From 1d571971be8be78a92d31aad27dda4009770043f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 7 Mar 2012 11:49:35 +0200 Subject: Update the example on extending libraries with a constructor --- user_guide_src/source/general/creating_libraries.rst | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index bc545b483..673fbd4bb 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -188,17 +188,23 @@ application/libraries/MY_Email.php, and declare your class with:: } -Note: If you need to use a constructor in your class make sure you +If you need to use a constructor in your class make sure you extend the parent constructor:: class MY_Email extends CI_Email { - public function __construct() - { - parent::__construct(); - } + public function __construct($config = array()) + { + parent::__construct($config); + } + } +.. note:: + Not all of the libraries have the same (or any) parameters + in their constructor. Take a look at the library that you're + extending first to see how it should be implemented. + Loading Your Sub-class ---------------------- -- cgit v1.2.3-24-g4f1b From be0ca26c9006981eced5d938060ba5bad4145e3b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 19:09:51 +0100 Subject: added method() and is_method() --- system/core/Input.php | 29 +++++++++++++++++++++++++++++ user_guide_src/source/changelog.rst | 2 ++ user_guide_src/source/libraries/input.rst | 31 ++++++++++++++++++++++++++++--- 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..e8e3b1d9c 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -699,6 +699,35 @@ class CI_Input { return (php_sapi_name() === 'cli' OR defined('STDIN')); } + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method in lowercase + * + * @return mixed + */ + public function method() + { + return strtolower($this->server('REQUEST_METHOD')); + } + + // -------------------------------------------------------------------- + + /** + * Validate parameter against $_SERVER['REQUEST_METHOD'] + * + * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE + * + * @param string request method to match + * @return bool + */ + public function is_method($method = '') + { + return ($this->method() === strtolower($method)); + } + } /* End of file Input.php */ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index b5fb52df4..f8c4ba144 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -97,6 +97,8 @@ Release Date: Not Released - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). - is_loaded() function from system/core/Commons.php now returns a reference. - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *input->post(NULL, TRUE); // returns all POST items with XSS filter + $this->input->post(NULL, TRUE); // returns all POST items with XSS filter $this->input->post(); // returns all POST items without XSS filter $this->input->get() @@ -119,9 +119,9 @@ The function returns FALSE (boolean) if there are no items in the GET. :: - $this->input->get(NULL, TRUE); // returns all GET items with XSS filter + $this->input->get(NULL, TRUE); // returns all GET items with XSS filter $this->input->get(); // returns all GET items without XSS filtering - + $this->input->get_post() ========================= @@ -298,3 +298,28 @@ see if PHP is being run on the command line. $this->input->is_cli_request() +$this->input->method(); +===================================== + +Returns the $_SERVER['REQUEST_METHOD'] in lowercase. + +:: + + $this->input->method(); + +$this->input->is_method($method); +===================================== + +Returns TRUE if given method equals $_SERVER['REQUEST_METHOD'], otherwise returns FALSE. + +:: + + if ( ! $this->input->is_method('post')) + { + echo 'This is NOT a POST request'; + } + else + { + echo 'This is a POST request'; + } + -- cgit v1.2.3-24-g4f1b From dc900df67972ed1c961fc3e4173db98047bdbd1b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:41:37 +0100 Subject: removed is_method --- system/core/Input.php | 24 ++++++------------------ user_guide_src/source/changelog.rst | 3 +-- user_guide_src/source/libraries/input.rst | 23 ++++------------------- 3 files changed, 11 insertions(+), 39 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index e8e3b1d9c..65de8c824 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -704,28 +704,16 @@ class CI_Input { /** * Get Request Method * - * Return the Request Method in lowercase + * Return the Request Method * + * @param bool uppercase or lowercase * @return mixed */ - public function method() + public function method($upper = TRUE) { - return strtolower($this->server('REQUEST_METHOD')); - } - - // -------------------------------------------------------------------- - - /** - * Validate parameter against $_SERVER['REQUEST_METHOD'] - * - * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE - * - * @param string request method to match - * @return bool - */ - public function is_method($method = '') - { - return ($this->method() === strtolower($method)); + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index f8c4ba144..58a4cb76b 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -97,8 +97,7 @@ Release Date: Not Released - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). - is_loaded() function from system/core/Commons.php now returns a reference. - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *input->method(); ===================================== -Returns the $_SERVER['REQUEST_METHOD'] in lowercase. +Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (standard lowercase). :: - $this->input->method(); - -$this->input->is_method($method); -===================================== - -Returns TRUE if given method equals $_SERVER['REQUEST_METHOD'], otherwise returns FALSE. - -:: - - if ( ! $this->input->is_method('post')) - { - echo 'This is NOT a POST request'; - } - else - { - echo 'This is a POST request'; - } - + echo $this->input->method(TRUE); // Outputs: POST + echo $this->input->method(FALSE); // Outputs: post + echo $this->input->method(); // Outputs: post -- cgit v1.2.3-24-g4f1b From 704fb1697f0db2369a9395c362c931999c8831f1 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:42:33 +0100 Subject: oops --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Input.php b/system/core/Input.php index 65de8c824..79910890e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -709,7 +709,7 @@ class CI_Input { * @param bool uppercase or lowercase * @return mixed */ - public function method($upper = TRUE) + public function method($upper = FALSE) { return ($upper) ? strtoupper($this->server('REQUEST_METHOD')) -- cgit v1.2.3-24-g4f1b From 7c8841f7b2fca5822e05b5d3044c748e07c800e4 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:49:06 +0100 Subject: comment fix --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Input.php b/system/core/Input.php index 79910890e..5a4659a5a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -707,7 +707,7 @@ class CI_Input { * Return the Request Method * * @param bool uppercase or lowercase - * @return mixed + * @return bool */ public function method($upper = FALSE) { -- cgit v1.2.3-24-g4f1b From 1e9fb49a9eb5cebbe2e3cdf106892d9af72cfdc5 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:51:25 +0100 Subject: userguide fix --- user_guide_src/source/libraries/input.