diff options
Diffstat (limited to 'system/libraries/Form_validation.php')
| -rw-r--r-- | system/libraries/Form_validation.php | 99 |
1 files changed, 64 insertions, 35 deletions
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 67cbfd1a0..b490a34ca 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -187,14 +187,20 @@ class CI_Form_validation { return $this; } + // Convert an array of rules to a string + if (is_array($rules)) + { + $rules = implode('|', $rules); + } + // No fields? Nothing to do... - if ( ! is_string($field) OR ! is_string($rules) OR $field == '') + if ( ! is_string($field) OR ! is_string($rules) OR $field === '') { return $this; } // If the field label wasn't passed we use the field name - $label = ($label == '') ? $field : $label; + $label = ($label === '') ? $field : $label; // Is the field name an array? If it is an array, we break it apart // into its components so that we can fetch the corresponding POST data later @@ -207,7 +213,7 @@ class CI_Form_validation { for ($i = 0, $c = count($matches[0]); $i < $c; $i++) { - if ($matches[1][$i] != '') + if ($matches[1][$i] !== '') { $indexes[] = $matches[1][$i]; } @@ -318,12 +324,12 @@ class CI_Form_validation { return ''; } - if ($prefix == '') + if ($prefix === '') { $prefix = $this->_error_prefix; } - if ($suffix == '') + if ($suffix === '') { $suffix = $this->_error_suffix; } @@ -364,12 +370,12 @@ class CI_Form_validation { return ''; } - if ($prefix == '') + if ($prefix === '') { $prefix = $this->_error_prefix; } - if ($suffix == '') + if ($suffix === '') { $suffix = $this->_error_suffix; } @@ -378,7 +384,7 @@ class CI_Form_validation { $str = ''; foreach ($this->_error_array as $val) { - if ($val != '') + if ($val !== '') { $str .= $prefix.$val.$suffix."\n"; } @@ -417,9 +423,9 @@ class CI_Form_validation { } // Is there a validation rule for the particular URI being accessed? - $uri = ($group == '') ? trim($this->CI->uri->ruri_string(), '/') : $group; + $uri = ($group === '') ? trim($this->CI->uri->ruri_string(), '/') : $group; - if ($uri != '' && isset($this->_config_rules[$uri])) + if ($uri !== '' && isset($this->_config_rules[$uri])) { $this->set_rules($this->_config_rules[$uri]); } @@ -454,6 +460,12 @@ class CI_Form_validation { $this->_field_data[$field]['postdata'] = $validation_array[$field]; } + // Don't try to validate if we have no rules set + if (empty($row['rules'])) + { + continue; + } + $this->_execute($row, explode('|', $row['rules']), $this->_field_data[$field]['postdata']); } @@ -565,8 +577,7 @@ class CI_Form_validation { { foreach ($postdata as $key => $val) { - $this->_execute($row, $rules, $val, $cycles); - $cycles++; + $this->_execute($row, $rules, $val, $key); } return; @@ -629,7 +640,7 @@ class CI_Form_validation { // We set the $postdata variable with the current data in our master array so that // each cycle of the loop is dealing with the processed data from the last cycle - if ($row['is_array'] == TRUE && is_array($this->_field_data[$row['field']]['postdata'])) + if ($row['is_array'] === TRUE && is_array($this->_field_data[$row['field']]['postdata'])) { // We shouldn't need this safety, but just in case there isn't an array index // associated with this cycle we'll bail out @@ -643,7 +654,12 @@ class CI_Form_validation { } else { - $postdata = $this->_field_data[$row['field']]['postdata']; + // If we get an array field, but it's not expected - then it is most likely + // somebody messing with the form on the client side, so we'll just consider + // it an empty field + $postdata = is_array($this->_field_data[$row['field']]['postdata']) + ? NULL + : $this->_field_data[$row['field']]['postdata']; } // Is the rule a callback? @@ -852,7 +868,7 @@ class CI_Form_validation { return ''; } } - elseif (($field == '' OR $value == '') OR ($field != $value)) + elseif (($field === '' OR $value === '') OR ($field !== $value)) { return ''; } @@ -888,7 +904,7 @@ class CI_Form_validation { return ''; } } - elseif (($field == '' OR $value == '') OR ($field != $value)) + elseif (($field === '' OR $value === '') OR ($field !