diff options
Diffstat (limited to 'user_guide_src/source/installation')
| -rw-r--r-- | user_guide_src/source/installation/upgrade_200.rst | 6 | ||||
| -rw-r--r-- | user_guide_src/source/installation/upgrade_300.rst | 61 |
2 files changed, 55 insertions, 12 deletions
diff --git a/user_guide_src/source/installation/upgrade_200.rst b/user_guide_src/source/installation/upgrade_200.rst index 29f44bd9e..948b1bc58 100644 --- a/user_guide_src/source/installation/upgrade_200.rst +++ b/user_guide_src/source/installation/upgrade_200.rst @@ -50,11 +50,11 @@ to :: Step 4: Update stored encrypted data ==================================== -.. note:: If your application does not use the Encryption library, does +.. note:: If your application does not use the Encrypt library, does not store Encrypted data permanently, or is on an environment that does not support Mcrypt, you may skip this step. -The Encryption library has had a number of improvements, some for +The Encrypt library has had a number of improvements, some for encryption strength and some for performance, that has an unavoidable consequence of making it no longer possible to decode encrypted data produced by the original version of this library. To help with the @@ -65,7 +65,7 @@ replace stale encrypted data with fresh in your applications, either on the fly or en masse. Please read `how to use this -method <../libraries/encryption.html#legacy>`_ in the Encryption library +method <../libraries/encrypt.html#legacy>`_ in the Encrypt library documentation. Step 5: Remove loading calls for the compatibility helper. diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 6358a811f..59df7c303 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -318,7 +318,7 @@ The SHA1 library The previously deprecated SHA1 library has been removed, alter your code to use PHP's native ``sha1()`` function to generate a SHA1 hash. -Additionally, the ``sha1()`` method in the :doc:`Encryption Library <../libraries/encryption>` has been removed. +Additionally, the ``sha1()`` method in the :doc:`Encrypt Library <../libraries/encrypt>` has been removed. The EXT constant ================ @@ -333,6 +333,24 @@ Smiley helper js_insert_smiley() :doc:`Smiley Helper <../helpers/smiley_helper>` function ``js_insert_smiley()`` has been deprecated since CodeIgniter 1.7.2 and is now removed. You'll need to switch to ``smiley_js()`` instead. +The Encrypt library +=================== + +Following numerous vulnerability reports, the :doc:`Encrypt Library <../libraries/encrypt>` has +been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take +its place. + +The new library requires either the `MCrypt extension <http://php.net/mcrypt>`_ (and /dev/urandom +availability) or PHP 5.3.3 and the `OpenSSL extension <http://php.net/openssl>`_. +While this might be rather inconvenient, it is a requirement that allows us to have properly +implemented cryptographic functions. + +.. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose + of keeping backwards compatibility. + +.. important:: You are strongly encouraged to switch to the new :doc:`Encryption Library + <../libraries/encryption>` as soon as possible! + Database drivers 'mysql', 'sqlite', 'mssql', 'pdo/dblib' ======================================================== @@ -375,7 +393,7 @@ CodeIgniter 3.1+. String helper repeater() ======================== -:doc:`String Helper <../helpers/string_helper>` function :php:func:`repeater()` is now just an alias for +:doc:`String Helper <../helpers/string_helper>` function :func:`repeater()` is now just an alias for PHP's native ``str_repeat()`` function. It is deprecated and scheduled for removal in CodeIgniter 3.1+. .. note:: This function is still available, but you're strongly encouraged to remove its usage sooner @@ -384,7 +402,7 @@ PHP's native ``str_repeat()`` function. It is deprecated and scheduled for remov String helper trim_slashes() ============================ -:doc:`String Helper <../helpers/string_helper>` function :php:func:`trim_slashes()` is now just an alias +:doc:`String Helper <../helpers/string_helper>` function :func:`trim_slashes()` is now just an alias for PHP's native ``trim()`` function (with a slash passed as its second argument). It is deprecated and scheduled for removal in CodeIgniter 3.1+. @@ -396,8 +414,8 @@ Email helper functions :doc:`Email Helper <../helpers/email_helper>` only has two functions - - :php:func:`valid_email()` - - :php:func:`send_email()` + - :func:`valid_email()` + - :func:`send_email()` Both of them are now aliases for PHP's native ``filter_var()`` and ``mail()`` functions, respectively. Therefore the :doc:`Email Helper <../helpers/email_helper>` altogether is being deprecated and @@ -447,7 +465,7 @@ CodeIgniter 3.1+. String helper random_string() types 'unique' and 'encrypt' ========================================================== -When using the :doc:`String Helper <../helpers/string_helper>` function :php:func:`random_string()`, +When using the :doc:`String Helper <../helpers/string_helper>` function :func:`random_string()`, you should no longer pass the **unique** and **encrypt** randomization types. They are only aliases for **md5** and **sha1** respectively and are now deprecated and scheduled for removal in CodeIgniter 3.1+. @@ -458,7 +476,7 @@ in CodeIgniter 3.1+. URL helper url_title() separators 'dash' and 'underscore' ========================================================= -When using the :doc:`URL Helper <../helpers/url_helper>` function :php:func:`url_title()`, you +When using the :doc:`URL Helper <../helpers/url_helper>` function :func:`url_title()`, you should no longer pass **dash** or **underscore** as the word separator. This function will now accept any character and you should just pass the chosen character directly, so you should write '-' instead of 'dash' and '_' instead of 'underscore'. @@ -538,7 +556,7 @@ Input library method is_cli_request() Calls to the ``CI_Input::is_cli_request()`` method are necessary at many places in the CodeIgniter internals and this is often before the :doc:`Input Library <../libraries/input>` is loaded. Because of that, it is being replaced by a common -function named :php:func:`is_cli()` and this method is now just an alias. +function named :func:`is_cli()` and this method is now just an alias. The new function is both available at all times for you to use and shorter to type. @@ -556,6 +574,31 @@ CodeIgniter 3.1+. .. note:: This method is still available, but you're strongly encouraged to remove its usage sooner rather than later. +Config library method system_url() +================================== + +Usage of ``CI_Config::system_url()`` encourages insecure coding practices. +Namely, your CodeIgniter *system/* directory shouldn't be publicly accessible +from a security point of view. + +Because of this, this method is now deprecated and scheduled for removal in +CodeIgniter 3.1+. + +.. note:: This method is still available, but you're strongly encouraged to remove its usage + sooner rather than later. + +====================== +The Javascript library +====================== + +The :doc:`Javascript Library <../libraries/javascript>` has always had an +'experimental' status and was never really useful, nor a proper solution. + +It is now deprecated and scheduled for removal in CodeIgniter 3.1+. + +.. note:: This library is still available, but you're strongly encouraged to remove its usage + sooner rather than later. + *********************************************************** Step 18: Check your usage of Text helper highlight_phrase() *********************************************************** @@ -572,4 +615,4 @@ in order to avoid backwards compatibility with old browsers:: mark { background: #ff0; color: #000; - };
\ No newline at end of file + }; |