diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/Common.php | 4 | ||||
| -rw-r--r-- | system/core/Input.php | 32 | ||||
| -rw-r--r-- | system/core/Output.php | 2 | ||||
| -rw-r--r-- | system/core/Security.php | 3 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 16 | ||||
| -rw-r--r-- | system/database/DB_forge.php | 6 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 41 | ||||
| -rw-r--r-- | system/database/drivers/cubrid/cubrid_driver.php | 41 | ||||
| -rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 41 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 41 | ||||
| -rw-r--r-- | system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php | 41 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 14 | ||||
| -rw-r--r-- | system/libraries/Email.php | 6 | ||||
| -rw-r--r-- | system/libraries/Encrypt.php | 2 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 15 | ||||
| -rw-r--r-- | system/libraries/Image_lib.php | 2 | ||||
| -rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 3 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 15 |
18 files changed, 119 insertions, 206 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 10c22375e..b4f0c388e 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable')) */ if (is_dir($file)) { - $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); + $file = rtrim($file, '/').'/'.md5(mt_rand()); if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; @@ -359,7 +359,7 @@ if ( ! function_exists('show_error')) * * This function lets us invoke the exception class and * display errors using the standard error template located - * in application/errors/errors.php + * in application/views/errors/error_general.php * This function will send the error page directly to the * browser and exit. * diff --git a/system/core/Input.php b/system/core/Input.php index 8d491e055..6690b7f2e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -153,17 +153,39 @@ class CI_Input { */ protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { - if ( ! isset($array[$index])) + if (isset($array[$index])) { - return NULL; + $value = $array[$index]; } + elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation + { + $value = $array; + for ($i = 0; $i < $count; $i++) + { + $key = trim($matches[0][$i], '[]'); + if ($key === '') // Empty notation will return the value as array + { + break; + } - if ($xss_clean === TRUE) + if (isset($value[$key])) + { + $value = $value[$key]; + } + else + { + return NULL; + } + } + } + else { - return $this->security->xss_clean($array[$index]); + return NULL; } - return $array[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($value) + : $value; } // -------------------------------------------------------------------- diff --git a/system/core/Output.php b/system/core/Output.php index 25ecd496c..3320ae154 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -793,6 +793,8 @@ class CI_Output { case 'text/css': case 'text/javascript': + case 'application/javascript': + case 'application/x-javascript': $output = $this->_minify_script_style($output); diff --git a/system/core/Security.php b/system/core/Security.php index 7aae54efc..196d61144 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -488,8 +488,7 @@ class CI_Security { { if ($this->_xss_hash === '') { - mt_srand(); - $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); + $this->_xss_hash = md5(uniqid(mt_rand())); } return $this->_xss_hash; diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 18dbbc76e..97021f125 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1208,13 +1208,8 @@ abstract class CI_DB_driver { } else { - /* We have no other choice but to just get the first element's key. - * Due to array_shift() accepting it's argument by reference, if - * E_STRICT is on, this would trigger a warning. So we'll have to - * assign it first. - */ - $key = array_keys($row); - $key = array_shift($key); + // We have no other choice but to just get the first element's key. + $key = key($row); } } @@ -1614,7 +1609,7 @@ abstract class CI_DB_driver { * @param string the error message * @param string any "swap" values * @param bool whether to localize the message - * @return string sends the application/error_db.php template + * @return string sends the application/views/errors/error_db.php template */ public function display_error($error = '', $swap = '', $native = FALSE) { @@ -1711,7 +1706,10 @@ abstract class CI_DB_driver { // If a parenthesis is found we know that we do not need to // escape the data or add a prefix. There's probably a more graceful // way to deal with this, but I'm not thinking of it -- Rick - if (strpos($item, '(') !== FALSE) + // + // Added exception for single quotes as well, we don't want to alter + // literal strings. -- Narf + if (strpos($item, '(') !== FALSE OR strpos($item, "'") !== FALSE) { return $item; } diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index 53cdd53b6..d52029ecd 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -680,8 +680,12 @@ abstract class CI_DB_forge { return $sql.'DROP COLUMN '.$this->db->escape_identifiers($field); } + $sql .= ($alter_type === 'ADD') + ? 'ADD ' + : $alter_type.' COLUMN '; + $sqls = array(); - for ($i = 0, $c = count($field), $sql .= $alter_type.' COLUMN '; $i < $c; $i++) + for ($i = 0, $c = count($field); $i < $c; $i++) { $sqls[] = $sql .($field[$i]['_literal'] !