From 6700b93c4d7a16e7288e4e2cd3223093926666ea Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:25:33 +0300 Subject: Added _file_mime_type() method to system/libraries/Upload.php in order to fix a possible MIME-type injection (issue #60) --- system/libraries/Upload.php | 68 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3177424c4..93f763ed9 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -196,7 +196,8 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; - $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); + $this->_file_mime_type($_FILES[$field]); + $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); $this->file_ext = $this->get_extension($this->file_name); @@ -1006,8 +1007,71 @@ class CI_Upload { // -------------------------------------------------------------------- + /** + * File MIME type + * + * Detects the (actual) MIME type of the uploaded file, if possible. + * The input array is expected to be $_FILES[$field] + * + * @param array + * @return void + */ + protected function _file_mime_type($file) + { + $file_type = ''; + + // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) + if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + { + $finfo = new finfo(FILEINFO_MIME_TYPE); + if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system + { + $file_type = $finfo->file($file['tmp_name']); + + /* According to the comments section of the PHP manual page, + * it is possible that this function returns an empty string + * for some files (e.g. if they don't exist in the magic MIME database. + */ + if (strlen($file_type) > 1) + { + $this->file_type = $file_info; + return; + } + } + } + + // Fall back to the deprecated mime_content_type(), if available + if (function_exists('mime_content_type')) + { + $this->file_type = @mime_content_type($file['tmp_name']); + return; + } + + /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, + * which is still more secure than depending on the value of $_FILES[$field]['type']. + * + * Notes: + * - a 'W' in the substr() expression bellow, would mean that we're using Windows + * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check + */ + if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec')) + { + $output = array(); + @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); + if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution + { + $this->file_type = rtrim($output[0]); + return; + } + } + + $this->file_type = $file['type']; + } + + // -------------------------------------------------------------------- + } // END Upload Class /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file +/* Location: ./system/libraries/Upload.php */ -- cgit v1.2.3-24-g4f1b From 6a12d8faba9dcb4f321700c86d047f7b6a4f1780 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:35:10 +0300 Subject: Remove an unnecessary variable initialization --- system/libraries/Upload.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 93f763ed9..04abc9ac6 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1018,8 +1018,6 @@ class CI_Upload { */ protected function _file_mime_type($file) { - $file_type = ''; - // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) { -- cgit v1.2.3-24-g4f1b From 7bfb95b9c329a7905a20f9ebfeacccac7ffd7e41 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:45:44 +0300 Subject: Fix alignment with tabs instead of spaces --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 04abc9ac6..fd9c8b3e8 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1058,7 +1058,7 @@ class CI_Upload { @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution { - $this->file_type = rtrim($output[0]); + $this->file_type = rtrim($output[0]); return; } } -- cgit v1.2.3-24-g4f1b From f1649bf567aa769b283bb0b74ed8aee5b44a704b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 22:59:37 +0300 Subject: Fix an erroneus variable name and a typo in comments --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fd9c8b3e8..a0f3e76bb 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1028,11 +1028,11 @@ class CI_Upload { /* According to the comments section of the PHP manual page, * it is possible that this function returns an empty string - * for some files (e.g. if they don't exist in the magic MIME database. + * for some files (e.g. if they don't exist in the magic MIME database) */ if (strlen($file_type) > 1) { - $this->file_type = $file_info; + $this->file_type = $file_type; return; } } -- cgit v1.2.3-24-g4f1b From c5efd10679a7b7b4010cd6cc30bd976d3fe8c1ef Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 4 Oct 2011 18:27:32 +0300 Subject: Change Windows OS detection approach --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index a0f3e76bb..05511b5d3 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1052,7 +1052,7 @@ class CI_Upload { * - a 'W' in the substr() expression bellow, would mean that we're using Windows * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check */ - if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec')) + if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) { $output = array(); @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); -- cgit v1.2.3-24-g4f1b From b7263d152a3c29751e39fd74972707f62f51ca72 Mon Sep 17 00:00:00 2001 From: Mark Huot Date: Fri, 23 Sep 2011 08:20:29 -0400 Subject: resolve a difference between the two memcache set method parameters --- system/libraries/Cache/drivers/Cache_memcached.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index ec2fd216a..fc586e025 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -64,7 +64,16 @@ class CI_Cache_memcached extends CI_Driver { */ public function save($id, $data, $ttl = 60) { - return $this->_memcached->add($id, array($data, time(), $ttl), $ttl); + if (get_class($this->_memcached) == 'Memcached') + { + return $this->_memcached->set($id, array($data, time(), $ttl), $ttl); + } + else if (get_class($this->_memcached) == 'Memcache') + { + return $this->_memcached->set($id, array($data, time(), $ttl), 0, $ttl); + } + + return FALSE; } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From 24f325c079d33a456f15311442ed21b437df1ea7 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Fri, 7 Oct 2011 10:03:01 -0400 Subject: if statment code style update --- system/database/drivers/pdo/pdo_driver.php | 792 +++++++++++++++++++++++++++++ 1 file changed, 792 insertions(+) create mode 100644 system/database/drivers/pdo/pdo_driver.php (limited to 'system') diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php new file mode 100644 index 000000000..19e069b06 --- /dev/null +++ b/system/database/drivers/pdo/pdo_driver.php @@ -0,0 +1,792 @@ +hostname, 'mysql') !== FALSE) + { + $this->_like_escape_str = ''; + $this->_like_escape_chr = ''; + } + else if (strpos($this->hostname, 'odbc') !== FALSE) + { + $this->_like_escape_str = " {escape '%s'} "; + $this->_like_escape_chr = '!'; + } + else + { + $this->_like_escape_str = " ESCAPE '%s' "; + $this->_like_escape_chr = '!'; + } + + $this->hostname = $this->hostname . ";dbname=".$this->database; + $this->trans_enabled = FALSE; + + $this->_random_keyword = ' RND('.time().')'; // database specific random keyword + } + + /** + * Non-persistent database connection + * + * @access private called by the base class + * @return resource + */ + function db_connect() + { + return new PDO($this->hostname,$this->username,$this->password, array( + PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT + )); + } + + // -------------------------------------------------------------------- + + /** + * Persistent database connection + * + * @access private called by the base class + * @return resource + */ + function db_pconnect() + { + return new PDO($this->hostname,$this->username,$this->password, array( + PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT, + PDO::ATTR_PERSISTENT => true + )); + } + + // -------------------------------------------------------------------- + + /** + * Reconnect + * + * Keep / reestablish the db connection if no queries have been + * sent for a length of time exceeding the server's idle timeout + * + * @access public + * @return void + */ + function reconnect() + { + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Select the database + * + * @access private called by the base class + * @return resource + */ + function db_select() + { + // Not needed for PDO + return TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Set client character set + * + * @access public + * @param string + * @param string + * @return resource + */ + function db_set_charset($charset, $collation) + { + // @todo - add support if needed + return TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Version number query string + * + * @access public + * @return string + */ + function _version() + { + return $this->conn_id->getAttribute(PDO::ATTR_CLIENT_VERSION); + } + + // -------------------------------------------------------------------- + + /** + * Execute the query + * + * @access private called by the base class + * @param string an SQL query + * @return object + */ + function _execute($sql) + { + $sql = $this->_prep_query($sql); + $result_id = $this->conn_id->query($sql); + + if (is_object($result_id)) + { + $this->affect_rows = $result_id->rowCount(); + } + else + { + $this->affect_rows = 0; + } + + return $result_id; + } + + // -------------------------------------------------------------------- + + /** + * Prep the query + * + * If needed, each database adapter can prep the query string + * + * @access private called by execute() + * @param string an SQL query + * @return string + */ + function _prep_query($sql) + { + return $sql; + } + + // -------------------------------------------------------------------- + + /** + * Begin Transaction + * + * @access public + * @return bool + */ + function trans_begin($test_mode = FALSE) + { + if ( ! $this->trans_enabled) + { + return TRUE; + } + + // When transactions are nested we only begin/commit/rollback the outermost ones + if ($this->_trans_depth > 0) + { + return TRUE; + } + + // Reset the transaction failure flag. + // If the $test_mode flag is set to TRUE transactions will be rolled back + // even if the queries produce a successful result. + $this->_trans_failure = ($test_mode === TRUE) ? TRUE : FALSE; + + return $this->conn_id->beginTransaction(); + } + + // -------------------------------------------------------------------- + + /** + * Commit Transaction + * + * @access public + * @return bool + */ + function trans_commit() + { + if ( ! $this->trans_enabled) + { + return TRUE; + } + + // When transactions are nested we only begin/commit/rollback the outermost ones + if ($this->_trans_depth > 0) + { + return TRUE; + } + + $ret = $this->conn->commit(); + return $ret; + } + + // -------------------------------------------------------------------- + + /** + * Rollback Transaction + * + * @access public + * @return bool + */ + function trans_rollback() + { + if ( ! $this->trans_enabled) + { + return TRUE; + } + + // When transactions are nested we only begin/commit/rollback the outermost ones + if ($this->_trans_depth > 0) + { + return TRUE; + } + + $ret = $this->conn_id->rollBack(); + return $ret; + } + + // -------------------------------------------------------------------- + + /** + * Escape String + * + * @access public + * @param string + * @param bool whether or not the string will be used in a LIKE condition + * @return string + */ + function escape_str($str, $like = FALSE) + { + if (is_array($str)) + { + foreach ($str as $key => $val) + { + $str[$key] = $this->escape_str($val, $like); + } + + return $str; + } + + //Escape the string + $str = $this->conn_id->quote($str); + + //If there are duplicated quotes, trim them away + if (strpos($str, "'") === 0) + { + $str = substr($str, 1, -1); + } + + // escape LIKE condition wildcards + if ($like === TRUE) + { + $str = str_replace( array('%', '_', $this->_like_escape_chr), + array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr), + $str); + } + + return $str; + } + + // -------------------------------------------------------------------- + + /** + * Affected Rows + * + * @access public + * @return integer + */ + function affected_rows() + { + return $this->affect_rows; + } + + // -------------------------------------------------------------------- + + /** + * Insert ID + * + * @access public + * @return integer + */ + function insert_id($name=NULL) + { + //Convenience method for postgres insertid + if (strpos($this->hostname, 'pgsql') !