== $value)) { return ''; } @@ -987,15 +1003,19 @@ class CI_Form_validation { * Minimum Length * * @param string - * @param int + * @param string * @return bool */ public function min_length($str, $val) { - if (preg_match('/[^0-9]/', $val)) + if ( ! is_numeric($val)) { return FALSE; } + else + { + $val = (int) $val; + } return (MB_ENABLED === TRUE) ? ($val <= mb_strlen($str)) @@ -1008,15 +1028,19 @@ class CI_Form_validation { * Max Length * * @param string - * @param int + * @param string * @return bool */ public function max_length($str, $val) { - if (preg_match('/[^0-9]/', $val)) + if ( ! is_numeric($val)) { return FALSE; } + else + { + $val = (int) $val; + } return (MB_ENABLED === TRUE) ? ($val >= mb_strlen($str)) @@ -1029,19 +1053,23 @@ class CI_Form_validation { * Exact Length * * @param string - * @param int + * @param string * @return bool */ public function exact_length($str, $val) { - if (preg_match('/[^0-9]/', $val)) + if ( ! is_numeric($val)) { return FALSE; } + else + { + $val = (int) $val; + } return (MB_ENABLED === TRUE) - ? (mb_strlen($str) == $val) - : (strlen($str) == $val); + ? (mb_strlen($str) === $val) + : (strlen($str) === $val); } // -------------------------------------------------------------------- @@ -1054,7 +1082,7 @@ class CI_Form_validation { */ public function valid_email($str) { - return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $str); + return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); } // -------------------------------------------------------------------- @@ -1089,11 +1117,12 @@ class CI_Form_validation { * Validate IP Address * * @param string + * @param string 'ipv4' or 'ipv6' to validate a specific IP format * @return bool */ - public function valid_ip($ip) + public function valid_ip($ip, $which = '') { - return $this->CI->input->valid_ip($ip); + return $this->CI->input->valid_ip($ip, $which); } // -------------------------------------------------------------------- @@ -1106,7 +1135,7 @@ class CI_Form_validation { */ public function alpha($str) { - return (bool) preg_match('/^[a-z]+$/i', $str); + return ctype_alpha($str); } // -------------------------------------------------------------------- @@ -1119,7 +1148,7 @@ class CI_Form_validation { */ public function alpha_numeric($str) { - return (bool) preg_match('/^[a-z0-9]+$/i', $str); + return ctype_alnum((string) $str); } // -------------------------------------------------------------------- @@ -1241,7 +1270,7 @@ class CI_Form_validation { */ public function is_natural($str) { - return (bool) preg_match('/^[0-9]+$/', $str); + return ctype_digit((string) $str); } // -------------------------------------------------------------------- @@ -1254,7 +1283,7 @@ class CI_Form_validation { */ public function is_natural_no_zero($str) { - return ($str != 0 && preg_match('/^[0-9]+$/', $str)); + return ($str != 0 && ctype_digit((string) $str)); } // -------------------------------------------------------------------- @@ -1296,7 +1325,7 @@ class CI_Form_validation { return $data; } - if ($this->_safe_form_data == FALSE OR $data === '') + if ($this->_safe_form_data === FALSE OR $data === '') { return $data; } @@ -1314,7 +1343,7 @@ class CI_Form_validation { */ public function prep_url($str = '') { - if ($str === 'http://' OR $str == '') + if ($str === 'http://' OR $str === '') { return ''; } @@ -1337,7 +1366,7 @@ class CI_Form_validation { */ public function strip_image_tags($str) { - return $this->CI->input->strip_image_tags($str); + return $this->CI->security->strip_image_tags($str); } // -------------------------------------------------------------------- @@ -1363,7 +1392,7 @@ class CI_Form_validation { */ public function encode_php_tags($str) { - return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); + return str_replace(array('<?', '?>'), array('<?', '?>'), $str); } // -------------------------------------------------------------------- |