summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Loader.php2
-rwxr-xr-xsystem/core/Security.php39
-rw-r--r--system/database/DB_active_rec.php2
-rw-r--r--system/database/DB_driver.php42
-rw-r--r--system/database/DB_result.php6
-rw-r--r--system/database/drivers/mysql/mysql_driver.php31
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php31
-rw-r--r--system/database/drivers/oci8/oci8_result.php15
-rw-r--r--system/database/drivers/odbc/odbc_driver.php7
-rw-r--r--system/database/drivers/odbc/odbc_result.php71
-rw-r--r--system/database/drivers/postgre/postgre_driver.php10
-rw-r--r--system/helpers/form_helper.php5
-rw-r--r--system/helpers/url_helper.php34
-rw-r--r--system/language/english/form_validation_lang.php50
-rw-r--r--system/libraries/Form_validation.php105
-rw-r--r--system/libraries/Session.php10
-rw-r--r--system/libraries/Upload.php2
17 files changed, 315 insertions, 147 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 12daaa928..20cf7ef33 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -833,7 +833,7 @@ class CI_Loader {
// If the PHP installation does not support short tags we'll
// do a little string replacement, changing the short tags
// to standard PHP echo statements.
- if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE)
+ if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE)
{
echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
}
diff --git a/system/core/Security.php b/system/core/Security.php
index 1007f61f4..6f25fb5bb 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Security Class
*
@@ -106,23 +104,27 @@ class CI_Security {
public function __construct()
{
- // CSRF config
- foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
+ // Is CSRF protection enabled?
+ if (config_item('csrf_protection') === TRUE)
{
- if (FALSE !== ($val = config_item($key)))
+ // CSRF config
+ foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
- $this->{'_'.$key} = $val;
+ if (FALSE !== ($val = config_item($key)))
+ {
+ $this->{'_'.$key} = $val;
+ }
}
- }
- // Append application specific cookie prefix
- if (config_item('cookie_prefix'))
- {
- $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
- }
+ // Append application specific cookie prefix
+ if (config_item('cookie_prefix'))
+ {
+ $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
+ }
- // Set the CSRF hash
- $this->_csrf_set_hash();
+ // Set the CSRF hash
+ $this->_csrf_set_hash();
+ }
log_message('debug', 'Security Class Initialized');
}
@@ -189,7 +191,7 @@ class CI_Security {
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');
- if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS']))
+ if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
{
return FALSE;
}
@@ -358,7 +360,7 @@ class CI_Security {
foreach ($words as $word)
{
- $word = implode("\s*", str_split($word)) . "\s*";
+ $word = implode('\s*', str_split($word)).'\s*';
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
@@ -425,7 +427,6 @@ class CI_Security {
'\\1\\2&#40;\\3&#41;',
$str);
-
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
@@ -601,7 +602,7 @@ class CI_Security {
}
// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
@@ -633,7 +634,7 @@ class CI_Security {
{
return '&lt;'.$matches[1].$matches[2].$matches[3] // encode opening brace
// encode captured opening or closing brace to prevent recursive vectors:
- . str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
+ .str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
}
// --------------------------------------------------------------------
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php
index eaae23f30..f648e5591 100644
--- a/system/database/DB_active_rec.php
+++ b/system/database/DB_active_rec.php
@@ -341,7 +341,7 @@ class CI_DB_active_record extends CI_DB_driver {
$this->_track_aliases($table);
// Strip apart the condition and protect the identifiers
- if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match))
+ if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match))
{
$cond = $this->_protect_identifiers($match[1]).$match[2].$this->_protect_identifiers($match[3]);
}
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 2daf8eaa0..8d297caf9 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -75,17 +75,6 @@ class CI_DB_driver {
protected $_protect_identifiers = TRUE;
protected $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped
- // These are used with Oracle
- public $stmt_id;
- public $curs_id;
- public $limit_used;
-
- /**
- * Constructor. Accepts one parameter containing the database
- * connection settings.
