diff options
Diffstat (limited to 'user_guide_src/source/changelog.rst')
| -rw-r--r-- | user_guide_src/source/changelog.rst | 563 |
1 files changed, 429 insertions, 134 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 5f6d5912c..daf796504 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -9,8 +9,7 @@ Release Date: Not Released - License - - CodeIgniter has been relicensed with the Open Software License (3.0), - eliminating its old proprietary licensing. + - CodeIgniter has been relicensed with the Open Software License (3.0), eliminating its old proprietary licensing. - All system files are licensed with OSL 3.0. - Config, error, and sample files shipped in the application folder are @@ -20,151 +19,328 @@ Release Date: Not Released - General Changes - PHP 5.1.6 is no longer supported. CodeIgniter now requires PHP 5.2.4. + - ``$_SERVER['CI_ENV']`` can now be set to control the ``ENVIRONMENT`` constant. - Added an optional backtrace to php-error template. - Added Android to the list of user agents. - - Added Windows 7 to the list of user platforms. + - Added Windows 7, Windows 8, Android, Blackberry, iOS and PlayStation 3 to the list of user platforms. + - Added Fennec (Firefox for mobile) to the list of mobile user agents. - Ability to log certain error types, not all under a threshold. - Added support for pem, p10, p12, p7a, p7c, p7m, p7r, p7s, crt, crl, der, kdb, rsa, cer, sst, csr Certs to mimes.php. - - Added support for pgp and gpg to mimes.php. + - Added support for pgp, gpg, zsh and cdr files to mimes.php. - Added support for 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php. - - Added support for m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php. + - Added support for m4a, aac, m4u, xspf, au, ac3, flac, ogg, wma Audio files to mimes.php. - Added support for kmz and kml (Google Earth) files to mimes.php. + - Added support for ics Calendar files to mimes.php. + - Added support for rar, jar and 7zip archives to mimes.php. + - Updated support for xml ('application/xml') and xsl ('application/xml', 'text/xsl') files in mimes.php. - Updated support for doc files in mimes.php. - - Added application/xml for xml and application/xml, text/xsl for xsl in mimes.php. + - Updated support for docx files in mimes.php. + - Updated support for php files in mimes.php. + - Updated support for zip files in mimes.php. + - Updated support for csv files in mimes.php. + - Added some more doctypes. + - Added Romanian, Greek, Vietnamese and Cyrilic characters in *application/config/foreign_characters.php*. - Changed logger to only chmod when file is first created. - Removed previously deprecated SHA1 Library. - - Removed previously deprecated use of ``$autoload['core']`` in application/config/autoload.php. + - Removed previously deprecated use of ``$autoload['core']`` in *application/config/autoload.php*. Only entries in ``$autoload['libraries']`` are auto-loaded now. - - Added some more doctypes. + - Removed previously deprecated EXT constant. - Updated all classes to be written in PHP 5 style, with visibility declarations and no ``var`` usage for properties. + - Moved error templates to *application/views/errors/*. + - Moved the Log class to *application/core/* + - Global config files are loaded first, then environment ones. Environment config keys overwrite base ones, allowing to only set the keys we want changed per environment. + - Changed detection of ``$view_folder`` so that if it's not found in the current path, it will now also be searched for under the application folder. + - Path constants BASEPATH, APPPATH and VIEWPATH are now (internally) defined as absolute paths. + - Updated email validation methods to use ``filter_var()`` instead of PCRE. + - Changed environment defaults to report all errors in *development* and only fatal ones in *testing*, *production* but only display them in *development*. + - Updated *ip_address* database field lengths from 16 to 45 for supporting IPv6 address on :doc:`Trackback Library <libraries/trackback>` and :doc:`Captcha Helper <helpers/captcha_helper>`. + - Removed *cheatsheets* and *quick_reference* PDFs from the documentation. + - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required. - Helpers - - url_title() will now trim extra dashes from beginning and end. + - :doc:`Date Helper <helpers/date_helper>` changes include: + - ``now()`` now works with all timezone strings supported by PHP. + - Added an optional third parameter to ``timespan()`` that constrains the number of time units displayed. + - Added an optional parameter to ``timezone_menu()`` that allows more attributes to be added to the generated select tag. + - Deprecated ``standard_date()``, which now just uses the native ``date()`` with `DateTime constants <http://www.php.net/manual/en/class.datetime.php#datetime.constants.types>`_. + - Added function ``date_range()`` that generates a list of dates between a specified period. + - ``create_captcha()`` accepts additional colors parameter, allowing for color customization. + - :doc:`URL Helper <helpers/url_helper>` changes include: + - Deprecated *separator* options **dash** and **underscore** for function :php:func:`url_title()` (they are only aliases for '-' and '_' respectively). + - :php:func:`url_title()` will now trim extra dashes from beginning and end. + - :php:func:`anchor_popup()` will now fill the *href* attribute with the URL and its JS code will return FALSE instead. + - Added JS window name support to the :php:func:`anchor_popup()` function. + - Added support (auto-detection) for HTTP/1.1 response code 303 in :php:func:`redirect()`. + - Changed :php:func:`redirect()` to only choose the **refresh** method only on IIS servers, instead of all servers on Windows (when **auto** is used). + - Changed :php:func:`anchor()`, :php:func:`anchor_popup()`, and :php:func:`redirect()` to support protocol-relative URLs, such as `redirect('//ellislab.com/codeigniter')`. - Added XHTML Basic 1.1 doctype to :doc:`HTML Helper <helpers/html_helper>`. - - Changed humanize to include a second param for the separator. - - Refactored ``plural()`` and ``singular()`` to avoid double pluralization and support more words. - - Added an optional third parameter to ``force_download()`` that enables/disables sending the actual file MIME type in the Content-Type header (disabled by default). - - Added an optional third parameter to ``timespan()`` that constrains the number of time units displayed. - - Added a work-around in force_download() for a bug Android <= 2.1, where the filename extension needs to be in uppercase. - - form_dropdown() will now also take an array for unity with other form helpers. - - set_realpath() can now also handle file paths as opposed to just directories. - - do_hash() now uses PHP's native hash() function, supporting more algorithms. - - Added an optional paramater to ``delete_files()`` to enable it to skip deleting files such as .htaccess and index.html. + - :doc:`Inflector Helper <helpers/inflector_helper>` changes include: + - Changed :php:func:`humanize()` to allow passing an input separator as its second parameter. + - Refactored :php:func:`plural()` and :php:func:`singular()` to avoid double pluralization and support more words. + - :doc:`Download Helper <helpers/download_helper>` changes include: + - Added an optional third parameter to :php:func:`force_download()` that enables/disables sending the actual file MIME type in the Content-Type header (disabled by default). + - Added a work-around in :php:func:`force_download()` for a bug Android <= 2.1, where the filename extension needs to be in uppercase. + - Added support for reading from an existing file path by passing NULL as the second parameter to :php:func:`force_download()` (useful for large files and/or safely transmitting binary data). + - :doc:`Form Helper <helpers/form_helper>` changes include: + - :php:func:`form_dropdown()` will now also take an array for unity with other form helpers. + - :php:func:`form_prep()`'s second argument now only accepts a boolean value, which determines whether the value is escaped for a <textarea> or a regular <input> element. + - :doc:`Security Helper <helpers/security_helper>` changes include: + - :php:func:`do_hash()` now uses PHP's native ``hash()`` function (supporting more algorithms) and is deprecated. + - :php:func:`strip_image_tags()` is now an alias for the same method in the :doc:`Security Library <libraries/security>`. + - Removed previously deprecated helper function ``js_insert_smiley()`` from :doc:`Smiley Helper <helpers/smiley_helper>`. + - :doc:`File Helper <helpers/file_helper>` changes include: + - :php:func:`set_realpath()` can now also handle file paths as opposed to just directories. + - Added an optional paramater to :php:func:`delete_files()` to enable it to skip deleting files such as *.htaccess* and *index.html*. + - Deprecated function ``read_file()`` - it's just an alias for PHP's native ``file_get_contents()``. + - :doc:`String Helper <helpers/string_helper>` changes include: + - Deprecated function ``repeater()`` - it's just an alias for PHP's native ``str_repeat()``. + - Deprecated function ``trim_slashes()`` - it's just an alias for PHP's native ``trim()`` (with a slash as its second argument). + - Deprecated randomization type options **unique** and **encrypt** for funcion :php:func:`random_string()` (they are only aliases for **md5** and **sha1** respectively). + - :doc:`Directory Helper <helpers/directory_helper>` :php:func:`directory_map()` will now append ``DIRECTORY_SEPARATOR`` to directory names in the returned array. + - :doc:`Language Helper <helpers/language_helper>` :php:func:`lang()` now accepts an optional list of additional HTML attributes. + - Deprecated the :doc:`Email Helper <helpers/email_helper>` as its ``valid_email()``, ``send_email()`` functions are now only aliases for PHP native functions ``filter_var()`` and ``mail()`` respectively. - Database - - Added new :doc:`Active Record <database/active_record>` methods that return - the SQL string of queries without executing them: get_compiled_select(), - get_compiled_insert(), get_compiled_update(), get_compiled_delete(). - - Adding $escape parameter to the order_by function, this enables ordering by custom fields. - - Improved support for the MySQLi driver, including: - - OOP style of the PHP extension is now used, instead of the procedural aliases. - - Server version checking is now done via ``mysqli::$server_info`` instead of running an SQL query. - - Added persistent connections support for PHP >= 5.3. - - Added 'dsn' configuration setting for drivers that support DSN strings (PDO, PostgreSQL, Oracle, ODBC, CUBRID). - - Improved PDO database support. - - Added Interbase/Firebird database support via the "interbase" driver - - Added an optional database name parameter to db_select(). - - Replaced the _error_message() and _error_number() methods with error(), that returns an array containing the last database error code and message. - - Improved version() implementation so that drivers that have a native function to get the version number don't have to be defined in the core DB_driver class. - - Improved support of the PostgreSQL driver, including: - - pg_version() is now used to get the database version number, when possible. - - Added db_set_charset() support. - - Added _optimize_table() support for the :doc:`Database Utility Class <database/utilities>` (rebuilds table indexes). - - Added a constructor to the DB_result class and moved all driver-specific properties and logic out of the base DB_driver class to allow better abstraction. - - Removed limit() and order_by() support for UPDATE and DELETE queries in PostgreSQL driver. Postgres does not support those features. - - Removed protect_identifiers() and renamed internal method _protect_identifiers() to it instead - it was just an alias. + - Added **dsn** configuration setting for drivers that support DSN strings (PDO, PostgreSQL, Oracle, ODBC, CUBRID). + - Added **schema** configuration setting (defaults to *public*) for drivers that might need it (currently used by PostgreSQL and ODBC). + - Added subdrivers support (currently only used by PDO). + - Added an optional database name parameter to ``db_select()``. + - Removed ``protect_identifiers()`` and renamed internal method ``_protect_identifiers()`` to it instead - it was just an alias. + - Renamed internal method ``_escape_identifiers()`` to ``escape_identifiers()``. + - Updated ``escape_identifiers()`` to accept an array of fields as well as strings. - MySQL and MySQLi drivers now require at least MySQL version 5.1. - - db_set_charset() now only requires one parameter (collation was only needed due to legacy support for MySQL versions prior to 5.1). - - Added DSN string support for CUBRID. - - Added persistent connections support for CUBRID. - - Added random ordering support for MSSQL, SQLSRV. + - ``db_set_charset()`` now only requires one parameter (collation was only needed due to legacy support for MySQL versions prior to 5.1). + - Replaced the ``_error_message()`` and ``_error_number()`` methods with ``error()``, which returns an array containing the last database error code and message. + - Improved ``version()`` implementation so that drivers that have a native function to get the version number don't have to be defined in the core ``DB_driver`` class. + - Added capability for packages to hold *config/database.php* config files. + - Added MySQL client compression support. + - Added encrypted connections support (for *mysql*, *sqlsrv* and PDO with *sqlsrv*). + - Removed :doc:`Loader Class <libraries/loader>` from Database error tracing to better find the likely culprit. - Added support for SQLite3 database driver. + - Added Interbase/Firebird database support via the *ibase* driver. + - Added ODBC support for ``create_database()``, ``drop_database()`` and ``drop_table()`` in :doc:`Database Forge <database/forge>`. + - :doc:`Query Builder <database/query_builder>` changes include: + - Renamed the Active Record class to Query Builder to remove confusion with the Active Record design pattern. + - Added the ability to insert objects with ``insert_batch()``. + - Added new methods that return the SQL string of queries without executing them: ``get_compiled_select()``, ``get_compiled_insert()``, ``get_compiled_update()``, ``get_compiled_delete()``. + - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``, ``insert()``, ``insert_batch()``. + - Added support for ``join()`` with multiple conditions. + - Added support for *USING* in ``join()``. + - Added seed values support for random ordering with ``order_by(seed, 'RANDOM')``. + - Changed ``limit()`` to ignore NULL values instead of always casting to integer. + - Changed ``offset()`` to ignore empty values instead of always casting to integer. + - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. + - :doc:`Database Results <database/results>` changes include: + - Added a constructor to the ``DB_result`` class and moved all driver-specific properties and logic out of the base ``DB_driver`` class to allow better abstraction. + - Added method ``unbuffered_row()`` for fetching a row without prefetching the whole result (consume less memory). + - Renamed former method ``_data_seek()`` to ``data_seek()`` and made it public. + - Improved support for the MySQLi driver, including: + - OOP style of the PHP extension is now used, instead of the procedural aliases. + - Server version checking is now done via ``mysqli::$server_info`` instead of running an SQL query. + - Added persistent connections support for PHP >= 5.3. + - Added support for ``backup()`` in :doc:`Database Utilities <database/utilities>`. + - Improved support of the PDO driver, including: + - Added