diff options
| author | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-08-26 10:58:53 +0200 |
|---|---|---|
| committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-08-26 10:58:53 +0200 |
| commit | a6aa8beaa98fac53c2cc15972bf3d1400d0c4f6a (patch) | |
| tree | 292e04610b55d963ea19a14c805d75b6e90ea9a5 /user_guide | |
| parent | 38e4a7765642f8945bf1c7668eb35e3a9de8cbb8 (diff) | |
| parent | b1099b3d3d6908a0b35a0d5a804b4b6e4fd57f66 (diff) | |
Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop
Diffstat (limited to 'user_guide')
| -rw-r--r-- | user_guide/changelog.html | 23 | ||||
| -rw-r--r-- | user_guide/database/active_record.html | 7 | ||||
| -rw-r--r-- | user_guide/general/common_functions.html | 2 | ||||
| -rw-r--r-- | user_guide/helpers/date_helper.html | 14 | ||||
| -rw-r--r-- | user_guide/installation/index.html | 4 | ||||
| -rw-r--r-- | user_guide/installation/upgrade_203.html | 2 | ||||
| -rw-r--r-- | user_guide/libraries/file_uploading.html | 7 | ||||
| -rw-r--r-- | user_guide/libraries/form_validation.html | 7 | ||||
| -rw-r--r-- | user_guide/libraries/security.html | 3 |
9 files changed, 66 insertions, 3 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index e2df11b86..ff04787cf 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -66,6 +66,8 @@ Change Log <li>General Changes <ul> <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> + <li class="reactor">Ability to log certain error types, not all under a threshold.</li> + <li class="reactor">Added html_escape() to <a href="general/common_functions.html">Common functions</a> to escape HTML output for preventing XSS.</li> </ul> </li> <li>Helpers @@ -77,8 +79,11 @@ Change Log </li> <li>Database <ul> - <li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="libraries/database.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> + <li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="database/index.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> <li class="reactor">Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li> + <li class="reactor"> + Added additional option 'none' for the optional third argument for <kbd>$this->db->like()</kbd> in the <a href="database/active_record.html">Database Driver</a>. + </li> </ul> </li> <li>Libraries @@ -87,6 +92,13 @@ Change Log <li class="reactor">Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation Library</a>.</li> <li class="reactor">Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li> <li class="reactor">Driver children can be located in any package path.</li> + <li class="reactor">Added max_filename_increment config setting for Upload library.</li> + <li><samp>CI_Loader::_ci_autoloader()</samp> is now a protected method.</li> + </ul> + </li> + <li>Core + <ul> + <li class="reactor">Changed private functions in CI_URI to protected so MY_URI can override them.</li> </ul> </li> </ul> @@ -100,6 +112,9 @@ Change Log <li class="reactor">Fixed a bug (#200) where MySQL queries would be malformed after calling <samp>count_all()</samp> then <samp>db->get()</samp></li> <li>Fixed a bug (#181) where a mis-spelling was in the form validation language file.</li> <li>Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.</li> + <li>Fixed a bug (#150) - <samp>field_data()</samp> now correctly returns column length.</li> + <li>Fixed a bug (#8) - <samp>load_class()</samp> now looks for core classes in <samp>APPPATH</samp> first, allowing them to be replaced.</li> + <li>Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().</li> </ul> <h2>Version 2.0.3</h2> @@ -119,7 +134,13 @@ Change Log <li>Visual updates to the welcome_message view file and default error templates. Thanks to <a href="https://bitbucket.org/danijelb">danijelb</a> for the pull request.</li> <li class="reactor">Added <samp>insert_batch()</samp> function to the PostgreSQL database driver. Thanks to epallerols for the patch.</li> <li class="reactor">Added "application/x-csv" to mimes.php.</li> + <li class="reactor">Added CSRF protection URI whitelisting.</li> <li>Fixed a bug where <a href="libraries/email.html">Email library</a> attachments with a "." in the name would using invalid MIME-types.</li> + <li>Added support for pem,p10,p12,p7a,p7c,p7m,p7r,p7s,crt,crl,der,kdb,rsa,cer,sst,csr Certs to mimes.php.</li> + <li>Added support pgp,gpg to mimes.php.</li> + <li>Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.</li> + <li>Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php.