diff options
Diffstat (limited to 'user_guide_src/source')
21 files changed, 179 insertions, 47 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index e5387cc5a..512480969 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -2,6 +2,79 @@ Change Log ########## +Version 3.1.9 +============= + +Release Date: Jun 12, 2018 + +- **Security** + + - Updated :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. + - Fixed a possible session fixation vulnerability where the :doc:`Session Library <libraries/sessions>` enabled ``session.use_strict_mode`` but it didn't actually do anything (thanks to Aamer Shah, Prasanna Kumar). + +- General Changes + + - Updated :doc:`Query Builder <database/query_builder>` method ``limit()`` to allow ``0`` values. + - Updated :doc:`Email Library <libraries/email>` and :doc:`Form Validation Library <libraries/form_validation>` to discard the results of failed ``idn_to_ascii()`` calls while validating e-mail addresses. + +Bug fixes for 3.1.9 +------------------- + +- Fixed a regression (#5448) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) didn't apply *dbprefix* or identifier escaping. +- Fixed a regression (#5462) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) produced incorrect SQL syntax when used with ``'before'`` as the third parameter. +- Fixed a bug (#5516) - :doc:`HTML Helper <helpers/html_helper>` functions :php:func:`img()`, :php:func:`link_tag()` would output results with double slashes if a prefix slash was included in their path inputs. + +Version 3.1.8 +============= + +Release Date: Mar 22, 2018 + +- **Security** + + - Updated :doc:`Security Library <libraries/security>` method ``xss_clean()`` to also filter JavaScript tag functions. + - Fixed a bug where :doc:`Security Library <libraries/security>` method ``xss_clean()`` didn't check for parentheses around JavaScript's ``document``. + +- General Changes + + - Updated :doc:`Email Library <libraries/email>` to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections. + - Updated :doc:`Database Library <database/index>` method ``version()`` to exclude suffixes to the main version numbers with the 'postgre' driver. + +Bug fixes for 3.1.8 +------------------- + +- Fixed a bug where :doc:`Form Validation Library <libraries/form_validation>`, :doc:`Email Library <libraries/email>` tried to use ``INTL_IDNA_VARIANT_UTS46`` when it was undeclared. +- Fixed a bug where :doc:`Query Builder <database/query_builder>` methods ``where()``, ``having()`` treated values passed to them as arbitrary SQL. +- Fixed a bug (#5423) - :doc:`Database Library <database/index>` method ``insert_id()`` failed due to incorrect server version parsing with the 'postgre' driver. +- Fixed a bug (#5425) - :doc:`XML-RPC Library <libraries/xmlrpc>` produced an error message related to ``count()`` on PHP 7.2. +- Fixed a bug (#5434) - :doc:`Image Manipulation Library <libraries/image_lib>` attempted to ``chmod()`` while rendering images with the ``dynamic_output`` option. +- Fixed a bug (#5435) - :doc:`Database Results <database/results>` method ``field_data()`` hid info about one field if ``limit()`` was previously used with the 'oci8' driver. + +Version 3.1.7 +============= + +Release Date: Jan 13, 2018 + +- General Changes + + - Updated :doc:`Form Validation Library <libraries/form_validation>` rule ``valid_email`` to use ``INTL_IDNA_VARIANT_UTS46`` for non-ASCII domain names. + - Updated :doc:`Email Library <libraries/email>` to use ``INTL_IDNA_VARIANT_UTS46`` for non-ASCII domain names. + - Updated :doc:`Loader Library <libraries/loader>` method ``model()`` to log both ``CI_Model`` class loading and individual models' initialization. + - Updated :doc:`Pagination Library <libraries/pagination>` to preserve previously set attributes while calling ``initialize()``. + - Updated :doc:`Cache Library <libraries/caching>` to automatically add items to cache on ``increment()``, ``decrement()`` calls for missing keys. + - Deprecated usage of :doc:`CAPTCHA Helper <helpers/captcha_helper>` function :php:func:`create_captcha()` with parameters other than ``$data``. + +Bug fixes for 3.1.7 +------------------- + +- Fixed a regression (#5276) - :doc:`Database Utilities <database/utilities>` method ``backup()`` generated incorrect ``INSERT`` statements with the 'mysqli' driver. +- Fixed a regression where :doc:`Database Results <database/results>` method ``field_data()`` returned incorrect type names. +- Fixed a bug (#5278) - :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` didn't