Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 15,506
» Latest member: SkyRipper
» Forum threads: 70,572
» Forum posts: 362,954

Full Statistics

Latest Threads
Help with RIGHT JOIN con...
Forum: General Help
25 minutes ago
» Replies: 7   » Views: 108
Localization duplicate pa...
Forum: CodeIgniter 4 Support
1 hour ago
» Replies: 1   » Views: 73
HTTPS option for php spar...
Forum: CodeIgniter 4 Feature Requests
2 hours ago
» Replies: 2   » Views: 107
High error rate at TechEm...
Forum: Choosing CodeIgniter
6 hours ago
» Replies: 0   » Views: 59
CI3 or CI4
Forum: Choosing CodeIgniter
7 hours ago
» Replies: 4   » Views: 162
Array inside array
Forum: CodeIgniter 3.x
10 hours ago
» Replies: 6   » Views: 374
Property type hints in Co...
Forum: CodeIgniter 4 Discussion
11 hours ago
» Replies: 18   » Views: 529
Important News about Jim ...
Forum: News & Discussion
11 hours ago
» Replies: 66   » Views: 15,397
How to include TinyFileMa...
Forum: General Help
Today, 07:52 AM
» Replies: 3   » Views: 112
CI forum moderators neede...
Forum: News & Discussion
Today, 07:30 AM
» Replies: 8   » Views: 229

 
  Creating New Databases and Tables
Posted by: El Forum - 07-10-2007, 09:30 AM - Forum: Archived Development & Programming - Replies (3)

[eluser]BrandonDurham[/eluser]
I'm trying to create a new database on the fly and drop a couple of tables into it and I'm having some problems. CI doesn't see to have a way to add tables to a newly-created database via its CI Database functions. I can easily create the new database with:

Code:
$this->dbutil->create_database($db);

But I have no idea how to add tables to that newly-created database. I saw in this thread where Shadowhand mentions using str_replace, but I'm not sure what they mean.

Suggestions? I appreciate any help.

Thank you.


  Extending Controller & _output()
Posted by: El Forum - 07-10-2007, 07:58 AM - Forum: Archived General Discussion - Replies (1)

[eluser]Unknown[/eluser]
I'm new to CI.

I want to extend the main Controller so that a function will be included in all of my controllers.
My problem is the view within views. I've found a view library that seems to do the job i want. But I don't want to have to keep doing

Code:
$this->view->part('left_column', 'left_column.php');  // (file extensions added for clarity)
$this->view->part('right_column', 'right_column.php');
...
$this->view->load('main_template');

in every controller.
So I wanted to put a _output function in every controller by default. If I put the _output function in every controller, it works fine. But again, it's having to put the same code in every page.

Which is where extending the base controller would come in.
However, when I tried to extend the controller using
Code:
<?php

class MY_Controller extends CI_Controller
{
    function _output($string)
    {
        echo "_output()<br/>";
    }
}
?&gt;
in system/application/libraries/MY_Controller.php I get
Quote:Fatal error: Class 'CI_Controller' not found in C:\Documents and Settings\Luke\My Documents\Web Sites\dating\index\system\application\libraries\MY_Controller.php on line 3
When I change "CI_Controller" to "Controller" it works fine. But it doesn't call the _output function.

I suppose I could just create a normal output function and include it as a helper or something and then pass the controller through as an object, but it's not very elegant.

My end plan is to run the controller as normal and then load a single particular view (eg login/register page). Once the view is loaded and processed via normal methods, the _output function takes over and inserts the view loaded into the correct place in a 'global' template/view (eg header tags, navigation bars).

Anyone have any pointers on how to do this?


  New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities
Posted by: El Forum - 07-10-2007, 07:19 AM - Forum: Archived Development & Programming - Replies (10)

[eluser]Jumper[/eluser]
Below is a copy of a new entry in "full-disclosure" mailing list (security mailing list)
Section 3 below looks pretty bad. Especially because there is no fix even in the SVN..

