diff options
Diffstat (limited to 'user_guide')
-rw-r--r-- | user_guide/changelog.html | 71 | ||||
-rw-r--r-- | user_guide/database/active_record.html | 11 | ||||
-rw-r--r-- | user_guide/database/configuration.html | 4 | ||||
-rw-r--r-- | user_guide/general/common_functions.html | 2 | ||||
-rw-r--r-- | user_guide/helpers/date_helper.html | 14 | ||||
-rw-r--r-- | user_guide/helpers/string_helper.html | 11 | ||||
-rw-r--r-- | user_guide/images/appflowchart.gif | bin | 25276 -> 12363 bytes | |||
-rw-r--r-- | user_guide/installation/index.html | 4 | ||||
-rw-r--r-- | user_guide/installation/upgrade_203.html | 2 | ||||
-rw-r--r-- | user_guide/libraries/cart.html | 20 | ||||
-rw-r--r-- | user_guide/libraries/file_uploading.html | 7 | ||||
-rw-r--r-- | user_guide/libraries/form_validation.html | 37 | ||||
-rw-r--r-- | user_guide/libraries/input.html | 18 | ||||
-rw-r--r-- | user_guide/libraries/security.html | 3 | ||||
-rw-r--r-- | user_guide/overview/appflow.html | 2 |
15 files changed, 165 insertions, 41 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index c52a33e5a..c030ce77c 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -59,6 +59,65 @@ Change Log <p>The <img src="images/reactor-bullet.png" width="16" height="16" alt="Reactor Marker" /> indicates items that were contributed to CodeIgniter via CodeIgniter Reactor.</p> +<h2>Version 2.1.0 (planned)</h2> +<p>Release Date: Not Released</p> + +<ul> + <li>General Changes + <ul> + <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> + <li class="reactor">Ability to log certain error types, not all under a threshold.</li> + <li class="reactor">Added html_escape() to <a href="general/common_functions.html">Common functions</a> to escape HTML output for preventing XSS.</li> + </ul> + </li> + <li>Helpers + <ul> + <li class="reactor">Added <samp>increment_string()</samp> to <a href="helpers/string_helper.html">String Helper</a> to turn "foo" into "foo-1" or "foo-1" into "foo-2".</li> + <li>Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)</li> + <li><samp>url_title()</samp> will now trim extra dashes from beginning and end.</li> + </ul> + </li> + <li>Database + <ul> + <li class="reactor">Added a <a href="http://www.cubrid.org/" target="_blank">CUBRID</a> driver to the <a href="database/index.html">Database Driver</a>. Thanks to the CUBRID team for supplying this patch.</li> + <li class="reactor">Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers to avoid possible injection.</li> + <li class="reactor"> + Added additional option 'none' for the optional third argument for <kbd>$this->db->like()</kbd> in the <a href="database/active_record.html">Database Driver</a>. + </li> + </ul> + </li> + <li>Libraries + <ul> + <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> + <li class="reactor">Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation Library</a>.</li> + <li class="reactor">Added a <a href="libraries/migration.html">Migration Library</a> to assist with applying incremental updates to your database schema.</li> + <li class="reactor">Driver children can be located in any package path.</li> + <li class="reactor">Added max_filename_increment config setting for Upload library.</li> + <li><samp>CI_Loader::_ci_autoloader()</samp> is now a protected method.</li> + <li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> + </ul> + </li> + <li>Core + <ul> + <li class="reactor">Changed private functions in CI_URI to protected so MY_URI can override them.</li> + </ul> + </li> +</ul> + +<h3>Bug fixes for 2.1.0</h3> +<ul> + <li class="reactor">Fixed #378 Robots identified as regular browsers by the User Agent class.</li> + <li class="reactor">If a config class was loaded first then a library with the same name is loaded, the config would be ignored.</li> + <li class="reactor">Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.</li> + <li class="rector">Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.</li> + <li class="reactor">Fixed a bug (#200) where MySQL queries would be malformed after calling <samp>count_all()</samp> then <samp>db->get()</samp></li> + <li>Fixed a bug (#181) where a mis-spelling was in the form validation language file.</li> + <li>Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.</li> + <li>Fixed a bug (#150) - <samp>field_data()</samp> now correctly returns column length.</li> + <li>Fixed a bug (#8) - <samp>load_class()</samp> now looks for core classes in <samp>APPPATH</samp> first, allowing them to be replaced.</li> + <li>Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().