Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into errors

timw4mail · timw4mail · commit 249204b67d9d · 2012-05-21T08:38:39.000-04:00
diff --git a/application/config/routes.php b/application/config/routes.php
@@ -64,7 +64,7 @@
 |
 */
 
-$route['default_controller'] = "welcome";
+$route['default_controller'] = 'welcome';
 $route['404_override'] = '';
 
 /* End of file routes.php */
diff --git a/system/core/Security.php b/system/core/Security.php
@@ -831,7 +831,7 @@ protected function _csrf_set_hash()
 			// each page load since a page could contain embedded
 			// sub-pages causing this feature to fail
 			if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
-				$_COOKIE[$this->_csrf_cookie_name] != '')
+				preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
 			{
 				return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
 			}
@@ -846,4 +846,4 @@ protected function _csrf_set_hash()
 }
 
 /* End of file Security.php */
-/* Location: ./system/core/Security.php */
+/* Location: ./system/core/Security.php */
diff --git a/system/database/DB_result.php b/system/database/DB_result.php
@@ -370,6 +370,19 @@ public function previous_row($type = 'object')
 
 	// --------------------------------------------------------------------
 
+	/**
+	 * Returns an unbuffered row and move pointer to next row
+	 *
+	 * @return	mixed	either a result object or array
+	 */
+	public function unbuffered_row($type = 'object')
+	{
+		return ($type !== 'array') ? $this->_fetch_object() : $this->_fetch_assoc();
+		
+	}
+
+	// --------------------------------------------------------------------
+	
 	/**
 	 * The following functions are normally overloaded by the identically named
 	 * methods in the platform-specific driver -- except when query caching
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
@@ -103,6 +103,7 @@ Release Date: Not Released
    -  Added PDO support for create_database(), drop_database and drop_table() in :doc:`Database Forge <database/forge>`.
    -  Added MSSQL, SQLSRV support for optimize_table() in :doc:`Database Utility <database/utilities>`.
    -  Improved CUBRID support for list_databases() in :doc:`Database Utility <database/utilities>` (until now only the currently used database was returned).
+   -  Added unbuffered_row() function for getting a row without prefetching whole result (consume less memory)
 
 -  Libraries
 
@@ -242,7 +243,9 @@ Bug fixes for 2.1.1
 -  Fixed a bug - form_open() compared $action against site_url() instead of base_url().
 -  Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.
 -  Fixed a bug (#538) - Windows paths were ignored when using the :doc:`Image Manipulation Library <libraries/image_lib>` to create a new file.
--  Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found
+-  Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.
+-  Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
+-  Fixed a bug (#726) - PDO put a 'dbname' argument in it's connection string regardless of the database platform in use, which made it impossible to use SQLite.
 
 Version 2.1.0
 =============
diff --git a/user_guide_src/source/database/results.rst b/user_guide_src/source/database/results.rst
@@ -136,6 +136,26 @@ parameter:
 	| **$row = $query->next_row('array')**
 	| **$row = $query->previous_row('array')**
 
+.. note:: all the functions above will load the whole result into memory (prefetching) use unbuffered_row() for processing large result sets.
+
+unbuffered_row($type)
+=====
+
+This function returns a single result row without prefetching the whole result in memory as row() does.
+If your query has more than one row, it returns the current row and moves the internal data pointer ahead. 
+The result is returned as $type could be 'object' (default) or 'array' that will return an associative array.
+
+
+
+	$query = $this->db->query("YOUR QUERY");
+	
+	while ($row = $query->unbuffered_row())
+	{	
+		echo $row->title;
+		echo $row->name;
+		echo $row->body;
+	}
+
 ***********************
 Result Helper Functions
 ***********************

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@`
`64`	`64`	`\|`
`65`	`65`	`*/`
`66`	`66`
`67`		`-$route['default_controller'] = "welcome";`
	`67`	`+$route['default_controller'] = 'welcome';`
`68`	`68`	`$route['404_override'] = '';`
`69`	`69`
`70`	`70`	`/* End of file routes.php */`
Original file line number	Diff line number	Diff line change
`@@ -831,7 +831,7 @@ protected function _csrf_set_hash()`
`831`	`831`	`// each page load since a page could contain embedded`
`832`	`832`	`// sub-pages causing this feature to fail`
`833`	`833`	`if (isset($_COOKIE[$this->_csrf_cookie_name]) &&`
`834`		`- $_COOKIE[$this->_csrf_cookie_name] != '')`
	`834`	`+ preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)`
`835`	`835`	`{`
`836`	`836`	`return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];`
`837`	`837`	`}`
`@@ -846,4 +846,4 @@ protected function _csrf_set_hash()`
`846`	`846`	`}`
`847`	`847`
`848`	`848`	`/* End of file Security.php */`
`849`		`-/* Location: ./system/core/Security.php */`
	`849`	`+/* Location: ./system/core/Security.php */`