summaryrefslogtreecommitdiffstats
path: root/user_guide/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide/libraries')
-rw-r--r--user_guide/libraries/cart.html20
-rw-r--r--user_guide/libraries/file_uploading.html7
-rw-r--r--user_guide/libraries/form_validation.html37
-rw-r--r--user_guide/libraries/input.html18
-rw-r--r--user_guide/libraries/security.html3
5 files changed, 53 insertions, 32 deletions
diff --git a/user_guide/libraries/cart.html b/user_guide/libraries/cart.html
index 3471eeb7e..f1e8473e7 100644
--- a/user_guide/libraries/cart.html
+++ b/user_guide/libraries/cart.html
@@ -61,7 +61,7 @@ Shopping Cart Class
<p>The Cart Class permits items to be added to a session that stays active while a user is browsing your site.
These items can be retrieved and displayed in a standard "shopping cart" format, allowing the user to update the quantity or remove items from the cart.</p>
-<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p>
+<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p>
<h2>Initializing the Shopping Cart Class</h2>
@@ -106,20 +106,20 @@ It is intended to be used in cases where your product has options associated wit
<li><strong>qty</strong> - The quantity being purchased.
<li><strong>price</strong> - The price of the item.
<li><strong>name</strong> - The name of the item.
-<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array.
+<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array.
</ul>
<p>In addition to the five indexes above, there are two reserved words: <dfn>rowid</dfn> and <dfn>subtotal</dfn>. These are used internally by the Cart class, so
please do NOT use those words as index names when inserting data into the cart.</p>
-<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among
-all your products in order to make displaying the information in a table easier.</p>
+<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among all your products in order to make displaying the information in a table easier.</p>
+
+<p>The insert() method will return the $rowid if you successfully insert a single item.</p>
<h2>Adding Multiple Items to The Cart</h2>
-<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow
-people to select from among several items on the same page.</p>
+<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow people to select from among several items on the same page.</p>
<code>
@@ -268,8 +268,8 @@ $this->cart->update($data);
<p><strong>What is a Row ID?</strong>&nbsp; The <kbd>row ID</kbd> is a unique identifier that is generated by the cart code when an item is added to the cart. The reason a
unique ID is created is so that identical products with different options can be managed by the cart.</p>
-<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be
-identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this
+<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be
+identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this
difference so that the two sizes of shirts can be managed independently. It does so by creating a unique "row ID" based on the product ID and any options associated with it.</p>
<p>In nearly all cases, updating the cart will be something the user does via the "view cart" page, so as a developer, it is unlikely that you will ever have to concern yourself
@@ -311,7 +311,7 @@ function when the update form is submitted. Please examine the construction of t
<h2>$this->cart->has_options(rowid);</h2>
-<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p>
+<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p>
<h2>$this->cart->product_options(rowid);</h2>
@@ -322,7 +322,7 @@ function when the update form is submitted. Please examine the construction of t
<h2>$this->cart->destroy();</h2>
-<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p>
+<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p>
diff --git a/user_guide/libraries/file_uploading.html b/user_guide/libraries/file_uploading.html
index a88c67220..94b219355 100644
--- a/user_guide/libraries/file_uploading.html
+++ b/user_guide/libraries/file_uploading.html
@@ -305,6 +305,13 @@ $this->upload->initialize($config);</code>
</tr>
<tr>
+<td class="td"><strong>max_filename_increment</strong></td>
+<td class="td">100</td>
+<td class="td">None</td>
+<td class="td">When overwrite is set to FALSE, use this to set the maximum filename increment for CodeIgniter to append to the filename.</td>
+</tr>
+
+<tr>
<td class="td"><strong>encrypt_name</strong></td>
<td class="td">FALSE</td>
<td class="td">TRUE/FALSE (boolean)</td>
diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html
index 7c544b69f..ede1913e0 100644
--- a/user_guide/libraries/form_validation.html
+++ b/user_guide/libraries/form_validation.html
@@ -390,10 +390,10 @@ $this->form_validation->set_rules($config);
<p>CodeIgniter lets you pipe multiple rules together. Let's try it. Change your rules in the third parameter of rule setting function, like this:</p>
<code>
-$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]');<br />
+$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]|is_unique[users.username]');<br />
$this->form_validation->set_rules('password', 'Password', 'required|matches[passconf]');<br />
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');<br />
-$this->form_validation->set_rules('email', 'Email', 'required|valid_email');<br />
+$this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]');<br />
</code>
<p>The above code sets the following rules:</p>
@@ -508,15 +508,13 @@ create a callback function that does that. Let's create a example of this.</p>
<code>$this->form_validation->set_rules('username', 'Username', '<kbd>callback_username_check</kbd>');</code>
-
<p>Then add a new function called <dfn>username_check</dfn> to your controller. Here's how your controller should now look:</p>
-
-<textarea class="textarea" style="width:100%" cols="50" rows="44">&lt;?php
