diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/Loader.php | 2 | ||||
| -rwxr-xr-x | system/core/Security.php | 39 | ||||
| -rw-r--r-- | system/database/DB_active_rec.php | 2 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 42 | ||||
| -rw-r--r-- | system/database/DB_result.php | 6 | ||||
| -rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 31 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 31 | ||||
| -rw-r--r-- | system/database/drivers/oci8/oci8_result.php | 15 | ||||
| -rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 7 | ||||
| -rw-r--r-- | system/database/drivers/odbc/odbc_result.php | 71 | ||||
| -rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 10 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 5 | ||||
| -rw-r--r-- | system/helpers/url_helper.php | 34 | ||||
| -rw-r--r-- | system/language/english/form_validation_lang.php | 50 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 105 | ||||
| -rw-r--r-- | system/libraries/Session.php | 10 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 2 |
17 files changed, 315 insertions, 147 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php index 12daaa928..20cf7ef33 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -833,7 +833,7 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) + if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE) { echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); } diff --git a/system/core/Security.php b/system/core/Security.php index 1007f61f4..6f25fb5bb 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Security Class * @@ -106,23 +104,27 @@ class CI_Security { public function __construct() { - // CSRF config - foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) + // Is CSRF protection enabled? + if (config_item('csrf_protection') === TRUE) { - if (FALSE !== ($val = config_item($key))) + // CSRF config + foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) { - $this->{'_'.$key} = $val; + if (FALSE !== ($val = config_item($key))) + { + $this->{'_'.$key} = $val; + } } - } - // Append application specific cookie prefix - if (config_item('cookie_prefix')) - { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; - } + // Append application specific cookie prefix + if (config_item('cookie_prefix')) + { + $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + } - // Set the CSRF hash - $this->_csrf_set_hash(); + // Set the CSRF hash + $this->_csrf_set_hash(); + } log_message('debug', 'Security Class Initialized'); } @@ -189,7 +191,7 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS'])) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) { return FALSE; } @@ -358,7 +360,7 @@ class CI_Security { foreach ($words as $word) { - $word = implode("\s*", str_split($word)) . "\s*"; + $word = implode('\s*', str_split($word)).'\s*'; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" @@ -425,7 +427,6 @@ class CI_Security { '\\1\\2(\\3)', $str); - // Final clean up // This adds a bit of extra precaution in case // something got through the above filters @@ -601,7 +602,7 @@ class CI_Security { } // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -633,7 +634,7 @@ class CI_Security { { return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace // encode captured opening or closing brace to prevent recursive vectors: - . str_replace(array('>', '<'), array('>', '<'), $matches[4]); + .str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index eaae23f30..f648e5591 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -341,7 +341,7 @@ class CI_DB_active_record extends CI_DB_driver { $this->_track_aliases($table); // Strip apart the condition and protect the identifiers - if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match)) + if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match)) { $cond = $this->_protect_identifiers($match[1]).$match[2].$this->_protect_identifiers($match[3]); } diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 2daf8eaa0..8d297caf9 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -75,17 +75,6 @@ class CI_DB_driver { protected $_protect_identifiers = TRUE; protected $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped - // These are used with Oracle - public $stmt_id; - public $curs_id; - public $limit_used; - - /** - * Constructor. Accepts one parameter containing the database - * connection settings. - * - * @param array - */ public function __construct($params) { if (is_array($params)) @@ -288,6 +277,12 @@ class CI_DB_driver { $sql = preg_replace('/(\W)'.$this->swap_pre.'(\S+?)/', '\\1'.$this->dbprefix.'\\2', $sql); } + // Compile binds if needed + if ($binds !== FALSE) + { + $sql = $this->compile_binds($sql, $binds); + } + // Is query caching enabled? If the query is a "read type" // we will load the caching class and return the previously // cached query if it exists @@ -300,13 +295,7 @@ class CI_DB_driver { } } - // Compile binds if needed - if ($binds !