From 901573ce19e905ce28a3f3345c33dedf9c703cd4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 11 Jan 2012 01:40:48 +0200 Subject: Fix issue 863 --- system/libraries/Form_validation.php | 122 +++++++++++------------------------ user_guide_src/source/changelog.rst | 12 ++-- 2 files changed, 46 insertions(+), 88 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 0a6a2af0d..78b1ae016 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Form Validation Class * @@ -48,9 +46,6 @@ class CI_Form_validation { protected $error_string = ''; protected $_safe_form_data = FALSE; - /** - * Constructor - */ public function __construct($rules = array()) { $this->CI =& get_instance(); @@ -67,7 +62,7 @@ class CI_Form_validation { mb_internal_encoding($this->CI->config->item('charset')); } - log_message('debug', "Form Validation Class Initialized"); + log_message('debug', 'Form Validation Class Initialized'); } // -------------------------------------------------------------------- @@ -179,7 +174,6 @@ class CI_Form_validation { } $this->_error_messages = array_merge($this->_error_messages, $lang); - return $this; } @@ -198,7 +192,6 @@ class CI_Form_validation { { $this->_error_prefix = $prefix; $this->_error_suffix = $suffix; - return $this; } @@ -313,10 +306,10 @@ class CI_Form_validation { $this->set_rules($this->_config_rules); } - // We're we able to set the rules correctly? + // Were we able to set the rules correctly? if (count($this->_field_data) === 0) { - log_message('debug', "Unable to find validation rules"); + log_message('debug', 'Unable to find validation rules'); return FALSE; } } @@ -330,17 +323,13 @@ class CI_Form_validation { { // Fetch the data from the corresponding $_POST array and cache it in the _field_data array. // Depending on whether the field name is an array or a string will determine where we get it from. - if ($row['is_array'] === TRUE) { $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); } - else + elseif (isset($_POST[$field]) AND $_POST[$field] != '') { - if (isset($_POST[$field]) AND $_POST[$field] != "") - { - $this->_field_data[$field]['postdata'] = $_POST[$field]; - } + $this->_field_data[$field]['postdata'] = $_POST[$field]; } $this->_execute($row, explode('|', $row['rules']), $this->_field_data[$field]['postdata']); @@ -348,7 +337,6 @@ class CI_Form_validation { // Did we end up with any errors? $total_errors = count($this->_error_array); - if ($total_errors > 0) { $this->_safe_form_data = TRUE; @@ -462,14 +450,12 @@ class CI_Form_validation { return; } - // -------------------------------------------------------------------- - // If the field is blank, but NOT required, no further tests are necessary $callback = FALSE; if ( ! in_array('required', $rules) AND is_null($postdata)) { // Before we bail out, does the rule contain a callback? - if (preg_match("/(callback_\w+(\[.*?\])?)/", implode(' ', $rules), $match)) + if (preg_match('/(callback_\w+(\[.*?\])?)/', implode(' ', $rules), $match)) { $callback = TRUE; $rules = (array('1' => $match[1])); @@ -480,8 +466,6 @@ class CI_Form_validation { } } - // -------------------------------------------------------------------- - // Isset Test. Typically this rule will only apply to checkboxes. if (is_null($postdata) AND $callback === FALSE) { @@ -543,11 +527,9 @@ class CI_Form_validation { $postdata = $this->_field_data[$row['field']]['postdata']; } - // -------------------------------------------------------------------- - // Is the rule a callback? $callback = FALSE; - if (substr($rule, 0, 9) == 'callback_') + if (strpos($rule, 'callback_') === 0) { $rule = substr($rule, 9); $callback = TRUE; @@ -556,7 +538,7 @@ class CI_Form_validation { // Strip the parameter (if exists) from the rule // Rules can contain a parameter: max_length[5] $param = FALSE; - if (preg_match("/(.*?)\[(.*)\]/", $rule, $match)) + if (preg_match('/(.*?)\[(.*)\]/', $rule, $match)) { $rule = $match[1]; $param = $match[2]; @@ -567,11 +549,14 @@ class CI_Form_validation { { if ( ! method_exists($this->CI, $rule)) { - continue; + log_message('debug', 'Unable to find callback validation rule: '.$rule); + $result = FALSE; + } + else + { + // Run the function and grab the result + $result = $this->CI->$rule($postdata, $param); } - - // Run the function and grab the result - $result = $this->CI->$rule($postdata, $param); // Re-assign the result to the master data array if ($_in_array === TRUE) @@ -610,13 +595,14 @@ class CI_Form_validation { } else { - log_message('debug', "Unable to find validation rule: ".$rule); + log_message('debug', 'Unable to find validation rule: '.