From 65d603e03d3befd6e4f13361c78ab454ea57ba70 Mon Sep 17 00:00:00 2001 From: Dan Horrigan Date: Wed, 15 Dec 2010 08:38:30 -0500 Subject: Added full Query String and $_GET array support. This is enabled by default. Added a seperate config option to enable/disable the $_GET array. --- system/core/Input.php | 4 +- system/core/URI.php | 100 ++++++++++++++++++++++++++++++++++---------------- 2 files changed, 71 insertions(+), 33 deletions(-) (limited to 'system') diff --git a/system/core/Input.php b/system/core/Input.php index 9d8811cdd..4ddc402ee 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -30,7 +30,7 @@ class CI_Input { var $ip_address = FALSE; var $user_agent = FALSE; - var $_allow_get_array = FALSE; + var $_allow_get_array = TRUE; var $_standardize_newlines = TRUE; var $_enable_xss = FALSE; // Set automatically based on config setting var $_enable_csrf = FALSE; // Set automatically based on config setting @@ -49,7 +49,7 @@ class CI_Input { { log_message('debug', "Input Class Initialized"); - $this->_allow_get_array = (config_item('enable_query_strings') === TRUE) ? TRUE : FALSE; + $this->_allow_get_array = (config_item('allow_get_array') === TRUE) ? TRUE : FALSE; $this->_enable_xss = (config_item('global_xss_filtering') === TRUE) ? TRUE : FALSE; $this->_enable_csrf = (config_item('csrf_protection') === TRUE) ? TRUE : FALSE; diff --git a/system/core/URI.php b/system/core/URI.php index 5a5a37cc6..f6487d3f9 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -61,13 +61,10 @@ class CI_URI { { if (strtoupper($this->config->item('uri_protocol')) == 'AUTO') { - // If the URL has a question mark then it's simplest to just - // build the URI string from the zero index of the $_GET array. - // This avoids having to deal with $_SERVER variables, which - // can be unreliable in some environments - if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') + // Let's try the REQUEST_URI first, this will work in most situations + if ($uri = $this->_get_request_uri()) { - $this->uri_string = key($_GET); + $this->uri_string = $this->_parse_request_uri($uri); return; } @@ -88,12 +85,10 @@ class CI_URI { return; } - // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists? - $path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO')); - if (trim($path, '/') != '' && $path != "/".SELF) + // As a last ditch effort lets try using the $_GET array + if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') { - // remove path and script information so we have good URI data - $this->uri_string = $path; + $this->uri_string = key($_GET); return; } @@ -106,7 +101,7 @@ class CI_URI { if ($uri == 'REQUEST_URI') { - $this->uri_string = $this->_parse_request_uri(); + $this->uri_string = $this->_parse_request_uri($this->_get_request_uri()); return; } @@ -123,36 +118,68 @@ class CI_URI { // -------------------------------------------------------------------- /** - * Parse the REQUEST_URI + * Get REQUEST_URI * - * Due to the way REQUEST_URI works it usually contains path info - * that makes it unusable as URI data. We'll trim off the unnecessary - * data, hopefully arriving at a valid URI that we can use. + * Retrieves the REQUEST_URI, or equivelent for IIS. * * @access private * @return string */ - function _parse_request_uri() + function _get_request_uri() { - if ( ! isset($_SERVER['REQUEST_URI']) OR $_SERVER['REQUEST_URI'] == '') + $uri = FALSE; + + // Let's check for standard servers first + if (isset($_SERVER['REQUEST_URI'])) { - return ''; + $uri = $_SERVER['REQUEST_URI']; + if (strpos($uri, $_SERVER['HTTP_HOST']) !== FALSE) + { + $uri = preg_replace('/^\w+:\/\/[^\/]+/','',$uri); + } } - - $request_uri = preg_replace("|/(.*)|", "\\1", str_replace("\\", "/", $_SERVER['REQUEST_URI'])); - - if ($request_uri == '' OR $request_uri == SELF) + // Now lets check for IIS + elseif (isset($_SERVER['HTTP_X_REWRITE_URL'])) { - return ''; + $uri = $_SERVER['HTTP_X_REWRITE_URL']; + } + // Last ditch effort (for older CGI servers, like IIS 5) + elseif (isset($_SERVER['ORIG_PATH_INFO'])) + { + $uri = $_SERVER['ORIG_PATH_INFO']; + if ( ! empty($_SERVER['QUERY_STRING'])) + { + $uri .= '?'.$_SERVER['QUERY_STRING']; + } } - $fc_path = FCPATH.SELF; - if (strpos($request_uri, '?') !