support for ``create_database()``, ``drop_database()`` and ``drop_table()`` in :doc:`Database Forge <database/forge>`. + - Added support for ``list_fields()`` in :doc:`Database Results <database/results>`. + - Subdrivers are now isolated from each other instead of being in one large class. + - Improved support of the PostgreSQL driver, including: + - ``pg_version()`` is now used to get the database version number, when possible. + - Added ``db_set_charset()`` support. + - Added support for ``optimize_table()`` in :doc:`Database Utilities <database/utilities>` (rebuilds table indexes). + - Added boolean data type support in ``escape()``. + - Added ``update_batch()`` support. + - Removed ``limit()`` and ``order_by()`` support for *UPDATE* and *DELETE* queries as PostgreSQL does not support those features. + - Added a work-around for dead persistent connections to be re-created after a database restart. + - Changed ``db_connect()`` to include the (new) **schema** value into Postgre's **search_path** session variable. + - Improved support of the CUBRID driver, including: + - Added DSN string support. + - Added persistent connections support. + - Improved ``list_databases()`` in :doc:`Database Utility <database/utilities>` (until now only the currently used database was returned). + - Improved support of the MSSQL and SQLSRV drivers, including: + - Added random ordering support. + - Added support for ``optimize_table()`` in :doc:`Database Utility <database/utilities>`. + - Added escaping with *QUOTE_IDENTIFIER* setting detection. + - Added port handling support for UNIX-based systems (MSSQL driver). + - Added *OFFSET* support for SQL Server 2005 and above. + - Added ``db_set_charset()`` support (MSSQL driver). - Improved support of the Oracle (OCI8) driver, including: - - Added DSN string support (Easy Connect and TNS). - - Added support for dropping tables to :doc:`Database Forge <database/forge>`. - - Added support for listing database schemas to :doc:`Database Utilities <database/utilities>`. - - Generally improved for speed and cleaned up all of its components. - - *Row* result methods now really only fetch only the needed number of rows, instead of depending entirely on result(). - - num_rows() is now only called explicitly by the developer and no longer re-executes statements. - - Added replace() support for SQLite. - - Renamed internal method _escape_identifiers() to escape_identifiers(). - - Added SQLite support for drop_table() in :doc:`Database Forge <database/forge>`. - - Added ODBC support for create_database(), drop_database() and drop_table() in :doc:`Database Forge <database/forge>`. - - Added PDO support for create_database(), drop_database and drop_table() in :doc:`Database Forge <database/forge>`. - - Added MSSQL, SQLSRV support for optimize_table() in :doc:`Database Utility <database/utilities>`. - - Improved CUBRID support for list_databases() in :doc:`Database Utility <database/utilities>` (until now only the currently used database was returned). + - Added DSN string support (Easy Connect and TNS). + - Added support for ``drop_table()`` in :doc:`Database Forge <database/forge>`. + - Added support for ``list_databases()`` in :doc:`Database Utilities <database/utilities>`. + - Generally improved for speed and cleaned up all of its components. + - ``num_rows()`` is now only called explicitly by the developer and no longer re-executes statements. + - Improved support of the SQLite driver, including: + - Added support for ``replace()`` in :doc:`Query Builder <database/query_builder>`. + - Added support for ``drop_table()`` in :doc:`Database Forge <database/forge>`. + - :doc:`Database Forge <database/forge>` changes include: + - Added an optional second parameter to ``drop_table()`` that allows adding the **IF EXISTS** condition, which is no longer the default. + - Added support for passing a custom database object to the loader. + - Deprecated ``add_column()``'s third method. *AFTER* clause should now be added to the field definition array instead. + - Added support for usage of the *FIRST* clause in ``add_column()`` for MySQL and CUBRID. + - Overall improved support for all of the drivers. + - :doc:`Database Utility <database/utilities>` chages include: + - Added support for passing a custom database object to the loader. + - Modified the class to no longer extend :doc:`Database Forge <database/forge>`, which has been a deprecated behavior for awhile. + - Overall improved support for all of the drivers. - Libraries - - Added max_filename_increment config setting for Upload library. - - CI_Loader::_ci_autoloader() is now a protected method. - - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname). - - Added possibility to send attachment as buffer string in Email::attach() as $this->email->attach($buffer, $disposition, $newname, $mime). - - Cart library changes include: - - It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites. - - Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe" - - Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability + - :doc:`Session Library <libraries/sessions>` changes include: + - Library changed to :doc:`Driver <general/drivers>` with classic Cookie driver as default. + - Added Native PHP Session driver to work with ``$_SESSION``. + - Custom drivers can be added anywhere in package paths and be loaded with the library. + - Drivers interchangeable on the fly. + - New **tempdata** feature allows setting user data items with an expiration time. + - Added default ``$config['sess_driver']`` and ``$config['sess_valid_drivers']`` items to *config.php* file. + - Cookie driver now respects php.ini's *session.gc_probability* and *session.gc_divisor* settings. + - Cookie driver now uses HMAC authentication instead of the simple md5 checksum. + - The Cookie driver now also checks authentication on encrypted session data. + - Changed the Cookie driver to select only one row when using database sessions. + - Cookie driver now only writes to database at end of request when using database. + - Cookie driver now uses PHP functions for faster array manipulation when using database. + - Added ``all_flashdata()`` method to session class. Returns an associative array of only flashdata. + - Added ``has_userdata()`` method to verify existence of userdata item. + - Added ``tempdata()``, ``set_tempdata()``, and ``unset_tempdata()`` methods for manipulating tempdata. + - ``keep_flashdata()`` now accepts an array of keys. + - :doc:`File Uploading Library <libraries/file_uploading>` changes include: + - Added **max_filename_increment** config setting. + - Added an **index** parameter to the ``data()`` method. + - Added the **min_width** and **min_height** options for images. + - :doc:`Cart library <libraries/cart>` changes include: + - ``insert()`` now auto-increments quantity for an item when inserted twice instead of resetting it, this is the default behaviour of large e-commerce sites. + - *Product Name* strictness can be disabled by switching the ``$product_name_safe`` property to FALSE. + - Added method ``remove()`` to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility. + - Added method ``get_item()`` to enable retrieving data for a single cart item. - :doc:`Image Manipulation library <libraries/image_lib>` changes include: - - The initialize() method now only sets existing class properties. - - Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them. - - Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method - if they are set manually after initialization. - - If property maintain_ratio is set to TRUE, image_reproportion() now doesn't need both width and height to be specified. - - Minor speed optimizations and method & property visibility declarations in the Calendar Library. - - Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`. - - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional. + - The ``initialize()`` method now only sets existing class properties. + - Added support for 3-length hex color values for *wm_font_color* and *wm_shadow_color* properties, as well as validation for them. + - Class properties *wm_font_color*, *wm_shadow_color* and *wm_use_drop_shadow* are now protected, to avoid breaking the ``text_watermark()`` method if they are set manually after initialization. + - If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified. + - Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library. + - Added support for maintaining transparency for PNG images in method ``text_watermark()``. - :doc:`Form Validation library <libraries/form_validation>` changes include: - - Added method error_array() to return all error messages as an array. - - Added method set_data() to set an alternative data array to be validated instead of the default $_POST. - - Added method reset_validation(), which resets internal validation variables in case of multiple validation routines. - - Added support for setting error delimiters in the config file via $config['error_prefix'] and $config['error_suffix']. - - _execute() now considers input data to be invalid if a specified rule is not found. - - Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (the 'is_numeric' rule itself is deprecated since 1.6.1). + - Added method ``error_array()`` to return all error messages as an array. + - Added method ``set_data()`` to set an alternative data array to be validated instead of the default ``$_POST``. + - Added method ``reset_validation()`` which resets internal validation variables in case of multiple validation routines. + - Added support for setting error delimiters in the config file via ``$config['error_prefix']`` and ``$config['error_suffix']``. + - ``_execute()`` now considers input data to be invalid if a specified rule is not found. + - Removed method ``is_numeric()`` as it exists as a native PHP function and ``_execute()`` will find and use that (the **is_numeric** rule itself is deprecated since 1.6.1). - Native PHP functions used as rules can now accept an additional parameter, other than the data itself. - - Changed the :doc:`Session Library <libraries/sessions>` to select only one row when using database sessions. - - Added all_flashdata() method to session class. Returns an associative array of only flashdata. - - Allowed for setting table class defaults in a config file. - - Added a Wincache driver to the :doc:`Caching Library <libraries/caching>`. - - Added dsn (delivery status notification) option to the :doc:`Email Library <libraries/email>`. + - Updated ``set_rules()`` to accept an array of rules as well as a string. + - Fields that have empty rules set no longer run through validation (and therefore are not considered erroneous). + - Added rule **differs* to check if the value of a field differs from the value of another field. + - Added rule **valid_url**. + - Added support for setting :doc:`Table <libraries/table>` class defaults in a config file. + - :doc:`Caching Library <libraries/caching>` changes include: + - Added Wincache driver. + - Added Redis driver. + - Added a *key_prefix* option for cache IDs. + - :doc:`Email library <libraries/email>` changes include: + - Added custom filename to ``Email::attach()`` as ``$this->email->attach($filename, $disposition, $newname)``. + - Added possibility to send attachment as buffer string in ``Email::attach()`` as ``$this->email->attach($buffer, $disposition, $newname, $mime)``. + - Added dsn (delivery status notification) option. + - Renamed method _set_header() to set_header() and made it public to enable adding custom headers in the :doc:`Email Library <libraries/email>`. + - Successfully sent emails will automatically clear the parameters. + - Added a *return_path* parameter to the ``from()`` method. + - Removed the second parameter (character limit) from internal method ``_prep_quoted_printable()`` as it is never used. + - Internal method ``_prep_quoted_printable()`` will now utilize the native ``quoted_printable_encode()``, ``imap_8bit()`` functions (if available) when CRLF is set to "\r\n". + - Default charset now relies on the global ``$config['charset']`` setting. + - Removed unused protected method ``_get_ip()`` (:doc:`Input Library <libraries/input>`'s ``ip_address()`` should be used anyway). + - Internal method ``_prep_q_encoding()`` now utilizes PHP's *mbstring* and *iconv* extensions (when available) and no longer has a second (``$from``) argument. + - Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body'). + - :doc:`Pagination Library <libraries/pagination>` changes include: + - Added support for the anchor "rel" attribute. + - Added support for setting custom attributes. + - Deprecated usage of the "anchor_class" setting (use the new "attributes" setting instead). + - Added $config['reuse_query_string'] to allow automatic repopulation of query string arguments, combined with normal URI segments. + - Removed the default `` `` from a number of the configuration variables. + - Added the ability to use a proxy with the :doc:`XML-RPC Library <libraries/xmlrpc>`. + - :doc:`Encryption Library <libraries/encryption>` changes include: + - Added support for hashing algorithms other than SHA1 and MD5. + - Removed previously deprecated ``sha1()`` method. + - :doc:`Profiler Library <general/profiling>` now also displays database object names. + - :doc:`Migration Library <libraries/migration>` changes include: + - Added support for timestamp-based migrations (enabled by default). + - Added ``$config['migration_type']`` to allow switching between *sequential* and *timestamp* migrations. + - :doc:`User Agent Library <libraries/user_agent>` will now check if robots are pretending to be mobile clients (helps with e.g. Google indexing mobile website versions). - Core - - Changed private functions in CI_URI to protected so MY_URI can override them. - - Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions). - - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). - - is_loaded() function from system/core/Commons.php now returns a reference. - - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available. - - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD']. - - Modified valid_ip() to use PHP's filter_var() in the :doc:`Input Library <libraries/input>`. - - Added support for HTTP-Only cookies with new config option ``cookie_httponly`` (default FALSE). - - Renamed method _call_hook() to call_hook() in the :doc:`Hooks Library <general/hooks>`. - - Added get_content_type() method to the :doc:`Output Library <libraries/output>`. + - :doc:`URI Library <libraries/uri>` changes include: + - Changed private methods to protected so that MY_URI can override them. + - Renamed internal method ``_parse_cli_args()`` to ``_parse_argv()``. + - Renamed internal method ``_detect_uri()`` to ``_parse_request_uri()``. + - Changed ``_parse_request_uri()`` to accept absolute URIs for compatibility with HTTP/1.1 as per `RFC2616 <http://www.ietf.org/rfc/rfc2616.txt>`. + - Added protected method ``_parse_query_string()`` to URI paths in the the **QUERY_STRING** value, like ``_parse_request_uri()`` does. + - Changed ``_fetch_uri_string()`` to try the **PATH_INFO** variable first when auto-detecting. + - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). + - :doc:`Loader Library <libraries/loader>` changes include: + - Added method ``get_vars()`` to the Loader to retrieve all variables loaded with ``$this->load->vars()``. + - ``_ci_autoloader()`` is now a protected method. + - Added autoloading of drivers with ``$autoload['drivers']``. + - ``$config['rewrite_short_tags']`` now has no effect when using PHP 5.4 as ``<?