diff options
author | Andrey Andreev <narf@devilix.net> | 2015-10-12 16:16:35 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-10-12 16:16:35 +0200 |
commit | 3013f53c59a5d2550a126b1493cf8262bd62dd53 (patch) | |
tree | 772e9b569a65e8567c366671373a2700c2028445 /user_guide_src/source/libraries | |
parent | 30f593bbb3408d0c076f2453818c68a7c5c59248 (diff) | |
parent | 36a055e49b040e6f18be7bce5e010c2a90d2f44f (diff) |
Merge branch '3.0-stable' into develop
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r-- | user_guide_src/source/libraries/encryption.rst | 2 | ||||
-rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 5 | ||||
-rw-r--r-- | user_guide_src/source/libraries/security.rst | 19 | ||||
-rw-r--r-- | user_guide_src/source/libraries/sessions.rst | 19 |
4 files changed, 22 insertions, 23 deletions
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 599be4df0..cac4b7921 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -75,7 +75,7 @@ process that allows you to be the only one who is able to decrypt data that you've decided to hide from the eyes of the public. After one key is used to encrypt data, that same key provides the **only** means to decrypt it, so not only must you chose one carefully, but you -must not lose it or you will also use the encrypted data. +must not lose it or you will also lose access to the data. It must be noted that to ensure maximum security, such key *should* not only be as strong as possible, but also often changed. Such behavior diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 140bbc65d..c288cc8c0 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -547,7 +547,10 @@ All of the native error messages are located in the following language file: **system/language/english/form_validation_lang.php** To set your own global custom message for a rule, you can either -edit that file, or use the following method:: +extend/override the language file by creating your own in +**application/language/english/form_validation_lang.php** (read more +about this in the :doc:`Language Class <language>` documentation), +or use the following method:: $this->form_validation->set_message('rule', 'Error Message'); diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 305a8e57c..f7604ef00 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -16,20 +16,11 @@ application, processing input data for security. XSS Filtering ************* -CodeIgniter comes with a Cross Site Scripting Hack prevention filter -which can either run automatically to filter all POST and COOKIE data -that is encountered, or you can run it on a per item basis. By default -it does **not** run globally since it requires a bit of processing -overhead, and since you may not need it in all cases. - -The XSS filter looks for commonly used techniques to trigger Javascript -or other types of code that attempt to hijack cookies or do other -malicious things. If anything disallowed is encountered it is rendered -safe by converting the data to character entities. - -Note: This function should only be used to deal with data upon -submission. It's not something that should be used for general runtime -processing since it requires a fair amount of processing overhead. +CodeIgniter comes with a Cross Site Scripting prevention filter, which +looks for commonly used techniques to trigger JavaScript or other types +of code that attempt to hijack cookies or do other malicious things. +If anything disallowed is encountered it is rendered safe by converting +the data to character entities. To filter data through the XSS filter use the ``xss_clean()`` method:: diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 2034ed2b0..9c9761bbf 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -598,7 +598,6 @@ For MySQL:: `ip_address` varchar(45) NOT NULL, `timestamp` int(10) unsigned DEFAULT 0 NOT NULL, `data` blob NOT NULL, - PRIMARY KEY (id), KEY `ci_sessions_timestamp` (`timestamp`) ); @@ -608,17 +607,23 @@ For PostgreSQL:: "id" varchar(40) NOT NULL, "ip_address" varchar(45) NOT NULL, "timestamp" bigint DEFAULT 0 NOT NULL, - "data" text DEFAULT '' NOT NULL, - PRIMARY KEY ("id") + "data" text DEFAULT '' NOT NULL ); CREATE INDEX "ci_sessions_timestamp" ON "ci_sessions" ("timestamp"); -However, if you want to turn on the *sess_match_ip* setting, you should -also do the following, after creating the table:: +You will also need to add a PRIMARY KEY **depending on your 'sess_match_ip' +setting**. The examples below work both on MySQL and PostgreSQL:: + + // When sess_match_ip = TRUE + ALTER TABLE ci_sessions ADD PRIMARY KEY (id, ip_address); + + // When sess_match_ip = FALSE + ALTER TABLE ci_sessions ADD PRIMARY KEY (id); + + // To drop a previously created primary key (use when changing the setting) + ALTER TABLE ci_sessions DROP PRIMARY KEY; - // Works both on MySQL and PostgreSQL - ALTER TABLE ci_sessions ADD CONSTRAINT ci_sessions_id_ip UNIQUE (id, ip_address); .. important:: Only MySQL and PostgreSQL databases are officially supported, due to lack of advisory locking mechanisms on other |