Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop

author: Greg Aker <greg@gregaker.net> 2011-08-30 02:31:48 +0200
committer: Greg Aker <greg@gregaker.net> 2011-08-30 02:31:48 +0200
commit: b50df5f018176c0cd0ad498e9c710a2b0b016a80 (patch)
tree: 95733dbbcc348a92aad5d979db2e5da471859c25 /user_guide
parent: c964e72aabc3a646dbb82f6bf609e9532e75d011 (diff)
parent: d7a28663344fbb760134b5623b8cb441f4875f80 (diff)
6 files changed, 29 insertions, 9 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 9d8fd2b54..978b710be 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -65,19 +65,22 @@ Change Log
 <ul>
 	<li>General Changes
 		<ul>
+			<li class="reactor">Added Android to the list of user agents.</li>
 			<li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li>
 			<li class="reactor">Ability to log certain error types, not all under a threshold.</li>
+			<li class="reactor">Added html_escape() to <a href="general/common_functions.html">Common functions</a> to escape HTML output for preventing XSS.</li>
 		</ul>
 	</li>
 	<li>Helpers
 		<ul>
 			<li class="reactor">Added <samp>increment_string()</samp> to <a href="helpers/string_helper.html">String Helper</a> to turn "foo" into "foo-1" or "foo-1" into "foo-2".</li>
         	<li>Altered form helper - made action on form_open_multipart helper function call optional.  Fixes (#65)</li>
+			<li><samp>url_title()</samp> will now trim extra dashes from beginning and end.</li>
 		</ul>
 	</li>
 	<li>Database
 		<ul>
-			<li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="libraries/database.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li>
+			<li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="database/index.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li>
 			<li class="reactor">Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li>
 			<li class="reactor">
 				Added additional option 'none' for the optional third argument for  <kbd>$this->db->like()</kbd> in the <a href="database/active_record.html">Database Driver</a>.
@@ -91,6 +94,13 @@ Change Log
 			<li class="reactor">Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li>
 			<li class="reactor">Driver children can be located in any package path.</li>
 			<li class="reactor">Added max_filename_increment config setting for Upload library.</li>
+			<li><samp>CI_Loader::_ci_autoloader()</samp> is now a protected method.</li>
+			<li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li>
+		</ul>
+	</li>
+	<li>Core
+		<ul>
+			<li class="reactor">Changed private functions in CI_URI to protected so MY_URI can override them.</li>
 		</ul>
 	</li>
 </ul>
@@ -105,6 +115,9 @@ Change Log
     <li>Fixed a bug (#181) where a mis-spelling was in the form validation language file.</li>
 	<li>Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.</li>
 	<li>Fixed a bug (#150) - <samp>field_data()</samp> now correctly returns column length.</li>
+	<li>Fixed a bug (#8) - <samp>load_class()</samp> now looks for core classes in <samp>APPPATH</samp> first, allowing them to be replaced.</li>
+	<li>Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().</li>
+	<li>Fixed a bug (#85) - OCI8 (Oracle) database escape_str() function did not escape correct.</li>
 </ul>
 
 <h2>Version 2.0.3</h2>
@@ -124,7 +137,13 @@ Change Log
 			<li>Visual updates to the welcome_message view file and default error templates. Thanks to <a href="https://bitbucket.org/danijelb">danijelb</a> for the pull request.</li>
 			<li class="reactor">Added <samp>insert_batch()</samp> function to the PostgreSQL database driver.  Thanks to epallerols for the patch.</li>
 			<li class="reactor">Added "application/x-csv" to mimes.php.</li>
+			<li class="reactor">Added CSRF protection URI whitelisting.</li>
 			<li>Fixed a bug where <a href="libraries/email.html">Email library</a> attachments with a "." in the name would using invalid MIME-types.</li>
+            <li>Added support for pem,p10,p12,p7a,p7c,p7m,p7r,p7s,crt,crl,der,kdb,rsa,cer,sst,csr Certs to mimes.php.</li>
+            <li>Added support pgp,gpg to mimes.php.</li>
+            <li>Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.</li>
+            <li>Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php.</li>
+
 		</ul>
 	</li>
 	<li>Helpers
@@ -137,7 +156,6 @@ Change Log
 	<li>Libraries
 		<ul>
 			<li>Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.</li>
-			<li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li>
 			<li class="reactor">Added <kbd>$this->db->set_dbprefix()</kbd> to the <a href="database/queries.html">Database Driver</a>.</li>
 			<li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li>
 			<li class="reactor">Added <kbd>$this->load->get_var()</kbd> to the <a href="libraries/loader.html">Loader library</a> to retrieve global vars set with <kbd>$this->load->view()</kbd> and <kbd>$this->load->vars()</kbd>.</li>
diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html
index 92d9614d5..0f09e78c3 100644
--- a/user_guide/database/active_record.html
+++ b/user_guide/database/active_record.html
@@ -79,9 +79,6 @@ is generated by each database adapter.  It also allows for safer queries, since
 