== FALSE) - { - $sql = $this->compile_binds($sql, $binds); - } - - // Save the query for debugging + // Save the query for debugging if ($this->save_queries == TRUE) { $this->queries[] = $sql; @@ -383,19 +372,8 @@ class CI_DB_driver { // Load and instantiate the result driver $driver = $this->load_rdriver(); - $RES = new $driver(); - $RES->conn_id = $this->conn_id; - $RES->result_id = $this->result_id; + $RES = new $driver($this); - if ($this->dbdriver === 'oci8') - { - $RES->stmt_id = $this->stmt_id; - $RES->curs_id = $this->curs_id; - $RES->limit_used = $this->limit_used; - $this->stmt_id = FALSE; - } - - // oci8 vars must be set before calling this $RES->num_rows = $RES->num_rows(); // Is query caching enabled? If so, we'll serialize the @@ -1354,7 +1332,7 @@ class CI_DB_driver { return $item.$alias; } - + // -------------------------------------------------------------------- /** @@ -1362,12 +1340,10 @@ class CI_DB_driver { * * This function is used extensively by every db driver. * - * @access private * @return void */ protected function _reset_select() { - } } diff --git a/system/database/DB_result.php b/system/database/DB_result.php index 730443222..61aa56121 100644 --- a/system/database/DB_result.php +++ b/system/database/DB_result.php @@ -47,6 +47,12 @@ class CI_DB_result { public $num_rows = 0; public $row_data = NULL; + public function __construct(&$driver_object) + { + $this->conn_id = $driver_object->conn_id; + $this->result_id = $driver_object->result_id; + } + /** * Query result. Acts as a wrapper function for the following functions. * diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 84f7791c7..7fd08a6ed 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -404,16 +404,35 @@ class CI_DB_mysql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Field data query - * - * Generates a platform-specific query so that the column data can be retrieved + * Returns an object with field data * * @param string the table name - * @return string + * @return object */ - public function _field_data($table) + public function field_data($table = '') { - return 'DESCRIBE '.$table; + if ($table == '') + { + return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; + } + + $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $query->result_object(); + + $retval = array(); + for ($i = 0, $c = count($query); $i < $c; $i++) + { + preg_match('/([a-z]+)(\(\d+\))?/', $query[$i]->Type, $matches); + + $retval[$i] = new stdClass(); + $retval[$i]->name = $query[$i]->Field; + $retval[$i]->type = empty($matches[1]) ? NULL : $matches[1]; + $retval[$i]->default = $query[$i]->Default; + $retval[$i]->max_length = empty($matches[2]) ? NULL : preg_replace('/[^\d]/', '', $matches[2]); + $retval[$i]->primary_key = (int) ($query[$i]->Key === 'PRI'); + } + + return $retval; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 19353944d..25b6ceca1 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -405,16 +405,35 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Field data query - * - * Generates a platform-specific query so that the column data can be retrieved + * Returns an object with field data * * @param string the table name - * @return string + * @return object */ - protected function _field_data($table) + public function field_data($table = '') { - return 'DESCRIBE '.$table; + if ($table == '') + { + return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; + } + + $query = $this->query('DESCRIBE '.$this->_protect_identifiers($table, TRUE, NULL, FALSE)); + $query = $query->result_object(); + + $retval = array(); + for ($i = 0, $c = count($query); $i < $c; $i++) + { + preg_match('/([a-z]+)(\(\d+\))?/', $query[$i]->Type, $matches); + + $retval[$i] = new stdClass(); + $retval[$i]->name = $query[$i]->Field; + $retval[$i]->type = empty($matches[1]) ? NULL : $matches[1]; + $retval[$i]->default = $query[$i]->Default; + $retval[$i]->max_length = empty($matches[2]) ? NULL : preg_replace('/[^\d]/', '', $matches[2]); + $retval[$i]->primary_key = (int) ($query[$i]->Key === 'PRI'); + } + + return $retval; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index 0f69fa9ef..383b9f1a0 100644 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -38,9 +38,18 @@ */ class CI_DB_oci8_result extends CI_DB_result { - var $stmt_id; - var $curs_id; - var $limit_used; + public $stmt_id; + public $curs_id; + public $limit_used; + + public function __construct(&$driver_object) + { + parent::__construct($driver_object); + $this->stmt_id = $driver_object->stmt_id; + $this->curs_id = $driver_object->curs_id; + $this->limit_used = $driver_object->limit_used; + $driver_object->stmt_id = FALSE; + } /** * Number of rows in the result set. diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 779b0c62f..a6e08cf2f 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -287,12 +287,11 @@ class CI_DB_odbc_driver extends CI_DB { /** * Insert ID * - * @access public - * @return integer + * @return bool */ - function insert_id() + public function insert_id() { - return @odbc_insert_id($this->conn_id); + return ($this->db->db_debug) ? $this->db->display_error('db_unsuported_feature') : FALSE; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/odbc/odbc_result.php b/system/database/drivers/odbc/odbc_result.php index 572e110ca..de2c58cb9 100644 --- a/system/database/drivers/odbc/odbc_result.php +++ b/system/database/drivers/odbc/odbc_result.php @@ -245,8 +245,77 @@ class CI_DB_odbc_result extends CI_DB_result { return $rs_assoc; } -} + // -------------------------------------------------------------------- + + /** + * Query result. Array version. + * + * @return array + */ + public function result_array() + { + if (count($this->result_array) > 0) + { + return $this->result_array; + } + elseif (($c = count($this->result_object)) > 0) + { + for ($i = 0; $i < $c; $i++) + { + $this->result_array[$i] = (array) $this->result_object[$i]; + } + } + elseif ($this->result_id === FALSE) + { + return array(); + } + else + { + while ($row = $this->_fetch_assoc()) + { + $this->result_array[] = $row; + } + } + return $this->result_array; + } + + // -------------------------------------------------------------------- + + /** + * Query result. Object version. + * + * @return array + */ + public function result_object() + { + if (count($this->result_object) > 0) + { + return $this->result_object; + } + elseif (($c = count($this->result_array)) > 0) + { + for ($i = 0; $i < $c; $i++) + { + $this->result_object[$i] = (object) $this->result_array[$i]; + } + } + elseif ($this->result_id === FALSE) + { + return array(); + } + else + { + while ($row = $this->_fetch_object()) + { + $this->result_object[] = $row; + } + } + + return $this->result_object; + } + +} /* End of file odbc_result.php */ /* Location: ./system/database/drivers/odbc/odbc_result.php */ diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index df0f50da5..5b248e9bc 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -587,16 +587,10 @@ class CI_DB_postgre_driver extends CI_DB { $valstr[] = $key." = ".$val; } - $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; - - $orderby = (count($orderby) >= 1)?' ORDER BY '.implode(", ", $orderby):''; - $sql = "UPDATE ".$table." SET ".implode(', ', $valstr); $sql .= ($where != '' AND count($where) >=1) ? " WHERE ".implode(" ", $where) : ''; - $sql .= $orderby.$limit; - return $sql; } @@ -647,9 +641,7 @@ class CI_DB_postgre_driver extends CI_DB { $conditions .= implode("\n", $like); } - $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; - - return "DELETE FROM ".$table.$conditions.$limit; + return "DELETE FROM ".$table.$conditions; } // -------------------------------------------------------------------- diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index bed2cb297..6efef2324 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -22,7 +22,6 @@ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 - * @filesource */ // ------------------------------------------------------------------------ @@ -72,8 +71,8 @@ if ( ! function_exists('form_open')) $form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n"; - // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites - if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"'))) + // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites + if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 2cbcd9dbf..3f0fef58e 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -470,39 +470,35 @@ if ( ! function_exists('prep_url')) * Create URL Title * * Takes a "title" string as input and creates a - * human-friendly URL string with either a dash - * or an underscore as the word separator. + * human-friendly URL string with a "separator" string + * as the word separator. * * @access public * @param string the string - * @param string the separator: dash, or underscore + * @param string the separator * @return string */ if ( ! function_exists('url_title')) { - function url_title($str, $separator = 'dash', $lowercase = FALSE) + function url_title($str, $separator = '-', $lowercase = FALSE) { if ($separator === 'dash') { - $search = '_'; - $replace = '-'; + $separator = '-'; } - else + else if ($separator == 'underscore') { - $search = '-'; - $replace = '_'; + $separator = '_'; } + + $q_separator = preg_quote($separator); $trans = array( - '&\#\d+?;' => '', - '&\S+?;' => '', - '\s+' => $replace, - '[^a-z0-9\-\._]' => '', - $replace.'+' => $replace, - $replace.'$' => $replace, - '^'.$replace => $replace, - '\.+$' => '' - ); + '&.+?;' => '', + '[^a-z0-9 _-]' => '', + '\s+' => $separator, + '('.$q_separator.')