summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/user_agents.php2
-rw-r--r--system/database/DB_query_builder.php2
-rw-r--r--tests/mocks/ci_testcase.php2
-rw-r--r--user_guide_src/source/changelog.rst14
-rw-r--r--user_guide_src/source/libraries/file_uploading.rst2
5 files changed, 17 insertions, 5 deletions
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
index 1359bbea9..12585a065 100644
--- a/application/config/user_agents.php
+++ b/application/config/user_agents.php
@@ -61,7 +61,7 @@ $platforms = array(
$browsers = array(
'OPR' => 'Opera',
'Flock' => 'Flock',
- 'Edge' => 'Spartan',
+ 'Edge' => 'Edge',
'Chrome' => 'Chrome',
// Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string
'Opera.*?Version' => 'Opera',
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index f9bfbb5b5..3b1df5475 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1059,7 +1059,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
}
- $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape);
+ $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape);
$this->qb_where[] = $qb_where;
if ($this->qb_caching === TRUE)
{
diff --git a/tests/mocks/ci_testcase.php b/tests/mocks/ci_testcase.php
index 593685c23..4f478fb4e 100644
--- a/tests/mocks/ci_testcase.php
+++ b/tests/mocks/ci_testcase.php
@@ -24,7 +24,7 @@ class CI_TestCase extends PHPUnit_Framework_TestCase {
// --------------------------------------------------------------------
- public function __construct($name = null, array $data = [], $dataName = '')
+ public function __construct($name = null, array $data = array(), $dataName = '')
{
parent::__construct($name, $data, $dataName);
$this->ci_instance = new stdClass();
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b42b21722..4f3cb1c93 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -133,6 +133,19 @@ Version 3.1.9
Release Date: Not Released
+- **Security**
+
+ - Updated :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking.
+
+- General Changes
+
+ - Updated :doc:`Query Builder <database/query_builder>` method ``limit()`` to allow ``0`` values.
+
+Bug fixes for 3.1.9
+-------------------
+
+- Fixed a regression (#5448) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) didn't apply *dbprefix* or identifier escaping.
+- Fixed a regression (#5462) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) produced incorrect SQL syntax when used with ``'before'`` as the third parameter.
Version 3.1.8
=============
@@ -141,7 +154,6 @@ Release Date: Mar 22, 2018
- **Security**
- - Updated :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking.
- Updated :doc:`Security Library <libraries/security>` method ``xss_clean()`` to also filter JavaScript tag functions.
- Fixed a bug where :doc:`Security Library <libraries/security>` method ``xss_clean()`` didn't check for parentheses around JavaScript's ``document``.
diff --git a/user_guide_src/source/libraries/file_uploading.rst b/user_guide_src/source/libraries/file_uploading.rst
index 6d2106be8..babdc04f9 100644
--- a/user_guide_src/source/libraries/file_uploading.rst
+++ b/user_guide_src/source/libraries/file_uploading.rst
@@ -344,7 +344,7 @@ Class Reference
full_path Absolute server path, including the file name
raw_name File name, without the extension
orig_name Original file name. This is only useful if you use the encrypted name option.
- client_name File name as supplied by the client user agent, prior to any file name preparation or incrementing
+ client_name File name supplied by the client user agent, but possibly sanitized
file_ext Filename extension, period included
file_size File size in kilobytes
is_image Whether the file is an image or not. 1 = image. 0 = not.