</li> +</ul> + <h2>Version 2.0.3</h2> <p>Release Date: August 20, 2011</p> @@ -67,6 +126,7 @@ Change Log <ul> <li>An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. <p>An incompatibility in PHP versions < 5.2.3 and MySQL < 5.0.7 with <em>mysql_set_charset()</em> creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments.</p> <p class="critical">If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.</p></li> </ul> + </li> <li>General Changes <ul> <li>Fixed a bug where there was a misspelling within a code comment in the index.php file.</li> @@ -75,22 +135,29 @@ Change Log <li>Visual updates to the welcome_message view file and default error templates. Thanks to <a href="https://bitbucket.org/danijelb">danijelb</a> for the pull request.</li> <li class="reactor">Added <samp>insert_batch()</samp> function to the PostgreSQL database driver. Thanks to epallerols for the patch.</li> <li class="reactor">Added "application/x-csv" to mimes.php.</li> + <li class="reactor">Added CSRF protection URI whitelisting.</li> <li>Fixed a bug where <a href="libraries/email.html">Email library</a> attachments with a "." in the name would using invalid MIME-types.</li> + <li>Added support for pem,p10,p12,p7a,p7c,p7m,p7r,p7s,crt,crl,der,kdb,rsa,cer,sst,csr Certs to mimes.php.</li> + <li>Added support pgp,gpg to mimes.php.</li> + <li>Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.</li> + <li>Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php.</li> + </ul> </li> <li>Helpers <ul> <li>Added an optional third parameter to <samp>heading()</samp> which allows adding html attributes to the rendered heading tag.</li> + <li class="reactor"><kbd>form_open()</kbd> now only adds a hidden (Cross-site Reference Forgery) protection field when the form's action is internal and is set to the post method. (Reactor #165)</li> + <li class="reactor">Re-worked <samp>plural()</samp> and <samp>singular()</samp> functions in the <a href="helpers/inflector_helper.html">Inflector helper</a> to support considerably more words.</li> </ul> </li> <li>Libraries <ul> <li>Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.</li> - <li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> <li class="reactor">Added <kbd>$this->db->set_dbprefix()</kbd> to the <a href="database/queries.html">Database Driver</a>.</li> <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> <li class="reactor">Added <kbd>$this->load->get_var()</kbd> to the <a href="libraries/loader.html">Loader library</a> to retrieve global vars set with <kbd>$this->load->view()</kbd> and <kbd>$this->load->vars()</kbd>.</li> - <li>Changed <kbd>$this->db->having()</kbd> to insert quotes using escape() rather than escape_str().</li> + <li class="reactor">Changed <kbd>$this->db->having()</kbd> to insert quotes using escape() rather than escape_str().</li> </ul> </li> </ul> diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html index 3f44fcd5b..92d9614d5 100644 --- a/user_guide/database/active_record.html +++ b/user_guide/database/active_record.html @@ -334,6 +334,13 @@ $this->db->or_where('id >', $id); $this->db->like('title', 'match', 'both'); <br /> // Produces: WHERE title LIKE '%match%' </code> </li> +If you do not want to use the wildcard (%) you can pass to the optional third argument the option 'none'. + +<code> + $this->db->like('title', 'match', 'none'); <br /> +// Produces: WHERE title LIKE 'match' +</code> + <li><strong>Associative array method:</strong> <code> @@ -525,7 +532,7 @@ $this->db->insert('mytable', $object); <p>Generates an insert string based on the data you supply, and runs the query. You can either pass an <strong>array</strong> or an <strong>object</strong> to the function. Here is an example using an array:</p> -<code> +<code> $data = array(<br/> array(<br /> 'title' => 'My title' ,<br /> @@ -537,7 +544,7 @@ $data = array(<br/> 'name' => 'Another Name' ,<br /> 'date' => 'Another date'<br /> )<br/> -);<br /> +);<br /> <br /> $this->db->update_batch('mytable', $data); <br /><br /> diff --git a/user_guide/database/configuration.html b/user_guide/database/configuration.html index bbdd0a3c0..f06b08fe8 100644 --- a/user_guide/database/configuration.html +++ b/user_guide/database/configuration.html @@ -132,8 +132,8 @@ for the primary connection, but it too can be renamed to something more relevant <li><strong>cache_on</strong> - TRUE/FALSE (boolean) - Whether database query caching is enabled, see also <a href="caching.html">Database Caching Class</a>.</li> <li><strong>cachedir</strong> - The absolute server path to your database query cache directory.