summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/changelog.rst
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-11-07 13:23:29 +0100
committerAndrey Andreev <narf@bofh.bg>2012-11-07 13:23:29 +0100
commite9d2dc85b9cb255aae235635576972e4b7dbd5a8 (patch)
tree139d0ecbef12a87fabb34c64bc77e4d0e2670176 /user_guide_src/source/changelog.rst
parent17e11cdf1c6ff23f00c3deb2a39a40ffeb446f5c (diff)
Added function_usable() to common functions
It is now used to check whether dangerous functions like eval() and exec() are available. It appears that the Suhosin extension (which is becoming popular) terminates script execution instead of returning e.g. FALSE when it has a function blacklisted. function_exists() checks are insufficient and our only option is to check the ini settings here. Filed an issue here: https://github.com/stefanesser/suhosin/issues/18 ... hopefully we'll be able to deal with this in a more elegant way in the future. (this commit supersedes PR #1809)
Diffstat (limited to 'user_guide_src/source/changelog.rst')
-rw-r--r--user_guide_src/source/changelog.rst2
1 files changed, 2 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index f4cb90c71..dfb21a210 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -54,6 +54,7 @@ Release Date: Not Released
- Changed environment defaults to report all errors in *development* and only fatal ones in *testing*, *production* but only display them in *development*.
- Updated *ip_address* database field lengths from 16 to 45 for supporting IPv6 address on :doc:`Trackback Library <libraries/trackback>` and :doc:`Captcha Helper <helpers/captcha_helper>`.
- Removed *cheatsheets* and *quick_reference* PDFs from the documentation.
+ - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required.
- Helpers
@@ -270,6 +271,7 @@ Release Date: Not Released
- Removed redundant conditional to determine HTTP server protocol in ``set_status_header()``.
- Changed ``_exception_handler()`` to respect php.ini *display_errors* setting.
- Added function ``is_https()`` to check if a secure connection is used.
+ - Added function ``function_usable()`` to check if a function exists and is not disabled by `Suhosin <http://www.hardened-php.net/suhosin/>`.
- Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE).
- Renamed method ``_call_hook()`` to ``call_hook()`` in the :doc:`Hooks Library <general/hooks>`.
- :doc:`Output Library <libraries/output>` changes include: