Merge upstream
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 0a6a2af..20f1faf 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Form Validation Class
*
@@ -48,9 +46,6 @@
protected $error_string = '';
protected $_safe_form_data = FALSE;
- /**
- * Constructor
- */
public function __construct($rules = array())
{
$this->CI =& get_instance();
@@ -67,7 +62,7 @@
mb_internal_encoding($this->CI->config->item('charset'));
}
- log_message('debug', "Form Validation Class Initialized");
+ log_message('debug', 'Form Validation Class Initialized');
}
// --------------------------------------------------------------------
@@ -179,7 +174,6 @@
}
$this->_error_messages = array_merge($this->_error_messages, $lang);
-
return $this;
}
@@ -198,7 +192,6 @@
{
$this->_error_prefix = $prefix;
$this->_error_suffix = $suffix;
-
return $this;
}
@@ -304,7 +297,7 @@
// Is there a validation rule for the particular URI being accessed?
$uri = ($group == '') ? trim($this->CI->uri->ruri_string(), '/') : $group;
- if ($uri != '' AND isset($this->_config_rules[$uri]))
+ if ($uri != '' && isset($this->_config_rules[$uri]))
{
$this->set_rules($this->_config_rules[$uri]);
}
@@ -313,10 +306,10 @@
$this->set_rules($this->_config_rules);
}
- // We're we able to set the rules correctly?
+ // Were we able to set the rules correctly?
if (count($this->_field_data) === 0)
{
- log_message('debug', "Unable to find validation rules");
+ log_message('debug', 'Unable to find validation rules');
return FALSE;
}
}
@@ -330,17 +323,13 @@
{
// Fetch the data from the corresponding $_POST array and cache it in the _field_data array.
// Depending on whether the field name is an array or a string will determine where we get it from.
-
if ($row['is_array'] === TRUE)
{
$this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']);
}
- else
+ elseif (isset($_POST[$field]) && $_POST[$field] != '')
{
- if (isset($_POST[$field]) AND $_POST[$field] != "")
- {
- $this->_field_data[$field]['postdata'] = $_POST[$field];
- }
+ $this->_field_data[$field]['postdata'] = $_POST[$field];
}
$this->_execute($row, explode('|', $row['rules']), $this->_field_data[$field]['postdata']);
@@ -348,7 +337,6 @@
// Did we end up with any errors?
$total_errors = count($this->_error_array);
-
if ($total_errors > 0)
{
$this->_safe_form_data = TRUE;
@@ -385,7 +373,7 @@
/**
* Re-populate the _POST array with our finalized and processed data
*
- * @return null
+ * @return void
*/
protected function _reset_post_array()
{
@@ -462,14 +450,12 @@
return;
}
- // --------------------------------------------------------------------
-
// If the field is blank, but NOT required, no further tests are necessary
$callback = FALSE;
- if ( ! in_array('required', $rules) AND is_null($postdata))
+ if ( ! in_array('required', $rules) && is_null($postdata))
{
// Before we bail out, does the rule contain a callback?
- if (preg_match("/(callback_\w+(\[.*?\])?)/", implode(' ', $rules), $match))
+ if (preg_match('/(callback_\w+(\[.*?\])?)/', implode(' ', $rules), $match))
{
$callback = TRUE;
$rules = (array('1' => $match[1]));
@@ -480,10 +466,8 @@
}
}
- // --------------------------------------------------------------------
-
// Isset Test. Typically this rule will only apply to checkboxes.
- if (is_null($postdata) AND $callback === FALSE)
+ if (is_null($postdata) && $callback === FALSE)
{
if (in_array('isset', $rules, TRUE) OR in_array('required', $rules))
{
@@ -526,7 +510,7 @@
// We set the $postdata variable with the current data in our master array so that
// each cycle of the loop is dealing with the processed data from the last cycle
- if ($row['is_array'] == TRUE AND is_array($this->_field_data[$row['field']]['postdata']))
+ if ($row['is_array'] == TRUE && is_array($this->_field_data[$row['field']]['postdata']))
{
// We shouldn't need this safety, but just in case there isn't an array index
// associated with this cycle we'll bail out
@@ -543,11 +527,9 @@
$postdata = $this->_field_data[$row['field']]['postdata'];
}
- // --------------------------------------------------------------------
-
// Is the rule a callback?