</li> <li><strong>char_set</strong> - The character set used in communicating with the database.</li> -<li><strong>dbcollat</strong> - The character collation used in communicating with the database. <p class="important"><strong>Note:</strong> For MySQL and MySQLi databases, this setting is only used as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7. There is an incompatibility in PHP with mysql_real_escape_string() which can make your site vulnerable to SQL injection if you are using a multi-byte character set and are running versions lower than these. Sites using Latin-1 or UTF-8 database character set and collation are unaffected.</p></li> -<li><strong>swap_pre</strong> - A default table prefix that should be swapped with <var>dbprefix</var>. This is useful for distributed applications where you might run manually written queries, and need the prefix to still be customizable by the end user.</li> +<li><strong>dbcollat</strong> - The character collation used in communicating with the database. <p class="important"><strong>Note:</strong> For MySQL and MySQLi databases, this setting is only used as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7 (and in table creation queries made with DB Forge). There is an incompatibility in PHP with mysql_real_escape_string() which can make your site vulnerable to SQL injection if you are using a multi-byte character set and are running versions lower than these. Sites using Latin-1 or UTF-8 database character set and collation are unaffected.</p></li> +<li><strong>swap_pre</strong> - A default table prefix that should be swapped with <var>dbprefix</var>. This is useful for distributed applications where you might run manually written queries, and need the prefix to still be customizable by the end user.</li> <li><strong>autoinit</strong> - Whether or not to automatically connect to the database when the library loads. If set to false, the connection will take place prior to executing the first query.</li> <li><strong>stricton</strong> - TRUE/FALSE (boolean) - Whether to force "Strict Mode" connections, good for ensuring strict SQL while developing an application.</li> <li><strong>port</strong> - The database port number. To use this value you have to add a line to the database config array.<code>$db['default']['port'] = 5432;</code> diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html index 65457759d..7cff6321c 100644 --- a/user_guide/general/common_functions.html +++ b/user_guide/general/common_functions.html @@ -104,6 +104,8 @@ else<br /> <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p> +<h2>html_escape(<var>$mixed</var>)</h2> +<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p> </div> diff --git a/user_guide/helpers/date_helper.html b/user_guide/helpers/date_helper.html index f930ea3ae..5b00e25e0 100644 --- a/user_guide/helpers/date_helper.html +++ b/user_guide/helpers/date_helper.html @@ -234,6 +234,20 @@ $unix = human_to_unix($human);</code> +<h2>nice_date()</h2> + +<p>This function can take a number poorly-formed date formats and convert them into something useful. It also accepts well-formed dates.</p> +<p>The function will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:</p> + +<code>$bad_time = 199605<br /> +<br /> +// Should Produce: 1996-05-01<br /> +$better_time = nice_date($bad_time,'Y-m-d');<br /> +<br /> +$bad_time = 9-11-2001<br /> +// Should Produce: 2001-09-11<br /> +$better_time = nice_date($human,'Y-m-d');</code> + <h2>timespan()</h2> diff --git a/user_guide/helpers/string_helper.html b/user_guide/helpers/string_helper.html index a3dc16598..314124037 100644 --- a/user_guide/helpers/string_helper.html +++ b/user_guide/helpers/string_helper.html @@ -90,6 +90,17 @@ String Helper <code>echo random_string('alnum', 16);</code> +<h2>increment_string()</h2> + +<p>Increments a string by appending a number to it or increasing the number. Useful for creating "copies" or a file or duplicating database content which has unique titles or slugs.</p> + +<p>Usage example:</p> + +<code>echo increment_string('file', '_'); // "file_1"<br/> +echo increment_string('file', '-', 2); // "file-2"<br/> +echo increment_string('file-4'); // "file-5"<br/></code> + + <h2>alternator()</h2> <p>Allows two or more items to be alternated between, when cycling through a loop. Example:</p> diff --git a/user_guide/images/appflowchart.gif b/user_guide/images/appflowchart.gif Binary files differindex 422332c9e..4328e48fe 100644 --- a/user_guide/images/appflowchart.gif +++ b/user_guide/images/appflowchart.gif diff --git a/user_guide/installation/index.html b/user_guide/installation/index.html index 5e8ab3883..84338e2e6 100644 --- a/user_guide/installation/index.html +++ b/user_guide/installation/index.html @@ -72,7 +72,9 @@ variables at the top of the file with the new name you've chosen.