== FALSE) + { + $v = $this->_version(); + + $table = func_num_args() > 0 ? func_get_arg(0) : NULL; + + if ($table == NULL && $v >= '8.1') + { + $sql='SELECT LASTVAL() as ins_id'; + } + $query = $this->query($sql); + $row = $query->row(); + return $row->ins_id; + } + else + { + return $this->conn_id->lastInsertId($name); + } + } + + // -------------------------------------------------------------------- + + /** + * "Count All" query + * + * Generates a platform-specific query string that counts all records in + * the specified database + * + * @access public + * @param string + * @return string + */ + function count_all($table = '') + { + if ($table == '') + { + return 0; + } + + $query = $this->query($this->_count_string . $this->_protect_identifiers('numrows') . " FROM " . $this->_protect_identifiers($table, TRUE, NULL, FALSE)); + + if ($query->num_rows() == 0) + { + return 0; + } + + $row = $query->row(); + $this->_reset_select(); + return (int) $row->numrows; + } + + // -------------------------------------------------------------------- + + /** + * Show table query + * + * Generates a platform-specific query string so that the table names can be fetched + * + * @access private + * @param boolean + * @return string + */ + function _list_tables($prefix_limit = FALSE) + { + $sql = "SHOW TABLES FROM `".$this->database."`"; + + if ($prefix_limit !== FALSE AND $this->dbprefix != '') + { + //$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_chr); + return FALSE; // not currently supported + } + + return $sql; + } + + // -------------------------------------------------------------------- + + /** + * Show column query + * + * Generates a platform-specific query string so that the column names can be fetched + * + * @access public + * @param string the table name + * @return string + */ + function _list_columns($table = '') + { + return "SHOW COLUMNS FROM ".$table; + } + + // -------------------------------------------------------------------- + + /** + * Field data query + * + * Generates a platform-specific query so that the column data can be retrieved + * + * @access public + * @param string the table name + * @return object + */ + function _field_data($table) + { + return "SELECT TOP 1 FROM ".$table; + } + + // -------------------------------------------------------------------- + + /** + * The error message string + * + * @access private + * @return string + */ + function _error_message() + { + $error_array = $this->conn_id->errorInfo(); + return $error_array[2]; + } + + // -------------------------------------------------------------------- + + /** + * The error message number + * + * @access private + * @return integer + */ + function _error_number() + { + return $this->conn_id->errorCode(); + } + + // -------------------------------------------------------------------- + + /** + * Escape the SQL Identifiers + * + * This function escapes column and table names + * + * @access private + * @param string + * @return string + */ + function _escape_identifiers($item) + { + if ($this->_escape_char == '') + { + return $item; + } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } + + if (strpos($item, '.') !== FALSE) + { + $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; + + } + else + { + $str = $this->_escape_char.$item.$this->_escape_char; + } + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + + // -------------------------------------------------------------------- + + /** + * From Tables + * + * This function implicitly groups FROM tables so there is no confusion + * about operator precedence in harmony with SQL standards + * + * @access public + * @param type + * @return type + */ + function _from_tables($tables) + { + if ( ! is_array($tables)) + { + $tables = array($tables); + } + + return (count($tables) == 1) ? $tables[0] : '('.implode(', ', $tables).')'; + } + + // -------------------------------------------------------------------- + + /** + * Insert statement + * + * Generates a platform-specific insert string from the supplied data + * + * @access public + * @param string the table name + * @param array the insert keys + * @param array the insert values + * @return string + */ + function _insert($table, $keys, $values) + { + return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; + } + + // -------------------------------------------------------------------- + + /** + * Insert_batch statement + * + * Generates a platform-specific insert string from the supplied data + * + * @access public + * @param string the table name + * @param array the insert keys + * @param array the insert values + * @return string + */ + function _insert_batch($table, $keys, $values) + { + return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values); + } + + // -------------------------------------------------------------------- + + /** + * Update statement + * + * Generates a platform-specific update string from the supplied data + * + * @access public + * @param string the table name + * @param array the update data + * @param array the where clause + * @param array the orderby clause + * @param array the limit clause + * @return string + */ + function _update($table, $values, $where, $orderby = array(), $limit = FALSE) + { + foreach ($values as $key => $val) + { + $valstr[] = $key." = ".$val; + } + + $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; + + $orderby = (count($orderby) >= 1)?' ORDER BY '.implode(", ", $orderby):''; + + $sql = "UPDATE ".$table." SET ".implode(', ', $valstr); + + $sql .= ($where != '' AND count($where) >=1) ? " WHERE ".implode(" ", $where) : ''; + + $sql .= $orderby.$limit; + + return $sql; + } + + // -------------------------------------------------------------------- + + /** + * Update_Batch statement + * + * Generates a platform-specific batch update string from the supplied data + * + * @access public + * @param string the table name + * @param array the update data + * @param array the where clause + * @return string + */ + function _update_batch($table, $values, $index, $where = NULL) + { + $ids = array(); + $where = ($where != '' AND count($where) >=1) ? implode(" ", $where).' AND ' : ''; + + foreach ($values as $key => $val) + { + $ids[] = $val[$index]; + + foreach (array_keys($val) as $field) + { + if ($field != $index) + { + $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; + } + } + } + + $sql = "UPDATE ".$table." SET "; + $cases = ''; + + foreach ($final as $k => $v) + { + $cases .= $k.' = CASE '."\n"; + foreach ($v as $row) + { + $cases .= $row."\n"; + } + + $cases .= 'ELSE '.$k.' END, '; + } + + $sql .= substr($cases, 0, -2); + + $sql .= ' WHERE '.$where.$index.' IN ('.implode(',', $ids).')'; + + return $sql; + } + + + // -------------------------------------------------------------------- + + /** + * Truncate statement + * + * Generates a platform-specific truncate string from the supplied data + * If the database does not support the truncate() command + * This function maps to "DELETE FROM table" + * + * @access public + * @param string the table name + * @return string + */ + function _truncate($table) + { + return $this->_delete($table); + } + + // -------------------------------------------------------------------- + + /** + * Delete statement + * + * Generates a platform-specific delete string from the supplied data + * + * @access public + * @param string the table name + * @param array the where clause + * @param string the limit clause + * @return string + */ + function _delete($table, $where = array(), $like = array(), $limit = FALSE) + { + $conditions = ''; + + if (count($where) > 0 OR count($like) > 0) + { + $conditions = "\nWHERE "; + $conditions .= implode("\n", $this->ar_where); + + if (count($where) > 0 && count($like) > 0) + { + $conditions .= " AND "; + } + $conditions .= implode("\n", $like); + } + + $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; + + return "DELETE FROM ".$table.$conditions.$limit; + } + + // -------------------------------------------------------------------- + + /** + * Limit string + * + * Generates a platform-specific LIMIT clause + * + * @access public + * @param string the sql query string + * @param integer the number of rows to limit the query to + * @param integer the offset value + * @return string + */ + function _limit($sql, $limit, $offset) + { + if (strpos($this->hostname, 'cubrid') !== FALSE || strpos($this->hostname, 'sqlite') !== FALSE) + { + if ($offset == 0) + { + $offset = ''; + } + else + { + $offset .= ", "; + } + + return $sql."LIMIT ".$offset.$limit; + } + else + { + $sql .= "LIMIT ".$limit; + + if ($offset > 0) + { + $sql .= " OFFSET ".$offset; + } + + return $sql; + } + } + + // -------------------------------------------------------------------- + + /** + * Close DB Connection + * + * @access public + * @param resource + * @return void + */ + function _close($conn_id) + { + $this->conn_id = null; + } + + +} + + + +/* End of file pdo_driver.php */ +/* Location: ./system/database/drivers/pdo/pdo_driver.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 6f531dc364553975a8ea4dce85927a09f6628902 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Mon, 10 Oct 2011 10:10:46 -0400 Subject: Converted database constructors to PHP5 type --- system/database/DB_cache.php | 2 +- system/database/DB_driver.php | 4 ++-- system/database/DB_forge.php | 2 +- system/database/DB_utility.php | 2 +- system/database/drivers/odbc/odbc_driver.php | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) (limited to 'system') diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php index 3bf065ca5..ad1c28d72 100644 --- a/system/database/DB_cache.php +++ b/system/database/DB_cache.php @@ -33,7 +33,7 @@ class CI_DB_Cache { * Grabs the CI super object instance so we can access it. * */ - function CI_DB_Cache(&$db) + function __construct(&$db) { // Assign the main CI object to $this->CI // and load the file helper since we use it a lot diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index f3e824daa..3680b85c2 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -78,7 +78,7 @@ class CI_DB_driver { * * @param array */ - function CI_DB_driver($params) + function __construct($params) { if (is_array($params)) { @@ -1387,4 +1387,4 @@ class CI_DB_driver { /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */ \ No newline at end of file +/* Location: ./system/database/DB_driver.php */ diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index 0dd29c238..6bc40411b 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -35,7 +35,7 @@ class CI_DB_forge { * Grabs the CI super object instance so we can access it. * */ - function CI_DB_forge() + function __construct() { // Assign the main database object to $this->db $CI =& get_instance(); diff --git a/system/database/DB_utility.php b/system/database/DB_utility.php index a5f174f0a..52196b7ce 100644 --- a/system/database/DB_utility.php +++ b/system/database/DB_utility.php @@ -33,7 +33,7 @@ class CI_DB_utility extends CI_DB_forge { * Grabs the CI super object instance so we can access it. * */ - function CI_DB_utility() + function __construct() { // Assign the main database object to $this->db $CI =& get_instance(); diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 81e0d7cf2..6e4ba896f 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -48,9 +48,9 @@ class CI_DB_odbc_driver extends CI_DB { var $_random_keyword; - function CI_DB_odbc_driver($params) + function __construct($params) { - parent::CI_DB($params); + parent::__construct($params); $this->_random_keyword = ' RND('.time().')'; // database specific random keyword } -- cgit v1.2.3-24-g4f1b From d61ca42b08ccd1b0fb8654e1458500532896461b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 15 Oct 2011 12:02:32 +0800 Subject: Fix #576: using ini_get() to detect if apc is enabled or not --- system/libraries/Cache/drivers/Cache_apc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index de75719c4..79d91b320 100644 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -132,7 +132,7 @@ class CI_Cache_apc extends CI_Driver { */ public function is_supported() { - if ( ! extension_loaded('apc') OR ! function_exists('apc_store')) + if ( ! extension_loaded('apc') OR ini_get('apc.enabled') != "1") { log_message('error', 'The APC PHP extension must be loaded to use APC Cache.'); return FALSE; @@ -148,4 +148,4 @@ class CI_Cache_apc extends CI_Driver { // End Class /* End of file Cache_apc.php */ -/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ \ No newline at end of file +/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ -- cgit v1.2.3-24-g4f1b From e8349294d8638dac1e689d137188bb7c7c7c19c5 Mon Sep 17 00:00:00 2001 From: Tom Klingenberg Date: Fri, 7 Oct 2011 20:03:30 +0200 Subject: CI_Loader::driver() processes empty library. Fixed. This causes endless recursion calls _ci_load_class(), see #550 --- system/core/Loader.php | 5 +++++ 1 file changed, 5 insertions(+) mode change 100755 => 100644 system/core/Loader.php (limited to 'system') diff --git a/system/core/Loader.php b/system/core/Loader.php old mode 100755 new mode 100644 index e7fa3d3f6..6b7ee0c28 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -616,6 +616,11 @@ class CI_Loader { require BASEPATH.'libraries/Driver.php'; } + if ($library == '') + { + return FALSE; + } + // We can save the loader some time since Drivers will *always* be in a subfolder, // and typically identically named to the library if ( ! strpos($library, '/')) -- cgit v1.2.3-24-g4f1b From 13095cbc1b1b0509ac8c984e7a5fd704d9826569 Mon Sep 17 00:00:00 2001 From: diegorivera Date: Wed, 19 Oct 2011 02:56:15 -0200 Subject: Update system/libraries/Email.php --- system/libraries/Email.