- *
- * @param array
- */
public function __construct($params)
{
if (is_array($params))
@@ -288,6 +277,12 @@ class CI_DB_driver {
$sql = preg_replace('/(\W)'.$this->swap_pre.'(\S+?)/', '\\1'.$this->dbprefix.'\\2', $sql);
}
+ // Compile binds if needed
+ if ($binds !== FALSE)
+ {
+ $sql = $this->compile_binds($sql, $binds);
+ }
+
// Is query caching enabled? If the query is a "read type"
// we will load the caching class and return the previously
// cached query if it exists
@@ -300,13 +295,7 @@ class CI_DB_driver {
}
}
- // Compile binds if needed
- if ($binds !== FALSE)
- {
- $sql = $this->compile_binds($sql, $binds);
- }
-
- // Save the query for debugging
+ // Save the query for debugging
if ($this->save_queries == TRUE)
{
$this->queries[] = $sql;
@@ -383,19 +372,8 @@ class CI_DB_driver {
// Load and instantiate the result driver
$driver = $this->load_rdriver();
- $RES = new $driver();
- $RES->conn_id = $this->conn_id;
- $RES->result_id = $this->result_id;
+ $RES = new $driver($this);
- if ($this->dbdriver === 'oci8')
- {
- $RES->stmt_id = $this->stmt_id;
- $RES->curs_id = $this->curs_id;
- $RES->limit_used = $this->limit_used;
- $this->stmt_id = FALSE;
- }
-
- // oci8 vars must be set before calling this
$RES->num_rows = $RES->num_rows();
// Is query caching enabled? If so, we'll serialize the
@@ -1354,7 +1332,7 @@ class CI_DB_driver {
return $item.$alias;
}
-
+
// --------------------------------------------------------------------
/**
@@ -1362,12 +1340,10 @@ class CI_DB_driver {
*
* This function is used extensively by every db driver.
*
- * @access private
* @return void
*/
protected function _reset_select()
{
-
}
}
diff --git a/system/database/DB_result.php b/system/database/DB_result.php
index 730443222..61aa56121 100644
--- a/system/database/DB_result.php
+++ b/system/database/DB_result.php
@@ -47,6 +47,12 @@ class CI_DB_result {
public $num_rows = 0;
public $row_data = NULL;
+ public function __construct(&$driver_object)
+ {
+ $this->conn_id = $driver_object->conn_id;
+ $this->result_id = $driver_object->result_id;
+ }
+
/**
* Query result. Acts as a wrapper function for the following functions.
*
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 84f7791c7..7fd08a6ed 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -404,16 +404,35 @@ class CI_DB_mysql_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Field data query
- *
- * Generates a platform-specific query so that the column data can be retrieved
+ * Returns an object with field data
*
* @param string the table name
- * @return string
+ * @return object
*/
- public function _field_data($table)
+ public function field_data($table = '')
{
- return 'DESCRIBE '.$table;
+ if ($table == '')
+ {
+ return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE;
+ }
+
+ $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE));
+ $query = $query->result_object();
+
+ $retval = array();
+ for ($i = 0, $c = count($query); $i < $c; $i++)
+ {
+ preg_match('/([a-z]+)(\(\d+\))?/', $query[$i]->Type, $matches);
+
+ $retval[$i] = new stdClass();
+ $retval[$i]->name = $query[$i]->Field;
+ $retval[$i]->type = empty($matches[1]) ? NULL : $matches[1];
+ $retval[$i]->default = $query[$i]->Default;
+ $retval[$i]->max_length = empty($matches[2]) ? NULL : preg_replace('/[^\d]/', '', $matches[2]);
+ $retval[$i]->primary_key = (int) ($query[$i]->Key === 'PRI');
+ }
+