</p> <p>For the best security, both the <dfn>system</dfn> and any <dfn>application</dfn> folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn't abide by the .htaccess.</p> -<p>After moving them, open your main <kdb>index.php</kbd> file and set the <samp>$system_folder</samp> and <samp>$application_folder</samp> variables, preferably with a full path, e.g. '<dfn>/www/MyUser/system</dfn>'.</p> +<p>If you would like to keep your views public it is also possible to move the <dfn>views</dfn> folder out of your application folder.</p> + +<p>After moving them, open your main <kdb>index.php</kbd> file and set the <samp>$system_folder</samp>, <samp>$application_folder</samp> and <samp>$view_folder</samp> variables, preferably with a full path, e.g. '<dfn>/www/MyUser/system</dfn>'.</p> <p> One additional measure to take in production environments is to disable diff --git a/user_guide/installation/upgrade_203.html b/user_guide/installation/upgrade_203.html index 1d37a055d..04899832d 100644 --- a/user_guide/installation/upgrade_203.html +++ b/user_guide/installation/upgrade_203.html @@ -81,7 +81,7 @@ Upgrading from 2.0.2 to 2.0.3 <h2>Step 5: Remove APPPATH.'third_party' from autoload.php</h2> -<p>Open application/autoload.php, and look for the following:</p> +<p>Open application/config/autoload.php, and look for the following:</p> <code>$autoload['packages'] = array(APPPATH.'third_party');</code> diff --git a/user_guide/libraries/cart.html b/user_guide/libraries/cart.html index 3471eeb7e..f1e8473e7 100644 --- a/user_guide/libraries/cart.html +++ b/user_guide/libraries/cart.html @@ -61,7 +61,7 @@ Shopping Cart Class <p>The Cart Class permits items to be added to a session that stays active while a user is browsing your site. These items can be retrieved and displayed in a standard "shopping cart" format, allowing the user to update the quantity or remove items from the cart.</p> -<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p> +<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p> <h2>Initializing the Shopping Cart Class</h2> @@ -106,20 +106,20 @@ It is intended to be used in cases where your product has options associated wit <li><strong>qty</strong> - The quantity being purchased. <li><strong>price</strong> - The price of the item. <li><strong>name</strong> - The name of the item. -<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array. +<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array. </ul> <p>In addition to the five indexes above, there are two reserved words: <dfn>rowid</dfn> and <dfn>subtotal</dfn>. These are used internally by the Cart class, so please do NOT use those words as index names when inserting data into the cart.</p> -<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among -all your products in order to make displaying the information in a table easier.</p> +<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among all your products in order to make displaying the information in a table easier.</p> + +<p>The insert() method will return the $rowid if you successfully insert a single item.</p> <h2>Adding Multiple Items to The Cart</h2> -<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow -people to select from among several items on the same page.</p> +<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow people to select from among several items on the same page.</p> <code> @@ -268,8 +268,8 @@ $this->cart->update($data); <p><strong>What is a Row ID?</strong> The <kbd>row ID</kbd> is a unique identifier that is generated by the cart code when an item is added to the cart. The reason a unique ID is created is so that identical products with different options can be managed by the cart.</p> -<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be -identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this +<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be +identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this difference so that the two sizes of shirts can be managed independently. It does so by creating a unique "row ID" based on the product ID and any options associated with it.</p> <p>In nearly all cases, updating the cart will be something the user does via the "view cart" page, so as a developer, it is unlikely that you will ever have to concern yourself @@ -311,7 +311,7 @@ function when the update form is submitted. Please examine the construction of t <h2>$this->cart->has_options(rowid);</h2> -<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p> +<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p> <h2>$this->cart->product_options(rowid);</h2> @@ -322,7 +322,7 @@ function when the update form is submitted. Please examine the construction of t <h2>$this->cart->destroy();</h2> -<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p> +<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p> diff --git a/user_guide/libraries/file_uploading.html b/user_guide/libraries/file_uploading.html index a88c67220..94b219355 100644 --- a/user_guide/libraries/file_uploading.html +++ b/user_guide/libraries/file_uploading.html @@ -305,6 +305,13 @@ $this->upload->initialize($config);</code> </tr> <tr> +<td class="td"><strong>max_filename_increment</strong></td> +<td class="td">100</td> +<td class="td">None</td> +<td class="td">When overwrite is set to FALSE, use this to set the maximum filename increment for CodeIgniter to append to the filename.</td> +</tr> + +<tr> <td class="td"><strong>encrypt_name</strong></td> <td class="td">FALSE</td> <td class="td">TRUE/FALSE (boolean)</td> diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html index 7c544b69f..ede1913e0 100644 --- a/user_guide/libraries/form_validation.html +++ b/user_guide/libraries/form_validation.html @@ -390,10 +390,10 @@ $this->form_validation->set_rules($config); <p>CodeIgniter lets you pipe multiple rules together. Let's try it. Change your rules in the third parameter of rule setting function, like this:</p> <code> -$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]');<br /> +$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]|is_unique[users.username]');<br /> $this->form_validation->set_rules('password', 'Password', 'required|matches[passconf]');<br /> $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');<br /> -$this->form_validation->set_rules('email', 'Email', 'required|valid_email');<br /> +$this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]');<br /> </code> <p>The above code sets the following rules:</p> @@ -508,15 +508,13 @@ create a callback function that does that. Let's create a example of this.</p> <code>$this->form_validation->set_rules('username', 'Username', '<kbd>callback_username_check</kbd>');</code> - <p>Then add a new function called <dfn>username_check</dfn> to your controller. Here's how your controller should now look:</p> - -<textarea class="textarea" style="width:100%" cols="50" rows="44"><?php +<textarea class="textarea" style="width:100%" cols="50" rows="40"><?php class Form extends CI_Controller { - function index() + public function index() { $this->load->helper(array('form', 'url')); @@ -525,7 +523,7 @@ class Form extends CI_Controller { $this->form_validation->set_rules('username', 'Username', 'callback_username_check'); $this->form_validation->set_rules('password', 'Password', 'required'); $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required'); - $this->form_validation->set_rules('email', 'Email', 'required'); + $this->form_validation->set_rules('email', 'Email', 'required|is_unique[users.email]'); if ($this->form_validation->run() == FALSE) { @@ -537,7 +535,7 @@ class Form extends CI_Controller { } } - function username_check($str) + public function username_check($str) { if ($str == 'test') { @@ -556,14 +554,13 @@ class Form extends CI_Controller { <p><dfn>Reload your form and submit it with the word "test" as the username. You can see that the form field data was passed to your callback function for you to process.</dfn></p> -<p><strong>To invoke a callback just put the function name in a rule, with "callback_" as the rule prefix.</strong></p> +<p>To invoke a callback just put the function name in a rule, with "callback_" as the rule <strong>prefix</strong>. If you need +to receive an extra parameter in your callback function, just add it normally after the function name between square brackets, +as in: "callback_foo<strong>[bar]</strong>", then it will be passed as the second argument of your callback function.</p> -<p>You can also process the form data that is passed to your callback and return it. If your callback returns anything other than a boolean TRUE/FALSE +<p><strong>Note:</strong> You can also process the form data that is passed to your callback and return it. If your callback returns anything other than a boolean TRUE/FALSE it is assumed that the data is your newly processed form data.