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index e28c23a04..2916b9a13 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -379,7 +379,15 @@ class CI_Email { */ public function message($body) { - $this->_body = stripslashes(rtrim(str_replace("\r", "", $body))); + $this->_body = rtrim(str_replace("\r", "", $body)); + + //strip slashes only if magic quotes is ON + //if we do it with magic quotes OFF, it strips real, user-inputted chars. + if (get_magic_quotes_gpc()) + { + $this->_body = stripslashes($this->_body); + } + return $this; } -- cgit v1.2.3-24-g4f1b From 6eab49a844b3542a5efee6620233a86f645a30f5 Mon Sep 17 00:00:00 2001 From: diegorivera Date: Wed, 19 Oct 2011 11:18:45 -0200 Subject: I wasn't following the CI code style guide. --- system/libraries/Email.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 2916b9a13..5f8d48682 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -383,10 +383,10 @@ class CI_Email { //strip slashes only if magic quotes is ON //if we do it with magic quotes OFF, it strips real, user-inputted chars. - if (get_magic_quotes_gpc()) - { + if (get_magic_quotes_gpc()) + { $this->_body = stripslashes($this->_body); - } + } return $this; } -- cgit v1.2.3-24-g4f1b From 75b1f3991013c17cacac18e47879c483fe1cf542 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/core/Input.php | 11 +++++++---- system/libraries/Email.php | 10 +++++++--- 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'system') diff --git a/system/core/Input.php b/system/core/Input.php index 5a033e7b8..9bfb5f1fb 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -548,8 +548,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } @@ -714,7 +718,6 @@ class CI_Input { } } -// END Input class /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */ \ No newline at end of file diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 5f8d48682..c8b727c34 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -381,9 +381,13 @@ class CI_Email { { $this->_body = rtrim(str_replace("\r", "", $body)); - //strip slashes only if magic quotes is ON - //if we do it with magic quotes OFF, it strips real, user-inputted chars. - if (get_magic_quotes_gpc()) + /* strip slashes only if magic quotes is ON + if we do it with magic quotes OFF, it strips real, user-inputted chars. + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $this->_body = stripslashes($this->_body); } -- cgit v1.2.3-24-g4f1b From 3e1df1abe203db8c07ffbd9096aec77c458b80d5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 7 Oct 2011 21:04:58 +0300 Subject: Cleanup and migrate oci8_driver and oci8_result from deprecated PHP4 to PHP5 style functions --- system/database/drivers/oci8/oci8_driver.php | 144 ++++++++++++++++----------- system/database/drivers/oci8/oci8_result.php | 94 ++++++----------- 2 files changed, 120 insertions(+), 118 deletions(-) (limited to 'system') diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 14df104ff..985466a79 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -35,8 +35,6 @@ * This is a modification of the DB_driver class to * permit access to oracle databases * - * NOTE: this uses the PHP 4 oci methods - * * @author Kelly McArdle * */ @@ -77,9 +75,9 @@ class CI_DB_oci8_driver extends CI_DB { * @access private called by the base class * @return resource */ - function db_connect() + public function db_connect() { - return @ocilogon($this->username, $this->password, $this->hostname); + return @oci_connect($this->username, $this->password, $this->hostname, $this->char_set); } // -------------------------------------------------------------------- @@ -90,9 +88,9 @@ class CI_DB_oci8_driver extends CI_DB { * @access private called by the base class * @return resource */ - function db_pconnect() + public function db_pconnect() { - return @ociplogon($this->username, $this->password, $this->hostname); + return @oci_pconnect($this->username, $this->password, $this->hostname, $this->char_set); } // -------------------------------------------------------------------- @@ -106,9 +104,10 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return void */ - function reconnect() + public function reconnect() { // not implemented in oracle + return; } // -------------------------------------------------------------------- @@ -119,8 +118,9 @@ class CI_DB_oci8_driver extends CI_DB { * @access private called by the base class * @return resource */ - function db_select() + public function db_select() { + // Not in Oracle - schemas are actually usernames return TRUE; } @@ -134,7 +134,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string * @return resource */ - function db_set_charset($charset, $collation) + public function db_set_charset($charset, $collation) { // @todo - add support if needed return TRUE; @@ -148,9 +148,9 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return string */ - function _version() + public function _version() { - return ociserverversion($this->conn_id); + return oci_server_version($this->conn_id); } // -------------------------------------------------------------------- @@ -158,18 +158,18 @@ class CI_DB_oci8_driver extends CI_DB { /** * Execute the query * - * @access private called by the base class + * @access public called by the base class * @param string an SQL query * @return resource */ - function _execute($sql) + public function _execute($sql) { // oracle must parse the query before it is run. All of the actions with // the query are based on the statement id returned by ociparse $this->stmt_id = FALSE; $this->_set_stmt_id($sql); - ocisetprefetch($this->stmt_id, 1000); - return @ociexecute($this->stmt_id, $this->_commit); + oci_set_prefetch($this->stmt_id, 1000); + return @oci_execute($this->stmt_id, $this->_commit); } /** @@ -179,11 +179,11 @@ class CI_DB_oci8_driver extends CI_DB { * @param string an SQL query * @return none */ - function _set_stmt_id($sql) + private function _set_stmt_id($sql) { if ( ! is_resource($this->stmt_id)) { - $this->stmt_id = ociparse($this->conn_id, $this->_prep_query($sql)); + $this->stmt_id = oci_parse($this->conn_id, $this->_prep_query($sql)); } } @@ -198,7 +198,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string an SQL query * @return string */ - function _prep_query($sql) + private function _prep_query($sql) { return $sql; } @@ -211,9 +211,9 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return cursor id */ - function get_cursor() + public function get_cursor() { - $this->curs_id = ocinewcursor($this->conn_id); + $this->curs_id = oci_new_cursor($this->conn_id); return $this->curs_id; } @@ -237,7 +237,7 @@ class CI_DB_oci8_driver extends CI_DB { * type yes the type of the parameter * length yes the max size of the parameter */ - function stored_procedure($package, $procedure, $params) + public function stored_procedure($package, $procedure, $params) { if ($package == '' OR $procedure == '' OR ! is_array($params)) { @@ -257,7 +257,7 @@ class CI_DB_oci8_driver extends CI_DB { { $sql .= $param['name'] . ","; - if (array_key_exists('type', $param) && ($param['type'] == OCI_B_CURSOR)) + if (array_key_exists('type', $param) && ($param['type'] === OCI_B_CURSOR)) { $have_cursor = TRUE; } @@ -278,7 +278,7 @@ class CI_DB_oci8_driver extends CI_DB { * @access private * @return none */ - function _bind_params($params) + private function _bind_params($params) { if ( ! is_array($params) OR ! is_resource($this->stmt_id)) { @@ -295,7 +295,7 @@ class CI_DB_oci8_driver extends CI_DB { } } - ocibindbyname($this->stmt_id, $param['name'], $param['value'], $param['length'], $param['type']); + oci_bind_by_name($this->stmt_id, $param['name'], $param['value'], $param['length'], $param['type']); } } @@ -307,7 +307,7 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return bool */ - function trans_begin($test_mode = FALSE) + public function trans_begin($test_mode = FALSE) { if ( ! $this->trans_enabled) { @@ -337,7 +337,7 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return bool */ - function trans_commit() + public function trans_commit() { if ( ! $this->trans_enabled) { @@ -350,7 +350,7 @@ class CI_DB_oci8_driver extends CI_DB { return TRUE; } - $ret = OCIcommit($this->conn_id); + $ret = oci_commit($this->conn_id); $this->_commit = OCI_COMMIT_ON_SUCCESS; return $ret; } @@ -363,7 +363,7 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return bool */ - function trans_rollback() + public function trans_rollback() { if ( ! $this->trans_enabled) { @@ -376,7 +376,7 @@ class CI_DB_oci8_driver extends CI_DB { return TRUE; } - $ret = OCIrollback($this->conn_id); + $ret = oci_rollback($this->conn_id); $this->_commit = OCI_COMMIT_ON_SUCCESS; return $ret; } @@ -391,7 +391,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param bool whether or not the string will be used in a LIKE condition * @return string */ - function escape_str($str, $like = FALSE) + public function escape_str($str, $like = FALSE) { if (is_array($str)) { @@ -424,9 +424,9 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return integer */ - function affected_rows() + public function affected_rows() { - return @ocirowcount($this->stmt_id); + return @oci_num_rows($this->stmt_id); } // -------------------------------------------------------------------- @@ -437,7 +437,7 @@ class CI_DB_oci8_driver extends CI_DB { * @access public * @return integer */ - function insert_id() + public function insert_id() { // not supported in oracle return $this->display_error('db_unsupported_function'); @@ -455,7 +455,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string * @return string */ - function count_all($table = '') + public function count_all($table = '') { if ($table == '') { @@ -480,11 +480,11 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific query string so that the table names can be fetched * - * @access private + * @access public * @param boolean - * @return string + * @return string */ - function _list_tables($prefix_limit = FALSE) + public function _list_tables($prefix_limit = FALSE) { $sql = "SELECT TABLE_NAME FROM ALL_TABLES"; @@ -507,7 +507,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string the table name * @return string */ - function _list_columns($table = '') + public function _list_columns($table = '') { return "SELECT COLUMN_NAME FROM all_tab_columns WHERE table_name = '$table'"; } @@ -523,7 +523,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string the table name * @return object */ - function _field_data($table) + public function _field_data($table) { return "SELECT * FROM ".$table." where rownum = 1"; } @@ -533,12 +533,13 @@ class CI_DB_oci8_driver extends CI_DB { /** * The error message string * - * @access private + * @access public * @return string */ - function _error_message() + public function _error_message() { - $error = ocierror($this->conn_id); + // If the error was during connection, no conn_id should be passed + $error = is_resource($this->conn_id) ? oci_error($this->conn_id) : oci_error(); return $error['message']; } @@ -547,12 +548,13 @@ class CI_DB_oci8_driver extends CI_DB { /** * The error message number * - * @access private + * @access public * @return integer */ - function _error_number() + public function _error_number() { - $error = ocierror($this->conn_id); + // Same as _error_message() + $error = is_resource($this->conn_id) ? oci_error($this->conn_id) : oci_error(); return $error['code']; } @@ -563,11 +565,11 @@ class CI_DB_oci8_driver extends CI_DB { * * This function escapes column and table names * - * @access private + * @access public * @param string * @return string */ - function _escape_identifiers($item) + public function _escape_identifiers($item) { if ($this->_escape_char == '') { @@ -610,7 +612,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param type * @return type */ - function _from_tables($tables) + public function _from_tables($tables) { if ( ! is_array($tables)) { @@ -633,9 +635,37 @@ class CI_DB_oci8_driver extends CI_DB { * @param array the insert values * @return string */ - function _insert($table, $keys, $values) + public function _insert($table, $keys, $values) { - return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; + return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; + } + + // -------------------------------------------------------------------- + + /** + * Insert_batch statement + * + * Generates a platform-specific insert string from the supplied data + * + * @access public + * @param string the table name + * @param array the insert keys + * @param array the insert values + * @return string + */ + public function _insert_batch($table, $keys, $values) + { + $keys = implode(', ', $keys); + $sql = "INSERT ALL\n"; + + for ($i = 0, $c = count($values); $i < $c; $i++) + { + $sql .