$callback = FALSE;
- if (substr($rule, 0, 9) == 'callback_')
+ if (strpos($rule, 'callback_') === 0)
{
$rule = substr($rule, 9);
$callback = TRUE;
@@ -556,7 +538,7 @@
// Strip the parameter (if exists) from the rule
// Rules can contain a parameter: max_length[5]
$param = FALSE;
- if (preg_match("/(.*?)\[(.*)\]/", $rule, $match))
+ if (preg_match('/(.*?)\[(.*)\]/', $rule, $match))
{
$rule = $match[1];
$param = $match[2];
@@ -567,11 +549,14 @@
{
if ( ! method_exists($this->CI, $rule))
{
- continue;
+ log_message('debug', 'Unable to find callback validation rule: '.$rule);
+ $result = FALSE;
}
-
- // Run the function and grab the result
- $result = $this->CI->$rule($postdata, $param);
+ else
+ {
+ // Run the function and grab the result
+ $result = $this->CI->$rule($postdata, $param);
+ }
// Re-assign the result to the master data array
if ($_in_array === TRUE)
@@ -584,7 +569,7 @@
}
// If the field isn't required and we just processed a callback we'll move on...
- if ( ! in_array('required', $rules, TRUE) AND $result !== FALSE)
+ if ( ! in_array('required', $rules, TRUE) && $result !== FALSE)
{
continue;
}
@@ -597,7 +582,7 @@
// Users can use any native PHP function call that has one param.
if (function_exists($rule))
{
- $result = $rule($postdata);
+ $result = ($param !== FALSE) ? $rule($postdata, $param) : $rule($postdata);
if ($_in_array === TRUE)
{
@@ -610,13 +595,14 @@
}
else
{
- log_message('debug', "Unable to find validation rule: ".$rule);
+ log_message('debug', 'Unable to find validation rule: '.$rule);
+ $result = FALSE;
}
-
- continue;
}
-
- $result = $this->$rule($postdata, $param);
+ else
+ {
+ $result = $this->$rule($postdata, $param);
+ }
if ($_in_array === TRUE)
{
@@ -628,7 +614,7 @@
}
}
- // Did the rule test negatively? If so, grab the error.
+ // Did the rule test negatively? If so, grab the error.
if ($result === FALSE)
{
if ( ! isset($this->_error_messages[$rule]))
@@ -644,7 +630,7 @@
}
// Is the parameter we are inserting into the error message the name
- // of another field? If so we need to grab its "field label"
+ // of another field? If so we need to grab its "field label"
if (isset($this->_field_data[$param], $this->_field_data[$param]['label']))
{
$param = $this->_translate_fieldname($this->_field_data[$param]['label']);
@@ -678,7 +664,7 @@
{
// Do we need to translate the field name?
// We look for the prefix lang: to determine this
- if (substr($fieldname, 0, 5) === 'lang:')
+ if (strpos($fieldname, 'lang:') === 0)
{
// Grab the variable
$line = substr($fieldname, 5);
@@ -738,15 +724,10 @@
{
if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata']))
{
- if ($default === TRUE AND count($this->_field_data) === 0)
- {
- return ' selected="selected"';
- }
- return '';
+ return ($default === TRUE && count($this->_field_data) === 0) ? ' selected="selected"' : '';
}
$field = $this->_field_data[$field]['postdata'];
-
if (is_array($field))
{
if ( ! in_array($value, $field))
@@ -754,12 +735,9 @@
return '';
}
}
- else
+ elseif (($field == '' OR $value == '') OR ($field != $value))
{
- if (($field == '' OR $value == '') OR ($field != $value))
- {
- return '';
- }
+ return '';
}
return ' selected="selected"';
@@ -781,15 +759,10 @@
{
if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata']))
{
- if ($default === TRUE AND count($this->_field_data) === 0)
- {
- return ' checked="checked"';
- }
- return '';
+ return ($default === TRUE && count($this->_field_data) === 0) ? ' checked="checked"' : '';
}
$field = $this->_field_data[$field]['postdata'];
-
if (is_array($field))
{
if ( ! in_array($value, $field))
@@ -797,12 +770,9 @@
return '';
}
}
- else
+ elseif (($field == '' OR $value == '') OR ($field != $value))
{
- if (($field == '' OR $value == '') OR ($field != $value))
- {
- return '';
- }
+ return '';
}
return ' checked="checked"';
@@ -869,9 +839,7 @@
return FALSE;
}
- $field = $_POST[$field];
-
- return ($str === $field);
+ return ($str === $_POST[$field]);
}
// --------------------------------------------------------------------
@@ -908,7 +876,7 @@
*/
public function min_length($str, $val)
{
- if (preg_match("/[^0-9]/", $val))
+ if (preg_match('/[^0-9]/', $val))
{
return FALSE;
}
@@ -932,7 +900,7 @@
*/
public function max_length($str, $val)
{
- if (preg_match("/[^0-9]/", $val))
+ if (preg_match('/[^0-9]/', $val))
{
return FALSE;
}
@@ -956,7 +924,7 @@
*/
public function exact_length($str, $val)
{
- if (preg_match("/[^0-9]/", $val))
+ if (preg_match('/[^0-9]/', $val))
{
return FALSE;
}
@@ -1077,19 +1045,6 @@
// --------------------------------------------------------------------
/**
- * Is Numeric
- *
- * @param string
- * @return bool
- */
- public function is_numeric($str)
- {
- return is_numeric($str);
- }
-
- // --------------------------------------------------------------------
-
- /**
* Integer
*
* @param string
@@ -1170,7 +1125,7 @@
*/
public function is_natural_no_zero($str)
{
- return ($str != 0 AND preg_match('/^[0-9]+$/', $str));
+ return ($str != 0 && preg_match('/^[0-9]+$/', $str));
}
// --------------------------------------------------------------------
@@ -1217,7 +1172,7 @@
return $data;
}
- return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data));
+ return str_replace(array("'", '"', '<', '>'), array(''', '"', '<', '>'), stripslashes($data));
}
// --------------------------------------------------------------------
@@ -1230,14 +1185,14 @@
*/
public function prep_url($str = '')
{
- if ($str == 'http://' OR $str == '')
+ if ($str === 'http://' OR $str == '')
{
return '';
}
- if (substr($str, 0, 7) !== 'http://' && substr($str, 0, 8) !== 'https://')
+ if (strpos($str, 'http://') !== 0 && strpos($str, 'https://') !== 0)
{
- $str = 'http://'.$str;
+ return 'http://'.$str;
}
return $str;
@@ -1283,7 +1238,6 @@
}
}
-// END Form Validation Class
/* End of file Form_validation.php */
/* Location: ./system/libraries/Form_validation.php */
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 10f5507..04ce202 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -54,13 +54,13 @@
- Added max_filename_increment config setting for Upload library.
- CI_Loader::_ci_autoloader() is now a protected method.
- - Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Form Validation library <libraries/form_validation>`.
- - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname)
+ - Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Input library <libraries/input>` (also used by :doc:`Form Validation library <libraries/form_validation>`).
+ - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname)
- Cart library changes include:
- It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites.
- Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe"
- Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability
- - Image manipulation library changes include:
+ - :doc:`Image Manipulation library <libraries/image_lib>` changes include:
- The initialize() method now only sets existing class properties.
- Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them.
- Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method
@@ -68,6 +68,10 @@
- Minor speed optimizations and method & property visibility declarations in the Calendar Library.
- Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`.
- Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional.
+ - :doc:`Form Validation library <libraries/form_validation>` changes include:
+ - _execute() now considers input data to be invalid if a specified rule is not found.
+ - Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (the 'is_numeric' rule itself is deprecated since 1.6.1).
+ - Native PHP functions used as rules can now accept an additional parameter, other than the data itself.
- Core
@@ -100,11 +104,12 @@
- Fixed a bug (#561) - Errors in :doc:`XML-RPC Library <libraries/xmlrpc>` were not properly escaped.
- Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used.
- Fixed a hosting edge case where an empty $_SERVER['HTTPS'] variable would evaluate to 'on'
+- Fixed a bug (#11, #183, #863) - CI_Form_validation::_execute() silently continued to the next rule, if a rule method/function is not found.
Version 2.1.0
=============
-Release Date: Not Released
+Release Date: November 14, 2011
- General Changes
diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst
index e7875bc..999ab36 100644
--- a/user_guide_src/source/libraries/form_validation.rst
+++ b/user_guide_src/source/libraries/form_validation.rst
@@ -321,7 +321,7 @@
function, which removes malicious data.
**Any native PHP function that accepts one parameter can be used as a
-rule, like htmlspecialchars, trim, MD5, etc.**
+rule, like htmlspecialchars, trim, md5, etc.**
.. note:: You will generally want to use the prepping functions
**after** the validation rules so if there is an error, the original
@@ -857,8 +857,9 @@
$this->form_validation->required($string);
-.. note:: You can also use any native PHP functions that permit one
- parameter.
+.. note:: You can also use any native PHP functions that permit up
+ to two parameters, where at least one is required (to pass
+ the field data).
******************
Prepping Reference