=`` will always be available. + - Changed method ``config()`` to return whatever ``CI_Config::load()`` returns instead of always being void. + - :doc:`Input Library <libraries/input>` changes include: + - Added ``method()`` to retrieve ``$_SERVER['REQUEST_METHOD']``. + - Added support for arrays and network addresses (e.g. 192.168.1.1/24) for use with the *proxy_ips* setting. + - Added method ``input_stream()`` to aid in using **php://input** stream data such as one passed via PUT, DELETE and PATCH requests. + - Changed method ``valid_ip()`` to use PHP's native ``filter_var()`` function. + - Changed internal method ``_sanitize_globals()`` to skip enforcing reversal of *register_globals* in PHP 5.4+, where this functionality no longer exists. + - Changed methods ``get()``, ``post()``, ``get_post()``, ``cookie()``, ``server()``, ``user_agent()`` to return NULL instead of FALSE when no value is found. + - :doc:`Common functions <general/common_functions>` changes include: + - Added function :php:func:`get_mimes()` to return the *application/config/mimes.php* array. + - Added support for HTTP code 303 ("See Other") in :php:func:`set_status_header()`. + - Removed redundant conditional to determine HTTP server protocol in :php:func:`set_status_header()`. + - Changed ``_exception_handler()`` to respect php.ini *display_errors* setting. + - Added function :php:func:`is_https()` to check if a secure connection is used. + - Added function :php:func:`function_usable()` to check if a function exists and is not disabled by `Suhosin <http://www.hardened-php.net/suhosin/>`. + - Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE). + - Renamed method ``_call_hook()`` to ``call_hook()`` in the :doc:`Hooks Library <general/hooks>`. + - :doc:`Output Library <libraries/output>` changes include: + - Added a second argument to method ``set_content_type()`` that allows setting the document charset as well. + - Added methods ``get_content_type()`` and ``get_header()``. + - Added method ``delete_cache()``. + - ``$config['time_reference']`` now supports all timezone strings supported by PHP. + - :doc:`Config Library <libraries/config>` changes include: + - Changed ``site_url()`` method to accept an array as well. + - Removed internal method ``_assign_to_config()`` and moved it's implementation in *CodeIgniter.php* instead. + - :doc:`Security Library <libraries/security>` changes include: + - Added method ``strip_image_tags()``. + - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. + - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. + - :doc:`URI Routing <general/routing>` changes include: + - Added possibility to route requests using callbacks. + - Added possibility to use dashes in the controller and method URI segments (translated to underscores). + - :doc:`Language Library <libraries/language>` changes include: + - Changed method ``load()`` to filter the language name with ``ctype_digit()``. + - Added an optional second parameter to method ``line()`` to disable error login for line keys that were not found. + - Language files are now loaded in a cascading style with the one in **system/** always loaded and overriden afterwards, if another one is found. Bug fixes for 3.0 ------------------ -- Unlink raised an error if cache file did not exist when you try to delete it. +- Fixed a bug where ``unlink()`` raised an error if cache file did not exist when you try to delete it. - Fixed a bug (#181) where a mis-spelling was in the form validation language file. -- Fixed a bug (#159, #163) that mishandled Active Record nested transactions because _trans_depth was not getting incremented. -- Fixed a bug (#737, #75) where pagination anchor class was not set properly when using initialize method. +- Fixed a bug (#159, #163) that mishandled Query Builder nested transactions because _trans_depth was not getting incremented. +- Fixed a bug (#737, #75) - :doc:`Pagination <libraries/pagination>` anchor class was not set properly when using initialize method. - Fixed a bug (#419) - auto_link() now recognizes URLs that come after a word boundary. - Fixed a bug (#724) - is_unique in form validation now checks that you are connected to a database. -- Fixed a bug (#647) - _get_mod_time() in Zip library no longer generates stat failed errors -- Fixed a bug (#608) - Fixes an issue with the Image_lib class not clearing properties completely -- Fixed bugs (#157 and #174) - the Image_lib clear() function now resets all variables to their default values. +- Fixed a bug (#647) - _get_mod_time() in Zip library no longer generates stat failed errors. +- Fixed a bug (#608) - Fixes an issue with the Image_lib class not clearing properties completely. +- Fixed a bug (#157, #174) - the Image_lib clear() function now resets all variables to their default values. - Fixed a bug where using $this->dbforge->create_table() with PostgreSQL database could lead to fetching whole table. - Fixed a bug (#795) - Fixed form method and accept-charset when passing an empty array. -- Fixed a bug (#797) - timespan was using incorrect seconds for year and month. +- Fixed a bug (#797) - timespan() was using incorrect seconds for year and month. - Fixed a bug in CI_Cart::contents() where if called without a TRUE (or equal) parameter, it would fail due to a typo. -- Fixed a bug (#696) - make oci_execute calls inside num_rows non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed. -- Fixed a bug (#406) - sqlsrv DB driver not reuturning resource on <samp>db_pconnect()</samp>. +- Fixed a bug (#696) - make oci_execute() calls inside num_rows() non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed. +- Fixed a bug (#406) - SQLSRV DB driver not returning resource on ``db_pconnect()``. - Fixed a bug in CI_Image_lib::gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted. -- In Pagination library, when use_page_numbers=TRUE previous link and page 1 link do not have the same url +- Fixed a bug in the :doc:`Pagination library <libraries/pagination>` where when use_page_numbers=TRUE previous link and page 1 link did not have the same url. - Fixed a bug (#561) - Errors in :doc:`XML-RPC Library <libraries/xmlrpc>` were not properly escaped. - Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used. -- Fixed a hosting edge case where an empty $_SERVER['HTTPS'] variable would evaluate to 'on' +- Fixed a hosting edge case where an empty $_SERVER['HTTPS'] variable would evaluate to 'on'. - Fixed a bug (#154) - ``CI_Session::sess_update()`` caused the session to be destroyed on pages where multiple AJAX requests were executed at once. - Fixed a possible bug in ``CI_Input::is_ajax_request()`` where some clients might not send the X-Requested-With HTTP header value exactly as 'XmlHttpRequest'. - Fixed a bug (#1039) - MySQL's _backup() method failed due to a table name not being escaped. @@ -175,30 +351,28 @@ Bug fixes for 3.0 - Fixed a bug (#129) - ODBC's num_rows() returned -1 in some cases, due to not all subdrivers supporting the odbc_num_rows() function. - Fixed a bug (#153) - E_NOTICE being generated by getimagesize() in the :doc:`File Uploading Library <libraries/file_uploading>`. - Fixed a bug (#611) - SQLSRV's error handling methods used to issue warnings when there's no actual error. -- Fixed a bug (#1036) - is_write_type() method in the :doc:`Database Library <database/index>` didn't return TRUE for RENAME and OPTIMIZE queries. +- Fixed a bug (#1036) - ``is_write_type()`` method in the :doc:`Database Library <database/index>` didn't return TRUE for RENAME queries. - Fixed a bug in PDO's _version() method where it used to return the client version as opposed to the server one. - Fixed a bug in PDO's insert_id() method where it could've failed if it's used with Postgre versions prior to 8.1. - Fixed a bug in CUBRID's affected_rows() method where a connection resource was passed to cubrid_affected_rows() instead of a result. - Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset instead. - Fixed a bug (#413) - Oracle's error handling methods used to only return connection-related