</p> - - - <a name="settingerrors"></a> <h2>Setting Error Messages</h2> @@ -947,6 +944,13 @@ POST array:</p> </tr> <tr> + <td class="td"><strong>is_unique</strong></td> + <td class="td">Yes</td> + <td class="td">Returns FALSE if the form element is not unique to the table and field name in the parameter.</td> + <td class="td">is_unique[table.field]</td> + </tr> + + <tr> <td class="td"><strong>min_length</strong></td> <td class="td">Yes</td> <td class="td">Returns FALSE if the form element is shorter then the parameter value.</td> @@ -1038,6 +1042,13 @@ POST array:</p> </tr> <tr> + <td class="td"><strong>is_unique</strong></td> + <td class="td">Yes</td> + <td class="td">Returns FALSE if the form element is not unique in a database table.</td> + <td class="td">is_unique[table.field]</td> + </tr> + + <tr> <td class="td"><strong>valid_email</strong></td> <td class="td">No</td> <td class="td">Returns FALSE if the form element does not contain a valid email address.</td> diff --git a/user_guide/libraries/input.html b/user_guide/libraries/input.html index 311f76ee9..77e28488a 100644 --- a/user_guide/libraries/input.html +++ b/user_guide/libraries/input.html @@ -73,11 +73,11 @@ Input Class <p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> <ul> -<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> +<li>If $config['allow_get_array'] is FALSE(default is TRUE), destroys the global GET array.</li> <li>Destroys all global variables in the event register_globals is turned on.</li> -<li>Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li> +<li>Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li> <li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> -<li>Standardizes newline characters to \n</li> +<li>Standardizes newline characters to \n(In Windows \r\n)</li> </ul> @@ -133,13 +133,13 @@ else<br /> <code>$this->input->post('some_data', TRUE);</code> <p>To return an array of all POST items call without any parameters.</p> -<p>To return all POST items and pass them through the XSS filter leave the first parameter blank while setting the second parameter to boolean;</p> +<p>To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;</p> <p>The function returns FALSE (boolean) if there are no items in the POST.</p> <code> - $this->input->post(); // returns all POST items with XSS filter + $this->input->post(NULL, TRUE); // returns all POST items with XSS filter <br /> - $this->input->post(NULL, FALSE); // returns all POST items without XSS + $this->input->post(); // returns all POST items without XSS filter </code> <h2>$this->input->get()</h2> @@ -149,13 +149,13 @@ else<br /> <code>$this->input->get('some_data', TRUE);</code> <p>To return an array of all GET items call without any parameters.</p> -<p>To return all GET items and pass them through the XSS filter leave the first parameter blank while setting the second parameter to boolean;</p> +<p>To return all GET items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;</p> <p>The function returns FALSE (boolean) if there are no items in the GET.</p> <code> - $this->input->get(); // returns all GET items with XSS filter + $this->input->get(NULL, TRUE); // returns all GET items with XSS filter <br /> - $this->input->get(NULL, FALSE); // returns all GET items without XSS filtering + $this->input->get(); // returns all GET items without XSS filtering </code> <h2>$this->input->get_post()</h2> diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html index dd62a4386..cbe12d852 100644 --- a/user_guide/libraries/security.html +++ b/user_guide/libraries/security.html @@ -116,6 +116,9 @@ Note: This function should only be used to deal with data upon submission. It's <p>If you use the <a href="../helpers/form_helper.html">form helper</a> the <var>form_open()</var> function will automatically insert a hidden csrf field in your forms.</p> +<p>Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:</p> +<code>$config['csrf_exclude_uris'] = array('api/person/add');</code> + </div> <!-- END CONTENT --> diff --git a/user_guide/overview/appflow.html b/user_guide/overview/appflow.html index c6bf857b4..fbc68fab0 100644 --- a/user_guide/overview/appflow.html +++ b/user_guide/overview/appflow.html @@ -60,7 +60,7 @@ Appflow <p>The following graphic illustrates how data flows throughout the system:</p> -<div><img src="../images/appflowchart.gif" width="697" height="205" border="0" alt="CodeIgniter application flow" /></div> +<div><img src="../images/appflowchart.gif" width="769" height="212" alt="CodeIgniter application flow"></div> <ol> |