detect trailing slashes in URLs. +- Fixed a regression (#5282) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` breaks ``ORDER BY`` clauses for subsequent queries. +- Fixed a bug (#5279) - :doc:`Query Builder <database/query_builder>` didn't account for already escaped identifiers while applying database name prefixes. +- Fixed a bug (#5331) - :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` converted e-mail addresses starting with 'www.' to both "url" and "email" links. +- Fixed a bug where ``$config['allow_get_array']`` defaulted to ``FALSE`` if it didn't exist in the config file. +- Fixed a bug (#5379) - :doc:`Session Library <libraries/sessions>` would incorrectly fail to obtain a lock that it already has on PHP 7 with the 'memcached' driver. + Version 3.1.6 ============= @@ -1893,7 +1966,7 @@ Hg Tag: v2.0.0 precision. - Added alpha, and sha1 string types to random_string() in the :doc:`String Helper <helpers/string_helper>`. - - Modified prep_url() so as to not prepend http:// if the supplied + - Modified prep_url() so as to not prepend \http:// if the supplied string already has a scheme. - Modified get_file_info in the file helper, changing filectime() to filemtime() for dates. @@ -2633,7 +2706,7 @@ Bugfixes for 1.6.2 instantiating new Language and Exception objects, and not using the error heading. - Fixed a bug (#4413) where a URI containing slashes only e.g. - 'http://example.com/index.php?//' would result in PHP errors + '\http://example.com/index.php?//' would result in PHP errors - Fixed an array to string conversion error in the Validation library (#4425) - Fixed bug (#4451, #4299, #4339) where failed transactions will not diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index 7929f8ae7..e396217de 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -41,16 +41,16 @@ master_doc = 'index' # General information about the project. project = u'CodeIgniter' -copyright = u'2014 - 2017, British Columbia Institute of Technology' +copyright = u'2014 - 2018, British Columbia Institute of Technology' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the # built documents. # # The short X.Y version. -version = '3.1.6' +version = '3.1.9' # The full version, including alpha/beta/rc tags. -release = '3.1.6' +release = '3.1.9' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. @@ -229,7 +229,7 @@ man_pages = [ epub_title = u'CodeIgniter' epub_author = u'British Columbia Institute of Technology' epub_publisher = u'British Columbia Institute of Technology' -epub_copyright = u'2014 - 2017, British Columbia Institute of Technology' +epub_copyright = u'2014 - 2018, British Columbia Institute of Technology' # The language of the text. It defaults to the language option # or en if the language is not set. diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index e231a7d6a..a9bf7dcb6 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -186,7 +186,7 @@ Explanation of Values: - 'ssl_key' - Path to the private key file - 'ssl_cert' - Path to the public key certificate file - 'ssl_ca' - Path to the certificate authority file - - 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format + - 'ssl_capath' - Path to a directory containing trusted CA certificates in PEM format - 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':') - 'ssl_verify' - TRUE/FALSE; Whether to verify the server certificate or not ('mysqli' only) diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index 1b79c893a..38bc7fcff 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -654,7 +654,7 @@ will be reset (by default it will be--just like $this->db->insert()):: // Produces string: INSERT INTO mytable (`title`, `content`) VALUES ('My Title', 'My Content') The key thing to notice in the above example is that the second query did not -utlize `$this->db->from()` nor did it pass a table name into the first +utilize `$this->db->from()` nor did it pass a table name into the first parameter. The reason this worked is because the query has not been executed using `$this->db->insert()` which resets values or reset directly using `$this->db->reset_query()`. diff --git a/user_guide_src/source/general/controllers.rst b/user_guide_src/source/general/controllers.rst index 5a111d8dc..14e583636 100644 --- a/user_guide_src/source/general/controllers.rst +++ b/user_guide_src/source/general/controllers.rst @@ -337,4 +337,4 @@ list. That's it! ========== -That, in a nutshell, is all there is to know about controllers.