 <p>The following functions allow you to build SQL <strong>SELECT</strong> statements.</p>
 
-<p><strong>Note: If you are using PHP 5 you can use method chaining for more compact syntax. This is described at the end of the page.</strong></p>
-
-
 <h2>$this->db->get();</h2>
 
 <p>Runs the selection query and returns the result.  Can be used by itself to retrieve all records from a table:</p>
@@ -532,7 +529,7 @@ $this->db->insert('mytable', $object);
 <p>Generates an insert string based on the data you supply, and runs the query. You can either pass an
 <strong>array</strong> or an <strong>object</strong> to the function.  Here is an example using an array:</p>
 
-<code> 
+<code>
 $data = array(<br/>
 &nbsp;&nbsp;&nbsp;array(<br />
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'title' => 'My title' ,<br />
@@ -544,7 +541,7 @@ $data = array(<br/>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name' => 'Another Name' ,<br />
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'date' => 'Another date'<br />
 &nbsp;&nbsp;&nbsp;)<br/>
-);<br /> 
+);<br />
 <br />
 $this->db->update_batch('mytable', $data);
 <br /><br />
diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
index 65457759d..7cff6321c 100644
--- a/user_guide/general/common_functions.html
+++ b/user_guide/general/common_functions.html
@@ -104,6 +104,8 @@ else<br />
 <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p>
 
 
+<h2>html_escape(<var>$mixed</var>)</h2>
+<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p>
 
 </div>
 
diff --git a/user_guide/helpers/url_helper.html b/user_guide/helpers/url_helper.html
index ac9d0a68e..e60e96bf0 100644
--- a/user_guide/helpers/url_helper.html
+++ b/user_guide/helpers/url_helper.html
@@ -27,7 +27,7 @@
 <div id="masthead">
 <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
 <tr>
-<td><h1>CodeIgniter User Guide Version 2.0.2</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.0.3</h1></td>
 <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
 </tr>
 </table>
diff --git a/user_guide/installation/upgrade_203.html b/user_guide/installation/upgrade_203.html
index 1d37a055d..04899832d 100644
--- a/user_guide/installation/upgrade_203.html
+++ b/user_guide/installation/upgrade_203.html
@@ -81,7 +81,7 @@ Upgrading from 2.0.2 to 2.0.3
 
 <h2>Step 5: Remove APPPATH.'third_party' from autoload.php</h2>
 
-<p>Open application/autoload.php, and look for the following:</p>
+<p>Open application/config/autoload.php, and look for the following:</p>
 
 <code>$autoload['packages'] = array(APPPATH.'third_party');</code>
 
diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html
index dd62a4386..cbe12d852 100644
--- a/user_guide/libraries/security.html
+++ b/user_guide/libraries/security.html
@@ -116,6 +116,9 @@ Note: This function should only be used to deal with data upon submission. It's
 
 <p>If you use the <a href="../helpers/form_helper.html">form helper</a> the <var>form_open()</var> function will automatically insert a hidden csrf field in your forms.</p>
 
+<p>Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:</p>
+<code>$config['csrf_exclude_uris'] = array('api/person/add');</code>
+
 </div>
 <!-- END CONTENT -->
author	Greg Aker <greg@gregaker.net>	2011-08-30 02:31:48 +0200
committer	Greg Aker <greg@gregaker.net>	2011-08-30 02:31:48 +0200
commit	b50df5f018176c0cd0ad498e9c710a2b0b016a80 (patch)
tree	95733dbbcc348a92aad5d979db2e5da471859c25 /user_guide
parent	c964e72aabc3a646dbb82f6bf609e9532e75d011 (diff)
parent	d7a28663344fbb760134b5623b8cb441f4875f80 (diff)