Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop-db-driver
diff --git a/system/core/Input.php b/system/core/Input.php
index ee15f40..5a4659a 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -699,6 +699,23 @@
return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Get Request Method
+ *
+ * Return the Request Method
+ *
+ * @param bool uppercase or lowercase
+ * @return bool
+ */
+ public function method($upper = FALSE)
+ {
+ return ($upper)
+ ? strtoupper($this->server('REQUEST_METHOD'))
+ : strtolower($this->server('REQUEST_METHOD'));
+ }
+
}
/* End of file Input.php */
diff --git a/system/core/Security.php b/system/core/Security.php
index 6f25fb5..2bffa41 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -138,8 +138,8 @@
*/
public function csrf_verify()
{
- // If no POST data exists we will set the CSRF cookie
- if (count($_POST) === 0)
+ // If it's not a POST request we will set the CSRF cookie
+ if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
{
return $this->csrf_set_cookie();
}
diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php
index 668b034..4a48df2 100644
--- a/system/helpers/captcha_helper.php
+++ b/system/helpers/captcha_helper.php
@@ -5,9 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -94,16 +94,15 @@
// Remove old images
// -----------------------------------
- list($usec, $sec) = explode(" ", microtime());
- $now = ((float)$usec + (float)$sec);
+ $now = microtime(TRUE);
$current_dir = @opendir($img_path);
while ($filename = @readdir($current_dir))
{
- if ($filename != "." and $filename != ".." and $filename != "index.html")
+ if ($filename != '.' && $filename != '..' && $filename != 'index.html')
{
- $name = str_replace(".jpg", "", $filename);
+ $name = str_replace('.jpg', '', $filename);
if (($name + $expiration) < $now)
{
@@ -198,7 +197,7 @@
// Write the text
// -----------------------------------
- $use_font = ($font_path != '' AND file_exists($font_path) AND function_exists('imagettftext')) ? TRUE : FALSE;
+ $use_font = ($font_path != '' && file_exists($font_path) && function_exists('imagettftext')) ? TRUE : FALSE;
if ($use_font == FALSE)
{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index cdb3d3d..bd8b7c2 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -65,7 +65,7 @@
mb_internal_encoding($this->CI->config->item('charset'));
}
- log_message('debug', "Form Validation Class Initialized");
+ log_message('debug', 'Form Validation Class Initialized');
}
// --------------------------------------------------------------------
@@ -84,7 +84,7 @@
{
// No reason to set rules if we have no POST data
// or a validation array has not been specified
- if (count($_POST) === 0 && count($this->validation_data) === 0)
+ if ($this->CI->input->method() !== 'post' && empty($this->validation_data))
{
return $this;
}
@@ -165,9 +165,9 @@
*
* If an array is set through this method, then this array will
* be used instead of the $_POST array
- *
- * Note that if you are validating multiple arrays, then the
- * reset_validation() function should be called after validating
+ *
+ * Note that if you are validating multiple arrays, then the
+ * reset_validation() function should be called after validating
* each array due to the limitations of CI's singleton
*
* @param array $data
@@ -1156,15 +1156,14 @@
}
// --------------------------------------------------------------------
-
+
/**
* Equal to or Greater than
*
- * @access public
* @param string
* @return bool
*/
- function greater_than_equal_to($str, $min)
+ public function greater_than_equal_to($str, $min)
{
if ( ! is_numeric($str))
{
@@ -1195,11 +1194,10 @@
/**
* Equal to or Less than
*
- * @access public
* @param string
* @return bool
*/
- function less_than_equal_to($str, $max)
+ public function less_than_equal_to($str, $max)
{
if ( ! is_numeric($str))
{
@@ -1351,7 +1349,7 @@
* Prevents subsequent validation routines from being affected by the
* results of any previous validation routine due to the CI singleton.
*
- * @return void
+ * @return void
*/
public function reset_validation()
{
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b5fb52d..587c64c 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -97,6 +97,7 @@
- Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars().
- is_loaded() function from system/core/Commons.php now returns a reference.
- $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available.
+ - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD'].
Bug fixes for 3.0
------------------
@@ -146,6 +147,8 @@
- Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL.
- Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition.
- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right.
+- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`.
+- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.
Version 2.1.1
=============
diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst
index bc545b4..673fbd4 100644
--- a/user_guide_src/source/general/creating_libraries.rst
+++ b/user_guide_src/source/general/creating_libraries.rst
@@ -188,17 +188,23 @@
}
-Note: If you need to use a constructor in your class make sure you
+If you need to use a constructor in your class make sure you
extend the parent constructor::
class MY_Email extends CI_Email {
- public function __construct()
- {
- parent::__construct();
- }
+ public function __construct($config = array())
+ {
+ parent::__construct($config);
+ }
+
}
+.. note::
+ Not all of the libraries have the same (or any) parameters
+ in their constructor. Take a look at the library that you're
+ extending first to see how it should be implemented.
+
Loading Your Sub-class
----------------------
diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst
index 5aa64d0..39b389f 100644
--- a/user_guide_src/source/libraries/form_validation.rst
+++ b/user_guide_src/source/libraries/form_validation.rst
@@ -869,7 +869,7 @@
underscores or dashes.
**numeric** No Returns FALSE if the form element contains anything other than numeric characters.
**integer** No Returns FALSE if the form element contains anything other than an integer.
-**decimal** Yes Returns FALSE if the form element is not exactly the parameter value.
+**decimal** No Returns FALSE if the form element contains anything other than a decimal number.
**is_natural** No Returns FALSE if the form element contains anything other than a natural number:
0, 1, 2, 3, etc.
**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural
diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst
index bcf1173..1f2ea65 100644
--- a/user_guide_src/source/libraries/input.rst
+++ b/user_guide_src/source/libraries/input.rst
@@ -99,7 +99,7 @@
::
- $this->input->post(NULL, TRUE); // returns all POST items with XSS filter
+ $this->input->post(NULL, TRUE); // returns all POST items with XSS filter
$this->input->post(); // returns all POST items without XSS filter
$this->input->get()
@@ -119,9 +119,9 @@
::
- $this->input->get(NULL, TRUE); // returns all GET items with XSS filter
+ $this->input->get(NULL, TRUE); // returns all GET items with XSS filter
$this->input->get(); // returns all GET items without XSS filtering
-
+
$this->input->get_post()
=========================
@@ -298,3 +298,13 @@
$this->input->is_cli_request()
+$this->input->method();
+=====================================
+
+Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase).
+
+::
+
+ echo $this->input->method(TRUE); // Outputs: POST
+ echo $this->input->method(FALSE); // Outputs: post
+ echo $this->input->method(); // Outputs: post