summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/changelog.rst
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src/source/changelog.rst')
-rw-r--r--user_guide_src/source/changelog.rst29
1 files changed, 24 insertions, 5 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8492be289..0e4930289 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -61,6 +61,7 @@ Release Date: Not Released
- Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required.
- Added support for changing the file extension of log files using ``$config['log_file_extension']``.
- Added support for turning newline standardization on/off via ``$config['standardize_newlines']`` and set it to FALSE by default.
+ - Added configuration setting ``$config['composer_autoload']`` to enable loading of a `Composer <https://getcomposer.org/>`_ auto-loader.
- Helpers
@@ -79,6 +80,7 @@ Release Date: Not Released
- :func:`url_title()` will now trim extra dashes from beginning and end.
- :func:`anchor_popup()` will now fill the *href* attribute with the URL and its JS code will return FALSE instead.
- Added JS window name support to the :func:`anchor_popup()` function.
+ - Added support for menubar attribute to the :func:`anchor_popup()`.
- Added support (auto-detection) for HTTP/1.1 response codes 303, 307 in :func:`redirect()`.
- Changed :func:`redirect()` to choose the **refresh** method only on IIS servers, instead of all servers on Windows (when **auto** is used).
- Changed :func:`anchor()`, :func:`anchor_popup()`, and :func:`redirect()` to support protocol-relative URLs (e.g. *//ellislab.com/codeigniter*).
@@ -135,6 +137,7 @@ Release Date: Not Released
- Added *word_length* and *pool* options to allow customization of the generated word.
- Added *colors* configuration to allow customization for the *background*, *border*, *text* and *grid* colors.
- Added *filename* to the returned array elements.
+ - Updated to use `imagepng()` in case that `imagejpeg()` isn't available.
- :doc:`Text Helper <helpers/text_helper>` changes include:
@@ -184,6 +187,7 @@ Release Date: Not Released
- Changed ``limit()`` to ignore NULL values instead of always casting to integer.
- Changed ``offset()`` to ignore empty values instead of always casting to integer.
- Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them.
+ - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``.
- :doc:`Database Results <database/results>` changes include:
@@ -302,6 +306,7 @@ Release Date: Not Released
- Added a ``$reset`` parameter to method ``initialize()``.
- Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library <libraries/security>`'s ``sanitize_filename()``.
- Removed method ``mimes_types()``.
+ - Changed ``CI_Upload::_prep_filename()`` to simply replace all (but the last) dots in the filename with underscores, instead of suffixing them.
- :doc:`Calendar Library <libraries/calendar>` changes include:
@@ -328,6 +333,7 @@ Release Date: Not Released
- If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified.
- Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library.
- Added support for maintaining transparency for PNG images in method ``text_watermark()``.
+ - Added a **file_permissions** setting.
- :doc:`Form Validation Library <libraries/form_validation>` changes include:
@@ -347,6 +353,7 @@ Release Date: Not Released
- Added rule **alpha_numeric_spaces**.
- Added support for custom error messages per field rule.
- Added support for callable rules when they are passed as an array.
+ - Added support for non-ASCII domains in **valid_email** rule, depending on the Intl extension.
- :doc:`Caching Library <libraries/caching>` changes include:
@@ -375,6 +382,7 @@ Release Date: Not Released
- Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body').
- Added SMTP keepalive option to avoid opening the connection for each ``send()`` call. Accessible as ``$smtp_keepalive``.
- Public method ``set_header()`` now filters the input by removing all "\\r" and "\\n" characters.
+ - Added support for non-ASCII domains in ``valid_email()``, depending on the Intl extension.
- :doc:`Pagination Library <libraries/pagination>` changes include:
@@ -385,6 +393,7 @@ Release Date: Not Released
- Added support for language translations of the *first_link*, *next_link*, *prev_link* and *last_link* values.
- Added ``$config['reuse_query_string']`` to allow automatic repopulation of query string arguments, combined with normal URI segments.
