diff options
Diffstat (limited to 'system/libraries/Cart.php')
-rw-r--r-- | system/libraries/Cart.php | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index a0e1bb91e..13485a3ee 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -41,6 +41,7 @@ class CI_Cart { // These are the regular expression rules that we use to validate the product ID and product name var $product_id_rules = '\.a-z0-9_-'; // alpha-numeric, dashes, underscores, or periods var $product_name_rules = '\.\:\-_ a-z0-9'; // alpha-numeric, dashes, underscores, colons or periods + var $product_name_safe = true; // only allow safe product names // Private variables. Do not change! var $CI; @@ -195,10 +196,13 @@ class CI_Cart { // Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods. // Note: These can be user-specified by setting the $this->product_name_rules variable. - if ( ! preg_match("/^[".$this->product_name_rules."]+$/i", $items['name'])) + if($this->product_name_safe) { - log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); - return FALSE; + if ( ! preg_match("/^[".$this->product_name_rules."]+$/i", $items['name'])) + { + log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); + return FALSE; + } } // -------------------------------------------------------------------- @@ -242,7 +246,18 @@ class CI_Cart { // -------------------------------------------------------------------- // Now that we have our unique "row ID", we'll add our cart items to the master array - + // grab quantity if it's already there and add it on + if(isset($this->_cart_contents[$rowid]['qty'])) + { + // set our old quantity + $old_quantity = (int)$this->_cart_contents[$rowid]['qty']; + } + else + { + // we have no old quantity but - we don't want to throw an error + $old_quantity = 0; + } + // let's unset this first, just to make sure our index contains only the data from this submission unset($this->_cart_contents[$rowid]); @@ -254,7 +269,10 @@ class CI_Cart { { $this->_cart_contents[$rowid][$key] = $val; } - + + // add old quantity back in + $this->_cart_contents[$rowid]['qty'] = ($this->_cart_contents[$rowid]['qty'] + $old_quantity); + // Woot! return $rowid; } |