diff options
Diffstat (limited to 'system')
| -rw-r--r--[-rwxr-xr-x] | system/core/Loader.php | 5 | ||||
| -rw-r--r-- | system/database/DB_active_rec.php | 311 | ||||
| -rw-r--r-- | system/database/DB_cache.php | 2 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 2 | ||||
| -rw-r--r-- | system/database/DB_forge.php | 2 | ||||
| -rw-r--r-- | system/database/DB_utility.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 4 | ||||
| -rw-r--r-- | system/helpers/captcha_helper.php | 2 | ||||
| -rw-r--r-- | system/libraries/Cache/drivers/Cache_apc.php | 4 | ||||
| -rw-r--r-- | system/libraries/Email.php | 10 | ||||
| -rw-r--r-- | system/libraries/Session.php | 48 |
11 files changed, 308 insertions, 84 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php index de0fc06d2..5539aae14 100755..100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -616,6 +616,11 @@ class CI_Loader { require BASEPATH.'libraries/Driver.php'; } + if ($library == '') + { + return FALSE; + } + // We can save the loader some time since Drivers will *always* be in a subfolder, // and typically identically named to the library if ( ! strpos($library, '/')) diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 83518232e..f99d13ec8 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -28,39 +28,42 @@ */ class CI_DB_active_record extends CI_DB_driver { - var $ar_select = array(); - var $ar_distinct = FALSE; - var $ar_from = array(); - var $ar_join = array(); - var $ar_where = array(); - var $ar_like = array(); - var $ar_groupby = array(); - var $ar_having = array(); - var $ar_keys = array(); - var $ar_limit = FALSE; - var $ar_offset = FALSE; - var $ar_order = FALSE; - var $ar_orderby = array(); - var $ar_set = array(); - var $ar_wherein = array(); - var $ar_aliased_tables = array(); - var $ar_store_array = array(); + protected $return_delete_sql = FALSE; + protected $reset_delete_data = FALSE; + + protected $ar_select = array(); + protected $ar_distinct = FALSE; + protected $ar_from = array(); + protected $ar_join = array(); + protected $ar_where = array(); + protected $ar_like = array(); + protected $ar_groupby = array(); + protected $ar_having = array(); + protected $ar_keys = array(); + protected $ar_limit = FALSE; + protected $ar_offset = FALSE; + protected $ar_order = FALSE; + protected $ar_orderby = array(); + protected $ar_set = array(); + protected $ar_wherein = array(); + protected $ar_aliased_tables = array(); + protected $ar_store_array = array(); // Active Record Caching variables - var $ar_caching = FALSE; - var $ar_cache_exists = array(); - var $ar_cache_select = array(); - var $ar_cache_from = array(); - var $ar_cache_join = array(); - var $ar_cache_where = array(); - var $ar_cache_like = array(); - var $ar_cache_groupby = array(); - var $ar_cache_having = array(); - var $ar_cache_orderby = array(); - var $ar_cache_set = array(); + protected $ar_caching = FALSE; + protected $ar_cache_exists = array(); + protected $ar_cache_select = array(); + protected $ar_cache_from = array(); + protected $ar_cache_join = array(); + protected $ar_cache_where = array(); + protected $ar_cache_like = array(); + protected $ar_cache_groupby = array(); + protected $ar_cache_having = array(); + protected $ar_cache_orderby = array(); + protected $ar_cache_set = array(); - var $ar_no_escape = array(); - var $ar_cache_no_escape = array(); + protected $ar_no_escape = array(); + protected $ar_cache_no_escape = array(); // -------------------------------------------------------------------- @@ -660,7 +663,7 @@ class CI_DB_active_record extends CI_DB_driver { $prefix = (count($this->ar_like) == 0) ? '' : $type; $v = $this->escape_like_str($v); - + if ($side == 'none') { $like_statement = $prefix." $k $not LIKE '{$v}'"; @@ -931,7 +934,37 @@ class CI_DB_active_record extends CI_DB_driver { return $this; } + + // -------------------------------------------------------------------- + /** + * Get SELECT query string + * + * Compiles a SELECT query string and returns the sql. + * + * @access public + * @param string the table name to select from (optional) + * @param boolean TRUE: resets AR values; FALSE: leave AR vaules alone + * @return string + */ + public function get_compiled_select($table = '', $reset = TRUE) + { + if ($table != '') + { + $this->_track_aliases($table); + $this->from($table); + } + + $select = $this->_compile_select(); + + if ($reset === TRUE) + { + $this->_reset_select(); + } + + return $select; + } + // -------------------------------------------------------------------- /** @@ -1148,6 +1181,41 @@ class CI_DB_active_record extends CI_DB_driver { return $this; } + + // -------------------------------------------------------------------- + + /** + * Get INSERT query string + * + * Compiles an insert query and returns the sql + * + * @access public + * @param string the table to insert into + * @param boolean TRUE: reset AR values; FALSE: leave AR values alone + * @return string + */ + public function get_compiled_insert($table = '', $reset = TRUE) + { + if ($this->_validate_insert($table) === FALSE) + { + return FALSE; + } + + $sql = $this->_insert( + $this->_protect_identifiers( + $this->ar_from[0], TRUE, NULL, FALSE + ), + array_keys($this->ar_set), + array_values($this->ar_set) + ); + + if ($reset === TRUE) + { + $this->_reset_write(); + } + + return $sql; + } // -------------------------------------------------------------------- @@ -1156,17 +1224,50 @@ class CI_DB_active_record extends CI_DB_driver { * * Compiles an insert string and runs the query * + * @access public * @param string the table to insert data into * @param array an associative array of insert values * @return object */ - function insert($table = '', $set = NULL) + public function insert($table = '', $set = NULL) { if ( ! is_null($set)) { $this->set($set); } + + if ($this->_validate_insert($table) === FALSE) + { + return FALSE; + } + + $sql = $this->_insert( + $this->_protect_identifiers( + $this->ar_from[0], TRUE, NULL, FALSE + ), + array_keys($this->ar_set), + array_values($this->ar_set) + ); + $this->_reset_write(); + return $this->query($sql); + } + + // -------------------------------------------------------------------- + + /** + * Validate Insert + * + * This method is used by both insert() and get_compiled_insert() to + * validate that the there data is actually being set and that table + * has been chosen to be inserted into. + * + * @access public + * @param string the table to insert data into + * @return string + */ + protected function _validate_insert($table = '') + { if (count($this->ar_set) == 0) { if ($this->db_debug) @@ -1186,14 +1287,13 @@ class CI_DB_active_record extends CI_DB_driver { } return FALSE; } - - $table = $this->ar_from[0]; } - - $sql = $this->_insert($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); - - $this->_reset_write(); - return $this->query($sql); + else + { + $this->ar_from[0] = $table; + } + + return TRUE; } // -------------------------------------------------------------------- @@ -1242,7 +1342,39 @@ class CI_DB_active_record extends CI_DB_driver { $this->_reset_write(); return $this->query($sql); } + + // -------------------------------------------------------------------- + /** + * Get UPDATE query string + * + * Compiles an update query and returns the sql + * + * @access public + * @param string the table to update + * @param boolean TRUE: reset AR values; FALSE: leave AR values alone + * @return string + */ + public function get_compiled_update($table = '', $reset = TRUE) + { + // Combine any cached components with the current statements + $this->_merge_cache(); + + if ($this->_validate_update($table) === FALSE) + { + return FALSE; + } + + $sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); + + if ($reset === TRUE) + { + $this->_reset_write(); + } + + return $sql; + } + // -------------------------------------------------------------------- /** @@ -1265,6 +1397,42 @@ class CI_DB_active_record extends CI_DB_driver { $this->set($set); } + if ($this->_validate_update($table) === FALSE) + { + return FALSE; + } + + if ($where != NULL) + { + $this->where($where); + } + + if ($limit != NULL) + { + $this->limit($limit); + } + + $sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); + + $this->_reset_write(); + return $this->query($sql); + } + + // -------------------------------------------------------------------- + + /** + * Validate Update + * + * This method is used by both update() and get_compiled_update() to + * validate that data is actually being set and that a table has been + * chosen to be update. + * + * @access public + * @param string the table to update data on + * @return string + */ + protected function _validate_update($table = '') + { if (count($this->ar_set) == 0) { if ($this->db_debug) @@ -1284,27 +1452,13 @@ class CI_DB_active_record extends CI_DB_driver { } return FALSE; } - - $table = $this->ar_from[0]; - } - - if ($where != NULL) - { - $this->where($where); } - - if ($limit != NULL) + else { - $this->limit($limit); + $this->ar_from[0] = $table; } - - $sql = $this->_update($this->_protect_identifiers($table, TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); - - $this->_reset_write(); - return $this->query($sql); } - - + // -------------------------------------------------------------------- /** @@ -1503,7 +1657,27 @@ class CI_DB_active_record extends CI_DB_driver { return $this->query($sql); } + + // -------------------------------------------------------------------- + /** + * Get DELETE query string + * + * Compiles a delete query string and returns the sql + * + * @access public + * @param string the table to delete from + * @param boolean TRUE: reset AR values; FALSE: leave AR values alone + * @return string + */ + public function get_compiled_delete($table = '', $reset = TRUE) + { + $this->return_delete_sql = TRUE; + $sql = $this->delete($table, '', NULL, $reset); + $this->return_delete_sql = FALSE; + return $sql; + } + // -------------------------------------------------------------------- /** @@ -1576,10 +1750,15 @@ class CI_DB_active_record extends CI_DB_driver { { $this->_reset_write(); } + + if ($this->return_delete_sql === true) + { + return $sql; + } return $this->query($sql); } - + // -------------------------------------------------------------------- /** @@ -1659,7 +1838,7 @@ class CI_DB_active_record extends CI_DB_driver { } } } - + // -------------------------------------------------------------------- /** @@ -1965,6 +2144,22 @@ class CI_DB_active_record extends CI_DB_driver { $this->ar_no_escape = $this->ar_cache_no_escape; } + + // -------------------------------------------------------------------- + + /** + * Reset Active Record values. + * + * Publicly-visible method to reset the AR