== FALSE) + return $uri; + } + + // -------------------------------------------------------------------- + + /** + * Parse REQUEST_URI + * + * Due to the way REQUEST_URI works it usually contains path info + * that makes it unusable as URI data. We'll trim off the unnecessary + * data, hopefully arriving at a valid URI that we can use. + * + * @access private + * @param string + * @return string + */ + function _parse_request_uri($uri) + { + // Some server's require URL's like index.php?/whatever If that is the case, + // then we need to add that to our parsing. + $fc_path = ltrim(FCPATH.SELF, '/'); + if (strpos($uri, SELF.'?') !== FALSE) { $fc_path .= '?'; } - $parsed_uri = explode("/", $request_uri); + $parsed_uri = explode('/', ltrim($uri, '/')); $i = 0; foreach(explode("/", $fc_path) as $segment) @@ -163,14 +190,25 @@ class CI_URI { } } - $parsed_uri = implode("/", array_slice($parsed_uri, $i)); + $uri = implode("/", array_slice($parsed_uri, $i)); + + // Let's take off any query string and re-assign $_SERVER['QUERY_STRING'] and $_GET. + // This is only needed on some servers. However, we are forced to use it to accomodate + // them. + if (($qs_pos = strpos($uri, '?')) !== FALSE) + { + $_SERVER['QUERY_STRING'] = substr($uri, $qs_pos + 1); + parse_str($_SERVER['QUERY_STRING'], $_GET); + $uri = substr($uri, 0, $qs_pos); + } - if ($parsed_uri != '') + // If it is just a / or index.php then just empty it. + if ($uri == '/' || $uri == SELF) { - $parsed_uri = '/'.$parsed_uri; + $uri = ''; } - return $parsed_uri; + return $uri; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 2280e8ea67f94e67f2c803e804fb1b8125b579b0 Mon Sep 17 00:00:00 2001 From: Dan Horrigan Date: Wed, 15 Dec 2010 10:16:38 -0500 Subject: Added the regex_match Form Validation rule. Had to change how the rules are split so that no regex breaks the rule splitting. --- system/language/english/form_validation_lang.php | 1 + system/libraries/Form_validation.php | 30 ++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/language/english/form_validation_lang.php b/system/language/english/form_validation_lang.php index 99ed70a5c..b01885091 100644 --- a/system/language/english/form_validation_lang.php +++ b/system/language/english/form_validation_lang.php @@ -15,6 +15,7 @@ $lang['alpha_dash'] = "The %s field may only contain alpha-numeric characters, $lang['numeric'] = "The %s field must contain only numbers."; $lang['is_numeric'] = "The %s field must contain only numeric characters."; $lang['integer'] = "The %s field must contain an integer."; +$lang['regex_match'] = "The %s field is not in the correct format."; $lang['matches'] = "The %s field does not match the %s field."; $lang['is_natural'] = "The %s field must contain only positive numbers."; $lang['is_natural_no_zero'] = "The %s field must contain a number greater than zero."; diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index bf3689058..38f50fa41 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -339,7 +339,13 @@ class CI_Form_validation { } } - $this->_execute($row, explode('|', $row['rules']), $this->_field_data[$field]['postdata']); + preg_match_all('/([a-zA-Z_-]*(\[.*\])?)\|?/i', $row['rules'], $matches); + + $rules = $matches[1]; + array_pop($rules); + unset($matches); + + $this->_execute($row, $rules, $this->_field_data[$field]['postdata']); } // Did we end up with any errors? @@ -576,7 +582,7 @@ class CI_Form_validation { // Strip the parameter (if exists) from the rule // Rules can contain a parameter: max_length[5] $param = FALSE; - if (preg_match("/(.*?)\[(.*?)\]/", $rule, $match)) + if (preg_match("/(.*?)\[(.*)\]/", $rule, $match)) { $rule = $match[1]; $param = $match[2]; @@ -888,6 +894,26 @@ class CI_Form_validation { // -------------------------------------------------------------------- + /** + * Performs a Regular Expression match test. + * + * @access public + * @param string + * @param regex + * @return bool + */ + function regex_match($str, $regex) + { + if ( ! preg_match($regex, $str)) + { + return FALSE; + } + + return TRUE; + } + + // -------------------------------------------------------------------- + /** * Match one field to another * -- cgit v1.2.3-24-g4f1b From 48c718c4cbe4419411623b709f898d3d9a7d7aef Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Thu, 30 Dec 2010 23:40:02 +0000 Subject: Added support for calling controllers, methods and passing parameters via command line, either automatically