Age | Commit message (Collapse) | Author | Files | Lines |
|
The Input doc does talk about xss filtering, but they refer you to Security for details, which is where the function is actually defined. It gives more detail about what the function is supposed to do, and avoids some irrelevance.
It's probably not a big deal; it just looks wrong. It _might_ have been responsible for [confusion](http://stackoverflow.com/questions/13570522/this-input-xss-cleandata-giving-fatal-error-with-codeigniter) sometimes.
|
|
|
|
Form validation language line keys were not prefixed. They are
now prefixed with 'form_validation_' in order to avoid collisions.
The old keys will still work if a prefixed match is not found, but
are DEPRECATED and will be removed in the next major version.
Also added upgrade notes and changelog entries for the new error
message format from PR #961.
|
|
Improved form validation rule error messages.
|
|
Signed-off-by: Eric Roberts <eric@cryode.com>
|
|
Signed-off-by: Eric Roberts <eric@cryode.com>
|
|
Signed-off-by: Eric Roberts <eric@cryode.com>
|
|
Conflicts:
system/language/english/form_validation_lang.php
user_guide_src/source/libraries/form_validation.rst
Signed-off-by: Eric Roberts <eric@cryode.com>
|
|
Fix URL helpers to recognize protocol-relative URLs.
|
|
do not.
Most notably, redirect('//www.facebook.com/aaronadams') led my browser to https://aaronadams.ca/index.php/www.facebook.com/aaronadams.
In this commit, I have fixed the header() helper, along with the anchor() and anchor_popup() helpers, to be compatible with protocol-relative URLs.
Signed-off-by: Aaron Adams <aaron@aaronadams.ca>
|
|
Signed-off-by: Aaron Adams <aaron@aaronadams.ca>
|
|
|
|
|
|
|
|
Bug fix for relative directory removal
|
|
|
|
This fixes two bugs:
- for segments that ends with ".." e.g. /user/username../details, this should not be replaced
- current solution only replace double slashes, this solutions removes the infinite number of recurring slashes
|
|
It can only call oci_execute() in order to reset the pointer to 0,
the oci8 driver doesn't support setting the pointer.
Due to the result_object(), result_array() and custom_result_object()
calling data_seek() every time prior to fetching the result set, this
only causes the query to be executed twice. All of the three methods
now cast from existing result_object and/or result_array sets, so the
probability to ever need to really fetch the result set again is
practically zero and so this method doesn't bring any benefit.
|
|
(as requested in #2050)
|
|
|
|
(manually implementing outdated PR #636)
|
|
|
|
|
|
config->site_url() optimizations
|
|
thanks to narfbg
|
|
- direct access to config array, instead of item() calls
- the string cast is just in case 'url_suffix' would be set to false or null; the function produces the same results without this cast, but it leads to a robuster code, as false and null are sanitized and skip the suffix insertion code
- altered conditional structure: if no suffix, skip the appending of an empty string to $uri
|
|
Test for keep_flashdata accepting an array
|
|
|
|
(an improved version of PR #609)
|
|
|
|
(an improved version of PR #645)
Also fixed get_content_type() to only return the MIME value and created
Output library unit tests for both of these methods.
|
|
|
|
Children Drivers
|
|
As requested removed useless comment
|
|
This allows developers to create children drivers that are not prefix
with "CI_". This is a nity grity change, however it keeps with the
mindset that class names that start with CI_ are typically overrides of
core classes.
|
|
|
|
|
|
(an improved version of PR #1235)
|
|
(as requested in issue #452)
|
|
|
|
(an alternative to PR #1759; partially solves issue #1742)
|
|
Makes it easier to access the data after validation (issue #1208)
|
|
Check for an empty encryption_key shouldn't use strict comparison.
|
|
keep_flashdata accepts array
|
|
|
|
|
|
|
|
|
|
|
|
We have file naming conventions and any extension filename needs to match MY_<orig_filename>,
so we don't need to check for lowercase equivalents.
|