Merge pull request #2343 from QOX/develop
Fixed problem for transaction test mode.
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
index 35c36cb..0aae987 100644
--- a/application/config/user_agents.php
+++ b/application/config/user_agents.php
@@ -208,13 +208,15 @@
$robots = array(
'googlebot' => 'Googlebot',
'msnbot' => 'MSNBot',
+ 'baiduspider' => 'Baiduspider',
'bingbot' => 'Bing',
'slurp' => 'Inktomi Slurp',
'yahoo' => 'Yahoo',
'askjeeves' => 'AskJeeves',
'fastcrawler' => 'FastCrawler',
'infoseek' => 'InfoSeek Robot 1.0',
- 'lycos' => 'Lycos'
+ 'lycos' => 'Lycos',
+ 'yandex' => 'YandexBot'
);
/* End of file user_agents.php */
diff --git a/composer.json b/composer.json
index e21aaed..2971576 100644
--- a/composer.json
+++ b/composer.json
@@ -1,9 +1,10 @@
{
- "name" : "ellislab/codeigniter",
- "require": {
- "php": ">=5.2.4"
- },
- "require-dev": {
- "mikey179/vfsStream": "*"
- }
+ "description" : "Dependencies for CodeIgniter's testing environment",
+ "name" : "ellislab/codeigniter",
+ "require": {
+ "php": ">=5.2.4"
+ },
+ "require-dev": {
+ "mikey179/vfsStream": "*"
+ }
}
\ No newline at end of file
diff --git a/index.php b/index.php
index c6314da..cfb003e 100755
--- a/index.php
+++ b/index.php
@@ -255,7 +255,7 @@
if (($_temp = realpath($view_folder)) !== FALSE)
{
- $view_folder = realpath($view_folder).'/';
+ $view_folder = $_temp.'/';
}
else
{
diff --git a/system/core/Common.php b/system/core/Common.php
index 10c2237..b4f0c38 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -92,7 +92,7 @@
*/
if (is_dir($file))
{
- $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
+ $file = rtrim($file, '/').'/'.md5(mt_rand());
if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE)
{
return FALSE;
@@ -359,7 +359,7 @@
*
* This function lets us invoke the exception class and
* display errors using the standard error template located
- * in application/errors/errors.php
+ * in application/views/errors/error_general.php
* This function will send the error page directly to the
* browser and exit.
*
diff --git a/system/core/Input.php b/system/core/Input.php
index 8d491e0..6690b7f 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -153,17 +153,39 @@
*/
protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE)
{
- if ( ! isset($array[$index]))
+ if (isset($array[$index]))
+ {
+ $value = $array[$index];
+ }
+ elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation
+ {
+ $value = $array;
+ for ($i = 0; $i < $count; $i++)
+ {
+ $key = trim($matches[0][$i], '[]');
+ if ($key === '') // Empty notation will return the value as array
+ {
+ break;
+ }
+
+ if (isset($value[$key]))
+ {
+ $value = $value[$key];
+ }
+ else
+ {
+ return NULL;
+ }
+ }
+ }
+ else
{
return NULL;
}
- if ($xss_clean === TRUE)
- {
- return $this->security->xss_clean($array[$index]);
- }
-
- return $array[$index];
+ return ($xss_clean === TRUE)
+ ? $this->security->xss_clean($value)
+ : $value;
}
// --------------------------------------------------------------------
diff --git a/system/core/Security.php b/system/core/Security.php
index 7aae54e..196d611 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -488,8 +488,7 @@
{
if ($this->_xss_hash === '')
{
- mt_srand();
- $this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
+ $this->_xss_hash = md5(uniqid(mt_rand()));
}
return $this->_xss_hash;
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index b78f35a..9239dc1 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1208,13 +1208,8 @@
}
else
{
- /* We have no other choice but to just get the first element's key.
- * Due to array_shift() accepting it's argument by reference, if
- * E_STRICT is on, this would trigger a warning. So we'll have to
- * assign it first.
- */
- $key = array_keys($row);
- $key = array_shift($key);
+ // We have no other choice but to just get the first element's key.
+ $key = key($row);
}
}
@@ -1614,7 +1609,7 @@
* @param string the error message
* @param string any "swap" values
* @param bool whether to localize the message
- * @return string sends the application/error_db.php template
+ * @return string sends the application/views/errors/error_db.php template
*/
public function display_error($error = '', $swap = '', $native = FALSE)
{
@@ -1711,7 +1706,10 @@
// If a parenthesis is found we know that we do not need to
// escape the data or add a prefix. There's probably a more graceful
// way to deal with this, but I'm not thinking of it -- Rick
- if (strpos($item, '(') !== FALSE)
+ //
+ // Added exception for single quotes as well, we don't want to alter
+ // literal strings. -- Narf
+ if (strpos($item, '(') !== FALSE OR strpos($item, "'") !== FALSE)
{
return $item;
}
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 692909c..2002d42 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -261,7 +261,6 @@
unset($data['value']); // textareas don't use the value attribute
}
- $name = is_array($data) ? $data['name'] : $data;
return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, TRUE)."</textarea>\n";
}
}
@@ -642,14 +641,13 @@
*/
function set_value($field = '', $default = '', $is_textarea = FALSE)
{
- if (FALSE === ($OBJ =& _get_validation_object()))
- {
- return isset($_POST[$field])
- ? form_prep($_POST[$field], $is_textarea)
- : form_prep($default, $is_textarea);
- }
+ $CI =& get_instance();
- return form_prep($OBJ->set_value($field, $default), $is_textarea);
+ $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
+ ? $CI->form_validation->set_value($field, $default)
+ : $CI->input->post($field, FALSE);
+
+ return form_prep($value === NULL ? $default : $value, $is_textarea);
}
}
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php
index b7b0697..edc300b 100644
--- a/system/libraries/Cart.php
+++ b/system/libraries/Cart.php
@@ -51,7 +51,7 @@
*
* @var string
*/
- public $product_name_rules = '\.\:\-_ a-z0-9';
+ public $product_name_rules = '\w \-\.\:';
/**
* only allow safe product names
@@ -214,7 +214,7 @@
// Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods.
// Note: These can be user-specified by setting the $this->product_name_rules variable.
- if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name']))
+ if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name']))
{
log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces');
return FALSE;
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
index c6a1cb1..8ac5420 100644
--- a/system/libraries/Encrypt.php
+++ b/system/libraries/Encrypt.php
@@ -244,7 +244,7 @@
$rand = '';
do
{
- $rand .= mt_rand(0, mt_getrandmax());
+ $rand .= mt_rand();
}
while (strlen($rand) < 32);
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 172e799..1ed5084 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -836,6 +836,21 @@
// --------------------------------------------------------------------
/**
+ * Checks if the rule is present within the validator
+ *
+ * Permits you to check if a rule is present within the validator
+ *
+ * @param string the field name
+ * @return bool
+ */
+ public function has_rule($field)
+ {
+ return isset($this->_field_data[$field]);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Get the value from a form
*
* Permits you to repopulate a form field with the value it was submitted
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 0e86441..7174d63 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -641,7 +641,7 @@
$new_sessid = '';
do
{
- $new_sessid .= mt_rand(0, mt_getrandmax());
+ $new_sessid .= mt_rand();
}
while (strlen($new_sessid) < 32);
@@ -832,7 +832,6 @@
$probability = ini_get('session.gc_probability');
$divisor = ini_get('session.gc_divisor');
- srand(time());
if ((mt_rand(0, $divisor) / $divisor) < $probability)
{
$expire = $this->now - $this->sess_expiration;