== FALSE ? $field[$i]['_literal'] : $this->_process_column($field[$i])); diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 85a233b50..292621b66 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1855,6 +1855,47 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- /** + * Update_Batch statement + * + * Generates a platform-specific batch update string from the supplied data + * + * @param string $table Table name + * @param array $values Update data + * @param string $index WHERE key + * @return string + */ + protected function _update_batch($table, $values, $index) + { + $ids = array(); + foreach ($values as $key => $val) + { + $ids[] = $val[$index]; + + foreach (array_keys($val) as $field) + { + if ($field !== $index) + { + $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; + } + } + } + + $cases = ''; + foreach ($final as $k => $v) + { + $cases .= $k." = CASE \n" + .implode("\n", $v)."\n" + .'ELSE '.$k.' END, '; + } + + $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE); + + return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where'); + } + + // -------------------------------------------------------------------- + + /** * The "set_update_batch" function. Allows key/value pairs to be set for batch updating * * @param array diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php index 6663868bd..51bbbdb47 100644 --- a/system/database/drivers/cubrid/cubrid_driver.php +++ b/system/database/drivers/cubrid/cubrid_driver.php @@ -430,47 +430,6 @@ class CI_DB_cubrid_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Update_Batch statement - * - * Generates a platform-specific batch update string from the supplied data - * - * @param string $table Table name - * @param array $values Update data - * @param string $index WHERE key - * @return string - */ - protected function _update_batch($table, $values, $index) - { - $ids = array(); - foreach ($values as $key => $val) - { - $ids[] = $val[$index]; - - foreach (array_keys($val) as $field) - { - if ($field !== $index) - { - $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; - } - } - } - - $cases = ''; - foreach ($final as $k => $v) - { - $cases .= $k." = CASE \n" - .implode("\n", $v) - .'ELSE '.$k.' END, '; - } - - $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE); - - return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where'); - } - - // -------------------------------------------------------------------- - - /** * FROM tables * * Groups tables in FROM clauses if needed, so there is no confusion diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 95003f648..b94642b35 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -456,47 +456,6 @@ class CI_DB_mysql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Update_Batch statement - * - * Generates a platform-specific batch update string from the supplied data - * - * @param string $table Table name - * @param array $values Update data - * @param string $index WHERE key - * @return string - */ - protected function _update_batch($table, $values, $index) - { - $ids = array(); - foreach ($values as $key => $val) - { - $ids[] = $val[$index]; - - foreach (array_keys($val) as $field) - { - if ($field !== $index) - { - $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; - } - } - } - - $cases = ''; - foreach ($final as $k => $v) - { - $cases .= $k." = CASE \n" - .implode("\n", $v)."\n" - .'ELSE '.$k.' END, '; - } - - $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE); - - return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where'); - } - - // -------------------------------------------------------------------- - - /** * FROM tables * * Groups tables in FROM clauses if needed, so there is no confusion diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index b64a7a2e8..ef2cb8a8d 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -427,47 +427,6 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Update_Batch statement - * - * Generates a platform-specific batch update string from the supplied data - * - * @param string $table Table name - * @param array $values Update data - * @param string $index WHERE key - * @return string - */ - protected function _update_batch($table, $values, $index) - { - $ids = array(); - foreach ($values as $key => $val) - { - $ids[] = $val[$index]; - - foreach (array_keys($val) as $field) - { - if ($field !== $index) - { - $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; - } - } - } - - $cases = ''; - foreach ($final as $k => $v) - { - $cases .= $k.' = CASE '."\n" - .implode("\n", $v)."\n" - .'ELSE '.$k.' END, '; - } - - $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE); - - return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where'); - } - - // -------------------------------------------------------------------- - - /** * FROM tables * * Groups tables in FROM clauses if needed, so there is no confusion diff --git a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php index 315f6f53b..ff486fc5a 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php @@ -201,47 +201,6 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver { // -------------------------------------------------------------------- /** - * Update_Batch statement - * - * Generates a platform-specific batch update string from the supplied data - * - * @param string $table Table name - * @param array $values Update data - * @param string $index UPDATE key - * @return string - */ - protected function _update_batch($table, $values, $index) - { - $ids = array(); - foreach ($values as $key => $val) - { - $ids[] = $val[$index]; - - foreach (array_keys($val) as $field) - { - if ($field !== $index) - { - $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; - } - } - } - - $cases = ''; - foreach ($final as $k => $v) - { - $cases .