+' => $separator + ); $str = strip_tags($str); foreach ($trans as $key => $val) @@ -515,7 +511,7 @@ if ( ! function_exists('url_title')) $str = strtolower($str); } - return trim(trim(stripslashes($str)), $replace); + return trim(trim($str, $separator)); } } diff --git a/system/language/english/form_validation_lang.php b/system/language/english/form_validation_lang.php index 6afa37a29..ea589618a 100644 --- a/system/language/english/form_validation_lang.php +++ b/system/language/english/form_validation_lang.php @@ -25,30 +25,32 @@ * @filesource */ -$lang['required'] = "The %s field is required."; -$lang['isset'] = "The %s field must have a value."; -$lang['valid_email'] = "The %s field must contain a valid email address."; -$lang['valid_emails'] = "The %s field must contain all valid email addresses."; -$lang['valid_url'] = "The %s field must contain a valid URL."; -$lang['valid_ip'] = "The %s field must contain a valid IP."; -$lang['min_length'] = "The %s field must be at least %s characters in length."; -$lang['max_length'] = "The %s field cannot exceed %s characters in length."; -$lang['exact_length'] = "The %s field must be exactly %s characters in length."; -$lang['alpha'] = "The %s field may only contain alphabetical characters."; -$lang['alpha_numeric'] = "The %s field may only contain alpha-numeric characters."; -$lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, underscores, and dashes."; -$lang['numeric'] = "The %s field must contain only numbers."; -$lang['is_numeric'] = "The %s field must contain only numeric characters."; -$lang['integer'] = "The %s field must contain an integer."; -$lang['regex_match'] = "The %s field is not in the correct format."; -$lang['matches'] = "The %s field does not match the %s field."; -$lang['is_unique'] = "The %s field must contain a unique value."; -$lang['is_natural'] = "The %s field must contain only positive numbers."; -$lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero."; -$lang['decimal'] = "The %s field must contain a decimal number."; -$lang['less_than'] = "The %s field must contain a number less than %s."; -$lang['greater_than'] = "The %s field must contain a number greater than %s."; +$lang['required'] = "The %s field is required."; +$lang['isset'] = "The %s field must have a value."; +$lang['valid_email'] = "The %s field must contain a valid email address."; +$lang['valid_emails'] = "The %s field must contain all valid email addresses."; +$lang['valid_url'] = "The %s field must contain a valid URL."; +$lang['valid_ip'] = "The %s field must contain a valid IP."; +$lang['min_length'] = "The %s field must be at least %s characters in length."; +$lang['max_length'] = "The %s field cannot exceed %s characters in length."; +$lang['exact_length'] = "The %s field must be exactly %s characters in length."; +$lang['alpha'] = "The %s field may only contain alphabetical characters."; +$lang['alpha_numeric'] = "The %s field may only contain alpha-numeric characters."; +$lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, underscores, and dashes."; +$lang['numeric'] = "The %s field must contain only numbers."; +$lang['is_numeric'] = "The %s field must contain only numeric characters."; +$lang['integer'] = "The %s field must contain an integer."; +$lang['regex_match'] = "The %s field is not in the correct format."; +$lang['matches'] = "The %s field does not match the %s field."; +$lang['is_unique'] = "The %s field must contain a unique value."; +$lang['is_natural'] = "The %s field must contain only positive numbers."; +$lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero."; +$lang['decimal'] = "The %s field must contain a decimal number."; +$lang['less_than'] = "The %s field must contain a number less than %s."; +$lang['less_than_equal_to'] = "The %s field must contain a number less than or equal to %s."; +$lang['greater_than'] = "The %s field must contain a number greater than %s."; +$lang['greater_than_equal_to'] = "The %s field must contain a number greater than or equal to %s."; /* End of file form_validation_lang.php */ -/* Location: ./system/language/english/form_validation_lang.php */
\ No newline at end of file +/* Location: ./system/language/english/form_validation_lang.php */ diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 5069a44c1..cdb3d3d62 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -47,10 +47,8 @@ class CI_Form_validation { protected $_error_suffix = '</p>'; protected $error_string = ''; protected $_safe_form_data = FALSE; + protected $validation_data = array(); - /** - * Constructor - */ public function __construct($rules = array()) { $this->CI =& get_instance(); @@ -85,7 +83,8 @@ class CI_Form_validation { public function set_rules($field, $label = '', $rules = '') { // No reason to set rules if we have no POST data - if (count($_POST) === 0) + // or a validation array has not been specified + if (count($_POST) === 0 && count($this->validation_data) === 0) { return $this; } @@ -162,10 +161,33 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * By default, form validation uses the $_POST array to validate + * + * If an array is set through this method, then this array will + * be used instead of the $_POST array + * + * Note that if you are validating multiple arrays, then the + * reset_validation() function should be called after validating + * each array due to the limitations of CI's singleton + * + * @param array $data + * @return void + */ + public function set_data($data = '') + { + if ( ! empty($data) && is_array($data)) + { + $this->validation_data = $data; + } + } + + // -------------------------------------------------------------------- + + /** * Set