diff options
| author | Andrey Andreev <narf@devilix.net> | 2018-04-24 13:55:10 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2018-04-24 13:55:10 +0200 |
| commit | a91c7a9f8406cee67474bd8a8c79e5098cc19e2d (patch) | |
| tree | 89dc94af9ef09b2c50e6fe8189a9b0ecfc5af8e7 /user_guide_src/source | |
| parent | d9e066b3e462525ebb15089d6e99b01d5f29c8c8 (diff) | |
| parent | 577e53feff2c7d9ea74c682e5795196c916e7687 (diff) | |
Merge branch '3.1-stable' into develop
Diffstat (limited to 'user_guide_src/source')
| -rw-r--r-- | user_guide_src/source/changelog.rst | 14 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/file_uploading.rst | 2 |
2 files changed, 14 insertions, 2 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index b42b21722..4f3cb1c93 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -133,6 +133,19 @@ Version 3.1.9 Release Date: Not Released +- **Security** + + - Updated :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. + +- General Changes + + - Updated :doc:`Query Builder <database/query_builder>` method ``limit()`` to allow ``0`` values. + +Bug fixes for 3.1.9 +------------------- + +- Fixed a regression (#5448) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) didn't apply *dbprefix* or identifier escaping. +- Fixed a regression (#5462) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) produced incorrect SQL syntax when used with ``'before'`` as the third parameter. Version 3.1.8 ============= @@ -141,7 +154,6 @@ Release Date: Mar 22, 2018 - **Security** - - Updated :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. - Updated :doc:`Security Library <libraries/security>` method ``xss_clean()`` to also filter JavaScript tag functions. - Fixed a bug where :doc:`Security Library <libraries/security>` method ``xss_clean()`` didn't check for parentheses around JavaScript's ``document``. diff --git a/user_guide_src/source/libraries/file_uploading.rst b/user_guide_src/source/libraries/file_uploading.rst index 6d2106be8..babdc04f9 100644 --- a/user_guide_src/source/libraries/file_uploading.rst +++ b/user_guide_src/source/libraries/file_uploading.rst @@ -344,7 +344,7 @@ Class Reference full_path Absolute server path, including the file name raw_name File name, without the extension orig_name Original file name. This is only useful if you use the encrypted name option. - client_name File name as supplied by the client user agent, prior to any file name preparation or incrementing + client_name File name supplied by the client user agent, but possibly sanitized file_ext Filename extension, period included file_size File size in kilobytes is_image Whether the file is an image or not. 1 = image. 0 = not. |