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 1c14f99..7c48b42 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -366,25 +366,25 @@
switch ($error)
{
- case 1: // UPLOAD_ERR_INI_SIZE
+ case UPLOAD_ERR_INI_SIZE:
$this->set_error('upload_file_exceeds_limit');
break;
- case 2: // UPLOAD_ERR_FORM_SIZE
+ case UPLOAD_ERR_FORM_SIZE:
$this->set_error('upload_file_exceeds_form_limit');
break;
- case 3: // UPLOAD_ERR_PARTIAL
+ case UPLOAD_ERR_PARTIAL:
$this->set_error('upload_file_partial');
break;
- case 4: // UPLOAD_ERR_NO_FILE
+ case UPLOAD_ERR_NO_FILE:
$this->set_error('upload_no_file_selected');
break;
- case 6: // UPLOAD_ERR_NO_TMP_DIR
+ case UPLOAD_ERR_NO_TMP_DIR:
$this->set_error('upload_no_temp_directory');
break;
- case 7: // UPLOAD_ERR_CANT_WRITE
+ case UPLOAD_ERR_CANT_WRITE:
$this->set_error('upload_unable_to_write_file');
break;
- case 8: // UPLOAD_ERR_EXTENSION
+ case UPLOAD_ERR_EXTENSION:
$this->set_error('upload_stopped_by_extension');
break;
default:
@@ -604,7 +604,6 @@
{
if ($this->encrypt_name === TRUE)
{
- mt_srand();
$filename = md5(uniqid(mt_rand())).$this->file_ext;
}
diff --git a/tests/codeigniter/core/Loader_test.php b/tests/codeigniter/core/Loader_test.php
index dea01a5..e75d0d5 100644
--- a/tests/codeigniter/core/Loader_test.php
+++ b/tests/codeigniter/core/Loader_test.php
@@ -220,7 +220,7 @@
// Test name conflict
$obj = 'conflict';
- $this->ci_obj->$obj = new StdClass();
+ $this->ci_obj->$obj = new stdClass();
$this->setExpectedException(
'RuntimeException',
'CI Error: The model name you are loading is the name of a resource that is already being used: '.$obj
diff --git a/tests/mocks/ci_testcase.php b/tests/mocks/ci_testcase.php
index f164929..ad4fe5a 100644
--- a/tests/mocks/ci_testcase.php
+++ b/tests/mocks/ci_testcase.php
@@ -27,7 +27,7 @@
public function __construct()
{
parent::__construct();
- $this->ci_instance = new StdClass();
+ $this->ci_instance = new stdClass();
}
// --------------------------------------------------------------------
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 0e45a0e..86907ca 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -221,6 +221,7 @@
- *Product Name* strictness can be disabled by switching the ``$product_name_safe`` property to FALSE.
- Added method ``remove()`` to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility.
- Added method ``get_item()`` to enable retrieving data for a single cart item.
+ - Added unicode support for product names.
- :doc:`Image Manipulation library <libraries/image_lib>` changes include:
- The ``initialize()`` method now only sets existing class properties.
- Added support for 3-length hex color values for *wm_font_color* and *wm_shadow_color* properties, as well as validation for them.
@@ -304,6 +305,7 @@
- Changed method ``valid_ip()`` to use PHP's native ``filter_var()`` function.
- Changed internal method ``_sanitize_globals()`` to skip enforcing reversal of *register_globals* in PHP 5.4+, where this functionality no longer exists.
- Changed methods ``get()``, ``post()``, ``get_post()``, ``cookie()``, ``server()``, ``user_agent()`` to return NULL instead of FALSE when no value is found.
+ - Changed method ``_fetch_from_array()`` to parse array notation in field name.
- :doc:`Common functions <general/common_functions>` changes include:
- Added function :php:func:`get_mimes()` to return the *application/config/mimes.php* array.
- Added support for HTTP code 303 ("See Other") in :php:func:`set_status_header()`.
@@ -481,13 +483,16 @@
- Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array.
- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE.
- Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values.
-- Fixed a bug - :doc:`DB result <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
+- Fixed a bug - :doc:`Database Results <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
- Fixed a bug (#73) - :doc:`Security Library <libraries/security>` method ``sanitize_filename()`` could be tricked by an XSS attack.