= ' INTO ' . $table . ' (' . $keys . ') VALUES ' . $values[$i] . "\n"; + } + + $sql .= 'SELECT * FROM dual'; + + return $sql; } // -------------------------------------------------------------------- @@ -653,7 +683,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param array the limit clause * @return string */ - function _update($table, $values, $where, $orderby = array(), $limit = FALSE) + public function _update($table, $values, $where, $orderby = array(), $limit = FALSE) { foreach ($values as $key => $val) { @@ -686,7 +716,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string the table name * @return string */ - function _truncate($table) + public function _truncate($table) { return "TRUNCATE TABLE ".$table; } @@ -704,7 +734,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string the limit clause * @return string */ - function _delete($table, $where = array(), $like = array(), $limit = FALSE) + public function _delete($table, $where = array(), $like = array(), $limit = FALSE) { $conditions = ''; @@ -738,7 +768,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param integer the offset value * @return string */ - function _limit($sql, $limit, $offset) + public function _limit($sql, $limit, $offset) { $limit = $offset + $limit; $newsql = "SELECT * FROM (select inner_query.*, rownum rnum FROM ($sql) inner_query WHERE rownum < $limit)"; @@ -763,9 +793,9 @@ class CI_DB_oci8_driver extends CI_DB { * @param resource * @return void */ - function _close($conn_id) + public function _close($conn_id) { - @ocilogoff($conn_id); + @oci_close($conn_id); } @@ -774,4 +804,4 @@ class CI_DB_oci8_driver extends CI_DB { /* End of file oci8_driver.php */ -/* Location: ./system/database/drivers/oci8/oci8_driver.php */ \ No newline at end of file +/* Location: ./system/database/drivers/oci8/oci8_driver.php */ diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index 88531b436..7de1153ba 100644 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -40,14 +40,17 @@ class CI_DB_oci8_result extends CI_DB_result { * @access public * @return integer */ - function num_rows() + public function num_rows() { - $rowcount = count($this->result_array()); - @ociexecute($this->stmt_id); - - if ($this->curs_id) + if ($this->num_rows === 0 && count($this->result_array()) > 0) { - @ociexecute($this->curs_id); + $this->num_rows = count($this->result_array()); + @oci_execute($this->stmt_id); + + if ($this->curs_id) + { + @oci_execute($this->curs_id); + } } return $rowcount; @@ -61,9 +64,9 @@ class CI_DB_oci8_result extends CI_DB_result { * @access public * @return integer */ - function num_fields() + public function num_fields() { - $count = @ocinumcols($this->stmt_id); + $count = @oci_num_fields($this->stmt_id); // if we used a limit we subtract it if ($this->limit_used) @@ -84,13 +87,12 @@ class CI_DB_oci8_result extends CI_DB_result { * @access public * @return array */ - function list_fields() + public function list_fields() { $field_names = array(); - $fieldCount = $this->num_fields(); - for ($c = 1; $c <= $fieldCount; $c++) + for ($c = 1, $fieldCount = $this->num_fields(); $c <= $fieldCount; $c++) { - $field_names[] = ocicolumnname($this->stmt_id, $c); + $field_names[] = oci_field_name($this->stmt_id, $c); } return $field_names; } @@ -105,16 +107,15 @@ class CI_DB_oci8_result extends CI_DB_result { * @access public * @return array */ - function field_data() + public function field_data() { $retval = array(); - $fieldCount = $this->num_fields(); - for ($c = 1; $c <= $fieldCount; $c++) + for ($c = 1, $fieldCount = $this->num_fields(); $c <= $fieldCount; $c++) { - $F = new stdClass(); - $F->name = ocicolumnname($this->stmt_id, $c); - $F->type = ocicolumntype($this->stmt_id, $c); - $F->max_length = ocicolumnsize($this->stmt_id, $c); + $F = new stdClass(); + $F->name = oci_field_name($this->stmt_id, $c); + $F->type = oci_field_type($this->stmt_id, $c); + $F->max_length = oci_field_size($this->stmt_id, $c); $retval[] = $F; } @@ -129,11 +130,11 @@ class CI_DB_oci8_result extends CI_DB_result { * * @return null */ - function free_result() + public function free_result() { if (is_resource($this->result_id)) { - ocifreestatement($this->result_id); + oci_free_statement($this->result_id); $this->result_id = FALSE; } } @@ -145,14 +146,13 @@ class CI_DB_oci8_result extends CI_DB_result { * * Returns the result set as an array * - * @access private + * @access public * @return array */ - function _fetch_assoc(&$row) + public function _fetch_assoc() { $id = ($this->curs_id) ? $this->curs_id : $this->stmt_id; - - return ocifetchinto($id, $row, OCI_ASSOC + OCI_RETURN_NULLS); + return oci_fetch_assoc($id); } // -------------------------------------------------------------------- @@ -162,41 +162,13 @@ class CI_DB_oci8_result extends CI_DB_result { * * Returns the result set as an object * - * @access private + * @access public * @return object */ - function _fetch_object() + public function _fetch_object() { - $result = array(); - - // If PHP 5 is being used we can fetch an result object - if (function_exists('oci_fetch_object')) - { - $id = ($this->curs_id) ? $this->curs_id : $this->stmt_id; - - return @oci_fetch_object($id); - } - - // If PHP 4 is being used we have to build our own result - foreach ($this->result_array() as $key => $val) - { - $obj = new stdClass(); - if (is_array($val)) - { - foreach ($val as $k => $v) - { - $obj->$k = $v; - } - } - else - { - $obj->$key = $val; - } - - $result[] = $obj; - } - - return $result; + $id = ($this->curs_id) ? $this->curs_id : $this->stmt_id; + return @oci_fetch_object($id); } // -------------------------------------------------------------------- @@ -207,7 +179,7 @@ class CI_DB_oci8_result extends CI_DB_result { * @access public * @return array */ - function result_array() + public function result_array() { if (count($this->result_array) > 0) { @@ -217,7 +189,7 @@ class CI_DB_oci8_result extends CI_DB_result { // oracle's fetch functions do not return arrays. // The information is returned in reference parameters $row = NULL; - while ($this->_fetch_assoc($row)) + while ($row = $this->_fetch_assoc()) { $this->result_array[] = $row; } @@ -234,10 +206,10 @@ class CI_DB_oci8_result extends CI_DB_result { * this internally before fetching results to make sure the * result set starts at zero * - * @access private + * @access public * @return array */ - function _data_seek($n = 0) + public function _data_seek($n = 0) { return FALSE; // Not needed } -- cgit v1.2.3-24-g4f1b From c622a4155d912ad53143f5de94298eb8e60ba3e7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 7 Oct 2011 21:17:11 +0300 Subject: Remove another 2 old comments --- system/database/drivers/oci8/oci8_result.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'system') diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index 7de1153ba..ea5f77537 100644 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -186,8 +186,6 @@ class CI_DB_oci8_result extends CI_DB_result { return $this->result_array; } - // oracle's fetch functions do not return arrays. - // The information is returned in reference parameters $row = NULL; while ($row = $this->_fetch_assoc()) { @@ -218,4 +216,4 @@ class CI_DB_oci8_result extends CI_DB_result { /* End of file oci8_result.php */ -/* Location: ./system/database/drivers/oci8/oci8_result.php */ \ No newline at end of file +/* Location: ./system/database/drivers/oci8/oci8_result.php */ -- cgit v1.2.3-24-g4f1b From cfe49186f26cd7bb6410abd4f1069b49325dc0e9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 09:44:48 +0300 Subject: Some public and protected method declarations --- system/database/DB_result.php | 46 ++++++++++----------- system/database/drivers/oci8/oci8_driver.php | 60 ++++++++++++++-------------- system/database/drivers/oci8/oci8_result.php | 12 +++--- 3 files changed, 59 insertions(+), 59 deletions(-) (limited to 'system') diff --git a/system/database/DB_result.php b/system/database/DB_result.php index 0c4e78105..48d66c8e4 100644 --- a/system/database/DB_result.php +++ b/system/database/DB_result.php @@ -45,7 +45,7 @@ class CI_DB_result { * @param string can be "object" or "array" * @return mixed either a result object or array */ - function result($type = 'object') + public function result($type = 'object') { if ($type == 'array') return $this->result_array(); else if ($type == 'object') return $this->result_object(); @@ -60,7 +60,7 @@ class CI_DB_result { * @param class_name A string that represents the type of object you want back * @return array of objects */ - function custom_result_object($class_name) + public function custom_result_object($class_name) { if (array_key_exists($class_name, $this->custom_result_object)) { @@ -79,12 +79,12 @@ class CI_DB_result { while ($row = $this->_fetch_object()) { $object = new $class_name(); - + foreach ($row as $key => $value) { $object->$key = $value; } - + $result_object[] = $object; } @@ -100,7 +100,7 @@ class CI_DB_result { * @access public * @return object */ - function result_object() + public function result_object() { if (count($this->result_object) > 0) { @@ -132,7 +132,7 @@ class CI_DB_result { * @access public * @return array */ - function result_array() + public function result_array() { if (count($this->result_array) > 0) { @@ -166,7 +166,7 @@ class CI_DB_result { * @param string can be "object" or "array" * @return mixed either a result object or array */ - function row($n = 0, $type = 'object') + public function row($n = 0, $type = 'object') { if ( ! is_numeric($n)) { @@ -198,7 +198,7 @@ class CI_DB_result { * @access public * @return object */ - function set_row($key, $value = NULL) + public function set_row($key, $value = NULL) { // We cache the row data for subsequent uses if ( ! is_array($this->row_data)) @@ -230,7 +230,7 @@ class CI_DB_result { * @access public * @return object */ - function custom_row_object($n, $type) + public function custom_row_object($n, $type) { $result = $this->custom_result_object($type); @@ -253,7 +253,7 @@ class CI_DB_result { * @access public * @return object */ - function row_object($n = 0) + public function row_object($n = 0) { $result = $this->result_object(); @@ -278,7 +278,7 @@ class CI_DB_result { * @access public * @return array */ - function row_array($n = 0) + public function row_array($n = 0) { $result = $this->result_array(); @@ -304,7 +304,7 @@ class CI_DB_result { * @access public * @return object */ - function first_row($type = 'object') + public function first_row($type = 'object') { $result = $this->result($type); @@ -323,7 +323,7 @@ class CI_DB_result { * @access public * @return object */ - function last_row($type = 'object') + public function last_row($type = 'object') { $result = $this->result($type); @@ -342,7 +342,7 @@ class CI_DB_result { * @access public * @return object */ - function next_row($type = 'object') + public function next_row($type = 'object') { $result = $this->result($type); @@ -367,7 +367,7 @@ class CI_DB_result { * @access public * @return object */ - function previous_row($type = 'object') + public function previous_row($type = 'object') { $result = $this->result($type); @@ -394,14 +394,14 @@ class CI_DB_result { * operational due to the unavailability of the database resource IDs with * cached results. */ - function num_rows() { return $this->num_rows; } - function num_fields() { return 0; } - function list_fields() { return array(); } - function field_data() { return array(); } - function free_result() { return TRUE; } - function _data_seek() { return TRUE; } - function _fetch_assoc() { return array(); } - function _fetch_object() { return array(); } + public function num_rows() { return $this->num_rows; } + public function num_fields() { return 0; } + public function list_fields() { return array(); } + public function field_data() { return array(); } + public function free_result() { return TRUE; } + protected function _data_seek() { return TRUE; } + protected function _fetch_assoc() { return array(); } + protected function _fetch_object() { return array(); } } // END DB_result class diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 985466a79..b4da3e965 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -145,10 +145,10 @@ class CI_DB_oci8_driver extends CI_DB { /** * Version number query string * - * @access public + * @access protected * @return string */ - public function _version() + protected function _version() { return oci_server_version($this->conn_id); } @@ -158,11 +158,11 @@ class CI_DB_oci8_driver extends CI_DB { /** * Execute the query * - * @access public called by the base class + * @access protected called by the base class * @param string an SQL query * @return resource */ - public function _execute($sql) + protected function _execute($sql) { // oracle must parse the query before it is run. All of the actions with // the query are based on the statement id returned by ociparse @@ -480,11 +480,11 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific query string so that the table names can be fetched * - * @access public + * @access protected * @param boolean * @return string */ - public function _list_tables($prefix_limit = FALSE) + protected function _list_tables($prefix_limit = FALSE) { $sql = "SELECT TABLE_NAME FROM ALL_TABLES"; @@ -503,11 +503,11 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific query string so that the column names can be fetched * - * @access public + * @access protected * @param string the table name * @return string */ - public function _list_columns($table = '') + protected function _list_columns($table = '') { return "SELECT COLUMN_NAME FROM all_tab_columns WHERE table_name = '$table'"; } @@ -523,7 +523,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param string the table name * @return object */ - public function _field_data($table) + protected function _field_data($table) { return "SELECT * FROM ".