$rule); + $result = FALSE; } - - continue; } - - $result = $this->$rule($postdata, $param); + else + { + $result = $this->$rule($postdata, $param); + } if ($_in_array === TRUE) { @@ -628,7 +614,7 @@ class CI_Form_validation { } } - // Did the rule test negatively? If so, grab the error. + // Did the rule test negatively? If so, grab the error. if ($result === FALSE) { if ( ! isset($this->_error_messages[$rule])) @@ -644,7 +630,7 @@ class CI_Form_validation { } // Is the parameter we are inserting into the error message the name - // of another field? If so we need to grab its "field label" + // of another field? If so we need to grab its "field label" if (isset($this->_field_data[$param], $this->_field_data[$param]['label'])) { $param = $this->_translate_fieldname($this->_field_data[$param]['label']); @@ -678,7 +664,7 @@ class CI_Form_validation { { // Do we need to translate the field name? // We look for the prefix lang: to determine this - if (substr($fieldname, 0, 5) === 'lang:') + if (strpos($fieldname, 'lang:') === 0) { // Grab the variable $line = substr($fieldname, 5); @@ -738,15 +724,10 @@ class CI_Form_validation { { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { - if ($default === TRUE AND count($this->_field_data) === 0) - { - return ' selected="selected"'; - } - return ''; + return ($default === TRUE AND count($this->_field_data) === 0) ? ' selected="selected"' : ''; } $field = $this->_field_data[$field]['postdata']; - if (is_array($field)) { if ( ! in_array($value, $field)) @@ -754,12 +735,9 @@ class CI_Form_validation { return ''; } } - else + elseif (($field == '' OR $value == '') OR ($field != $value)) { - if (($field == '' OR $value == '') OR ($field != $value)) - { - return ''; - } + return ''; } return ' selected="selected"'; @@ -781,15 +759,10 @@ class CI_Form_validation { { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { - if ($default === TRUE AND count($this->_field_data) === 0) - { - return ' checked="checked"'; - } - return ''; + return ($default === TRUE AND count($this->_field_data) === 0) ? ' checked="checked"' : ''; } $field = $this->_field_data[$field]['postdata']; - if (is_array($field)) { if ( ! in_array($value, $field)) @@ -797,12 +770,9 @@ class CI_Form_validation { return ''; } } - else + elseif (($field == '' OR $value == '') OR ($field != $value)) { - if (($field == '' OR $value == '') OR ($field != $value)) - { - return ''; - } + return ''; } return ' checked="checked"'; @@ -869,9 +839,7 @@ class CI_Form_validation { return FALSE; } - $field = $_POST[$field]; - - return ($str === $field); + return ($str === $_POST[$field]); } // -------------------------------------------------------------------- @@ -908,7 +876,7 @@ class CI_Form_validation { */ public function min_length($str, $val) { - if (preg_match("/[^0-9]/", $val)) + if (preg_match('/[^0-9]/', $val)) { return FALSE; } @@ -932,7 +900,7 @@ class CI_Form_validation { */ public function max_length($str, $val) { - if (preg_match("/[^0-9]/", $val)) + if (preg_match('/[^0-9]/', $val)) { return FALSE; } @@ -956,7 +924,7 @@ class CI_Form_validation { */ public function exact_length($str, $val) { - if (preg_match("/[^0-9]/", $val)) + if (preg_match('/[^0-9]/', $val)) { return FALSE; } @@ -1076,19 +1044,6 @@ class CI_Form_validation { // -------------------------------------------------------------------- - /** - * Is Numeric - * - * @param string - * @return bool - */ - public function is_numeric($str) - { - return is_numeric($str); - } - - // -------------------------------------------------------------------- - /** * Integer * @@ -1217,7 +1172,7 @@ class CI_Form_validation { return $data; } - return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data)); + return str_replace(array("'", '"', '<', '>'), array(''', '"', '<', '>'), stripslashes($data)); } // -------------------------------------------------------------------- @@ -1230,14 +1185,14 @@ class CI_Form_validation { */ public function prep_url($str = '') { - if ($str == 'http://' OR $str == '') + if ($str === 'http://' OR $str == '') { return ''; } - if (substr($str, 0, 7) !== 'http://' && substr($str, 0, 8) !== 'https://') + if (strpos($str, 'http://') !== 0 && strpos($str, 'https://') !== 0) { - $str = 'http://'.$str; + return 'http://'.$str; } return $str; @@ -1283,7 +1238,6 @@ class CI_Form_validation { } } -// END Form Validation Class /* End of file Form_validation.php */ /* Location: ./system/libraries/Form_validation.php */ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 48011f208..b82b38e64 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -52,13 +52,13 @@ Release Date: Not Released - Added max_filename_increment config setting for Upload library. - CI_Loader::_ci_autoloader() is now a protected method. - - Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Form Validation library `. - - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname) + - Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Input library ` (also used by :doc:`Form Validation library `). + - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname) - Cart library changes include: - It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites. - Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe" - Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability - - Image manipulation library changes include: + - :doc:`Image Manipulation library ` changes include: - The initialize() method now only sets existing class properties. - Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them. - Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method @@ -66,6 +66,9 @@ Release Date: Not Released - Minor speed optimizations and method & property visibility declarations in the Calendar Library. - Removed SHA1 function in the :doc:`Encryption Library `. - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library `, which makes token regeneration optional. + - :doc:`Form Validation library ` changes include: + - _execute() now considers input data to be invalid if a specified rule is not found. + - Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (the 'is_numeric' rule itself is deprecated since 1.6.1). - Core @@ -97,11 +100,12 @@ Bug fixes for 3.0 - In Pagination library, when use_page_numbers=TRUE previous link and page 1 link do not have the same url - Fixed a bug (#561) - Errors in :doc:`XML-RPC Library ` were not properly escaped. - Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used. +- Fixed a bug (#863) - CI_Form_validation::_execute() silently continued to the next rule, if a callback rule method is not found. Version 2.1.0 ============= -Release Date: Not Released +Release Date: November 14, 2011 - General Changes -- cgit v1.2.3-24-g4f1b From 81c87cd453c61a17e28aff2cc3f4ea76d4d19c59 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 12 Jan 2012 17:00:29 +0200 Subject: Update the changelog --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index b82b38e64..27a8b5701 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -100,7 +100,7 @@ Bug fixes for 3.0 - In Pagination library, when use_page_numbers=TRUE previous link and page 1 link do not have the same url - Fixed a bug (#561) - Errors in :doc:`XML-RPC Library ` were not properly escaped. - Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used. -- Fixed a bug (#863) - CI_Form_validation::_execute() silently continued to the next rule, if a callback rule method is not found. +- Fixed a bug (#11, #183, #863) - CI_Form_validation::_execute() silently continued to the next rule, if a rule method/function is not found. Version 2.1.0 ============= -- cgit v1.2.3-24-g4f1b From cde43687ef19aa23ee6796925270961b760369f3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Jan 2012 20:16:35 +0200 Subject: Allow native PHP functions used as rules to accept an additional parameter --- system/libraries/Form_validation.php | 2 +- user_guide_src/source/changelog.rst | 1 + user_guide_src/source/libraries/form_validation.rst | 7 ++++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 78b1ae016..9aa07a1a8 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -582,7 +582,7 @@ class CI_Form_validation { // Users can use any native PHP function call that has one param. if (function_exists($rule)) { - $result = $rule($postdata); + $result = ($param !== FALSE) ? $rule($postdata, $param) : $rule($postdata); if ($_in_array === TRUE) { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 27a8b5701..7c2ee26eb 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -69,6 +69,7 @@ Release Date: Not Released - :doc:`Form Validation library ` changes include: - _execute() now considers input data to be invalid if a specified rule is not found. - Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (the 'is_numeric' rule itself is deprecated since 1.6.1). + - Native PHP functions used as rules can now accept an additional parameter, other than the data itself. - Core diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index e7875bc22..999ab362c 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -321,7 +321,7 @@ password to MD5, and running the username through the "xss_clean" function, which removes malicious data. **Any native PHP function that accepts one parameter can be used as a -rule, like htmlspecialchars, trim, MD5, etc.** +rule, like htmlspecialchars, trim, md5, etc.** .. note:: You will generally want to use the prepping functions **after** the validation rules so if there is an error, the original @@ -857,8 +857,9 @@ Rule Parameter Description $this->form_validation->required($string); -.. note:: You can also use any native PHP functions that permit one - parameter. +.. note:: You can also use any native PHP functions that permit up + to two parameters, where at least one is required (to pass + the field data). ****************** Prepping Reference -- cgit v1.2.3-24-g4f1b From 6de924ce72797a1a8d8d8104f767f42c24e929c3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 Jan 2012 13:18:18 +0200 Subject: Replace AND with && --- system/libraries/Form_validation.