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index c63c627db..1f2ea650a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -301,7 +301,7 @@ see if PHP is being run on the command line. $this->input->method(); ===================================== -Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (standard lowercase). +Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase). :: -- cgit v1.2.3-24-g4f1b From c2659b8e91afd0af69b371c0ad92e6b1be99a5e9 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 21:34:52 +0100 Subject: fix + style fix --- system/helpers/captcha_helper.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 668b034d4..4a48df27e 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -5,9 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -94,16 +94,15 @@ if ( ! function_exists('create_captcha')) // Remove old images // ----------------------------------- - list($usec, $sec) = explode(" ", microtime()); - $now = ((float)$usec + (float)$sec); + $now = microtime(TRUE); $current_dir = @opendir($img_path); while ($filename = @readdir($current_dir)) { - if ($filename != "." and $filename != ".." and $filename != "index.html") + if ($filename != '.' && $filename != '..' && $filename != 'index.html') { - $name = str_replace(".jpg", "", $filename); + $name = str_replace('.jpg', '', $filename); if (($name + $expiration) < $now) { @@ -198,7 +197,7 @@ if ( ! function_exists('create_captcha')) // Write the text // ----------------------------------- - $use_font = ($font_path != '' AND file_exists($font_path) AND function_exists('imagettftext')) ? TRUE : FALSE; + $use_font = ($font_path != '' && file_exists($font_path) && function_exists('imagettftext')) ? TRUE : FALSE; if ($use_font == FALSE) { -- cgit v1.2.3-24-g4f1b From 3b2c5083034675d88d9e516b5c5aca5119d6f918 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 7 Mar 2012 22:49:24 +0200 Subject: Fix issue #501 --- system/libraries/Form_validation.php | 20 +++++++++----------- user_guide_src/source/changelog.rst | 1 + 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index cdb3d3d62..bd8b7c216 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -65,7 +65,7 @@ class CI_Form_validation { mb_internal_encoding($this->CI->config->item('charset')); } - log_message('debug', "Form Validation Class Initialized"); + log_message('debug', 'Form Validation Class Initialized'); } // -------------------------------------------------------------------- @@ -84,7 +84,7 @@ class CI_Form_validation { { // No reason to set rules if we have no POST data // or a validation array has not been specified - if (count($_POST) === 0 && count($this->validation_data) === 0) + if ($this->CI->input->method() !== 'post' && empty($this->validation_data)) { return $this; } @@ -165,9 +165,9 @@ class CI_Form_validation { * * If an array is set through this method, then this array will * be used instead of the $_POST array - * - * Note that if you are validating multiple arrays, then the - * reset_validation() function should be called after validating + * + * Note that if you are validating multiple arrays, then the + * reset_validation() function should be called after validating * each array due to the limitations of CI's singleton * * @param array $data @@ -1156,15 +1156,14 @@ class CI_Form_validation { } // -------------------------------------------------------------------- - + /** * Equal to or Greater than * - * @access public * @param string * @return bool */ - function greater_than_equal_to($str, $min) + public function greater_than_equal_to($str, $min) { if ( ! is_numeric($str)) { @@ -1195,11 +1194,10 @@ class CI_Form_validation { /** * Equal to or Less than * - * @access public * @param string * @return bool */ - function less_than_equal_to($str, $max) + public function less_than_equal_to($str, $max) { if ( ! is_numeric($str)) { @@ -1351,7 +1349,7 @@ class CI_Form_validation { * Prevents subsequent validation routines from being affected by the * results of any previous validation routine due to the CI singleton. * - * @return void + * @return void */ public function reset_validation() { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 58a4cb76b..4c6fd38bc 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -147,6 +147,7 @@ Bug fixes for 3.0 - Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL. - Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. - Fixed a bug in the :doc:`Session Library ` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. +- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library `. Version 2.1.1 ============= -- cgit v1.2.3-24-g4f1b From 5d27c43d29fc049497010ea62ac7877a64bfed92 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 8 Mar 2012 12:01:52 +0200 Subject: Fix issue #940 --- system/core/Security.php | 4 ++-- user_guide_src/source/changelog.rst | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 6f25fb5bb..2bffa41b7 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -138,8 +138,8 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) === 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 4c6fd38bc..587c64c5a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -148,6 +148,7 @@ Bug fixes for 3.0 - Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. - Fixed a bug in the :doc:`Session Library ` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. - Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library `. +- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. Version 2.1.1 ============= -- cgit v1.2.3-24-g4f1b