+ return $retval;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 19353944d..25b6ceca1 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -405,16 +405,35 @@ class CI_DB_mysqli_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Field data query
- *
- * Generates a platform-specific query so that the column data can be retrieved
+ * Returns an object with field data
*
* @param string the table name
- * @return string
+ * @return object
*/
- protected function _field_data($table)
+ public function field_data($table = '')
{
- return 'DESCRIBE '.$table;
+ if ($table == '')
+ {
+ return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE;
+ }
+
+ $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE));
+ $query = $query->result_object();
+
+ $retval = array();
+ for ($i = 0, $c = count($query); $i < $c; $i++)
+ {
+ preg_match('/([a-z]+)(\(\d+\))?/', $query[$i]->Type, $matches);
+
+ $retval[$i] = new stdClass();
+ $retval[$i]->name = $query[$i]->Field;
+ $retval[$i]->type = empty($matches[1]) ? NULL : $matches[1];
+ $retval[$i]->default = $query[$i]->Default;
+ $retval[$i]->max_length = empty($matches[2]) ? NULL : preg_replace('/[^\d]/', '', $matches[2]);
+ $retval[$i]->primary_key = (int) ($query[$i]->Key === 'PRI');
+ }
+
+ return $retval;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php
index 0f69fa9ef..383b9f1a0 100644
--- a/system/database/drivers/oci8/oci8_result.php
+++ b/system/database/drivers/oci8/oci8_result.php
@@ -38,9 +38,18 @@
*/
class CI_DB_oci8_result extends CI_DB_result {
- var $stmt_id;
- var $curs_id;
- var $limit_used;
+ public $stmt_id;
+ public $curs_id;
+ public $limit_used;
+
+ public function __construct(&$driver_object)
+ {
+ parent::__construct($driver_object);
+ $this->stmt_id = $driver_object->stmt_id;
+ $this->curs_id = $driver_object->curs_id;
+ $this->limit_used = $driver_object->limit_used;
+ $driver_object->stmt_id = FALSE;
+ }
/**
* Number of rows in the result set.
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 779b0c62f..a6e08cf2f 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -287,12 +287,11 @@ class CI_DB_odbc_driver extends CI_DB {
/**
* Insert ID
*
- * @access public
- * @return integer
+ * @return bool
*/
- function insert_id()
+ public function insert_id()
{
- return @odbc_insert_id($this->conn_id);
+ return ($this->db->db_debug) ? $this->db->display_error('db_unsuported_feature') : FALSE;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/odbc/odbc_result.php b/system/database/drivers/odbc/odbc_result.php
index 572e110ca..de2c58cb9 100644
--- a/system/database/drivers/odbc/odbc_result.php
+++ b/system/database/drivers/odbc/odbc_result.php
@@ -245,8 +245,77 @@ class CI_DB_odbc_result extends CI_DB_result {
return $rs_assoc;
}
-}
+ // --------------------------------------------------------------------
+
+ /**
+ * Query result. Array version.
+ *
+ * @return array
+ */
+ public function result_array()
+ {
+ if (count($this->result_array) > 0)
+ {
+ return $this->result_array;
+ }
+ elseif (($c = count($this->result_object)) > 0)
+ {
+ for ($i = 0; $i < $c; $i++)
+ {
+ $this->result_array[$i] = (array) $this->result_object[$i];
+ }
+ }
+ elseif ($this->result_id === FALSE)
+ {
+ return array();
+ }
+ else
+ {
+ while ($row = $this->_fetch_assoc())
+ {
+ $this->result_array[] = $row;
+ }
+ }
+ return $this->result_array;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Query result. Object version.