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 9aa07a1a8..34b7b646d 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -9,7 +9,7 @@ * Licensed under the Open Software License version 3.0 * * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is + * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: * http://opensource.org/licenses/OSL-3.0 * If you did not receive a copy of the license and are unable to obtain it @@ -297,7 +297,7 @@ class CI_Form_validation { // Is there a validation rule for the particular URI being accessed? $uri = ($group == '') ? trim($this->CI->uri->ruri_string(), '/') : $group; - if ($uri != '' AND isset($this->_config_rules[$uri])) + if ($uri != '' && isset($this->_config_rules[$uri])) { $this->set_rules($this->_config_rules[$uri]); } @@ -327,7 +327,7 @@ class CI_Form_validation { { $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); } - elseif (isset($_POST[$field]) AND $_POST[$field] != '') + elseif (isset($_POST[$field]) && $_POST[$field] != '') { $this->_field_data[$field]['postdata'] = $_POST[$field]; } @@ -373,7 +373,7 @@ class CI_Form_validation { /** * Re-populate the _POST array with our finalized and processed data * - * @return null + * @return void */ protected function _reset_post_array() { @@ -452,7 +452,7 @@ class CI_Form_validation { // If the field is blank, but NOT required, no further tests are necessary $callback = FALSE; - if ( ! in_array('required', $rules) AND is_null($postdata)) + if ( ! in_array('required', $rules) && is_null($postdata)) { // Before we bail out, does the rule contain a callback? if (preg_match('/(callback_\w+(\[.*?\])?)/', implode(' ', $rules), $match)) @@ -467,7 +467,7 @@ class CI_Form_validation { } // Isset Test. Typically this rule will only apply to checkboxes. - if (is_null($postdata) AND $callback === FALSE) + if (is_null($postdata) && $callback === FALSE) { if (in_array('isset', $rules, TRUE) OR in_array('required', $rules)) { @@ -510,7 +510,7 @@ class CI_Form_validation { // We set the $postdata variable with the current data in our master array so that // each cycle of the loop is dealing with the processed data from the last cycle - if ($row['is_array'] == TRUE AND is_array($this->_field_data[$row['field']]['postdata'])) + if ($row['is_array'] == TRUE && is_array($this->_field_data[$row['field']]['postdata'])) { // We shouldn't need this safety, but just in case there isn't an array index // associated with this cycle we'll bail out @@ -569,7 +569,7 @@ class CI_Form_validation { } // If the field isn't required and we just processed a callback we'll move on... - if ( ! in_array('required', $rules, TRUE) AND $result !== FALSE) + if ( ! in_array('required', $rules, TRUE) && $result !== FALSE) { continue; } @@ -724,7 +724,7 @@ class CI_Form_validation { { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { - return ($default === TRUE AND count($this->_field_data) === 0) ? ' selected="selected"' : ''; + return ($default === TRUE && count($this->_field_data) === 0) ? ' selected="selected"' : ''; } $field = $this->_field_data[$field]['postdata']; @@ -759,7 +759,7 @@ class CI_Form_validation { { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { - return ($default === TRUE AND count($this->_field_data) === 0) ? ' checked="checked"' : ''; + return ($default === TRUE && count($this->_field_data) === 0) ? ' checked="checked"' : ''; } $field = $this->_field_data[$field]['postdata']; @@ -1125,7 +1125,7 @@ class CI_Form_validation { */ public function is_natural_no_zero($str) { - return ($str != 0 AND preg_match('/^[0-9]+$/', $str)); + return ($str != 0 && preg_match('/^[0-9]+$/', $str)); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From b998f3e820c724f16f3b700f094c875af1d28c0f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 24 Jan 2012 15:31:26 +0200 Subject: Revert a space in the license agreement :) --- system/libraries/Form_validation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 34b7b646d..20f1faf27 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -9,7 +9,7 @@ * Licensed under the Open Software License version 3.0 * * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is + * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: * http://opensource.org/licenses/OSL-3.0 * If you did not receive a copy of the license and are unable to obtain it -- cgit v1.2.3-24-g4f1b From cec2ba5ca149adab182670fe1a0228c464094b81 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 3 Apr 2012 20:26:38 +0300 Subject: Fix some stuff broken during repo sync --- system/libraries/Form_validation.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index c2c978a5e..3c9285294 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -641,13 +641,13 @@ class CI_Form_validation { } else { - log_message('debug', 'Unable to find validation rule: '.$rule); - $result = FALSE; + $this->_field_data[$row['field']]['postdata'] = is_bool($result) ? $postdata : $result; } } else { - $result = $this->$rule($postdata, $param); + log_message('debug', 'Unable to find validation rule: '.$rule); + $result = FALSE; } continue; -- cgit v1.2.3-24-g4f1b