values. + * + * @access public + * @return void + */ + public function reset_query() + { + $this->_reset_select(); + $this->_reset_write(); + } // -------------------------------------------------------------------- diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php index 3bf065ca5..ad1c28d72 100644 --- a/system/database/DB_cache.php +++ b/system/database/DB_cache.php @@ -33,7 +33,7 @@ class CI_DB_Cache { * Grabs the CI super object instance so we can access it. * */ - function CI_DB_Cache(&$db) + function __construct(&$db) { // Assign the main CI object to $this->CI // and load the file helper since we use it a lot diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 237a4fcea..d7b63b9dc 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -78,7 +78,7 @@ class CI_DB_driver { * * @param array */ - function CI_DB_driver($params) + function __construct($params) { if (is_array($params)) { diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index 0dd29c238..6bc40411b 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -35,7 +35,7 @@ class CI_DB_forge { * Grabs the CI super object instance so we can access it. * */ - function CI_DB_forge() + function __construct() { // Assign the main database object to $this->db $CI =& get_instance(); diff --git a/system/database/DB_utility.php b/system/database/DB_utility.php index a5f174f0a..52196b7ce 100644 --- a/system/database/DB_utility.php +++ b/system/database/DB_utility.php @@ -33,7 +33,7 @@ class CI_DB_utility extends CI_DB_forge { * Grabs the CI super object instance so we can access it. * */ - function CI_DB_utility() + function __construct() { // Assign the main database object to $this->db $CI =& get_instance(); diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 08cd27b6c..bcd7937d9 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -48,9 +48,9 @@ class CI_DB_odbc_driver extends CI_DB { var $_random_keyword; - function CI_DB_odbc_driver($params) + function __construct($params) { - parent::CI_DB_driver($params); + parent::__construct($params); $this->_random_keyword = ' RND('.time().')'; // database specific random keyword } diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 19ec0c778..2bbb9d3a5 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -243,4 +243,4 @@ if ( ! function_exists('create_captcha')) // ------------------------------------------------------------------------ /* End of file captcha_helper.php */ -/* Location: ./system/heleprs/captcha_helper.php */
\ No newline at end of file +/* Location: ./system/helpers/captcha_helper.php */
\ No newline at end of file diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index de75719c4..79d91b320 100644 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -132,7 +132,7 @@ class CI_Cache_apc extends CI_Driver { */ public function is_supported() { - if ( ! extension_loaded('apc') OR ! function_exists('apc_store')) + if ( ! extension_loaded('apc') OR ini_get('apc.enabled') != "1") { log_message('error', 'The APC PHP extension must be loaded to use APC Cache.'); return FALSE; @@ -148,4 +148,4 @@ class CI_Cache_apc extends CI_Driver { // End Class /* End of file Cache_apc.php */ -/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */
\ No newline at end of file +/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ diff --git a/system/libraries/Email.php b/system/libraries/Email.php index ef20e1978..c7d0bc52b 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -381,7 +381,15 @@ class CI_Email { */ public function message($body) { - $this->_body = stripslashes(rtrim(str_replace("\r", "", $body))); + $this->_body = rtrim(str_replace("\r", "", $body)); + + //strip slashes only if magic quotes is ON + //if we do it with magic quotes OFF, it strips real, user-inputted chars. + if (get_magic_quotes_gpc()) + { + $this->_body = stripslashes($this->_body); + } + return $this; } diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 8ee08c5b2..867314bf9 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -688,13 +688,7 @@ class CI_Session { { if (is_array($data)) { - foreach ($data as $key => $val) - { - if (is_string($val)) - { - $data[$key] = str_replace('\\', '{{slash}}', $val); - } - } + array_walk_recursive($data, array(&$this, '_escape_slashes')); } else { @@ -703,9 +697,23 @@ class CI_Session { $data = str_replace('\\', '{{slash}}', $data); } } - return serialize($data); } + + /** + * Escape slashes + * + * This function converts any slashes found into a temporary marker + * + * @access private + */ + function _escape_slashes(&$val, $key) + { + if (is_string($val)) + { + $val = str_replace('\\', '{{slash}}', $val); + } + } // -------------------------------------------------------------------- @@ -725,19 +733,27 @@ class CI_Session { if (is_array($data)) { - foreach ($data as $key => $val) - { - if (is_string($val)) - { - $data[$key] = str_replace('{{slash}}', '\\', $val); - } - } - + array_walk_recursive($data, array(&$this, '_unescape_slashes')); return $data; } return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data; } + + /** + * Unescape slashes + * + * This function converts any slash markers back into actual slashes + * + * @access private + */ + function _unescape_slashes(&$val, $key) + { + if (is_string($val)) + { + $val= str_replace('{{slash}}', '\\', $val); + } + } // -------------------------------------------------------------------- |