+ *
+ * @return array
+ */
+ public function result_object()
+ {
+ if (count($this->result_object) > 0)
+ {
+ return $this->result_object;
+ }
+ elseif (($c = count($this->result_array)) > 0)
+ {
+ for ($i = 0; $i < $c; $i++)
+ {
+ $this->result_object[$i] = (object) $this->result_array[$i];
+ }
+ }
+ elseif ($this->result_id === FALSE)
+ {
+ return array();
+ }
+ else
+ {
+ while ($row = $this->_fetch_object())
+ {
+ $this->result_object[] = $row;
+ }
+ }
+
+ return $this->result_object;
+ }
+
+}
/* End of file odbc_result.php */
/* Location: ./system/database/drivers/odbc/odbc_result.php */
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index df0f50da5..5b248e9bc 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -587,16 +587,10 @@ class CI_DB_postgre_driver extends CI_DB {
$valstr[] = $key." = ".$val;
}
- $limit = ( ! $limit) ? '' : ' LIMIT '.$limit;
-
- $orderby = (count($orderby) >= 1)?' ORDER BY '.implode(", ", $orderby):'';
-
$sql = "UPDATE ".$table." SET ".implode(', ', $valstr);
$sql .= ($where != '' AND count($where) >=1) ? " WHERE ".implode(" ", $where) : '';
- $sql .= $orderby.$limit;
-
return $sql;
}
@@ -647,9 +641,7 @@ class CI_DB_postgre_driver extends CI_DB {
$conditions .= implode("\n", $like);
}
- $limit = ( ! $limit) ? '' : ' LIMIT '.$limit;
-
- return "DELETE FROM ".$table.$conditions.$limit;
+ return "DELETE FROM ".$table.$conditions;
}
// --------------------------------------------------------------------
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index bed2cb297..6efef2324 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -22,7 +22,6 @@
* @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
* @link http://codeigniter.com
* @since Version 1.0
- * @filesource
*/
// ------------------------------------------------------------------------
@@ -72,8 +71,8 @@ if ( ! function_exists('form_open'))
$form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n";
- // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"')))
+ // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
+ if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 2cbcd9dbf..3f0fef58e 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -470,39 +470,35 @@ if ( ! function_exists('prep_url'))
* Create URL Title
*
* Takes a "title" string as input and creates a
- * human-friendly URL string with either a dash
- * or an underscore as the word separator.
+ * human-friendly URL string with a "separator" string
+ * as the word separator.
*
* @access public
* @param string the string
- * @param string the separator: dash, or underscore
+ * @param string the separator
* @return string
*/
if ( ! function_exists('url_title'))
{
- function url_title($str, $separator = 'dash', $lowercase = FALSE)
+ function url_title($str, $separator = '-', $lowercase = FALSE)
{
if ($separator === 'dash')
{
- $search = '_';
- $replace = '-';
+ $separator = '-';
}
- else
+ else if ($separator == 'underscore')
{
- $search = '-';
- $replace = '_';
+ $separator = '_';
}
+
+ $q_separator = preg_quote($separator);
$trans = array(
- '&\#\d+?;' => '',
- '&\S+?;' => '',
- '\s+' => $replace,
- '[^a-z0-9\-\._]' => '',
- $replace.'+' => $replace,
- $replace.'$' => $replace,
- '^'.$replace => $replace,
- '\.+$' => ''
- );
+ '&.+?;' => '',
+ '[^a-z0-9 _-]' => '',
+ '\s+' => $separator,
+ '('.$q_separator.')+' => $separator
+ );
$str = strip_tags($str);
foreach ($trans as $key => $val)
@@ -515,7 +511,7 @@ if ( ! function_exists('url_title'))
$str = strtolower($str);
}
- return trim(trim(stripslashes($str)), $replace);
+ return trim(trim($str, $separator));
}
}
diff --git a/system/language/english/form_validation_lang.php b/system/language/english/form_validation_lang.php
index 6afa37a29..ea589618a 100644
--- a/system/language/english/form_validation_lang.php
+++ b/system/language/english/form_validation_lang.php
@@ -25,30 +25,32 @@
* @filesource
*/
-$lang['required'] = "The %s field is required.";
-$lang['isset'] = "The %s field must have a value.";
-$lang['valid_email'] = "The %s field must contain a valid email address.";
-$lang['valid_emails'] = "The %s field must contain all valid email addresses.";
-$lang['valid_url'] = "The %s field must contain a valid URL.";
-$lang['valid_ip'] = "The %s field must contain a valid IP.";
-$lang['min_length'] = "The %s field must be at least %s characters in length.";
-$lang['max_length'] = "The %s field cannot exceed %s characters in length.";
-$lang['exact_length'] = "The %s field must be exactly %s characters in length.";
-$lang['alpha'] = "The %s field may only contain alphabetical characters.";
-$lang['alpha_numeric'] = "The %s field may only contain alpha-numeric characters.";
