diff options
Diffstat (limited to 'user_guide_src/source/installation/upgrade_300.rst')
-rw-r--r-- | user_guide_src/source/installation/upgrade_300.rst | 61 |
1 files changed, 52 insertions, 9 deletions
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 6358a811f..59df7c303 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -318,7 +318,7 @@ The SHA1 library The previously deprecated SHA1 library has been removed, alter your code to use PHP's native ``sha1()`` function to generate a SHA1 hash. -Additionally, the ``sha1()`` method in the :doc:`Encryption Library <../libraries/encryption>` has been removed. +Additionally, the ``sha1()`` method in the :doc:`Encrypt Library <../libraries/encrypt>` has been removed. The EXT constant ================ @@ -333,6 +333,24 @@ Smiley helper js_insert_smiley() :doc:`Smiley Helper <../helpers/smiley_helper>` function ``js_insert_smiley()`` has been deprecated since CodeIgniter 1.7.2 and is now removed. You'll need to switch to ``smiley_js()`` instead. +The Encrypt library +=================== + +Following numerous vulnerability reports, the :doc:`Encrypt Library <../libraries/encrypt>` has +been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take +its place. + +The new library requires either the `MCrypt extension <http://php.net/mcrypt>`_ (and /dev/urandom +availability) or PHP 5.3.3 and the `OpenSSL extension <http://php.net/openssl>`_. +While this might be rather inconvenient, it is a requirement that allows us to have properly +implemented cryptographic functions. + +.. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose + of keeping backwards compatibility. + +.. important:: You are strongly encouraged to switch to the new :doc:`Encryption Library + <../libraries/encryption>` as soon as possible! + Database drivers 'mysql', 'sqlite', 'mssql', 'pdo/dblib' ======================================================== @@ -375,7 +393,7 @@ CodeIgniter 3.1+. String helper repeater() ======================== -:doc:`String Helper <../helpers/string_helper>` function :php:func:`repeater()` is now just an alias for +:doc:`String Helper <../helpers/string_helper>` function :func:`repeater()` is now just an alias for PHP's native ``str_repeat()`` function. It is deprecated and scheduled for removal in CodeIgniter 3.1+. .. note:: This function is still available, but you're strongly encouraged to remove its usage sooner @@ -384,7 +402,7 @@ PHP's native ``str_repeat()`` function. It is deprecated and scheduled for remov String helper trim_slashes() ============================ -:doc:`String Helper <../helpers/string_helper>` function :php:func:`trim_slashes()` is now just an alias +:doc:`String Helper <../helpers/string_helper>` function :func:`trim_slashes()` is now just an alias for PHP's native ``trim()`` function (with a slash passed as its second argument). It is deprecated and scheduled for removal in CodeIgniter 3.1+. @@ -396,8 +414,8 @@ Email helper functions :doc:`Email Helper <../helpers/email_helper>` only has two functions - - :php:func:`valid_email()` - - :php:func:`send_email()` + - :func:`valid_email()` + - :func:`send_email()` Both of them are now aliases for PHP's native ``filter_var()`` and ``mail()`` functions, respectively. Therefore the :doc:`Email Helper <../helpers/email_helper>` altogether is being deprecated and @@ -447,7 +465,7 @@ CodeIgniter 3.1+. String helper random_string() types 'unique' and 'encrypt' ========================================================== -When using the :doc:`String Helper <../helpers/string_helper>` function :php:func:`random_string()`, +When using the :doc:`String Helper <../helpers/string_helper>` function :func:`random_string()`, you should no longer pass the **unique** and **encrypt** randomization types. They are only aliases for **md5** and **sha1** respectively and are now deprecated and scheduled for removal in CodeIgniter 3.1+. @@ -458,7 +476,7 @@ in CodeIgniter 3.1+. URL helper url_title() separators 'dash' and 'underscore' ========================================================= -When using the :doc:`URL Helper <../helpers/url_helper>` function :php:func:`url_title()`, you +When using the :doc:`URL Helper <../helpers/url_helper>` function :func:`url_title()`, you should no longer pass **dash** or **underscore** as the word separator. This function will now accept any character and you should just pass the chosen character directly, so you should write '-' instead of 'dash' and '_' instead of 'underscore'. @@ -538,7 +556,7 @@ Input library method is_cli_request() Calls to the ``CI_Input::is_cli_request()`` method are necessary at many places in the CodeIgniter internals and this is often before the :doc:`Input Library <../libraries/input>` is loaded. Because of that, it is being replaced by a common -function named :php:func:`is_cli()` and this method is now just an alias. +function named :func:`is_cli()` and this method is now just an alias. The new function is both available at all times for you to use and shorter to type. @@ -556,6 +574,31 @@ CodeIgniter 3.1+. .. note:: This method is still available, but you're strongly encouraged to remove its usage sooner rather than later. +Config library method system_url() +================================== + +Usage of ``CI_Config::system_url()`` encourages insecure coding practices. +Namely, your CodeIgniter *system/* directory shouldn't be publicly accessible +from a security point of view. + +Because of this, this method is now deprecated and scheduled for removal in +CodeIgniter 3.1+. + +.. note:: This method is still available, but you're strongly encouraged to remove its usage + sooner rather than later. + +====================== +The Javascript library +====================== + +The :doc:`Javascript Library <../libraries/javascript>` has always had an +'experimental' status and was never really useful, nor a proper solution. + +It is now deprecated and scheduled for removal in CodeIgniter 3.1+. + +.. note:: This library is still available, but you're strongly encouraged to remove its usage + sooner rather than later. + *********************************************************** Step 18: Check your usage of Text helper highlight_phrase() *********************************************************** @@ -572,4 +615,4 @@ in order to avoid backwards compatibility with old browsers:: mark { background: #ff0; color: #000; - };
\ No newline at end of file + }; |