- Removed the default ``&nbsp;`` from a number of the configuration variables.
+ - Added support for ``$config['num_links'] = 0`` configuration.
- :doc:`Profiler Library <general/profiling>` changes include:
@@ -482,6 +491,8 @@ Release Date: Not Released
- Removed the third (`$php_error`) argument from function :func:`log_message()`.
- Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix.
- Removed default parameter value of :func:`is_php()`.
+ - Added a second argument ``$double_encode`` to :func:`html_escape()`.
+ - Changed function ``config_item()`` to return NULL instead of FALSE when no value is found.
- :doc:`Output Library <libraries/output>` changes include:
@@ -499,10 +510,12 @@ Release Date: Not Released
- :doc:`Security Library <libraries/security>` changes include:
+ - Added ``$config['csrf_regeneration']``, which makes CSRF token regeneration optional.
+ - Added ``$config['csrf_exclude_uris']``, allowing for exclusion of URIs from the CSRF protection (regular expressions are supported).
- Added method ``strip_image_tags()``.
- - Added ``$config['csrf_regeneration']``, which makes token regeneration optional.
- - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run.
+ - Added method ``get_random_bytes()`` and switched CSRF & XSS token generation to use it.
- Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list.
+ - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request.
- :doc:`Language Library <libraries/language>` changes include:
@@ -522,15 +535,19 @@ Release Date: Not Released
- Changed method ``clean_string()`` to utilize ``mb_convert_encoding()`` if it is available.
- Renamed method ``_is_ascii()`` to ``is_ascii()`` and made it public.
+ - Log Library changes include:
+
+ - Added a ``$config['log_file_permissions']`` setting.
+ - Changed the library constructor to try to create the **log_path** directory if it doesn't exist.
+
- Added `compatibility layers <general/compatibility_functions>` for:
- `Multibyte String <http://php.net/mbstring>`_ (limited support).
- `Hash <http://php.net/hash>`_ (``hash_equals()``, ``hash_pbkdf2()``).
- `Password Hashing <http://php.net/password>`_.
- - `Array Functions <http://php.net/book.array>`_ (``array_column()``, ``array_replace()``, ``array_replace_recursive()``).
+ - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``.
- Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions).
- - Log Library will now try to create the **log_path** directory if it doesn't exist.
- Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE).
- ``$config['time_reference']`` now supports all timezone strings supported by PHP.
- Fatal PHP errors are now also passed to ``_exception_handler()``, so they can be logged.
@@ -733,6 +750,8 @@ Bug fixes for 3.0
- Partially fixed a bug (#261) - UTF-8 class method ``clean_string()`` generating log messages and/or not producing the desired result due to an upstream bug in iconv.
- Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated.
- Fixed a bug in :doc:`Zip Library <libraries/zip>` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``.
+- Fixed a bug (#3161) - :doc:`Cache Library <libraries/cache>` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage.
+- Fixed a bug (#3189) - :doc:`Parser Library <libraries/parser>` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability.
Version 2.2.0
=============
@@ -789,7 +808,7 @@ Bug fixes for 2.1.3
- Fixed a bug (#227) - :doc:`Input Library <libraries/input>` allowed unconditional spoofing of HTTP clients' IP addresses through the *HTTP_CLIENT_IP* header.
- Fixed a bug (#907) - :doc:`Input Library <libraries/input>` ignored *HTTP_X_CLUSTER_CLIENT_IP* and *HTTP_X_CLIENT_IP* headers when checking for proxies.
- Fixed a bug (#940) - ``csrf_verify()`` used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.
-- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set tot FALSE.
+- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set to FALSE.
- Fixed a bug (#1715) - :doc:`Input Library <libraries/input>` triggered ``csrf_verify()`` on CLI requests.
- Fixed a bug (#751) - :doc:`Query Builder <database/query_builder>` didn't properly handle cached field escaping overrides.
- Fixed a bug (#2004) - :doc:`Query Builder <database/query_builder>` didn't properly merge cached calls with non-cache ones.