diff options
Diffstat (limited to 'system/helpers')
-rw-r--r-- | system/helpers/date_helper.php | 17 | ||||
-rw-r--r-- | system/helpers/file_helper.php | 10 | ||||
-rw-r--r-- | system/helpers/form_helper.php | 76 | ||||
-rw-r--r-- | system/helpers/security_helper.php | 10 | ||||
-rw-r--r-- | system/helpers/string_helper.php | 7 | ||||
-rw-r--r-- | system/helpers/text_helper.php | 11 |
6 files changed, 50 insertions, 81 deletions
diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 51b2b76db..5d9251526 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -119,19 +119,16 @@ if ( ! function_exists('standard_date')) * * As of PHP 5.2, the DateTime extension provides constants that * serve for the exact same purpose and are used with date(). - * Due to that, this function is DEPRECATED and should be removed - * in CodeIgniter 3.1+. * - * Here are two examples of how you should replace it: + * @todo Remove in version 3.1+. + * @deprecated 3.0.0 Use PHP's native date() instead. + * @link http://www.php.net/manual/en/class.datetime.php#datetime.constants.types * - * date(DATE_RFC822, now()); // default - * date(DATE_W3C, $time); // a different format and time + * @example date(DATE_RFC822, now()); // default + * @example date(DATE_W3C, $time); // a different format and time * - * Reference: http://www.php.net/manual/en/class.datetime.php#datetime.constants.types - * - * @deprecated - * @param string the chosen format - * @param int Unix timestamp + * @param string $fmt = 'DATE_RFC822' the chosen format + * @param int $time = NULL Unix timestamp * @return string */ function standard_date($fmt = 'DATE_RFC822', $time = NULL) diff --git a/system/helpers/file_helper.php b/system/helpers/file_helper.php index 441345b05..8f23a3d54 100644 --- a/system/helpers/file_helper.php +++ b/system/helpers/file_helper.php @@ -44,12 +44,10 @@ if ( ! function_exists('read_file')) * * Opens the file specfied in the path and returns it as a string. * - * This function is DEPRECATED and should be removed in - * CodeIgniter 3.1+. Use file_get_contents() instead. - * - * @deprecated - * @param string path to file - * @return string + * @todo Remove in version 3.1+. + * @deprecated 3.0.0 It is now just an alias for PHP's native file_get_contents(). + * @param string $file Path to file + * @return string File contents */ function read_file($file) { diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 1bccac35c..622622c0e 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -149,7 +149,7 @@ if ( ! function_exists('form_hidden')) if ( ! is_array($value)) { - $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name)."\" />\n"; + $form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value)."\" />\n"; } else { @@ -263,7 +263,7 @@ if ( ! function_exists('form_textarea')) } $name = is_array($data) ? $data['name'] : $data; - return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, $name)."</textarea>\n"; + return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.html_escape($val)."</textarea>\n"; } } @@ -298,10 +298,10 @@ if ( ! function_exists('form_dropdown')) /** * Drop-down Menu * - * @param string - * @param array - * @param string - * @param string + * @param mixed $name = '' + * @param mixed $options = array() + * @param mixed $selected = array() + * @param mixed $extra = array() * @return string */ function form_dropdown($name = '', $options = array(), $selected = array(), $extra = '') @@ -316,10 +316,7 @@ if ( ! function_exists('form_dropdown')) return form_dropdown($name['name'], $name['options'], $name['selected'], $name['extra']); } - if ( ! is_array($selected)) - { - $selected = array($selected); - } + is_array($selected) OR $selected = array($selected); // If no selected state was submitted we will attempt to set it automatically if (count($selected) === 0 && isset($_POST[$name])) @@ -352,14 +349,17 @@ if ( ! function_exists('form_dropdown')) foreach ($val as $optgroup_key => $optgroup_val) { $sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : ''; - $form .= '<option value="'.$optgroup_key.'"'.$sel.'>'.