summaryrefslogtreecommitdiffstats
path: root/user_guide_src
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-05-31 20:20:26 +0200
committerAndrey Andreev <narf@devilix.net>2014-05-31 20:20:26 +0200
commitbebf3a0e3bce2be795accf13c49681d0c195f84d (patch)
tree4a0605760b69ad8839f2dd15b91a9344127259f2 /user_guide_src
parent657c43c142eb91f104fc86225309a8c3ebe3df12 (diff)
parent6eb77da2db93af893955b320a768054e9519dc81 (diff)
Merge branch 'develop' into feature/session
Diffstat (limited to 'user_guide_src')
-rw-r--r--user_guide_src/source/changelog.rst3
-rw-r--r--user_guide_src/source/libraries/encrypt.rst9
2 files changed, 4 insertions, 8 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index e2b37561a..8492be289 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -726,7 +726,6 @@ Bug fixes for 3.0
- Fixed a bug (#2737) - :doc:`XML-RPC Library <libraries/xmlrpc>` used objects as array keys, which triggered E_NOTICE messages.
- Fixed a bug (#2729) - :doc:`Security Library <libraries/security>` internal method ``_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives.
- Fixed a bug (#2771) - :doc:`Security Library <libraries/security>` method ``xss_clean()`` didn't take into account HTML5 entities.
-- Fixed a bug in the :doc:`Session Library <libraries/sessions>` 'cookie' driver where authentication was not performed for encrypted cookies.
- Fixed a bug (#2856) - ODBC method ``affected_rows()`` passed an incorrect value to ``odbc_num_rows()``.
- Fixed a bug (#43) :doc:`Image Manipulation Library <libraries/image_lib>` method ``text_watermark()`` didn't properly determine watermark placement.
- Fixed a bug where :doc:`HTML Table Library <libraries/table>` ignored its *auto_heading* setting if headings were not already set.
@@ -743,6 +742,7 @@ Release Date: June 2, 2014
- General Changes
- Security: :doc:`Encrypt Library <libraries/encrypt>` method ``xor_encode()`` has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.
+ - Security: The :doc:`Session Library <libraries/sessions>` now uses HMAC authentication instead of a simple MD5 checksum.
Bug fixes for 2.2.0
-------------------
@@ -751,6 +751,7 @@ Bug fixes for 2.2.0
- Fixed a bug (#696) - make ``oci_execute()`` calls inside ``num_rows()`` non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed.
- Fixed a bug (#2689) - :doc:`Database Force <database/forge>` methods ``create_table()``, ``drop_table()`` and ``rename_table()`` produced broken SQL for tge 'sqlsrv' driver.
- Fixed a bug (#2427) - PDO :doc:`Database driver <database/index>` didn't properly check for query failures.
+- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where authentication was not performed for encrypted cookies.
Version 2.1.4
=============
diff --git a/user_guide_src/source/libraries/encrypt.rst b/user_guide_src/source/libraries/encrypt.rst
index faff39975..6b65099a6 100644
--- a/user_guide_src/source/libraries/encrypt.rst
+++ b/user_guide_src/source/libraries/encrypt.rst
@@ -2,13 +2,8 @@
Encrypt Class
#############
-The Encrypt Class provides two-way data encryption. It uses a scheme
-that either compiles the message using a randomly hashed bitwise XOR
-encoding scheme, or is encrypted using the Mcrypt library. If Mcrypt is
-not available on your server the encoded message will still provide a
-reasonable degree of security for encrypted sessions or other such
-"light" purposes. If Mcrypt is available, you'll be provided with a high
-degree of security appropriate for storage.
+The Encrypt Class provides two-way data encryption. It encrypted using
+the Mcrypt PHP extension, which is required for the Encrypt Class to run.
.. important:: This library has been DEPRECATED and is only kept for
backwards compatibility. Please use the new :doc:`Encryption Library