</li> + </ul> </li> <li>Helpers diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html index 6609d287e..92d9614d5 100644 --- a/user_guide/database/active_record.html +++ b/user_guide/database/active_record.html @@ -334,6 +334,13 @@ $this->db->or_where('id >', $id); $this->db->like('title', 'match', 'both'); <br /> // Produces: WHERE title LIKE '%match%' </code> </li> +If you do not want to use the wildcard (%) you can pass to the optional third argument the option 'none'. + +<code> + $this->db->like('title', 'match', 'none'); <br /> +// Produces: WHERE title LIKE 'match' +</code> + <li><strong>Associative array method:</strong> <code> diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html index 65457759d..7cff6321c 100644 --- a/user_guide/general/common_functions.html +++ b/user_guide/general/common_functions.html @@ -104,6 +104,8 @@ else<br /> <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p> +<h2>html_escape(<var>$mixed</var>)</h2> +<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p> </div> diff --git a/user_guide/helpers/date_helper.html b/user_guide/helpers/date_helper.html index f930ea3ae..5b00e25e0 100644 --- a/user_guide/helpers/date_helper.html +++ b/user_guide/helpers/date_helper.html @@ -234,6 +234,20 @@ $unix = human_to_unix($human);</code> +<h2>nice_date()</h2> + +<p>This function can take a number poorly-formed date formats and convert them into something useful. It also accepts well-formed dates.</p> +<p>The function will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:</p> + +<code>$bad_time = 199605<br /> +<br /> +// Should Produce: 1996-05-01<br /> +$better_time = nice_date($bad_time,'Y-m-d');<br /> +<br /> +$bad_time = 9-11-2001<br /> +// Should Produce: 2001-09-11<br /> +$better_time = nice_date($human,'Y-m-d');</code> + <h2>timespan()</h2> diff --git a/user_guide/installation/index.html b/user_guide/installation/index.html index 5e8ab3883..84338e2e6 100644 --- a/user_guide/installation/index.html +++ b/user_guide/installation/index.html @@ -72,7 +72,9 @@ variables at the top of the file with the new name you've chosen.</p> <p>For the best security, both the <dfn>system</dfn> and any <dfn>application</dfn> folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn't abide by the .htaccess.</p> -<p>After moving them, open your main <kdb>index.php</kbd> file and set the <samp>$system_folder</samp> and <samp>$application_folder</samp> variables, preferably with a full path, e.g. '<dfn>/www/MyUser/system</dfn>'.</p> +<p>If you would like to keep your views public it is also possible to move the <dfn>views</dfn> folder out of your application folder.</p> + +<p>After moving them, open your main <kdb>index.php</kbd> file and set the <samp>$system_folder</samp>, <samp>$application_folder</samp> and <samp>$view_folder</samp> variables, preferably with a full path, e.g. '<dfn>/www/MyUser/system</dfn>'.</p> <p> One additional measure to take in production environments is to disable diff --git a/user_guide/installation/upgrade_203.html b/user_guide/installation/upgrade_203.html index 1d37a055d..04899832d 100644 --- a/user_guide/installation/upgrade_203.html +++ b/user_guide/installation/upgrade_203.html @@ -81,7 +81,7 @@ Upgrading from 2.0.2 to 2.0.3 <h2>Step 5: Remove APPPATH.'third_party' from autoload.php</h2> -<p>Open application/autoload.php, and look for the following:</p> +<p>Open application/config/autoload.php, and look for the following:</p> <code>$autoload['packages'] = array(APPPATH.'third_party');</code> diff --git a/user_guide/libraries/file_uploading.html b/user_guide/libraries/file_uploading.html index a88c67220..94b219355 100644 --- a/user_guide/libraries/file_uploading.html +++ b/user_guide/libraries/file_uploading.html @@ -305,6 +305,13 @@ $this->upload->initialize($config);</code> </tr> <tr> +<td class="td"><strong>max_filename_increment</strong></td> +<td class="td">100</td> +<td class="td">None</td> +<td class="td">When overwrite is set to FALSE, use this to set the maximum filename increment for CodeIgniter to append to the filename.</td> +</tr> + +<tr> <td class="td"><strong>encrypt_name</strong></td> <td class="td">FALSE</td> <td class="td">TRUE/FALSE (boolean)</td> diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html index d9d8a4502..ede1913e0 100644 --- a/user_guide/libraries/form_validation.html +++ b/user_guide/libraries/form_validation.html @@ -1042,6 +1042,13 @@ POST array:</p> </tr> <tr> + <td class="td"><strong>is_unique</strong></td> + <td class="td">Yes</td> + <td class="td">Returns FALSE if the form element is not unique in a database table.</td> + <td class="td">is_unique[table.field]</td> + </tr> + + <tr> <td class="td"><strong>valid_email</strong></td> <td class="td">No</td> <td class="td">Returns FALSE if the form element does not contain a valid email address.</td> diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html index dd62a4386..cbe12d852 100644 --- a/user_guide/libraries/security.html +++ b/user_guide/libraries/security.html @@ -116,6 +116,9 @@ Note: This function should only be used to deal with data upon submission. It's <p>If you use the <a href="../helpers/form_helper.html">form helper</a> the <var>form_open()</var> function will automatically insert a hidden csrf field in your forms.</p> +<p>Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:</p> +<code>$config['csrf_exclude_uris'] = array('api/person/add');</code> + </div> <!-- END CONTENT --> |