(string) $optgroup_val."</option>\n"; + $form .= '<option value="'.html_escape($optgroup_key).'"'.$sel.'>' + .(string) $optgroup_val."</option>\n"; } $form .= "</optgroup>\n"; } else { - $form .= '<option value="'.$key.'"'.(in_array($key, $selected) ? ' selected="selected"' : '').'>'.(string) $val."</option>\n"; + $form .= '<option value="'.html_escape($key).'"' + .(in_array($key, $selected) ? ' selected="selected"' : '').'>' + .(string) $val."</option>\n"; } } @@ -600,44 +600,16 @@ if ( ! function_exists('form_prep')) * * Formats text so that it can be safely placed in a form field in the event it has HTML tags. * - * @param string - * @param string + * @todo Remove in version 3.1+. + * @deprecated 3.0.0 This function has been broken for a long time + * and is now just an alias for html_escape(). It's + * second argument is ignored. + * @param string $str = '' + * @param string $field_name = '' * @return string */ function form_prep($str = '', $field_name = '') { - static $prepped_fields = array(); - - // if the field name is an array we do this recursively - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = form_prep($val); - } - - return $str; - } - - if ($str === '') - { - return ''; - } - - // we've already prepped a field with this name - // @todo need to figure out a way to namespace this so - // that we know the *exact* field and not just one with - // the same name - if (isset($prepped_fields[$field_name])) - { - return $str; - } - - if ($field_name !== '') - { - $prepped_fields[$field_name] = $field_name; - } - return html_escape($str); } } @@ -663,13 +635,13 @@ if ( ! function_exists('set_value')) { if ( ! isset($_POST[$field])) { - return $default; + return html_escape($default); } - return form_prep($_POST[$field], $field); + return html_escape($_POST[$field]); } - return form_prep($OBJ->set_value($field, $default), $field); + return html_escape($OBJ->set_value($field, $default)); } } @@ -919,7 +891,11 @@ if ( ! function_exists('_parse_form_attributes')) { if ($key === 'value') { - $val = form_prep($val, $default['name']); + $val = html_escape($val); + } + elseif ($key === 'name' && ! strlen($default['name'])) + { + continue; } $att .= $key.'="'.$val.'" '; diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 5ecc960bc..8bbd06684 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -77,12 +77,10 @@ if ( ! function_exists('do_hash')) /** * Hash encode a string * - * This function is DEPRECATED and should be removed in - * CodeIgniter 3.1+. Use hash() instead. - * - * @deprecated - * @param string - * @param string + * @todo Remove in version 3.1+. + * @deprecated 3.0.0 Use PHP's native hash() instead. + * @param string $str + * @param string $type = 'sha1' * @return string */ function do_hash($str, $type = 'sha1') diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php index 4eee2a262..c5c493452 100644 --- a/system/helpers/string_helper.php +++ b/system/helpers/string_helper.php @@ -276,8 +276,11 @@ if ( ! function_exists('repeater')) /** * Repeater function * - * @param string - * @param int number of repeats + * @todo Remove in version 3.1+. + * @deprecated 3.0.0 This is just an alias for PHP's native str_repeat() + * + * @param string $data String to repeat + * @param int $num Number of repeats * @return string */ function repeater($data, $num = 1) diff --git a/system/helpers/text_helper.php b/system/helpers/text_helper.php index 016a36c57..89602fc28 100644 --- a/system/helpers/text_helper.php +++ b/system/helpers/text_helper.php @@ -118,18 +118,15 @@ if ( ! function_exists('ascii_to_entities')) /** * High ASCII to Entities * - * Converts High ascii text and MS Word special characters to character entities + * Converts high ASCII text and MS Word special characters to character entities * - * @param string + * @param string $str * @return string */ function ascii_to_entities($str) { - $count = 1; - $out = ''; - $temp = array(); - - for ($i = 0, $s = strlen($str); $i < $s; $i++) + $out = ''; + for ($i = 0, $s = strlen($str), $count = 1, $temp = array(); $i < $s; $i++) { $ordinal = ord($str[$i]); |