= $k." = CASE \n" - .implode("\n", $v)."\n" - .'ELSE '.$k.' END), '; - } - - $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE); - - return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where'); - } - - // -------------------------------------------------------------------- - - /** * Truncate statement * * Generates a platform-specific truncate string from the supplied data diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 692909c79..2002d4269 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -261,7 +261,6 @@ if ( ! function_exists('form_textarea')) unset($data['value']); // textareas don't use the value attribute } - $name = is_array($data) ? $data['name'] : $data; return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, TRUE)."</textarea>\n"; } } @@ -642,14 +641,13 @@ if ( ! function_exists('set_value')) */ function set_value($field = '', $default = '', $is_textarea = FALSE) { - if (FALSE === ($OBJ =& _get_validation_object())) - { - return isset($_POST[$field]) - ? form_prep($_POST[$field], $is_textarea) - : form_prep($default, $is_textarea); - } + $CI =& get_instance(); + + $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field)) + ? $CI->form_validation->set_value($field, $default) + : $CI->input->post($field, FALSE); - return form_prep($OBJ->set_value($field, $default), $is_textarea); + return form_prep($value === NULL ? $default : $value, $is_textarea); } } diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 756a38a10..a745d331d 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -105,9 +105,9 @@ class CI_Email { /** * SMTP Encryption * - * @var string NULL, 'tls' or 'ssl' + * @var string empty, 'tls' or 'ssl' */ - public $smtp_crypto = NULL; + public $smtp_crypto = ''; /** * Whether to apply word-wrapping to the message body. @@ -1875,7 +1875,7 @@ class CI_Email { return TRUE; } - $ssl = ($this->smtp_crypto === 'ssl') ? 'ssl://' : NULL; + $ssl = ($this->smtp_crypto === 'ssl') ? 'ssl://' : ''; $this->_smtp_connect = fsockopen($ssl.$this->smtp_host, $this->smtp_port, diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c6a1cb175..8ac5420de 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -244,7 +244,7 @@ class CI_Encrypt { $rand = ''; do { - $rand .= mt_rand(0, mt_getrandmax()); + $rand .= mt_rand(); } while (strlen($rand) < 32); diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 172e799f6..1ed50844c 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -836,6 +836,21 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * Checks if the rule is present within the validator + * + * Permits you to check if a rule is present within the validator + * + * @param string the field name + * @return bool + */ + public function has_rule($field) + { + return isset($this->_field_data[$field]); + } + + // -------------------------------------------------------------------- + + /** * Get the value from a form * * Permits you to repopulate a form field with the value it was submitted diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 0cec43fc4..b6a11a3a5 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -388,7 +388,7 @@ class CI_Image_lib { */ public function clear() { - $props = array('library_path', 'source_image', 'new_image', 'width', 'height', 'rotation_angle', 'x_axis', 'y_axis', 'wm_text', 'wm_overlay_path', 'wm_font_path', 'wm_shadow_color', 'source_folder', 'dest_folder', 'mime_type', 'orig_width', 'orig_height', 'image_type', 'size_str', 'full_src_path', 'full_dst_path'); + $props = array('thumb_marker', 'library_path', 'source_image', 'new_image', 'width', 'height', 'rotation_angle', 'x_axis', 'y_axis', 'wm_text', 'wm_overlay_path', 'wm_font_path', 'wm_shadow_color', 'source_folder', 'dest_folder', 'mime_type', 'orig_width', 'orig_height', 'image_type', 'size_str', 'full_src_path', 'full_dst_path'); foreach ($props as $val) { diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 0e8644102..7174d63c8 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver { $new_sessid = ''; do { - $new_sessid .= mt_rand(0, mt_getrandmax()); + $new_sessid .= mt_rand(); } while (strlen($new_sessid) < 32); @@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver { $probability = ini_get('session.gc_probability'); $divisor = ini_get('session.gc_divisor'); - srand(time()); if ((mt_rand(0, $divisor) / $divisor) < $probability) { $expire = $this->now - $this->sess_expiration; diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1c14f99ed..7c48b4294 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -366,25 +366,25 @@ class CI_Upload { switch ($error) { - case 1: // UPLOAD_ERR_INI_SIZE + case UPLOAD_ERR_INI_SIZE: $this->set_error('upload_file_exceeds_limit'); break; - case 2: // UPLOAD_ERR_FORM_SIZE + case UPLOAD_ERR_FORM_SIZE: $this->set_error('upload_file_exceeds_form_limit'); break; - case 3: // UPLOAD_ERR_PARTIAL + case UPLOAD_ERR_PARTIAL: $this->set_error('upload_file_partial'); break; - case 4: // UPLOAD_ERR_NO_FILE + case UPLOAD_ERR_NO_FILE: $this->set_error('upload_no_file_selected'); break; - case 6: // UPLOAD_ERR_NO_TMP_DIR + case UPLOAD_ERR_NO_TMP_DIR: $this->set_error('upload_no_temp_directory'); break; - case 7: // UPLOAD_ERR_CANT_WRITE + case UPLOAD_ERR_CANT_WRITE: $this->set_error('upload_unable_to_write_file'); break; - case 8: // UPLOAD_ERR_EXTENSION + case UPLOAD_ERR_EXTENSION: $this->set_error('upload_stopped_by_extension'); break; default: @@ -604,7 +604,6 @@ class CI_Upload { { if ($this->encrypt_name === TRUE) { - mt_srand(); $filename = md5(uniqid(mt_rand())).$this->file_ext; } |