-$lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, underscores, and dashes.";
-$lang['numeric'] = "The %s field must contain only numbers.";
-$lang['is_numeric'] = "The %s field must contain only numeric characters.";
-$lang['integer'] = "The %s field must contain an integer.";
-$lang['regex_match'] = "The %s field is not in the correct format.";
-$lang['matches'] = "The %s field does not match the %s field.";
-$lang['is_unique'] = "The %s field must contain a unique value.";
-$lang['is_natural'] = "The %s field must contain only positive numbers.";
-$lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero.";
-$lang['decimal'] = "The %s field must contain a decimal number.";
-$lang['less_than'] = "The %s field must contain a number less than %s.";
-$lang['greater_than'] = "The %s field must contain a number greater than %s.";
+$lang['required'] = "The %s field is required.";
+$lang['isset'] = "The %s field must have a value.";
+$lang['valid_email'] = "The %s field must contain a valid email address.";
+$lang['valid_emails'] = "The %s field must contain all valid email addresses.";
+$lang['valid_url'] = "The %s field must contain a valid URL.";
+$lang['valid_ip'] = "The %s field must contain a valid IP.";
+$lang['min_length'] = "The %s field must be at least %s characters in length.";
+$lang['max_length'] = "The %s field cannot exceed %s characters in length.";
+$lang['exact_length'] = "The %s field must be exactly %s characters in length.";
+$lang['alpha'] = "The %s field may only contain alphabetical characters.";
+$lang['alpha_numeric'] = "The %s field may only contain alpha-numeric characters.";
+$lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, underscores, and dashes.";
+$lang['numeric'] = "The %s field must contain only numbers.";
+$lang['is_numeric'] = "The %s field must contain only numeric characters.";
+$lang['integer'] = "The %s field must contain an integer.";
+$lang['regex_match'] = "The %s field is not in the correct format.";
+$lang['matches'] = "The %s field does not match the %s field.";
+$lang['is_unique'] = "The %s field must contain a unique value.";
+$lang['is_natural'] = "The %s field must contain only positive numbers.";
+$lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero.";
+$lang['decimal'] = "The %s field must contain a decimal number.";
+$lang['less_than'] = "The %s field must contain a number less than %s.";
+$lang['less_than_equal_to'] = "The %s field must contain a number less than or equal to %s.";
+$lang['greater_than'] = "The %s field must contain a number greater than %s.";
+$lang['greater_than_equal_to'] = "The %s field must contain a number greater than or equal to %s.";
/* End of file form_validation_lang.php */
-/* Location: ./system/language/english/form_validation_lang.php */ \ No newline at end of file
+/* Location: ./system/language/english/form_validation_lang.php */
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 5069a44c1..cdb3d3d62 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -47,10 +47,8 @@ class CI_Form_validation {
protected $_error_suffix = '</p>';
protected $error_string = '';
protected $_safe_form_data = FALSE;
+ protected $validation_data = array();
- /**
- * Constructor
- */
public function __construct($rules = array())
{
$this->CI =& get_instance();
@@ -85,7 +83,8 @@ class CI_Form_validation {
public function set_rules($field, $label = '', $rules = '')
{
// No reason to set rules if we have no POST data
- if (count($_POST) === 0)
+ // or a validation array has not been specified
+ if (count($_POST) === 0 && count($this->validation_data) === 0)
{
return $this;
}
@@ -162,10 +161,33 @@ class CI_Form_validation {
// --------------------------------------------------------------------
/**
+ * By default, form validation uses the $_POST array to validate
+ *
+ * If an array is set through this method, then this array will
+ * be used instead of the $_POST array
+ *
+ * Note that if you are validating multiple arrays, then the
+ * reset_validation() function should be called after validating
+ * each array due to the limitations of CI's singleton
+ *
+ * @param array $data
+ * @return void
+ */
+ public function set_data($data = '')
+ {
+ if ( ! empty($data) && is_array($data))
+ {
+ $this->validation_data = $data;
+ }
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Set Error Message
*
* Lets users set their own error messages on the fly. Note: The key
- * name has to match the function name that it corresponds to.
+ * name has to match the function name that it corresponds to.
*
* @param string
* @param string
@@ -300,7 +322,8 @@ class CI_Form_validation {
public function run($group = '')
{
// Do we even have any data to process? Mm?