- Fixed a bug (#2211) - :doc:`Migration Library <libraries/migration>` extensions couldn't execute ``CI_Migration::__construct()``.
- Fixed a bug (#2255) - :doc:`Email Library <libraries/email>` didn't apply ``smtp_timeout`` to socket reads and writes.
- Fixed a bug (#2239) - :doc:`Email Library <libraries/email>` improperly handled the Subject when used with ``bcc_batch_mode`` resulting in E_WARNING messages and an empty Subject.
- Fixed a bug (#2234) - :doc:`Query Builder <database/query_builder>` didn't reset JOIN cache for write-type queries.
- Fixed a bug (#2298) - :doc:`Database Results <database/results>` method `next_row()` kept returning the last row, allowing for infinite loops.
+- Fixed a bug (#2236) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't parse array notation for keys if the rule was not present in the :doc:`Form Validation Library <libraries/form_validation>`.
+- Fixed a bug (#2353) - :doc:`Query Builder <database/query_builder>` erroneously prefixed literal strings with **dbprefix**.
+- Fixed a bug (#78) - :doc:`Cart Library <libraries/cart>` didn't allow non-English letters in product names.
Version 2.1.3
=============
diff --git a/user_guide_src/source/general/errors.rst b/user_guide_src/source/general/errors.rst
index 441cedb..a247c1b 100644
--- a/user_guide_src/source/general/errors.rst
+++ b/user_guide_src/source/general/errors.rst
@@ -42,7 +42,7 @@
This function will display the error message supplied to it using the
following error template::
- application/errors/error_general.php
+ application/views/errors/error_general.php
The optional parameter ``$status_code`` determines what HTTP status
code should be sent with the error. If ``$status_code`` is less than 100,
@@ -64,7 +64,7 @@
This function will display the 404 error message supplied to it using
the following error template::
- application/errors/error_404.php
+ application/views/errors/error_404.php
The function expects the string passed to it to be the file path to the
page that isn't found. The exit status code will be set to ``EXIT_UNKNOWN_FILE``.
diff --git a/user_guide_src/source/general/managing_apps.rst b/user_guide_src/source/general/managing_apps.rst
index afb1aba..3ca0e03 100644
--- a/user_guide_src/source/general/managing_apps.rst
+++ b/user_guide_src/source/general/managing_apps.rst
@@ -21,7 +21,7 @@
=====================================
It is possible to move your application directory to a different
-location on your server than your system directory. To do so open
+location on your server than your web root. To do so open
your main index.php and set a *full server path* in the
``$application_folder`` variable::
diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst
index 0c6dfe8..123257f 100644
--- a/user_guide_src/source/general/routing.rst
+++ b/user_guide_src/source/general/routing.rst
@@ -163,7 +163,7 @@
requested controller is not found. It will override the default 404
error page. It won't affect to the ``show_404()`` function, which will
continue loading the default *error_404.php* file at
-*application/errors/error_404.php*.
+*application/views/errors/error_404.php*.
.. important:: The reserved routes must come before any wildcard or
regular expression routes.
\ No newline at end of file
diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst
index 984ca84..3f93443 100644
--- a/user_guide_src/source/general/security.rst
+++ b/user_guide_src/source/general/security.rst
@@ -15,11 +15,12 @@
- Alpha-numeric text (latin characters only)
- Tilde: ~
+- Percent sign: %
- Period: .
- Colon: :
- Underscore: \_
- Dash: -
-- Pipe: |
+- Space
Register_globals
=================
diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst
index a55f189..39629ec 100644
--- a/user_guide_src/source/libraries/email.rst
+++ b/user_guide_src/source/libraries/email.rst
@@ -43,7 +43,7 @@
Setting Email Preferences
=========================
-There are 17 different preferences available to tailor how your email
+There are 21 different preferences available to tailor how your email
messages are sent. You can either set them manually as described here,
or automatically via preferences stored in your config file, described
below: