From fd6948997faf5f064f76353da65bd1d0ec65ec51 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 15 Dec 2010 10:52:37 +0000 Subject: Potential PHP 5.4 issue, get_magic_quotes_gpc() is being removed. This change will check the function exists before calling it in Input. --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 9d8811cdd..5a227332c 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -492,7 +492,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From 65d603e03d3befd6e4f13361c78ab454ea57ba70 Mon Sep 17 00:00:00 2001 From: Dan Horrigan Date: Wed, 15 Dec 2010 08:38:30 -0500 Subject: Added full Query String and $_GET array support. This is enabled by default. Added a seperate config option to enable/disable the $_GET array. --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 9d8811cdd..4ddc402ee 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -30,7 +30,7 @@ class CI_Input { var $ip_address = FALSE; var $user_agent = FALSE; - var $_allow_get_array = FALSE; + var $_allow_get_array = TRUE; var $_standardize_newlines = TRUE; var $_enable_xss = FALSE; // Set automatically based on config setting var $_enable_csrf = FALSE; // Set automatically based on config setting @@ -49,7 +49,7 @@ class CI_Input { { log_message('debug', "Input Class Initialized"); - $this->_allow_get_array = (config_item('enable_query_strings') === TRUE) ? TRUE : FALSE; + $this->_allow_get_array = (config_item('allow_get_array') === TRUE) ? TRUE : FALSE; $this->_enable_xss = (config_item('global_xss_filtering') === TRUE) ? TRUE : FALSE; $this->_enable_csrf = (config_item('csrf_protection') === TRUE) ? TRUE : FALSE; -- cgit v1.2.3-24-g4f1b From c3828718925a0f1660cddadc95b63e14f7189faa Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 19 Jan 2011 12:31:47 +0000 Subject: Reverted regex validation while we re-think the implementation, and added ->input->is_cli_request(); --- system/core/Input.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index eb2048e58..3a52e37aa 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -618,19 +618,33 @@ class CI_Input { } // -------------------------------------------------------------------- - + /** * Is ajax Request? * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return boolean */ public function is_ajax_request() { return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); } + // -------------------------------------------------------------------- + + /** + * Is cli Request? + * + * Test to see if a request was made from the command line + * + * @return boolean + */ + public function is_cli_request() + { + return (bool) defined('STDIN'); + } + } // END Input class -- cgit v1.2.3-24-g4f1b From 0ba58b81b65c2059210b921856489b5faaa81369 Mon Sep 17 00:00:00 2001 From: vascopj Date: Sun, 6 Feb 2011 14:20:21 +0000 Subject: A change to pass all fields back if there are no fields passed into the "post" method. Based on comments here http://codeigniter.uservoice.com/forums/40508-codeigniter-reactor/suggestions/1346917-allow-this-input-post-to-return-array-of-eve --- system/core/Input.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3e82874fd..fa8080deb 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -126,6 +126,22 @@ class CI_Input { */ function post($index = '', $xss_clean = FALSE) { + // check if a field has been entered + if( empty($index ) ) + { + // no field entered - return all fields + + $all_post_fields = array(); + + // loop through the full _POST array + foreach( $_POST as $key ) + { + $all_post_fields[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); + } + return $all_post_fields; + + } + return $this->_fetch_from_array($_POST, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From ff1cfa1ae5c5440bfde35c36ecb4cdcd73cd3966 Mon Sep 17 00:00:00 2001 From: vascopj Date: Sun, 13 Feb 2011 21:30:19 +0000 Subject: Updated the post method and added the new functionality to the get method also Updated the documentation --- system/core/Input.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index fa8080deb..1be591508 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -111,6 +111,22 @@ class CI_Input { */ function get($index = '', $xss_clean = FALSE) { + // check if a field has been entered + if( empty($index) AND is_array($_GET) AND count($_GET) ) + { + // no field entered - return all fields + + $all_get_fields = array(); + + // loop through the full _GET array + foreach( $_GET as $key ) + { + $all_get_fields[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); + } + return $all_get_fields; + + } + return $this->_fetch_from_array($_GET, $index, $xss_clean); } @@ -127,7 +143,7 @@ class CI_Input { function post($index = '', $xss_clean = FALSE) { // check if a field has been entered - if( empty($index ) ) + if( empty($index) AND is_array($_POST) AND count($_POST) ) { // no field entered - return all fields -- cgit v1.2.3-24-g4f1b From 5d5895fd1084cd62721afd4c5f875eb2f99eefc4 Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Mon, 14 Feb 2011 13:27:07 -0500 Subject: Whitespace cleanup in core/ --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3e82874fd..cb842812f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -413,7 +413,7 @@ class CI_Input { { if (is_array($_GET) AND count($_GET) > 0) { - foreach($_GET as $key => $val) + foreach ($_GET as $key => $val) { $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } @@ -423,7 +423,7 @@ class CI_Input { // Clean $_POST Data if (is_array($_POST) AND count($_POST) > 0) { - foreach($_POST as $key => $val) + foreach ($_POST as $key => $val) { $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } @@ -441,7 +441,7 @@ class CI_Input { unset($_COOKIE['$Path']); unset($_COOKIE['$Domain']); - foreach($_COOKIE as $key => $val) + foreach ($_COOKIE as $key => $val) { $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } -- cgit v1.2.3-24-g4f1b From 44f210543cf6adcac99264d973dd73ea1b0ab37e Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Tue, 15 Feb 2011 21:39:25 +0000 Subject: Input post() and get() will now return a full array if the first argument is not provided. --- system/core/Input.php | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ea5b248cf..16b295546 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -109,22 +109,19 @@ class CI_Input { * @param bool * @return string */ - function get($index = '', $xss_clean = FALSE) + function get($index = NULL, $xss_clean = FALSE) { - // check if a field has been entered - if( empty($index) AND is_array($_GET) AND count($_GET) ) + // Check if a field has been provided + if ($index === NULL AND ! empty($_GET)) { - // no field entered - return all fields - - $all_get_fields = array(); + $get = array(); // loop through the full _GET array - foreach( $_GET as $key ) + foreach (array_keys($_GET) as $key) { - $all_get_fields[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); + $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); } - return $all_get_fields; - + return $get; } return $this->_fetch_from_array($_GET, $index, $xss_clean); @@ -140,22 +137,19 @@ class CI_Input { * @param bool * @return string */ - function post($index = '', $xss_clean = FALSE) + function post($index = NULL, $xss_clean = FALSE) { - // check if a field has been entered - if( empty($index) AND is_array($_POST) AND count($_POST) ) + // Check if a field has been provided + if ($index === NULL AND ! empty($_POST)) { - // no field entered - return all fields + $post = array(); - $all_post_fields = array(); - - // loop through the full _POST array - foreach( $_POST as $key ) + // Loop through the full _POST array and return it + foreach (array_keys($_POST) as $key) { - $all_post_fields[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); + $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); } - return $all_post_fields; - + return $post; } return $this->_fetch_from_array($_POST, $index, $xss_clean); -- cgit v1.2.3-24-g4f1b From d8d1e24eee56d2466c91ecd72b3c8932eb3d0639 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 16 Feb 2011 17:23:16 +0000 Subject: Secure cookies can now be made with the set_cookie() helper and Input Class method. --- system/core/Input.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 16b295546..3957aa63d 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -208,13 +208,14 @@ class CI_Input { * @param string the cookie domain. Usually: .yourdomain.com * @param string the cookie path * @param string the cookie prefix + * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '') + function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) { if (is_array($name)) { - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name', 'secure') as $item) { if (isset($name[$item])) { @@ -245,7 +246,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, 0); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 9aa7dc9c96baedf06afb443553a313297158f850 Mon Sep 17 00:00:00 2001 From: tobiasbg Date: Fri, 18 Feb 2011 21:57:13 +0100 Subject: Bugfix in foreach-loop ('name' must be last, as it also is the array's name); consistent handling for 'cookie_secure' config item --- system/core/Input.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 25fe102b5..626245390 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -211,11 +211,12 @@ class CI_Input { * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL) + function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) { if (is_array($name)) { - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name', 'secure') as $item) + // always leave 'name' in last place, as the loop will break otherwise, due to $$item + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) { if (isset($name[$item])) { @@ -236,6 +237,10 @@ class CI_Input { { $path = config_item('cookie_path'); } + if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + { + $secure = config_item('cookie_secure'); + } if ( ! is_numeric($expire)) { @@ -246,12 +251,6 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - // If TRUE/FALSE is not provided, use the config - if ( ! is_bool($secure)) - { - $secure = (bool) (config_item('cookie_secure') === TRUE); - } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); } -- cgit v1.2.3-24-g4f1b