or specifically with $config['uri_protocol'] = 'CLI'; --- system/core/URI.php | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) (limited to 'system') diff --git a/system/core/URI.php b/system/core/URI.php index 047e3c9bc..479a225fb 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -68,6 +68,13 @@ class CI_URI { return; } + // Arguments exist, it must be a command line request + if ( ! empty($_SERVER['argv'])) + { + $this->uri_string = $this->_parse_cli_args(); + return; + } + // Is there a PATH_INFO variable? // Note: some servers seem to have trouble with getenv() so we'll test it two ways $path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO'); @@ -104,6 +111,11 @@ class CI_URI { $this->uri_string = $this->_parse_request_uri($this->_get_request_uri()); return; } + elseif ($uri == 'CLI') + { + $this->uri_string = $this->_parse_cli_args(); + return; + } $this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri); } @@ -144,7 +156,7 @@ class CI_URI { { $uri = $_SERVER['HTTP_X_REWRITE_URL']; } - + // Last ditch effort (for older CGI servers, like IIS 5) elseif (isset($_SERVER['ORIG_PATH_INFO'])) { @@ -171,7 +183,7 @@ class CI_URI { * @param string * @return string */ - function _parse_request_uri($uri) + private function _parse_request_uri($uri) { // Some server's require URL's like index.php?/whatever If that is the case, // then we need to add that to our parsing. @@ -215,6 +227,23 @@ class CI_URI { // -------------------------------------------------------------------- + /** + * Parse cli arguments + * + * Take each command line argument and assume it is a URI segment. + * + * @access private + * @return string + */ + private function _parse_cli_args() + { + $args = array_slice($_SERVER['argv'], 1); + + return $args ? '/' . implode('/', $args) : ''; + } + + // -------------------------------------------------------------------- + /** * Filter segments for malicious characters * @@ -524,7 +553,7 @@ class CI_URI { { $leading = '/'; $trailing = '/'; - + if ($where == 'trailing') { $leading = ''; @@ -533,7 +562,7 @@ class CI_URI { { $trailing = ''; } - + return $leading.$this->$which($n).$trailing; } -- cgit v1.2.3-24-g4f1b From 5c561805bd9ae6a4ad5d202277c34a879617b683 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 5 Jan 2011 16:31:59 +0000 Subject: If the data is an array output them one at a time. E.g: form_input('name[]', set_value('name[]'); --- system/libraries/Form_validation.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'system') diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 38f50fa41..f45760024 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -736,6 +736,13 @@ class CI_Form_validation { return $default; } + // If the data is an array output them one at a time. + // E.g: form_input('name[]', set_value('name[]'); + if (is_array($this->_field_data[$field]['postdata'])) + { + return array_shift($this->_field_data[$field]['postdata']); + } + return $this->_field_data[$field]['postdata']; } -- cgit v1.2.3-24-g4f1b From 27324cd6ae2b076d3346e3585f312f7a61a5a897 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 5 Jan 2011 16:32:57 +0000 Subject: Use arrays in DBForge for constraint for things like decimal, float, numeric, enum and set. --- system/database/drivers/mysql/mysql_forge.php | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'system') diff --git a/system/database/drivers/mysql/mysql_forge.php b/system/database/drivers/mysql/mysql_forge.php index 8faf69550..35845d6af 100644 --- a/system/database/drivers/mysql/mysql_forge.php +++ b/system/database/drivers/mysql/mysql_forge.php @@ -87,11 +87,26 @@ class CI_DB_mysql_forge extends CI_DB_forge { if (array_key_exists('TYPE', $attributes)) { $sql .= ' '.$attributes['TYPE']; - } - if (array_key_exists('CONSTRAINT', $attributes)) - { - $sql .= '('.$attributes['CONSTRAINT'].')'; + if (array_key_exists('CONSTRAINT', $attributes)) + { + switch ($attributes['TYPE']) + { + case 'decimal': + case 'float': + case 'numeric': + $sql .= '('.implode(',', $attributes['CONSTRAINT']).')'; + break; + + case 'enum': + case 'set': + $sql .= '("'.implode('","', $attributes['CONSTRAINT']).'")'; + break; + + default: + $sql .= '('.$attributes['CONSTRAINT'].')'; + } + } } if (array_key_exists('UNSIGNED', $attributes) && $attributes['UNSIGNED'] === TRUE) -- cgit v1.2.3-24-g4f1b