+<textarea class="textarea" style="width:100%" cols="50" rows="40">&lt;?php
class Form extends CI_Controller {
- function index()
+ public function index()
{
$this->load->helper(array('form', 'url'));
@@ -525,7 +523,7 @@ class Form extends CI_Controller {
$this->form_validation->set_rules('username', 'Username', 'callback_username_check');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
- $this->form_validation->set_rules('email', 'Email', 'required');
+ $this->form_validation->set_rules('email', 'Email', 'required|is_unique[users.email]');
if ($this->form_validation->run() == FALSE)
{
@@ -537,7 +535,7 @@ class Form extends CI_Controller {
}
}
- function username_check($str)
+ public function username_check($str)
{
if ($str == 'test')
{
@@ -556,14 +554,13 @@ class Form extends CI_Controller {
<p><dfn>Reload your form and submit it with the word "test" as the username. You can see that the form field data was passed to your
callback function for you to process.</dfn></p>
-<p><strong>To invoke a callback just put the function name in a rule, with "callback_" as the rule prefix.</strong></p>
+<p>To invoke a callback just put the function name in a rule, with "callback_" as the rule <strong>prefix</strong>. If you need
+to receive an extra parameter in your callback function, just add it normally after the function name between square brackets,
+as in: "callback_foo<strong>[bar]</strong>", then it will be passed as the second argument of your callback function.</p>
-<p>You can also process the form data that is passed to your callback and return it. If your callback returns anything other than a boolean TRUE/FALSE
+<p><strong>Note:</strong> You can also process the form data that is passed to your callback and return it. If your callback returns anything other than a boolean TRUE/FALSE
it is assumed that the data is your newly processed form data.</p>
-
-
-
<a name="settingerrors"></a>
<h2>Setting Error Messages</h2>
@@ -947,6 +944,13 @@ POST array:</p>
</tr>
<tr>
+ <td class="td"><strong>is_unique</strong></td>
+ <td class="td">Yes</td>
+ <td class="td">Returns FALSE if the form element is not unique to the table and field name in the parameter.</td>
+ <td class="td">is_unique[table.field]</td>
+ </tr>
+
+ <tr>
<td class="td"><strong>min_length</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is shorter then the parameter value.</td>
@@ -1038,6 +1042,13 @@ POST array:</p>
</tr>
<tr>
+ <td class="td"><strong>is_unique</strong></td>
+ <td class="td">Yes</td>
+ <td class="td">Returns FALSE if the form element is not unique in a database table.</td>
+ <td class="td">is_unique[table.field]</td>
+ </tr>
+
+ <tr>
<td class="td"><strong>valid_email</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element does not contain a valid email address.</td>
diff --git a/user_guide/libraries/input.html b/user_guide/libraries/input.html
index 311f76ee9..77e28488a 100644
--- a/user_guide/libraries/input.html
+++ b/user_guide/libraries/input.html
@@ -73,11 +73,11 @@ Input Class
<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p>
<ul>
-<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li>
+<li>If $config['allow_get_array'] is FALSE(default is TRUE), destroys the global GET array.</li>
<li>Destroys all global variables in the event register_globals is turned on.</li>
-<li>Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li>
+<li>Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li>
<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li>
-<li>Standardizes newline characters to \n</li>
+<li>Standardizes newline characters to \n(In Windows \r\n)</li>
</ul>
@@ -133,13 +133,13 @@ else<br />
<code>$this->input->post('some_data', TRUE);</code>
<p>To return an array of all POST items call without any parameters.</p>
-<p>To return all POST items and pass them through the XSS filter leave the first parameter blank while setting the second parameter to boolean;</p>
+<p>To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;</p>
<p>The function returns FALSE (boolean) if there are no items in the POST.</p>
<code>
- $this->input->post(); // returns all POST items with XSS filter
+ $this->input->post(NULL, TRUE); // returns all POST items with XSS filter
<br />
- $this->input->post(NULL, FALSE); // returns all POST items without XSS
+ $this->input->post(); // returns all POST items without XSS filter
</code>
<h2>$this->input->get()</h2>
@@ -149,13 +149,13 @@ else<br />
<code>$this->input->get('some_data', TRUE);</code>
<p>To return an array of all GET items call without any parameters.</p>
-<p>To return all GET items and pass them through the XSS filter leave the first parameter blank while setting the second parameter to boolean;</p>
+<p>To return all GET items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;</p>
<p>The function returns FALSE (boolean) if there are no items in the GET.</p>
<code>
- $this->input->get(); // returns all GET items with XSS filter
+ $this->input->get(NULL, TRUE); // returns all GET items with XSS filter
<br />
- $this->input->get(NULL, FALSE); // returns all GET items without XSS filtering
+ $this->input->get(); // returns all GET items without XSS filtering
</code>
<h2>$this->input->get_post()</h2>
diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html
index dd62a4386..cbe12d852 100644
--- a/user_guide/libraries/security.html
+++ b/user_guide/libraries/security.html
@@ -116,6 +116,9 @@ Note: This function should only be used to deal with data upon submission. It's
<p>If you use the <a href="../helpers/form_helper.html">form helper</a> the <var>form_open()</var> function will automatically insert a hidden csrf field in your forms.</p>
+<p>Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:</p>
+<code>$config['csrf_exclude_uris'] = array('api/person/add');</code>
+
</div>
<!-- END CONTENT -->