
function repeater($data, $num = 1)
diff --git a/system/helpers/text_helper.php b/system/helpers/text_helper.php
index 016a36c57..89602fc28 100644
--- a/system/helpers/text_helper.php
+++ b/system/helpers/text_helper.php
@@ -118,18 +118,15 @@ if ( ! function_exists('ascii_to_entities'))
/**
* High ASCII to Entities
*
- * Converts High ascii text and MS Word special characters to character entities
+ * Converts high ASCII text and MS Word special characters to character entities
*
- * @param string
+ * @param string $str
* @return string
*/
function ascii_to_entities($str)
{
- $count = 1;
- $out = '';
- $temp = array();
-
- for ($i = 0, $s = strlen($str); $i < $s; $i++)
+ $out = '';
+ for ($i = 0, $s = strlen($str), $count = 1, $temp = array(); $i < $s; $i++)
{
$ordinal = ord($str[$i]);