- if (count($_POST) === 0)
+ $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST;
+ if (count($validation_array) === 0)
{
return FALSE;
}
@@ -342,18 +365,18 @@ class CI_Form_validation {
// corresponding $_POST item and test for errors
foreach ($this->_field_data as $field => $row)
{
- // Fetch the data from the corresponding $_POST array and cache it in the _field_data array.
+ // Fetch the data from the corresponding $_POST or validation array and cache it in the _field_data array.
// Depending on whether the field name is an array or a string will determine where we get it from.
if ($row['is_array'] === TRUE)
{
- $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']);
+ $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']);
}
else
{
- if (isset($_POST[$field]) AND $_POST[$field] != "")
+ if (isset($validation_array[$field]) AND $validation_array[$field] != "")
{
- $this->_field_data[$field]['postdata'] = $_POST[$field];
+ $this->_field_data[$field]['postdata'] = $validation_array[$field];
}
}
@@ -867,12 +890,13 @@ class CI_Form_validation {
*/
public function matches($str, $field)
{
- if ( ! isset($_POST[$field]))
+ $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST;
+ if ( ! isset($validation_array[$field]))
{
return FALSE;
}
- return ($str === $_POST[$field]);
+ return ($str === $validation_array[$field]);
}
// --------------------------------------------------------------------
@@ -1117,7 +1141,7 @@ class CI_Form_validation {
// --------------------------------------------------------------------
/**
- * Greather than
+ * Greater than
*
* @param string
* @return bool
@@ -1132,6 +1156,24 @@ class CI_Form_validation {
}
// --------------------------------------------------------------------
+
+ /**
+ * Equal to or Greater than
+ *
+ * @access public
+ * @param string
+ * @return bool
+ */
+ function greater_than_equal_to($str, $min)
+ {
+ if ( ! is_numeric($str))
+ {
+ return FALSE;
+ }
+ return $str >= $min;
+ }
+
+ // --------------------------------------------------------------------
/**
* Less than
@@ -1151,6 +1193,24 @@ class CI_Form_validation {
// --------------------------------------------------------------------
/**
+ * Equal to or Less than
+ *
+ * @access public
+ * @param string
+ * @return bool
+ */
+ function less_than_equal_to($str, $max)
+ {
+ if ( ! is_numeric($str))
+ {
+ return FALSE;
+ }
+ return $str <= $max;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Is a Natural number (0,1,2,3, etc.)
*
* @param string
@@ -1283,6 +1343,25 @@ class CI_Form_validation {
return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Reset validation vars
+ *
+ * Prevents subsequent validation routines from being affected by the
+ * results of any previous validation routine due to the CI singleton.
+ *
+ * @return void
+ */
+ public function reset_validation()
+ {
+ $this->_field_data = array();
+ $this->_config_rules = array();
+ $this->_error_array = array();
+ $this->_error_messages = array();
+ $this->error_string = '';
+ }
+
}
/* End of file Form_validation.php */
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index dd50a91e1..104b88810 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -454,7 +454,7 @@ class CI_Session {
*/
public function userdata($item)
{
- return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
+ return isset($this->userdata[$item]) ? $this->userdata[$item] : FALSE;
}
// --------------------------------------------------------------------
@@ -729,7 +729,7 @@ class CI_Session {
*/
protected function _unserialize($data)
{
- $data = @unserialize(strip_slashes($data));
+ $data = @unserialize(strip_slashes(trim($data)));
if (is_array($data))
{
@@ -737,9 +737,11 @@ class CI_Session {
return $data;
}
- return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
+ return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
}
+ // --------------------------------------------------------------------
+
/**
* Unescape slashes
*
@@ -779,7 +781,7 @@ class CI_Session {
{
$expire = $this->now - $this->sess_expiration;
- $this->CI->db->where("last_activity < {$expire}");
+ $this->CI->db->where('last_activity < '.$expire);
$this->CI->db->delete($this->sess_table_name);
log_message('debug', 'Session garbage collection performed.');
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index ac29c1bdd..89575c849 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1101,7 +1101,7 @@ class CI_Upload {
$proc = @popen($cmd, 'r');
if (is_resource($proc))
{
- $mime = @fread($test, 512);
+ $mime = @fread($proc, 512);
@pclose($proc);
if ($mime !== FALSE)
{