Error Message * * Lets users set their own error messages on the fly. Note: The key - * name has to match the function name that it corresponds to. + * name has to match the function name that it corresponds to. * * @param string * @param string @@ -300,7 +322,8 @@ class CI_Form_validation { public function run($group = '') { // Do we even have any data to process? Mm? - if (count($_POST) === 0) + $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST; + if (count($validation_array) === 0) { return FALSE; } @@ -342,18 +365,18 @@ class CI_Form_validation { // corresponding $_POST item and test for errors foreach ($this->_field_data as $field => $row) { - // Fetch the data from the corresponding $_POST array and cache it in the _field_data array. + // Fetch the data from the corresponding $_POST or validation array and cache it in the _field_data array. // Depending on whether the field name is an array or a string will determine where we get it from. if ($row['is_array'] === TRUE) { - $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); + $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']); } else { - if (isset($_POST[$field]) AND $_POST[$field] != "") + if (isset($validation_array[$field]) AND $validation_array[$field] != "") { - $this->_field_data[$field]['postdata'] = $_POST[$field]; + $this->_field_data[$field]['postdata'] = $validation_array[$field]; } } @@ -867,12 +890,13 @@ class CI_Form_validation { */ public function matches($str, $field) { - if ( ! isset($_POST[$field])) + $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST; + if ( ! isset($validation_array[$field])) { return FALSE; } - return ($str === $_POST[$field]); + return ($str === $validation_array[$field]); } // -------------------------------------------------------------------- @@ -1117,7 +1141,7 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** - * Greather than + * Greater than * * @param string * @return bool @@ -1132,6 +1156,24 @@ class CI_Form_validation { } // -------------------------------------------------------------------- + + /** + * Equal to or Greater than + * + * @access public + * @param string + * @return bool + */ + function greater_than_equal_to($str, $min) + { + if ( ! is_numeric($str)) + { + return FALSE; + } + return $str >= $min; + } + + // -------------------------------------------------------------------- /** * Less than @@ -1151,6 +1193,24 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * Equal to or Less than + * + * @access public + * @param string + * @return bool + */ + function less_than_equal_to($str, $max) + { + if ( ! is_numeric($str)) + { + return FALSE; + } + return $str <= $max; + } + + // -------------------------------------------------------------------- + + /** * Is a Natural number (0,1,2,3, etc.) * * @param string @@ -1283,6 +1343,25 @@ class CI_Form_validation { return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); } + // -------------------------------------------------------------------- + + /** + * Reset validation vars + * + * Prevents subsequent validation routines from being affected by the + * results of any previous validation routine due to the CI singleton. + * + * @return void + */ + public function reset_validation() + { + $this->_field_data = array(); + $this->_config_rules = array(); + $this->_error_array = array(); + $this->_error_messages = array(); + $this->error_string = ''; + } + } /* End of file Form_validation.php */ diff --git a/system/libraries/Session.php b/system/libraries/Session.php index dd50a91e1..104b88810 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -454,7 +454,7 @@ class CI_Session { */ public function userdata($item) { - return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item]; + return isset($this->userdata[$item]) ? $this->userdata[$item] : FALSE; } // -------------------------------------------------------------------- @@ -729,7 +729,7 @@ class CI_Session { */ protected function _unserialize($data) { - $data = @unserialize(strip_slashes($data)); + $data = @unserialize(strip_slashes(trim($data))); if (is_array($data)) { @@ -737,9 +737,11 @@ class CI_Session { return $data; } - return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data; + return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data; } + // -------------------------------------------------------------------- + /** * Unescape slashes * @@ -779,7 +781,7 @@ class CI_Session { { $expire = $this->now - $this->sess_expiration; - $this->CI->db->where("last_activity < {$expire}"); + $this->CI->db->where('last_activity < '.$expire); $this->CI->db->delete($this->sess_table_name); log_message('debug', 'Session garbage collection performed.'); diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index ac29c1bdd..89575c849 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1101,7 +1101,7 @@ class CI_Upload { $proc = @popen($cmd, 'r'); if (is_resource($proc)) { - $mime = @fread($test, 512); + $mime = @fread($proc, 512); @pclose($proc); if ($mime !== FALSE) { |