errors. -- Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars(). - Fixed a bug (#1101) - MySQL/MySQLi result method field_data() was implemented as if it was handling a DESCRIBE result instead of the actual result set. - Fixed a bug in Oracle's :doc:`Database Forge Class <database/forge>` method _create_table() where it failed with AUTO_INCREMENT as it's not supported. - Fixed a bug (#1080) - When using the SMTP protocol, the :doc:`Email Library <libraries/email>` send() method was returning TRUE even if the connection/authentication against the server failed. -- Fixed a bug (#499) - a CSRF cookie was created even with CSRF protection being disabled. - Fixed a bug (#306) - ODBC's insert_id() method was calling non-existent function odbc_insert_id(), which resulted in a fatal error. - Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL. -- Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. +- Fixed a bug (#64) - Regular expression in DB_query_builder.php failed to handle queries containing SQL bracket delimiters in the join condition. - Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. - Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`. -- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. -- Fixed a bug in PostgreSQL's escape_str() where it didn't properly escape LIKE wild characters. +- Fixed a bug (#136) - PostgreSQL, MySQL and MySQLi's escape_str() method didn't properly escape LIKE wild characters. - Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor. - Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver. - Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set. -- Fixed a bug (#1238) - delete_all() in the `Database Caching Library <database/caching>` used to delete .htaccess and index.html files, which is a potential security risk. +- Fixed a bug (#23, #1238) - delete_all() in the `Database Caching Library <database/caching>` used to delete .htaccess and index.html files, which is a potential security risk. - Fixed a bug in :doc:`Trackback Library <libraries/trackback>` method validate_url() where it didn't actually do anything, due to input not being passed by reference. - Fixed a bug (#11, #183, #863) - CI_Form_validation::_execute() silently continued to the next rule, if a rule method/function is not found. +- Fixed a bug (#122) Where routed uri string was being reported incorrectly in sub-directories. - Fixed a bug (#1242) - read_dir() in the :doc:`Zip Library <libraries/zip>` wasn't compatible with Windows. - Fixed a bug (#306) - ODBC driver didn't have an _insert_batch() method, which resulted in fatal error being triggered when insert_batch() is used with it. - Fixed a bug in MSSQL and SQLSrv's _truncate() where the TABLE keyword was missing. @@ -206,29 +380,151 @@ Bug fixes for 3.0 - Fixed a bug (#798) - update() used to ignore LIKE conditions that were set with like(). - Fixed a bug in Oracle's and MSSQL's delete() methods where an erroneous SQL statement was generated when used with limit(). - Fixed a bug in SQLSRV's delete() method where like() and limit() conditions were ignored. +- Fixed a bug (#1265) - Database connections were always closed, regardless of the 'pconnect' option value. +- Fixed a bug (#128) - :doc:`Language Library <libraries/language>` did not correctly keep track of loaded language files. +- Fixed a bug (#1242) - Added Windows path compatibility to function read_dir of ZIP library. +- Fixed a bug (#1349) - get_extension() in the :doc:`File Uploading Library <libraries/file_uploading>` returned the original filename when it didn't have an actual extension. +- Fixed a bug (#1273) - E_NOTICE being generated by :doc:`Query Builder <database/query_builder>`'s set_update_batch() method. +- Fixed a bug (#44, #110) - :doc:`Upload library <libraries/file_uploading>`'s clean_file_name() method didn't clear '!' and '#' characters. +- Fixed a bug (#121) - ``CI_DB_result::row()`` returned an array when there's no actual result to be returned. +- Fixed a bug (#319) - SQLSRV's affected_rows() method failed due to a scrollable cursor being created for write-type queries. +- Fixed a bug (#356) - PostgreSQL driver didn't have an _update_batch() method, which resulted in fatal error being triggered when update_batch() is used with it. +- Fixed a bug (#784, #862) - :doc:`Database Forge <database/forge>` method ``create_table()`` failed on SQLSRV/MSSQL when used with 'IF NOT EXISTS'. +- Fixed a bug (#1419) - libraries/Driver.php had a static variable that was causing an error. +- Fixed a bug (#1411) - the :doc:`Email library <libraries/email>` used its own short list of MIMEs instead the one from config/mimes.php. +- Fixed a bug where the magic_quotes_runtime setting wasn't turned off for PHP 5.3 (where it is indeed deprecated, but not non-existent). +- Fixed a bug (#666) - :doc:`Output library <libraries/output>`'s set_content_type() method didn't set the document charset. +- Fixed a bug (#784, #861) - :doc:`Database Forge <database/forge>` method ``create_table()`` used to accept constraints for MSSQL/SQLSRV integer-type columns. +- Fixed a bug (#706) - SQLSRV/MSSSQL didn't escape field names. +- Fixed a bug (#1452) - ``protect_identifiers()`` didn't properly detect identifiers with spaces in their names. +- Fixed a bug where ``protect_identifiers()`` ignored it's extra arguments when the value passed to it is an array. +- Fixed a bug where ``_has_operator()`` didn't detect BETWEEN. +- Fixed a bug in :doc:`Query Builder <database/query_builder>`'s ``join()`` method where it failed with identifiers containing dashes. +- Fixed a bug (#1264) - :doc:`Database Forge <database/forge>` and :doc:`Database Utilities <database/utilities>` didn't update/reset the databases and tables list cache when a table or a database is created, dropped or renamed. +- Fixed a bug (#7) - :doc:`Query Builder <database/query_builder>`'s ``join()`` method only escaped one set of conditions. +- Fixed a bug (#1321) - Core Exceptions class couldn't find the errors/ folder in some cases. +- Fixed a bug (#1202) - :doc:`Encryption Library <libraries/encryption>` encode_from_legacy() didn't set back the encrypt mode on failure. +- Fixed a bug (#145) - compile_binds() failed when the bind marker was present in a literal string within the query. +- Fixed a bug in protect_identifiers() where if passed along with the field names, operators got escaped as well. +- Fixed a bug (#10) - :doc:`URI Library <libraries/uri>` internal method _detect_uri() failed with paths containing a colon. +- Fixed a bug (#1387) - :doc:`Query Builder <database/query_builder>`'s from() method didn't escape table aliases. +- Fixed a bug (#520) - :doc:`Date Helper <helpers/date_helper>` function nice_date() failed when the optional second parameter is not passed. +- Fixed a bug (#167) - ``$config['permitted_uri_chars']`` didn't affect URL-encoded characters. +- Fixed a bug (#318) - :doc:`Profiling <general/profiling>` setting *query_toggle_count* was not settable as described in the manual. +- Fixed a bug (#938) - :doc:`Config Library <libraries/config>` method ``site_url()`` added a question mark to the URL string when query strings are enabled even if it already existed. +- Fixed a bug (#999) - :doc:`Config Library <libraries/config>` method ``site_url()`` always appended ``$config['url_suffix']`` to the end of the URL string, regardless of whether a query string exists in it. +- Fixed a bug where :doc:`URL Helper <helpers/url_helper>` function ``anchor_popup()`` ignored the attributes argument if it is not an array. +- Fixed a bug (#1328) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly check the type of the form fields before processing them. +- Fixed a bug (#79) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly validate array fields that use associative keys or have custom indexes. +- Fixed a bug (#427) - :doc:`Form Validation Library <libraries/form_validation>` method ``strip_image_tags()`` was an alias to a non-existent method. +- Fixed a bug (#1545) - :doc:`Query Builder <database/query_builder>` method ``limit()`` wasn't executed properly under Oracle. +- Fixed a bug (#1551) - :doc:`Date Helper <helpers/date_helper>` function ``standard_date()`` didn't properly format *W3C* and *ATOM* standard dates. +- Fixed a bug in :doc:`Query Builder <database/query_builder>` method join() where literal values were escaped as if they were fields. +- Fixed a bug (#135) - PHP Error logging was impossible without the errors being displayed. +- Fixed a bug (#1613) - :doc:`Form Helper <helpers/form_helper>` functions ``form_multiselect()``, ``form_dropdown()`` didn't properly handle empty array option groups. +- Fixed a bug (#1605) - :doc:`Pagination Library <libraries/pagination>` produced incorrect *previous* and *next* link values. +- Fixed a bug in SQLSRV's ``affected_rows()`` method where an erroneous function name was used. +- Fixed a bug (#1000) - Change syntax of ``$view_file`` to ``$_ci_view_file`` to prevent being overwritten by application. +- Fixed a bug (#1757) - :doc:`Directory Helper <helpers/directory_helper>` function ``directory_map()`` was skipping files and directories named *0*. +- Fixed a bug (#1789) - :doc:`Database Library <database/index>` method ``escape_str()`` escaped quote characters in LIKE conditions twice under MySQL. +- Fixed a bug (#395) - :doc:`Unit Testing Library <libraries/unit_testing>` method ``result()`` didn't properly check array result columns when called from ``report()``. +- Fixed a bug (#1692) - :doc:`Database Library <database/index>` method ``display_error()`` didn't properly trace the possible error source on Windows systems. +- Fixed a bug (#1745) - ``is_write_type()`` method in the :doc:`Database Library <database/index>` didn't return TRUE for LOAD queries. +- Fixed a bug (#1765) - :doc:`Database Library <database/index>` didn't properly detect connection errors for MySQLi. +- Fixed a bug (#1257) - :doc:`Query Builder <database/query_builder>` used to (unnecessarily) group FROM clause contents, which breaks certain queries and is invalid for some databases. +- Fixed a bug (#1709) - :doc:`Email <libraries/email>` headers were broken when using long email subjects and \r\n as CRLF. +- Fixed a bug where ``MB_ENABLED`` was only declared if ``UTF8_ENABLED`` was set to TRUE. +- Fixed a bug where the :doc:`Session Library <libraries/sessions>` accepted cookies with *last_activity* values being in the future. +- Fixed a bug (#1897) - :doc:`Email Library <libraries/email>` triggered PHP E_WARNING errors when *mail* protocol used and ``to()`` is never called. +- Fixed a bug (#1409) - :doc:`Email Library <libraries/email>` didn't properly handle multibyte characters when applying Q-encoding to headers. +- Fixed a bug where :doc:`Email Library <libraries/email>` didn't honor it's *wordwrap* setting while handling alternative messages. +- Fixed a bug (#1476, #1909) - :doc:`Pagination Library <libraries/pagination>` didn't take into account actual routing when determining the current page. +- Fixed a bug (#1766) - :doc:`Query Builder <database/query_builder>` didn't always take into account the *dbprefix* setting. +- Fixed a bug (#779) - :doc:`URI Class <libraries/uri>` didn't always trim slashes from the *uri_string* as shown in the documentation. +- Fixed a bug (#134) - :doc:`Database Caching <database/caching>` method ``delete_cache()`` didn't work in some cases due to *cachedir* not being initialized properly. +- Fixed a bug (#191) - :doc:`Loader Library <libraries/loader>` ignored attempts for (re)loading databases to ``get_instance()->db`` even when the old database connection is dead. +- Fixed a bug (#1255) - :doc:`User Agent Library <libraries/user_agent>` method ``is_referral()`` only checked if ``$_SERVER['HTTP_REFERER']`` exists. +- Fixed a bug (#1146) - :doc:`Download Helper <helpers/download_helper>` function ``force_download()`` incorrectly sent *Cache-Control* directives *pre-check* and *post-check* to Internet Explorer. +- Fixed a bug (#1811) - :doc:`URI Library <libraries/uri>` didn't properly cache segments for ``uri_to_assoc()`` and ``ruri_to_assoc()``. +- Fixed a bug (#1506) - :doc:`Form Helpers <helpers/form_helper>` set empty *name* attributes. +- Fixed a bug (#59) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` ignored the DISTINCT clause. +- Fixed a bug (#1624) - :doc:`Form Validation Library <libraries/form_validation>` rule **matches** didn't property handle array field names. +- Fixed a bug (#1630) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't escape HTML entities. +- Fixed a bug (#142) - :doc:`Form Helper <helpers/form_helper>` function ``form_dropdown()`` didn't escape HTML entities in option values. +- Fixed a bug (#50) - :doc:`Session Library <libraries/sessions>` unnecessarily stripped slashed from serialized data, making it impossible to read objects in a namespace. +- Fixed a bug (#658) - :doc:`Routing <general/routing>` wildcard **:any** didn't work as advertised and matched multiple URI segments instead of all characters within a single segment. +- Fixed a bug (#1938) - :doc:`Email Library <libraries/email>` removed multiple spaces inside a pre-formatted plain text message. +- Fixed a bug (#388, #705) - :doc:`URI Library <libraries/uri>` didn't apply URL-decoding to URI segments that it got from **REQUEST_URI** and/or **QUERY_STRING**. +- Fixed a bug (#122) - :doc:`URI Library <libraries/uri>` method ``ruri_string()`` didn't include a directory if one is used. +- Fixed a bug - :doc:`Routing Library <general/routing>` didn't properly handle *default_controller* in a subdirectory when a method is also specified. +- Fixed a bug (#953) - :doc:`post_controller_constructor hook <general/hooks>` wasn't called with a *404_override*. +- Fixed a bug (#1220) - :doc:`Profiler Library <general/profiling>` didn't display information for database objects that are instantiated inside models. +- Fixed a bug (#1978) - :doc:`Directory Helper <helpers/directory_helper>` function :php:func:`directory_map()`'s return array didn't make a distinction between directories and file indexes when a directory with a numeric name is present. +- Fixed a bug (#777) - :doc:`Loader Library <libraries/loader>` didn't look for helper extensions in added package paths. +- Fixed a bug (#18) - :doc:`APC Cache <libraries/caching>` driver didn't (un)serialize data, resulting in failure to store objects. +- Fixed a bug (#188) - :doc:`Unit Testing Library <libraries/unit_testing>` filled up logs with error messages for non-existing language keys. +- Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array. +- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE. + +Version 2.1.3 +============= + +Release Date: October 8, 2012 + +- Core + - :doc:`Common function <general/common_functions>` ``is_loaded()`` now returns a reference. + +Bug fixes for 2.1.3 +------------------- + +- Fixed a bug (#1543) - File-based :doc:`Caching <libraries/caching>` method ``get_metadata()`` used a non-existent array key to look for the TTL value. +- Fixed a bug (#1314) - :doc:`Session Library <libraries/sessions>` method ``sess_destroy()`` didn't destroy the userdata array. +- Fixed a bug (#804) - :doc:`Profiler library <general/profiling>` was trying to handle objects as strings in some cases, resulting in *E_WARNING* messages being issued by ``htmlspecialchars()``. +- Fixed a bug (#1699) - :doc:`Migration Library <libraries/migration>` ignored the ``$config['migration_path']`` setting. +- Fixed a bug (#227) - :doc:`Input Library <libraries/input>` allowed unconditional spoofing of HTTP clients' IP addresses through the *HTTP_CLIENT_IP* header. +- Fixed a bug (#907) - :doc:`Input Library <libraries/input>` ignored *HTTP_X_CLUSTER_CLIENT_IP* and *HTTP_X_CLIENT_IP* headers when checking for proxies. +- Fixed a bug (#940) - ``csrf_verify()`` used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. +- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set tot FALSE. +- Fixed a bug (#1715) - :doc:`Input Library <libraries/input>` triggered ``csrf_verify()`` on CLI requests. +- Fixed a bug (#751) - :doc:`Query Builder <database/query_builder>` didn't properly handle cached field escaping overrides. +- Fixed a bug (#2004) - :doc:`Query Builder <database/query_builder>` didn't properly merge cached calls with non-cache ones. + +Version 2.1.2 +============= + +Release Date: June 29, 2012 + +- General Changes + - Improved security in ``xss_clean()``. Version 2.1.1 ============= -Release Date: Not Released +Release Date: June 12, 2012 - General Changes - Fixed support for docx, xlsx files in mimes.php. - Libraries - Further improved MIME type detection in the :doc:`File Uploading Library <libraries/file_uploading>`. + - Added support for IPv6 to the :doc:`Input Library <libraries/input>`. + - Added support for the IP format parameter to the :doc:`Form Validation Library <libraries/form_validation>`. - Helpers - - url_title() performance and output improved. You can now use any string as the word delimiter, but 'dash' and 'underscore' are still supported. + - ``url_title()`` performance and output improved. You can now use any string as the word delimiter, but 'dash' and 'underscore' are still supported. Bug fixes for 2.1.1 ------------------- -- Fixed a bug (#697) - A wrong array key was used in the Upload library to check for mime-types. -- Fixed a bug - form_open() compared $action against site_url() instead of base_url(). -- Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE. +- Fixed a bug (#697) - A wrong array key was used in the :doc:`File Uploading Library <libraries/file_uploading>` to check for mime-types. +- Fixed a bug - ``form_open()`` compared $action against ``site_url()`` instead of ``base_url()``. +- Fixed a bug - ``CI_Upload::_file_mime_type()`` could've failed if ``mime_content_type()`` is used for the detection and returns FALSE. - Fixed a bug (#538) - Windows paths were ignored when using the :doc:`Image Manipulation Library <libraries/image_lib>` to create a new file. -- Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found +- Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found. +- Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk. +- Fixed a bug (#726) - PDO put a 'dbname' argument in it's connection string regardless of the database platform in use, which made it impossible to use SQLite. +- Fixed a bug - ``CI_DB_pdo_driver::num_rows()`` was not returning properly value with SELECT queries, cause it was relying on ``PDOStatement::rowCount()``. +- Fixed a bug (#1059) - ``CI_Image_lib::clear()`` was not correctly clearing all necessary object properties, namely width and height. Version 2.1.0 ============= @@ -264,7 +560,7 @@ Release Date: November 14, 2011 injection. - Added additional option 'none' for the optional third argument for $this->db->like() in the :doc:`Database - Driver <database/active_record>`. + Driver <database/query_builder>`. - Added $this->db->insert_batch() support to the OCI8 (Oracle) driver. - Added failover if the main connections in the config should fail @@ -362,7 +658,6 @@ Release Date: August 20, 2011 - Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch. - Added "application/x-csv" to mimes.php. - - Added CSRF protection URI whitelisting. - Fixed a bug where :doc:`Email library <libraries/email>` attachments with a "." in the name would using invalid MIME-types. @@ -1539,27 +1834,27 @@ Release Date: January 30, 2008 - Active Record - Added protect_identifiers() in :doc:`Active - Record <./database/active_record>`. + Record <./database/query_builder>`. - All AR queries are backticked if appropriate to the database. - Added where_in(), or_where_in(), where_not_in(), or_where_not_in(), not_like() and or_not_like() to :doc:`Active - Record <./database/active_record>`. + Record <./database/query_builder>`. - Added support for limit() into update() and delete() statements in - :doc:`Active Record <./database/active_record>`. + :doc:`Active Record <./database/query_builder>`. - Added empty_table() and truncate_table() to :doc:`Active - Record <./database/active_record>`. + Record <./database/query_builder>`. - Added the ability to pass an array of tables to the delete() - statement in :doc:`Active Record <./database/active_record>`. + statement in :doc:`Active Record <./database/query_builder>`. - Added count_all_results() function to :doc:`Active - Record <./database/active_record>`. + Record <./database/query_builder>`. - Added select_max(), select_min(), select_avg() and - select_sum() to :doc:`Active Record <./database/active_record>`. + select_sum() to :doc:`Active Record <./database/query_builder>`. - Added the ability to use aliases with joins in :doc:`Active - Record <./database/active_record>`. + Record <./database/query_builder>`. - Added a third parameter to Active Record's like() clause to control where the wildcard goes. - Added a third parameter to set() in :doc:`Active - Record <./database/active_record>` that withholds escaping + Record <./database/query_builder>` that withholds escaping data. - Changed the behaviour of variables submitted to the where() clause with no values to auto set "IS NULL" @@ -1667,7 +1962,7 @@ Release Date: January 30, 2008 the table of contents of the userguide. - Moved part of the userguide menu javascript to an external file. - Documented distinct() in :doc:`Active - Record <./database/active_record>`. + Record <./database/query_builder>`. - Documented the timezones() function in the :doc:`Date Helper <./helpers/date_helper>`. - Documented unset_userdata in the :doc:`Session @@ -2122,7 +2417,7 @@ Release Date: September 17, 2006 - Moved the list of "allowed URI characters" out of the Router class and into the config file. - Moved the MIME type array out of the Upload class and into its own - file in the applications/config/ folder. + file in the application/config/ folder. - Updated the Upload class to allow the upload field name to be set when calling :doc:`do_upload() <./libraries/file_uploading>`. - Updated the :doc:`Config Library <./libraries/config>` to be able to @@ -2243,9 +2538,9 @@ Release Date: April 11, 2006 function <./general/views>`: $this->load->view('my_view', $object); - Added getwhere function to :doc:`Active Record - class <./database/active_record>`. + class <./database/query_builder>`. - Added count_all function to :doc:`Active Record - class <./database/active_record>`. + class <./database/query_builder>`. - Added language file for scaffolding and fixed a scaffolding bug that occurs when there are no rows in the specified table. - Added :doc:`$this->db->last_query() <./database/queries>`, which @@ -2270,7 +2565,7 @@ Release Date: April 3, 2006 - Added support for :doc:`Models <general/models>`. - Redesigned the database libraries to support additional RDBMs (Postgres, MySQLi, etc.). -- Redesigned the :doc:`Active Record class <./database/active_record>` +- Redesigned the :doc:`Active Record class <./database/query_builder>` to enable more varied types of queries with simpler syntax, and advanced features like JOINs. - Added a feature to the database class that lets you run :doc:`custom @@ -2303,7 +2598,7 @@ Release Date: April 3, 2006 whether PHP 4 or 5 is being run, since PHP 5 allows a more graceful way to manage objects that utilizes a bit less resources. - Deprecated: $this->db->use_table() has been deprecated. Please read - the :doc:`Active Record <./database/active_record>` page for + the :doc:`Active Record <./database/query_builder>` page for information. - Deprecated: $this->db->smart_escape_str() has been deprecated. Please use this instead: $this->db->escape() |