diff options
Diffstat (limited to 'user_guide_src/source/changelog.rst')
-rw-r--r-- | user_guide_src/source/changelog.rst | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8492be289..0e4930289 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -61,6 +61,7 @@ Release Date: Not Released - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required. - Added support for changing the file extension of log files using ``$config['log_file_extension']``. - Added support for turning newline standardization on/off via ``$config['standardize_newlines']`` and set it to FALSE by default. + - Added configuration setting ``$config['composer_autoload']`` to enable loading of a `Composer <https://getcomposer.org/>`_ auto-loader. - Helpers @@ -79,6 +80,7 @@ Release Date: Not Released - :func:`url_title()` will now trim extra dashes from beginning and end. - :func:`anchor_popup()` will now fill the *href* attribute with the URL and its JS code will return FALSE instead. - Added JS window name support to the :func:`anchor_popup()` function. + - Added support for menubar attribute to the :func:`anchor_popup()`. - Added support (auto-detection) for HTTP/1.1 response codes 303, 307 in :func:`redirect()`. - Changed :func:`redirect()` to choose the **refresh** method only on IIS servers, instead of all servers on Windows (when **auto** is used). - Changed :func:`anchor()`, :func:`anchor_popup()`, and :func:`redirect()` to support protocol-relative URLs (e.g. *//ellislab.com/codeigniter*). @@ -135,6 +137,7 @@ Release Date: Not Released - Added *word_length* and *pool* options to allow customization of the generated word. - Added *colors* configuration to allow customization for the *background*, *border*, *text* and *grid* colors. - Added *filename* to the returned array elements. + - Updated to use `imagepng()` in case that `imagejpeg()` isn't available. - :doc:`Text Helper <helpers/text_helper>` changes include: @@ -184,6 +187,7 @@ Release Date: Not Released - Changed ``limit()`` to ignore NULL values instead of always casting to integer. - Changed ``offset()`` to ignore empty values instead of always casting to integer. - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. + - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``. - :doc:`Database Results <database/results>` changes include: @@ -302,6 +306,7 @@ Release Date: Not Released - Added a ``$reset`` parameter to method ``initialize()``. - Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library <libraries/security>`'s ``sanitize_filename()``. - Removed method ``mimes_types()``. + - Changed ``CI_Upload::_prep_filename()`` to simply replace all (but the last) dots in the filename with underscores, instead of suffixing them. - :doc:`Calendar Library <libraries/calendar>` changes include: @@ -328,6 +333,7 @@ Release Date: Not Released - If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified. - Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library. - Added support for maintaining transparency for PNG images in method ``text_watermark()``. + - Added a **file_permissions** setting. - :doc:`Form Validation Library <libraries/form_validation>` changes include: @@ -347,6 +353,7 @@ Release Date: Not Released - Added rule **alpha_numeric_spaces**. - Added support for custom error messages per field rule. - Added support for callable rules when they are passed as an array. + - Added support for non-ASCII domains in **valid_email** rule, depending on the Intl extension. - :doc:`Caching Library <libraries/caching>` changes include: @@ -375,6 +382,7 @@ Release Date: Not Released - Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body'). - Added SMTP keepalive option to avoid opening the connection for each ``send()`` call. Accessible as ``$smtp_keepalive``. - Public method ``set_header()`` now filters the input by removing all "\\r" and "\\n" characters. + - Added support for non-ASCII domains in ``valid_email()``, depending on the Intl extension. - :doc:`Pagination Library <libraries/pagination>` changes include: @@ -385,6 +393,7 @@ Release Date: Not Released - Added support for language translations of the *first_link*, *next_link*, *prev_link* and *last_link* values. - Added ``$config['reuse_query_string']`` to allow automatic repopulation of query string arguments, combined with normal URI segments. - Removed the default `` `` from a number of the configuration variables. + - Added support for ``$config['num_links'] = 0`` configuration. - :doc:`Profiler Library <general/profiling>` changes include: @@ -482,6 +491,8 @@ Release Date: Not Released - Removed the third (`$php_error`) argument from function :func:`log_message()`. - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :func:`is_php()`. + - Added a second argument ``$double_encode`` to :func:`html_escape()`. + - Changed function ``config_item()`` to return NULL instead of FALSE when no value is found. - :doc:`Output Library <libraries/output>` changes include: @@ -499,10 +510,12 @@ Release Date: Not Released - :doc:`Security Library <libraries/security>` changes include: + - Added ``$config['csrf_regeneration']``, which makes CSRF token regeneration optional. + - Added ``$config['csrf_exclude_uris']``, allowing for exclusion of URIs from the CSRF protection (regular expressions are supported). - Added method ``strip_image_tags()``. - - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. - - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. + - Added method ``get_random_bytes()`` and switched CSRF & XSS token generation to use it. - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. + - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. - :doc:`Language Library <libraries/language>` changes include: @@ -522,15 +535,19 @@ Release Date: Not Released - Changed method ``clean_string()`` to utilize ``mb_convert_encoding()`` if it is available. - Renamed method ``_is_ascii()`` to ``is_ascii()`` and made it public. + - Log Library changes include: + + - Added a ``$config['log_file_permissions']`` setting. + - Changed the library constructor to try to create the **log_path** directory if it doesn't exist. + - Added `compatibility layers <general/compatibility_functions>` for: - `Multibyte String <http://php.net/mbstring>`_ (limited support). - `Hash <http://php.net/hash>`_ (``hash_equals()``, ``hash_pbkdf2()``). - `Password Hashing <http://php.net/password>`_. - - `Array Functions <http://php.net/book.array>`_ (``array_column()``, ``array_replace()``, ``array_replace_recursive()``). + - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``. - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). - - Log Library will now try to create the **log_path** directory if it doesn't exist. - Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE). - ``$config['time_reference']`` now supports all timezone strings supported by PHP. - Fatal PHP errors are now also passed to ``_exception_handler()``, so they can be logged. @@ -733,6 +750,8 @@ Bug fixes for 3.0 - Partially fixed a bug (#261) - UTF-8 class method ``clean_string()`` generating log messages and/or not producing the desired result due to an upstream bug in iconv. - Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated. - Fixed a bug in :doc:`Zip Library <libraries/zip>` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``. +- Fixed a bug (#3161) - :doc:`Cache Library <libraries/cache>` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. +- Fixed a bug (#3189) - :doc:`Parser Library <libraries/parser>` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. Version 2.2.0 ============= @@ -789,7 +808,7 @@ Bug fixes for 2.1.3 - Fixed a bug (#227) - :doc:`Input Library <libraries/input>` allowed unconditional spoofing of HTTP clients' IP addresses through the *HTTP_CLIENT_IP* header. - Fixed a bug (#907) - :doc:`Input Library <libraries/input>` ignored *HTTP_X_CLUSTER_CLIENT_IP* and *HTTP_X_CLIENT_IP* headers when checking for proxies. - Fixed a bug (#940) - ``csrf_verify()`` used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. -- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set tot FALSE. +- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set to FALSE. - Fixed a bug (#1715) - :doc:`Input Library <libraries/input>` triggered ``csrf_verify()`` on CLI requests. - Fixed a bug (#751) - :doc:`Query Builder <database/query_builder>` didn't properly handle cached field escaping overrides. - Fixed a bug (#2004) - :doc:`Query Builder <database/query_builder>` didn't properly merge cached calls with non-cache ones. |