Quote:CodeIgniter 1.5.3 vulnerabilities

1. _sanitize_globals() global variables unsetting By setting e.g. "_SERVER=anonymous" cookie in the browser, an attacker can cause the _sanitize_globals() method to remove $_SERVER array or any other global variable.

Solution: fixed in SVN (28.06.2007)


2. "enable_query_strings" path traversal $_GET["c"] variable is vulnerable to path traversal, if enable_query_strings=TRUE is set in config.php. Example:
http://localhost/index.php?c=../../logs/log-2007-06-24

Solution: fixed in SVN (28.06.2007)


3. xss_clean() XSS vulnerability
Examples:
xss_clean('ss &lt;script
a='&gt;'>alert/**/('!');//*/&lt;/script&lt;/script &gt;&gt;");

Solution: partially fixed in SVN (26.06.2007) I suggest using HTML Purifier in place of xss_clean()


4. redirect() header injection
redirect() function in url_helper.php is vulnerable to header injection attacks (PHP < 4.4.2 or PHP < 5.1.2). Example:
redirect("\r\nSet-Cookie: Test=X");

Solution: filter user data before passing to redirect() function (in PHP < 4.4.2 or PHP < 5.1.2)


Best regards,
Łukasz Pilorz


  [possible optimization] Info Request about loading views
Posted by: El Forum - 07-10-2007, 06:35 AM - Forum: Archived General Discussion - Replies (1)

[eluser]marcalj[/eluser]
Hello everybody!

I'm worried about the proceeding of loading views. I see that the loader is duplicating a lot of data in the proceeding.

I don't know exactly how internally PHP manage the memory. Probably would be better to use more references creating new variables or catching it in the function definition.

Example:

In Loader.php (page 551) replace

Code:
// Set the default data variables
        foreach (array('view', 'vars', 'path', 'return') as $val)
        {
            $$val = ( ! isset($data[$val])) ? FALSE : $data[$val];
        }
for
Code:
foreach( array('view', 'vars', 'path', 'return') as $val )
{
    if( isset($data[$val]) )
    {
        $$val = &$data[$val];
    }
    else
    {
        $$val = FALSE;
    }
}
Note the "&" for "linking" memory.

This is one example of how to increase performance. Do I am right?

I find confusing the loader method because in my controllers I send a lot of "memory" to views:
Code:
$this->load->view( "example_view", $this->vAlotOfData );
. I can access in views with "$this" and the separated variables... so I find strange the loader method.

What do you think?

Have a nice day Smile


  mySQL into Active Record
Posted by: El Forum - 07-10-2007, 06:29 AM - Forum: Archived Development & Programming - Replies (3)

[eluser]KJTED[/eluser]
Hello everyone,
I'm having a problem converting a traditional MySQL query into one that uses the Active Record class.

The query I have is

Code:
$sql = 'SELECT * , diary . id as diaryID FROM `diary` JOIN jobs on jobs . id = diary . jobID JOIN users on users . id = diary . userID JOIN clients On clients . id = jobs . clientID LIMIT 0, 30 ';

I've managed to get this so far
Code:
$this->db->select('*');
$this->db->from('diary');
$this->db->join('jobs', 'jobs.id = diary.jobID');
$this->db->join('users', 'users.id = diary.userID');
$this->db->join('clients', 'clients.id = jobs.clientID');
$this->db->where('jobs.id', $this->id);

but I'm having problems with putting the following slice into my Active Record query
Code:
'SELECT * , diary . id as diaryID

Does anyone know how to do this? I've looked into the documentation but there doesn't seem to be anything on this.

Thanks

KJ


  Check if Image exists in folder
Posted by: El Forum - 07-10-2007, 05:14 AM - Forum: Archived Development & Programming - Replies (2)

[eluser]woracal[/eluser]
I need to display several images in a page. Some thumbnails images may not exist so I need to display an alternate image instead. Basically, i need to check if an image exists and display an alternative if it does not. Any comments would help.


  How to extend all my models?
Posted by: El Forum - 07-10-2007, 02:25 AM - Forum: Archived Development & Programming - Replies (4)

[eluser]MpaK69[/eluser]
Sorry for some stupid question.

But I want to extend all my models with some my methods like as set, get, update, save and more... or I can extend only Core classes?


  What time is it Mr Wolf? Issues with timespan :D
Posted by: El Forum - 07-09-2007, 11:38 PM - Forum: Archived Development & Programming - No Replies

[eluser]CI Lee[/eluser]
Hello All,

I was trying to find an answer to another problem, simple and in hindsight very easy; however no matter how I phrased it I could not find any topics that referenced it. So I had to ask in a post...

This may seem simple to some but I am sure it may help others in the future and by bolstering the search results, reducing the novice questions.

I am building a CMS and I would like to alert the user when something has reached a threshold in time. Now its rudimentary but it works... kinda(get to that in a second) this is what I have

Code:
<div id="date" style="float:right; width:90%" >
                <p>&lt;? if ( $row->date <= strtotime("-30 days") ) { ?&gt;
                    <span style="color:red">
            &lt;? }
                else { ?&gt;
                    <span>
            &lt;?    } ?&gt; &lt;?=timespan($row->date)?&gt; ago</p>
            </div>&lt;!-- /date --&gt;

Great now that I have figured that part out lets make some post...

Wait a minute, kept saying "1 second ago" even though it was posted one minute ago...

So I went through my checklist and confirmed that the date was indeed being passed from as a unix time format, the date is being inserted into the database correctly... then I found it!

The posts have somehow generated 1.21 Gigawatts of power and hit 88 mph.. my post is in the future.

So the post was saying "1 second ago" because the date has not become a date in the past yet, even though it has passed... yeah too late for things like that. Turns out it was an issue with the local dev server, live server it runs fine.


-Lee


  Authlib and flashdata
Posted by: El Forum - 07-09-2007, 10:48 PM - Forum: Archived Development & Programming - No Replies

[eluser]schnoodles[/eluser]
Hello, i am currently using Authlib on my site and it works a treat, only problem is i find that when i use Db_session and set some flashdata and then in my header i do a

if ( flashdata ) echo flashdata

This works good but i found that when i go to some other pages it still keeps the flashdata without getting rid of it so i played around and i tried adding

&lt;?php $this->db_session->_flashdata_sweep(); ?&gt;

into my footer but this still didnt seem to sweep all the flashdata, does anyone know how i can clear the flashdata at the bottom of every page so none of it will transfer between pages.


  subtle gotcha using query bindings
Posted by: El Forum - 07-09-2007, 07:22 PM - Forum: Archived Development & Programming - Replies (1)

[eluser]Bacteria Man[/eluser]
I ran into one of those subtle gotchas that makes perfect sense once the reason for it is identified.

I have a query string which uses a single binding:

$sql = "SELECT DISTINCT(rp.permissions) FROM role r INNER JOIN role_permissions rp ON rp.role_id = r.role_id WHERE r.role_id IN (?)";

The query call looks like this:

$query = $this->db->query($sql, array('roles' => $roles));

...where $roles equals "2,3" (i.e. a comma delimited string with numeric values)

The problem is that CI (and properly so) escapes the string which produces:

SELECT DISTINCT(rp.permissions) FROM role r INNER JOIN role_permissions rp ON rp.role_id = r.role_id WHERE r.role_id IN ('2,3')

As a result MySQL interprets only the first value and drops any subsequent ones.

The obvious solution is to include the $roles variable inline as

$sql = "SELECT DISTINCT(rp.permissions) FROM role r INNER JOIN role_permissions rp ON rp.role_id = r.role_id WHERE r.role_id IN ($roles)";

Using a fixed number of question marks wasn't practical because the number of comma-delimited values can vary from query to query.

This is ordinarily not a good idea, but in this case the risk is minimal because there's no user-inputted data to contend with.

Perhaps this will save someone a little time.



  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.