$table." where rownum = 1"; } @@ -533,10 +533,10 @@ class CI_DB_oci8_driver extends CI_DB { /** * The error message string * - * @access public + * @access protected * @return string */ - public function _error_message() + protected function _error_message() { // If the error was during connection, no conn_id should be passed $error = is_resource($this->conn_id) ? oci_error($this->conn_id) : oci_error(); @@ -548,10 +548,10 @@ class CI_DB_oci8_driver extends CI_DB { /** * The error message number * - * @access public + * @access protected * @return integer */ - public function _error_number() + protected function _error_number() { // Same as _error_message() $error = is_resource($this->conn_id) ? oci_error($this->conn_id) : oci_error(); @@ -565,11 +565,11 @@ class CI_DB_oci8_driver extends CI_DB { * * This function escapes column and table names * - * @access public + * @access protected * @param string * @return string */ - public function _escape_identifiers($item) + protected function _escape_identifiers($item) { if ($this->_escape_char == '') { @@ -608,11 +608,11 @@ class CI_DB_oci8_driver extends CI_DB { * This function implicitly groups FROM tables so there is no confusion * about operator precedence in harmony with SQL standards * - * @access public + * @access protected * @param type * @return type */ - public function _from_tables($tables) + protected function _from_tables($tables) { if ( ! is_array($tables)) { @@ -635,7 +635,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param array the insert values * @return string */ - public function _insert($table, $keys, $values) + protected function _insert($table, $keys, $values) { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; } @@ -647,13 +647,13 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific insert string from the supplied data * - * @access public + * @access protected * @param string the table name * @param array the insert keys * @param array the insert values * @return string */ - public function _insert_batch($table, $keys, $values) + protected function _insert_batch($table, $keys, $values) { $keys = implode(', ', $keys); $sql = "INSERT ALL\n"; @@ -675,7 +675,7 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific update string from the supplied data * - * @access public + * @access protected * @param string the table name * @param array the update data * @param array the where clause @@ -683,7 +683,7 @@ class CI_DB_oci8_driver extends CI_DB { * @param array the limit clause * @return string */ - public function _update($table, $values, $where, $orderby = array(), $limit = FALSE) + protected function _update($table, $values, $where, $orderby = array(), $limit = FALSE) { foreach ($values as $key => $val) { @@ -712,11 +712,11 @@ class CI_DB_oci8_driver extends CI_DB { * If the database does not support the truncate() command * This function maps to "DELETE FROM table" * - * @access public + * @access protected * @param string the table name * @return string */ - public function _truncate($table) + protected function _truncate($table) { return "TRUNCATE TABLE ".$table; } @@ -728,13 +728,13 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific delete string from the supplied data * - * @access public + * @access protected * @param string the table name * @param array the where clause * @param string the limit clause * @return string */ - public function _delete($table, $where = array(), $like = array(), $limit = FALSE) + protected function _delete($table, $where = array(), $like = array(), $limit = FALSE) { $conditions = ''; @@ -762,13 +762,13 @@ class CI_DB_oci8_driver extends CI_DB { * * Generates a platform-specific LIMIT clause * - * @access public + * @access protected * @param string the sql query string * @param integer the number of rows to limit the query to * @param integer the offset value * @return string */ - public function _limit($sql, $limit, $offset) + protected function _limit($sql, $limit, $offset) { $limit = $offset + $limit; $newsql = "SELECT * FROM (select inner_query.*, rownum rnum FROM ($sql) inner_query WHERE rownum < $limit)"; @@ -789,11 +789,11 @@ class CI_DB_oci8_driver extends CI_DB { /** * Close DB Connection * - * @access public + * @access protected * @param resource * @return void */ - public function _close($conn_id) + protected function _close($conn_id) { @oci_close($conn_id); } diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index ea5f77537..ae133d7b5 100644 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -146,10 +146,10 @@ class CI_DB_oci8_result extends CI_DB_result { * * Returns the result set as an array * - * @access public + * @access protected * @return array */ - public function _fetch_assoc() + protected function _fetch_assoc() { $id = ($this->curs_id) ? $this->curs_id : $this->stmt_id; return oci_fetch_assoc($id); @@ -162,10 +162,10 @@ class CI_DB_oci8_result extends CI_DB_result { * * Returns the result set as an object * - * @access public + * @access protected * @return object */ - public function _fetch_object() + protected function _fetch_object() { $id = ($this->curs_id) ? $this->curs_id : $this->stmt_id; return @oci_fetch_object($id); @@ -204,10 +204,10 @@ class CI_DB_oci8_result extends CI_DB_result { * this internally before fetching results to make sure the * result set starts at zero * - * @access public + * @access protected * @return array */ - public function _data_seek($n = 0) + protected function _data_seek($n = 0) { return FALSE; // Not needed } -- cgit v1.2.3-24-g4f1b From 9c63d0bb34be4007178d5a7e46348d5e23fee3ff Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Thu, 27 Oct 2011 01:55:44 +0100 Subject: Bumped CodeIgniter version to 2.1.0. --- system/core/CodeIgniter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 0a1391d18..d9977e1ca 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -39,7 +39,7 @@ * @var string * */ - define('CI_VERSION', '2.0.2'); + define('CI_VERSION', '2.1.0'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) -- cgit v1.2.3-24-g4f1b From 9f5316e96ea635a15aa5906bfd2abaea19520970 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Wed, 14 Sep 2011 12:25:14 -0400 Subject: Fixed LIKE statement escaping issues --- system/database/drivers/pdo/pdo_driver.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'system') diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 19e069b06..4c911aa6e 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -28,6 +28,7 @@ * @author ExpressionEngine Dev Team * @link http://codeigniter.com/user_guide/database/ */ + class CI_DB_pdo_driver extends CI_DB { var $dbdriver = 'pdo'; @@ -36,7 +37,7 @@ class CI_DB_pdo_driver extends CI_DB { var $_escape_char = ''; var $_like_escape_str; var $_like_escape_chr; - + /** * The syntax to count rows is slightly different across different @@ -50,7 +51,7 @@ class CI_DB_pdo_driver extends CI_DB { function __construct($params) { parent::__construct($params); - + // clause and character used for LIKE escape sequences if (strpos($this->hostname, 'mysql') !== FALSE) { @@ -67,7 +68,7 @@ class CI_DB_pdo_driver extends CI_DB { $this->_like_escape_str = " ESCAPE '%s' "; $this->_like_escape_chr = '!'; } - + $this->hostname = $this->hostname . ";dbname=".$this->database; $this->trans_enabled = FALSE; @@ -179,7 +180,7 @@ class CI_DB_pdo_driver extends CI_DB { { $sql = $this->_prep_query($sql); $result_id = $this->conn_id->query($sql); - + if (is_object($result_id)) { $this->affect_rows = $result_id->rowCount(); @@ -188,7 +189,7 @@ class CI_DB_pdo_driver extends CI_DB { { $this->affect_rows = 0; } - + return $result_id; } @@ -308,16 +309,16 @@ class CI_DB_pdo_driver extends CI_DB { return $str; } - + //Escape the string $str = $this->conn_id->quote($str); - + //If there are duplicated quotes, trim them away if (strpos($str, "'") === 0) { $str = substr($str, 1, -1); } - + // escape LIKE condition wildcards if ($like === TRUE) { @@ -519,7 +520,7 @@ class CI_DB_pdo_driver extends CI_DB { if (strpos($item, '.') !== FALSE) { $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - + } else { @@ -569,7 +570,7 @@ class CI_DB_pdo_driver extends CI_DB { { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; } - + // -------------------------------------------------------------------- /** @@ -622,7 +623,7 @@ class CI_DB_pdo_driver extends CI_DB { return $sql; } - + // -------------------------------------------------------------------- /** @@ -764,7 +765,7 @@ class CI_DB_pdo_driver extends CI_DB { { $sql .= " OFFSET ".$offset; } - + return $sql; } } -- cgit v1.2.3-24-g4f1b From 448148b0d8ed1459662cfe501197686b8a48b609 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sat, 20 Aug 2011 14:23:14 -0500 Subject: Fixed a bug (#200) where MySQL queries would be malformed after calling db->count_all() then db->get() --- system/database/drivers/cubrid/cubrid_driver.php | 1 + system/database/drivers/mssql/mssql_driver.php | 1 + system/database/drivers/mysql/mysql_driver.php | 1 + system/database/drivers/mysqli/mysqli_driver.php | 1 + system/database/drivers/oci8/oci8_driver.php | 1 + system/database/drivers/odbc/odbc_driver.php | 1 + system/database/drivers/postgre/postgre_driver.php | 1 + system/database/drivers/sqlite/sqlite_driver.php | 1 + system/database/drivers/sqlsrv/sqlsrv_driver.php | 1 + 9 files changed, 9 insertions(+) (limited to 'system') diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php index 3f0109249..d01140412 100644 --- a/system/database/drivers/cubrid/cubrid_driver.php +++ b/system/database/drivers/cubrid/cubrid_driver.php @@ -398,6 +398,7 @@ class CI_DB_cubrid_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 65397ed8f..b39bd9360 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -367,6 +367,7 @@ class CI_DB_mssql_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 28c75a5e3..872504564 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -385,6 +385,7 @@ class CI_DB_mysql_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index b1796c9df..ddcaff323 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -386,6 +386,7 @@ class CI_DB_mysqli_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index b4da3e965..930177e62 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -470,6 +470,7 @@ class CI_DB_oci8_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 6e4ba896f..bcd7937d9 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -339,6 +339,7 @@ class CI_DB_odbc_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 140396885..5367f9759 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -385,6 +385,7 @@ class CI_DB_postgre_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index eb4e585b3..0cc898b38 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -354,6 +354,7 @@ class CI_DB_sqlite_driver extends CI_DB { } $row = $query->row(); + $this->_reset_select(); return (int) $row->numrows; } diff --git a/system/database/drivers/sqlsrv/sqlsrv_driver.php b/system/database/drivers/sqlsrv/sqlsrv_driver.php index 1d32792ce..400fd31c6 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_driver.php +++ b/system/database/drivers/sqlsrv/sqlsrv_driver.php @@ -344,6 +344,7 @@ class CI_DB_sqlsrv_driver extends CI_DB { return '0'; $row = $query->row(); + $this->_reset_select(); return $row->numrows; } -- cgit v1.2.3-24-g4f1b From ad4681f7889beb66f44995882c3977239eb1b3df Mon Sep 17 00:00:00 2001 From: danmontgomery Date: Sun, 21 Aug 2011 15:31:22 -0400 Subject: Fixed issue #150 (for mysql and mysqli), now returns the actual column length. --- system/database/drivers/mysql/mysql_driver.php | 2 +- system/database/drivers/mysql/mysql_result.php | 17 +++++++++++------ system/database/drivers/mysqli/mysqli_driver.php | 2 +- system/database/drivers/mysqli/mysqli_result.php | 19 ++++++++++++------- 4 files changed, 25 insertions(+), 15 deletions(-) (limited to 'system') diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 872504564..f87cfea4b 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -441,7 +441,7 @@ class CI_DB_mysql_driver extends CI_DB { */ function _field_data($table) { - return "SELECT * FROM ".$table." LIMIT 1"; + return "DESCRIBE ".$table; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysql/mysql_result.php b/system/database/drivers/mysql/mysql_result.php index 507389603..2d2905c98 100644 --- a/system/database/drivers/mysql/mysql_result.php +++ b/system/database/drivers/mysql/mysql_result.php @@ -84,14 +84,19 @@ class CI_DB_mysql_result extends CI_DB_result { function field_data() { $retval = array(); - while ($field = mysql_fetch_field($this->result_id)) + while ($field = mysql_fetch_object($this->result_id)) { + preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + + $type = $matches[1]; + $length = (int)$matches[2]; + $F = new stdClass(); - $F->name = $field->name; - $F->type = $field->type; - $F->default = $field->def; - $F->max_length = $field->max_length; - $F->primary_key = $field->primary_key; + $F->name = $field->Field; + $F->type = $type; + $F->default = $field->Default; + $F->max_length = $length; + $F->primary_key = ( $field->Key == 'PRI' ? 1 : 0 ); $retval[] = $F; } diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index ddcaff323..ccd110f79 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -442,7 +442,7 @@ class CI_DB_mysqli_driver extends CI_DB { */ function _field_data($table) { - return "SELECT * FROM ".$table." LIMIT 1"; + return "DESCRIBE ".$table; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php index c4d8f5d58..ac863056a 100644 --- a/system/database/drivers/mysqli/mysqli_result.php +++ b/system/database/drivers/mysqli/mysqli_result.php @@ -84,21 +84,26 @@ class CI_DB_mysqli_result extends CI_DB_result { function field_data() { $retval = array(); - while ($field = mysqli_fetch_field($this->result_id)) + while ($field = mysqli_fetch_object($this->result_id)) { + preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + + $type = $matches[1]; + $length = (int)$matches[2]; + $F = new stdClass(); - $F->name = $field->name; - $F->type = $field->type; - $F->default = $field->def; - $F->max_length = $field->max_length; - $F->primary_key = ($field->flags & MYSQLI_PRI_KEY_FLAG) ? 1 : 0; + $F->name = $field->Field; + $F->type = $type; + $F->default = $field->Default; + $F->max_length = $length; + $F->primary_key = ( $field->Key == 'PRI' ? 1 : 0 ); $retval[] = $F; } return $retval; } - + // -------------------------------------------------------------------- /** -- cgit v1.2.3-24-g4f1b From 659baa9668d8650ccaa05ad3bcdc2183c9ff5397 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Thu, 27 Oct 2011 13:24:53 +0100 Subject: Fixed issue #150 correctly. --- system/database/drivers/mysql/mysql_result.php | 6 +++--- system/database/drivers/mysqli/mysqli_result.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'system') diff --git a/system/database/drivers/mysql/mysql_result.php b/system/database/drivers/mysql/mysql_result.php index 2d2905c98..e1a6e93ca 100644 --- a/system/database/drivers/mysql/mysql_result.php +++ b/system/database/drivers/mysql/mysql_result.php @@ -86,10 +86,10 @@ class CI_DB_mysql_result extends CI_DB_result { $retval = array(); while ($field = mysql_fetch_object($this->result_id)) { - preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + preg_match('/([a-zA-Z]+)(\(\d+\))?/', $field->Type, $matches); - $type = $matches[1]; - $length = (int)$matches[2]; + $type = (array_key_exists(1, $matches)) ? $matches[1] : NULL; + $length = (array_key_exists(2, $matches)) ? preg_replace('/[^\d]/', '', $matches[2]) : NULL; $F = new stdClass(); $F->name = $field->Field; diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php index ac863056a..124d4e599 100644 --- a/system/database/drivers/mysqli/mysqli_result.php +++ b/system/database/drivers/mysqli/mysqli_result.php @@ -86,10 +86,10 @@ class CI_DB_mysqli_result extends CI_DB_result { $retval = array(); while ($field = mysqli_fetch_object($this->result_id)) { - preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + preg_match('/([a-zA-Z]+)(\(\d+\))?/', $field->Type, $matches); - $type = $matches[1]; - $length = (int)$matches[2]; + $type = (array_key_exists(1, $matches)) ? $matches[1] : NULL; + $length = (array_key_exists(2, $matches)) ? preg_replace('/[^\d]/', '', $matches[2]) : NULL; $F = new stdClass(); $F->name = $field->Field; -- cgit v1.2.3-24-g4f1b From 426ff851c2164651228a9a9bc10869301b19dbcc Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Mon, 29 Aug 2011 23:26:07 -0300 Subject: Added the 'user_data' key to the userdata property so that sessions using a database can be deleted properly when using the table schema found in the "Saving Session Data to a Database" section of the Session Class in the user guide. --- system/libraries/Session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 2c8a80163..8ee08c5b2 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -317,7 +317,8 @@ class CI_Session { 'session_id' => md5(uniqid($sessid, TRUE)), 'ip_address' => $this->CI->input->ip_address(), 'user_agent' => substr($this->CI->input->user_agent(), 0, 120), - 'last_activity' => $this->now + 'last_activity' => $this->now, + 'user_data' => '' ); -- cgit v1.2.3-24-g4f1b From 55027807e4826dfe722598172ab7ffbd9dc0b48c Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 25 Aug 2011 10:51:44 +0900 Subject: add html_escape() function to escape HTML. --- system/core/Common.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'system') diff --git a/system/core/Common.php b/system/core/Common.php index db9fbeb9f..3d6931bc0 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 530becb7e80cb3a2647d31d2cc8ce88328189358 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Tue, 25 Oct 2011 10:37:31 -0400 Subject: Changed mysql charset to PDO option --- system/database/drivers/pdo/pdo_driver.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'system') diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 4c911aa6e..e536cc4bf 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -46,7 +46,8 @@ class CI_DB_pdo_driver extends CI_DB { */ var $_count_string = "SELECT COUNT(*) AS "; var $_random_keyword; - + + var $options = array(); function __construct($params) { @@ -57,6 +58,9 @@ class CI_DB_pdo_driver extends CI_DB { { $this->_like_escape_str = ''; $this->_like_escape_chr = ''; + + //Set the charset with the connection options + $this->options['PDO::MYSQL_ATTR_INIT_COMMAND'] = "SET NAMES {$this->char_set}"; } else if (strpos($this->hostname, 'odbc') !== FALSE) { @@ -83,9 +87,8 @@ class CI_DB_pdo_driver extends CI_DB { */ function db_connect() { - return new PDO($this->hostname,$this->username,$this->password, array( - PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT - )); + $this->options['PDO::ATTR_ERRMODE'] = PDO::ERRMODE_SILENT; + return new PDO($this->hostname,$this->username,$this->password, $this->options); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From d019fd673a730bf87f1410a752818f16b6ced713 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Wed, 26 Oct 2011 11:26:17 -0400 Subject: Set charset in DSN if PHP >= 5.3.6 --- system/database/drivers/pdo/pdo_driver.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index e536cc4bf..b4c3102ed 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -59,6 +59,12 @@ class CI_DB_pdo_driver extends CI_DB { $this->_like_escape_str = ''; $this->_like_escape_chr = ''; + //Prior to this version, the charset can't be set in the dsn + if(is_php('5.3.6')) + { + $this->hostname .= ";charset={$this->char_set}"; + } + //Set the charset with the connection options $this->options['PDO::MYSQL_ATTR_INIT_COMMAND'] = "SET NAMES {$this->char_set}"; } @@ -236,7 +242,7 @@ class CI_DB_pdo_driver extends CI_DB { // Reset the transaction failure flag. // If the $test_mode flag is set to TRUE transactions will be rolled back // even if the queries produce a successful result. - $this->_trans_failure = ($test_mode === TRUE) ? TRUE : FALSE; + $this->_trans_failure = (bool) ($test_mode === TRUE); return $this->conn_id->beginTransaction(); } -- cgit v1.2.3-24-g4f1b From 70eeb93361c4e6a08584fd600d173842e15a4f13 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Wed, 26 Oct 2011 11:31:49 -0400 Subject: Misc formatting fixes --- system/database/drivers/pdo/pdo_driver.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'system') diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index b4c3102ed..f69893273 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -78,8 +78,8 @@ class CI_DB_pdo_driver extends CI_DB { $this->_like_escape_str = " ESCAPE '%s' "; $this->_like_escape_chr = '!'; } - - $this->hostname = $this->hostname . ";dbname=".$this->database; + + $this->hostname .= ";dbname=".$this->database; $this->trans_enabled = FALSE; $this->_random_keyword = ' RND('.time().')'; // database specific random keyword @@ -94,7 +94,8 @@ class CI_DB_pdo_driver extends CI_DB { function db_connect() { $this->options['PDO::ATTR_ERRMODE'] = PDO::ERRMODE_SILENT; - return new PDO($this->hostname,$this->username,$this->password, $this->options); + + return new PDO($this->hostname, $this->username, $this->password, $this->options); } // -------------------------------------------------------------------- @@ -107,10 +108,10 @@ class CI_DB_pdo_driver extends CI_DB { */ function db_pconnect() { - return new PDO($this->hostname,$this->username,$this->password, array( - PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT, - PDO::ATTR_PERSISTENT => true - )); + $this->options['PDO::ATTR_ERRMODE'] = PDO::ERRMODE_SILENT; + $this->options['PDO::ATTR_PERSISTENT'] = TRUE; + + return new PDO($this->hostname, $this->username, $this->password, $this->options); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 8d0a31314fbf8040cce5d7601a12fffe208ae884 Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Mon, 22 Aug 2011 16:11:20 -0500 Subject: Fix #8 - Load core classes from the application folder first. --- system/core/Common.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system') diff --git a/system/core/Common.php b/system/core/Common.php index 3d6931bc0..d79375475 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -132,9 +132,9 @@ if ( ! function_exists('load_class')) $name = FALSE; - // Look for the class first in the native system/libraries folder - // thenin the local application/libraries folder - foreach (array(BASEPATH, APPPATH) as $path) + // Look for the class first in the local application/libraries folder + // then in the native system/libraries folder + foreach (array(APPPATH, BASEPATH) as $path) { if (file_exists($path.$directory.'/'.$class.'.php')) { -- cgit v1.2.3-24-g4f1b From da8a560802501cb660952dccab3f3761352c323c Mon Sep 17 00:00:00 2001 From: Aaron Kuzemchak Date: Sat, 3 Sep 2011 20:59:07 -0400 Subject: Enables real page numbers for URI segment in Pagination library --- system/libraries/Pagination.php | 85 +++++++++++++++++++++++++++++++++++------ 1 file changed, 73 insertions(+), 12 deletions(-) (limited to 'system') diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index cc62e660b..cdaacf2d4 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -34,6 +34,7 @@ class CI_Pagination { var $per_page = 10; // Max number of items you want shown per page var $num_links = 2; // Number of "digit" links to show before/after the currently viewed page var $cur_page = 0; // The current page being viewed + var $use_page_numbers = FALSE; // Use page number for segment instead of offset var $first_link = '‹ First'; var $next_link = '>'; var $prev_link = '<'; @@ -128,12 +129,22 @@ class CI_Pagination { return ''; } + // Set the base page index for starting page number + if ($this->use_page_numbers) + { + $base_page = 1; + } + else + { + $base_page = 0; + } + // Determine the current page number. $CI =& get_instance(); if ($CI->config->item('enable_query_strings') === TRUE OR $this->page_query_string === TRUE) { - if ($CI->input->get($this->query_string_segment) != 0) + if ($CI->input->get($this->query_string_segment) != $base_page) { $this->cur_page = $CI->input->get($this->query_string_segment); @@ -143,7 +154,7 @@ class CI_Pagination { } else { - if ($CI->uri->segment($this->uri_segment) != 0) + if ($CI->uri->segment($this->uri_segment) != $base_page) { $this->cur_page = $CI->uri->segment($this->uri_segment); @@ -151,6 +162,12 @@ class CI_Pagination { $this->cur_page = (int) $this->cur_page; } } + + // Set current page to 1 if using page numbers instead of offset + if ($this->use_page_numbers AND $this->cur_page == 0) + { + $this->cur_page = $base_page; + } $this->num_links = (int)$this->num_links; @@ -161,18 +178,32 @@ class CI_Pagination { if ( ! is_numeric($this->cur_page)) { - $this->cur_page = 0; + $this->cur_page = $base_page; } // Is the page number beyond the result range? // If so we show the last page - if ($this->cur_page > $this->total_rows) + if ($this->use_page_numbers) { - $this->cur_page = ($num_pages - 1) * $this->per_page; + if ($this->cur_page > $num_pages) + { + $this->cur_page = $num_pages; + } + } + else + { + if ($this->cur_page > $this->total_rows) + { + $this->cur_page = ($num_pages - 1) * $this->per_page; + } } $uri_page_number = $this->cur_page; - $this->cur_page = floor(($this->cur_page/$this->per_page) + 1); + + if ( ! $this->use_page_numbers) + { + $this->cur_page = floor(($this->cur_page/$this->per_page) + 1); + } // Calculate the start and end numbers. These determine // which number to start and end the digit links with @@ -203,7 +234,14 @@ class CI_Pagination { // Render the "previous" link if ($this->prev_link !== FALSE AND $this->cur_page != 1) { - $i = $uri_page_number - $this->per_page; + if ($this->use_page_numbers) + { + $i = $uri_page_number - 1; + } + else + { + $i = $uri_page_number - $this->per_page; + } if ($i == 0 && $this->first_url != '') { @@ -223,9 +261,16 @@ class CI_Pagination { // Write the digit links for ($loop = $start -1; $loop <= $end; $loop++) { - $i = ($loop * $this->per_page) - $this->per_page; + if ($this->use_page_numbers) + { + $i = $loop; + } + else + { + $i = ($loop * $this->per_page) - $this->per_page; + } - if ($i >= 0) + if ($i >= $base_page) { if ($this->cur_page == $loop) { @@ -233,7 +278,7 @@ class CI_Pagination { } else { - $n = ($i == 0) ? '' : $i; + $n = ($i == $base_page) ? '' : $i; if ($n == '' && $this->first_url != '') { @@ -253,13 +298,29 @@ class CI_Pagination { // Render the "next" link if ($this->next_link !== FALSE AND $this->cur_page < $num_pages) { - $output .= $this->next_tag_open.'anchor_class.'href="'.$this->base_url.$this->prefix.($this->cur_page * $this->per_page).$this->suffix.'">'.$this->next_link.''.$this->next_tag_close; + if ($this->use_page_numbers) + { + $i = $this->cur_page + 1; + } + else + { + $i = ($this->cur_page * $this->per_page); + } + + $output .= $this->next_tag_open.'anchor_class.'href="'.$this->base_url.$this->prefix.$i.$this->suffix.'">'.$this->next_link.''.$this->next_tag_close; } // Render the "Last" link if ($this->last_link !== FALSE AND ($this->cur_page + $this->num_links) < $num_pages) { - $i = (($num_pages * $this->per_page) - $this->per_page); + if ($this->use_page_numbers) + { + $i = $num_pages; + } + else + { + $i = (($num_pages * $this->per_page) - $this->per_page); + } $output .= $this->last_tag_open.'anchor_class.'href="'.$this->base_url.$this->prefix.$i.$this->suffix.'">'.$this->last_link.''.$this->last_tag_close; } -- cgit v1.2.3-24-g4f1b From d0b61ef16e247d5252c7505ac8e13517ce26ff04 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Tue, 8 Nov 2011 14:49:24 +0000 Subject: Added ->db->replace() for MySQLi. --- system/database/drivers/mysqli/mysqli_driver.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'system') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index ccd110f79..d3200f328 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -570,6 +570,25 @@ class CI_DB_mysqli_driver extends CI_DB { { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values); } + + // -------------------------------------------------------------------- + + + /** + * Replace statement + * + * Generates a platform-specific replace string from the supplied data + * + * @access public + * @param string the table name + * @param array the insert keys + * @param array the insert values + * @return string + */ + function _replace($table, $keys, $values) + { + return "REPLACE INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; + } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 644a1474b497fbf0b3a780d379df3a990f77a84c Mon Sep 17 00:00:00 2001 From: Syahril Zulkefli Date: Sun, 13 Nov 2011 23:41:37 +0800 Subject: Fix invalid date format --- system/helpers/date_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 553e8d7ee..8ad396cfe 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -116,7 +116,7 @@ if ( ! function_exists('standard_date')) 'DATE_COOKIE' => '%l, %d-%M-%y %H:%i:%s UTC', 'DATE_ISO8601' => '%Y-%m-%dT%H:%i:%s%Q', 'DATE_RFC822' => '%D, %d %M %y %H:%i:%s %O', - 'DATE_RFC850' => '%l, %d-%M-%y %H:%m:%i UTC', + 'DATE_RFC850' => '%l, %d-%M-%y %H:%i:%i UTC', 'DATE_RFC1036' => '%D, %d %M %y %H:%i:%s %O', 'DATE_RFC1123' => '%D, %d %M %Y %H:%i:%s %O', 'DATE_RSS' => '%D, %d %M %Y %H:%i:%s %O', -- cgit v1.2.3-24-g4f1b From 9667b5585f66f0763f57f5ca578d986812f48b94 Mon Sep 17 00:00:00 2001 From: Syahril Zulkefli Date: Sun, 13 Nov 2011 23:43:37 +0800 Subject: Fix invalid date format --- system/helpers/date_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 8ad396cfe..0aeb7fafb 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -116,7 +116,7 @@ if ( ! function_exists('standard_date')) 'DATE_COOKIE' => '%l, %d-%M-%y %H:%i:%s UTC', 'DATE_ISO8601' => '%Y-%m-%dT%H:%i:%s%Q', 'DATE_RFC822' => '%D, %d %M %y %H:%i:%s %O', - 'DATE_RFC850' => '%l, %d-%M-%y %H:%i:%i UTC', + 'DATE_RFC850' => '%l, %d-%M-%y %H:%i:%s UTC', 'DATE_RFC1036' => '%D, %d %M %y %H:%i:%s %O', 'DATE_RFC1123' => '%D, %d %M %Y %H:%i:%s %O', 'DATE_RSS' => '%D, %d %M %Y %H:%i:%s %O', -- cgit v1.2.3-24-g4f1b From f6bd296482ed5697b77f23901a16444bf96cb4f4 Mon Sep 17 00:00:00 2001 From: Syahril Zulkefli Date: Sun, 13 Nov 2011 23:46:58 +0800 Subject: Fix invalid datetime format --- system/libraries/Xmlrpc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system') diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index 5da6ea6ae..d702e902f 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -1404,14 +1404,14 @@ class XML_RPC_Values extends CI_Xmlrpc { if ($utc == 1) { - $t = strftime("%Y%m%dT%H:%M:%S", $time); + $t = strftime("%Y%m%dT%H:%i:%s", $time); } else { if (function_exists('gmstrftime')) - $t = gmstrftime("%Y%m%dT%H:%M:%S", $time); + $t = gmstrftime("%Y%m%dT%H:%i:%s", $time); else - $t = strftime("%Y%m%dT%H:%M:%S", $time - date('Z')); + $t = strftime("%Y%m%dT%H:%i:%s", $time - date('Z')); } return $t; } -- cgit v1.2.3-24-g4f1b From a35e31c3ead0396e2a7c7be9b292c66a6457a1a0 Mon Sep 17 00:00:00 2001 From: Ben Edmunds Date: Sat, 20 Aug 2011 14:17:16 -0500 Subject: Resolved issue 65 - made action on form_open_multipart helper function call optional --- system/helpers/form_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 47f93e748..d9305c00b 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -94,7 +94,7 @@ if ( ! function_exists('form_open')) */ if ( ! function_exists('form_open_multipart')) { - function form_open_multipart($action, $attributes = array(), $hidden = array()) + function form_open_multipart($action = '', $attributes = array(), $hidden = array()) { if (is_string($attributes)) { -- cgit v1.2.3-24-g4f1b From c78301cee7b648911601f663731ddb4871d1bba4 Mon Sep 17 00:00:00 2001 From: Radu Potop Date: Wed, 28 Sep 2011 13:57:51 +0300 Subject: Added TLS and SSL support to Email library. Fixes issue #171 --- system/libraries/Email.php | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index c8b727c34..9ec40af9d 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -36,6 +36,7 @@ class CI_Email { var $smtp_pass = ""; // SMTP Password var $smtp_port = "25"; // SMTP Port var $smtp_timeout = 5; // SMTP Timeout in seconds + var $smtp_crypto = ""; // SMTP Encryption. Can be null, tls or ssl. var $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off var $wrapchars = "76"; // Number of characters to wrap at. var $mailtype = "text"; // text/html Defines email formatting @@ -1678,7 +1679,10 @@ class CI_Email { */ protected function _smtp_connect() { - $this->_smtp_connect = fsockopen($this->smtp_host, + $ssl = NULL; + if ($this->smtp_crypto == 'ssl') + $ssl = 'ssl://'; + $this->_smtp_connect = fsockopen($ssl.$this->smtp_host, $this->smtp_port, $errno, $errstr, @@ -1691,6 +1695,14 @@ class CI_Email { } $this->_set_error_message($this->_get_smtp_data()); + + if ($this->smtp_crypto == 'tls') + { + $this->_send_command('hello'); + $this->_send_command('starttls'); + stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + } + return $this->_send_command('hello'); } @@ -1717,6 +1729,12 @@ class CI_Email { $resp = 250; break; + case 'starttls' : + + $this->_send_data('STARTTLS'); + + $resp = 220; + break; case 'from' : $this->_send_data('MAIL FROM:<'.$data.'>'); -- cgit v1.2.3-24-g4f1b From fbcf88b9687ed25c71f0036112f9a120a7623302 Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Mon, 14 Nov 2011 13:39:37 -0500 Subject: Removing stray docblocks --- system/core/CodeIgniter.php | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'system') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index d9977e1ca..db1aee574 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,12 +33,6 @@ * @var string * */ - /** - * CodeIgniter Version - * - * @var string - * - */ define('CI_VERSION', '2.1.0'); /** @@ -47,12 +41,6 @@ * @var boolean * */ - /** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var string - * - */ define('CI_CORE', FALSE); /* -- cgit v1.2.3-24-g4f1b From c38e3b672335e3a00d68decf2b629a0afc7c769d Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Mon, 14 Nov 2011 13:55:00 -0500 Subject: Tweaking the xss filter for IE tags, parameter injection, and weird html5 attributes. --- system/core/Security.php | 91 ++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 50 deletions(-) (limited to 'system') diff --git a/system/core/Security.php b/system/core/Security.php index dcc680a11..a3e227437 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -77,7 +77,8 @@ class CI_Security { '-moz-binding' => '[removed]', '' => '-->', - ' '<![CDATA[' + ' '<![CDATA[', + '' => '<comment>' ); /* never allowed, regex replacement */ @@ -475,15 +476,7 @@ class CI_Security { { if ($this->_xss_hash == '') { - if (phpversion() >= 4.2) - { - mt_srand(); - } - else - { - mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff); - } - + mt_srand(); $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); } @@ -497,14 +490,11 @@ class CI_Security { * * This function is a replacement for html_entity_decode() * - * In some versions of PHP the native function does not work - * when UTF-8 is the specified character set, so this gives us - * a work-around. More info here: - * http://bugs.php.net/bug.php?id=25670 - * - * NOTE: html_entity_decode() has a bug in some PHP versions when UTF-8 is the - * character set, and the PHP developers said they were not back porting the - * fix to versions other than PHP 5.x. + * The reason we are not using html_entity_decode() by itself is because + * while it is not technically correct to leave out the semicolon + * at the end of an entity most browsers will still interpret the entity + * correctly. html_entity_decode() does not convert entities without + * semicolons, so we are left with our own little solution here. Bummer. * * @param string * @param string @@ -512,33 +502,14 @@ class CI_Security { */ public function entity_decode($str, $charset='UTF-8') { - if (stristr($str, '&') === FALSE) return $str; - - // The reason we are not using html_entity_decode() by itself is because - // while it is not technically correct to leave out the semicolon - // at the end of an entity most browsers will still interpret the entity - // correctly. html_entity_decode() does not convert entities without - // semicolons, so we are left with our own little solution here. Bummer. - - if (function_exists('html_entity_decode') && - (strtolower($charset) != 'utf-8')) - { - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); - } - - // Numeric Entities - $str = preg_replace('~&#x(0*[0-9a-f]{2,5});{0,1}~ei', 'chr(hexdec("\\1"))', $str); - $str = preg_replace('~&#([0-9]{2,4});{0,1}~e', 'chr(\\1)', $str); - - // Literal Entities - Slightly slow so we do another check if (stristr($str, '&') === FALSE) { - $str = strtr($str, array_flip(get_html_translation_table(HTML_ENTITIES))); + return $str; } - return $str; + $str = html_entity_decode($str, ENT_COMPAT, $charset); + $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); + return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); } // -------------------------------------------------------------------- @@ -632,25 +603,45 @@ class CI_Security { protected function _remove_evil_attributes($str, $is_image) { // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns - $evil_attributes = array('on\w*', 'style', 'xmlns'); + $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction'); if ($is_image === TRUE) { /* - * Adobe Photoshop puts XML metadata into JFIF images, + * Adobe Photoshop puts XML metadata into JFIF images, * including namespacing, so we have to allow this for images. */ unset($evil_attributes[array_search('xmlns', $evil_attributes)]); } - + do { - $str = preg_replace( - "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i", - "<$1$6", - $str, -1, $count - ); - } while ($count); + $count = 0; + $attribs = array(); + + // find occurrences of illegal attribute strings without quotes + preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER); + + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) + preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + + // replace illegal attribute strings that are inside an html tag + if (count($attribs) > 0) + { + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count); + } + + } while ($count); + return $str; } -- cgit v1.2.3-24-g4f1b From 0199f68db46d375af2d4cb831c679d3040601f25 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Tue, 22 Nov 2011 14:57:21 +0000 Subject: Readded PDO drivers. --- system/database/drivers/pdo/index.html | 10 ++ system/database/drivers/pdo/pdo_driver.php | 30 ++-- system/database/drivers/pdo/pdo_forge.php | 266 ++++++++++++++++++++++++++++ system/database/drivers/pdo/pdo_result.php | 171 ++++++++++++++++++ system/database/drivers/pdo/pdo_utility.php | 103 +++++++++++ 5 files changed, 565 insertions(+), 15 deletions(-) create mode 100644 system/database/drivers/pdo/index.html create mode 100644 system/database/drivers/pdo/pdo_forge.php create mode 100644 system/database/drivers/pdo/pdo_result.php create mode 100644 system/database/drivers/pdo/pdo_utility.php (limited to 'system') diff --git a/system/database/drivers/pdo/index.html b/system/database/drivers/pdo/index.html new file mode 100644 index 000000000..c942a79ce --- /dev/null +++ b/system/database/drivers/pdo/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index f69893273..5de2079bb 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -5,9 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter - * @author ExpressionEngine Dev Team * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team * @link http://codeigniter.com * @since Version 2.1.0 * @filesource @@ -25,10 +25,9 @@ * @package CodeIgniter * @subpackage Drivers * @category Database - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/database/ */ - class CI_DB_pdo_driver extends CI_DB { var $dbdriver = 'pdo'; @@ -37,7 +36,7 @@ class CI_DB_pdo_driver extends CI_DB { var $_escape_char = ''; var $_like_escape_str; var $_like_escape_chr; - + /** * The syntax to count rows is slightly different across different @@ -52,13 +51,13 @@ class CI_DB_pdo_driver extends CI_DB { function __construct($params) { parent::__construct($params); - + // clause and character used for LIKE escape sequences if (strpos($this->hostname, 'mysql') !== FALSE) { $this->_like_escape_str = ''; $this->_like_escape_chr = ''; - + //Prior to this version, the charset can't be set in the dsn if(is_php('5.3.6')) { @@ -80,6 +79,7 @@ class CI_DB_pdo_driver extends CI_DB { } $this->hostname .= ";dbname=".$this->database; + $this->trans_enabled = FALSE; $this->_random_keyword = ' RND('.time().')'; // database specific random keyword @@ -190,7 +190,7 @@ class CI_DB_pdo_driver extends CI_DB { { $sql = $this->_prep_query($sql); $result_id = $this->conn_id->query($sql); - + if (is_object($result_id)) { $this->affect_rows = $result_id->rowCount(); @@ -199,7 +199,7 @@ class CI_DB_pdo_driver extends CI_DB { { $this->affect_rows = 0; } - + return $result_id; } @@ -319,16 +319,16 @@ class CI_DB_pdo_driver extends CI_DB { return $str; } - + //Escape the string $str = $this->conn_id->quote($str); - + //If there are duplicated quotes, trim them away if (strpos($str, "'") === 0) { $str = substr($str, 1, -1); } - + // escape LIKE condition wildcards if ($like === TRUE) { @@ -530,7 +530,7 @@ class CI_DB_pdo_driver extends CI_DB { if (strpos($item, '.') !== FALSE) { $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - + } else { @@ -580,7 +580,7 @@ class CI_DB_pdo_driver extends CI_DB { { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; } - + // -------------------------------------------------------------------- /** @@ -633,7 +633,7 @@ class CI_DB_pdo_driver extends CI_DB { return $sql; } - + // -------------------------------------------------------------------- /** @@ -775,7 +775,7 @@ class CI_DB_pdo_driver extends CI_DB { { $sql .= " OFFSET ".$offset; } - + return $sql; } } diff --git a/system/database/drivers/pdo/pdo_forge.php b/system/database/drivers/pdo/pdo_forge.php new file mode 100644 index 000000000..1462e8c21 --- /dev/null +++ b/system/database/drivers/pdo/pdo_forge.php @@ -0,0 +1,266 @@ +db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Drop database + * + * @access private + * @param string the database name + * @return bool + */ + function _drop_database($name) + { + // PDO has no "drop database" command since it's + // designed to connect to an existing database + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Create Table + * + * @access private + * @param string the table name + * @param array the fields + * @param mixed primary key(s) + * @param mixed key(s) + * @param boolean should 'IF NOT EXISTS' be added to the SQL + * @return bool + */ + function _create_table($table, $fields, $primary_keys, $keys, $if_not_exists) + { + $sql = 'CREATE TABLE '; + + if ($if_not_exists === TRUE) + { + $sql .= 'IF NOT EXISTS '; + } + + $sql .= $this->db->_escape_identifiers($table)." ("; + $current_field_count = 0; + + foreach ($fields as $field=>$attributes) + { + // Numeric field names aren't allowed in databases, so if the key is + // numeric, we know it was assigned by PHP and the developer manually + // entered the field information, so we'll simply add it to the list + if (is_numeric($field)) + { + $sql .= "\n\t$attributes"; + } + else + { + $attributes = array_change_key_case($attributes, CASE_UPPER); + + $sql .= "\n\t".$this->db->_protect_identifiers($field); + + $sql .= ' '.$attributes['TYPE']; + + if (array_key_exists('CONSTRAINT', $attributes)) + { + $sql .= '('.$attributes['CONSTRAINT'].')'; + } + + if (array_key_exists('UNSIGNED', $attributes) && $attributes['UNSIGNED'] === TRUE) + { + $sql .= ' UNSIGNED'; + } + + if (array_key_exists('DEFAULT', $attributes)) + { + $sql .= ' DEFAULT \''.$attributes['DEFAULT'].'\''; + } + + if (array_key_exists('NULL', $attributes) && $attributes['NULL'] === TRUE) + { + $sql .= ' NULL'; + } + else + { + $sql .= ' NOT NULL'; + } + + if (array_key_exists('AUTO_INCREMENT', $attributes) && $attributes['AUTO_INCREMENT'] === TRUE) + { + $sql .= ' AUTO_INCREMENT'; + } + } + + // don't add a comma on the end of the last field + if (++$current_field_count < count($fields)) + { + $sql .= ','; + } + } + + if (count($primary_keys) > 0) + { + $primary_keys = $this->db->_protect_identifiers($primary_keys); + $sql .= ",\n\tPRIMARY KEY (" . implode(', ', $primary_keys) . ")"; + } + + if (is_array($keys) && count($keys) > 0) + { + foreach ($keys as $key) + { + if (is_array($key)) + { + $key = $this->db->_protect_identifiers($key); + } + else + { + $key = array($this->db->_protect_identifiers($key)); + } + + $sql .= ",\n\tFOREIGN KEY (" . implode(', ', $key) . ")"; + } + } + + $sql .= "\n)"; + + return $sql; + } + + // -------------------------------------------------------------------- + + /** + * Drop Table + * + * @access private + * @return bool + */ + function _drop_table($table) + { + // Not a supported PDO feature + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Alter table query + * + * Generates a platform-specific query so that a table can be altered + * Called by add_column(), drop_column(), and column_alter(), + * + * @access private + * @param string the ALTER type (ADD, DROP, CHANGE) + * @param string the column name + * @param string the table name + * @param string the column definition + * @param string the default value + * @param boolean should 'NOT NULL' be added + * @param string the field after which we should add the new field + * @return object + */ + function _alter_table($alter_type, $table, $column_name, $column_definition = '', $default_value = '', $null = '', $after_field = '') + { + $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table)." $alter_type ".$this->db->_protect_identifiers($column_name); + + // DROP has everything it needs now. + if ($alter_type == 'DROP') + { + return $sql; + } + + $sql .= " $column_definition"; + + if ($default_value != '') + { + $sql .= " DEFAULT \"$default_value\""; + } + + if ($null === NULL) + { + $sql .= ' NULL'; + } + else + { + $sql .= ' NOT NULL'; + } + + if ($after_field != '') + { + $sql .= ' AFTER ' . $this->db->_protect_identifiers($after_field); + } + + return $sql; + + } + + + // -------------------------------------------------------------------- + + /** + * Rename a table + * + * Generates a platform-specific query so that a table can be renamed + * + * @access private + * @param string the old table name + * @param string the new table name + * @return string + */ + function _rename_table($table_name, $new_table_name) + { + $sql = 'ALTER TABLE '.$this->db->_protect_identifiers($table_name)." RENAME TO ".$this->db->_protect_identifiers($new_table_name); + return $sql; + } + + +} + +/* End of file pdo_forge.php */ +/* Location: ./system/database/drivers/pdo/pdo_forge.php */ \ No newline at end of file diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php new file mode 100644 index 000000000..7f3058ff0 --- /dev/null +++ b/system/database/drivers/pdo/pdo_result.php @@ -0,0 +1,171 @@ +result_id->rowCount(); + } + + // -------------------------------------------------------------------- + + /** + * Number of fields in the result set + * + * @access public + * @return integer + */ + function num_fields() + { + return $this->result_id->columnCount(); + } + + // -------------------------------------------------------------------- + + /** + * Fetch Field Names + * + * Generates an array of column names + * + * @access public + * @return array + */ + function list_fields() + { + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Field data + * + * Generates an array of objects containing field meta-data + * + * @access public + * @return array + */ + function field_data() + { + $data = array(); + + try + { + for($i = 0; $i < $this->num_fields(); $i++) + { + $data[] = $this->result_id->getColumnMeta($i); + } + + return $data; + } + catch (Exception $e) + { + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + } + + // -------------------------------------------------------------------- + + /** + * Free the result + * + * @return null + */ + function free_result() + { + if (is_object($this->result_id)) + { + $this->result_id = FALSE; + } + } + + // -------------------------------------------------------------------- + + /** + * Data Seek + * + * Moves the internal pointer to the desired offset. We call + * this internally before fetching results to make sure the + * result set starts at zero + * + * @access private + * @return array + */ + function _data_seek($n = 0) + { + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Result - associative array + * + * Returns the result set as an array + * + * @access private + * @return array + */ + function _fetch_assoc() + { + return $this->result_id->fetch(PDO::FETCH_ASSOC); + } + + // -------------------------------------------------------------------- + + /** + * Result - object + * + * Returns the result set as an object + * + * @access private + * @return object + */ + function _fetch_object() + { + return $this->result_id->fetchObject(); + } + +} + + +/* End of file pdo_result.php */ +/* Location: ./system/database/drivers/pdo/pdo_result.php */ \ No newline at end of file diff --git a/system/database/drivers/pdo/pdo_utility.php b/system/database/drivers/pdo/pdo_utility.php new file mode 100644 index 000000000..29aefca80 --- /dev/null +++ b/system/database/drivers/pdo/pdo_utility.php @@ -0,0 +1,103 @@ +db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Optimize table query + * + * Generates a platform-specific query so that a table can be optimized + * + * @access private + * @param string the table name + * @return object + */ + function _optimize_table($table) + { + // Not a supported PDO feature + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Repair table query + * + * Generates a platform-specific query so that a table can be repaired + * + * @access private + * @param string the table name + * @return object + */ + function _repair_table($table) + { + // Not a supported PDO feature + if ($this->db->db_debug) + { + return $this->db->display_error('db_unsuported_feature'); + } + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * PDO Export + * + * @access private + * @param array Preferences + * @return mixed + */ + function _backup($params = array()) + { + // Currently unsupported + return $this->db->display_error('db_unsuported_feature'); + } + +} + +/* End of file pdo_utility.php */ +/* Location: ./system/database/drivers/pdo/pdo_utility.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b