\ No newline at end of file +That, in a nutshell, is all there is to know about controllers. diff --git a/user_guide_src/source/general/core_classes.rst b/user_guide_src/source/general/core_classes.rst index 79f73ef06..9ccded75c 100644 --- a/user_guide_src/source/general/core_classes.rst +++ b/user_guide_src/source/general/core_classes.rst @@ -83,6 +83,7 @@ application/core/MY_Input.php, and declare your class with:: public function __construct() { parent::__construct(); + // Your own constructor code } } @@ -98,12 +99,6 @@ your new class in your application controller's constructors. class Welcome extends MY_Controller { - public function __construct() - { - parent::__construct(); - // Your own constructor code - } - public function index() { $this->load->view('welcome_message'); @@ -119,4 +114,4 @@ To set your own sub-class prefix, open your $config['subclass_prefix'] = 'MY_'; Please note that all native CodeIgniter libraries are prefixed -with CI\_ so DO NOT use that as your prefix.
\ No newline at end of file +with CI\_ so DO NOT use that as your prefix. diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index d6b0631af..83742b619 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -224,6 +224,7 @@ extend the parent constructor:: public function __construct($config = array()) { parent::__construct($config); + // Your own constructor code } } @@ -256,4 +257,4 @@ To set your own sub-class prefix, open your $config['subclass_prefix'] = 'MY_'; Please note that all native CodeIgniter libraries are prefixed with CI\_ -so DO NOT use that as your prefix.
\ No newline at end of file +so DO NOT use that as your prefix. diff --git a/user_guide_src/source/general/models.rst b/user_guide_src/source/general/models.rst index eb842e927..0b20164e9 100644 --- a/user_guide_src/source/general/models.rst +++ b/user_guide_src/source/general/models.rst @@ -67,12 +67,6 @@ The basic prototype for a model class is this:: class Model_name extends CI_Model { - public function __construct() - { - parent::__construct(); - // Your own constructor code - } - } Where **Model_name** is the name of your class. Class names **must** have @@ -83,12 +77,6 @@ The file name must match the class name. For example, if this is your class:: class User_model extends CI_Model { - public function __construct() - { - parent::__construct(); - // Your own constructor code - } - } Your file will be this:: @@ -176,4 +164,4 @@ database. The following options for connecting are available to you: $config['pconnect'] = FALSE; $config['db_debug'] = TRUE; - $this->load->model('model_name', '', $config);
\ No newline at end of file + $this->load->model('model_name', '', $config); diff --git a/user_guide_src/source/general/urls.rst b/user_guide_src/source/general/urls.rst index e23554907..b8a1b9f5b 100644 --- a/user_guide_src/source/general/urls.rst +++ b/user_guide_src/source/general/urls.rst @@ -42,9 +42,9 @@ By default, the **index.php** file will be included in your URLs:: If your Apache server has *mod_rewrite* enabled, you can easily remove this file by using a .htaccess file with some simple rules. Here is an example of such a file, using the "negative" method in which everything is redirected -except the specified items:: +except the specified items: -.. code-block:: console +.. code-block:: apache RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f diff --git a/user_guide_src/source/helpers/captcha_helper.rst b/user_guide_src/source/helpers/captcha_helper.rst index 986c1d3e1..be1b20aaf 100644 --- a/user_guide_src/source/helpers/captcha_helper.rst +++ b/user_guide_src/source/helpers/captcha_helper.rst @@ -135,9 +135,9 @@ The following functions are available: .. php:function:: create_captcha([$data = ''[, $img_path = ''[, $img_url = ''[, $font_path = '']]]]) :param array $data: Array of data for the CAPTCHA - :param string $img_path: Path to create the image in - :param string $img_url: URL to the CAPTCHA image folder - :param string $font_path: Server path to font + :param string $img_path: Path to create the image in (DEPRECATED) + :param string $img_url: URL to the CAPTCHA image folder (DEPRECATED) + :param string $font_path: Server path to font (DEPRECATED) :returns: array('word' => $word, 'time' => $now, 'image' => $img) :rtype: array @@ -161,4 +161,8 @@ The following functions are available: file extension. It will be a number like this: 1139612155.3422 The **word** is the word that appears in the captcha image, which if not - supplied to the function, will be a random string.
\ No newline at end of file + supplied to the function, will be a random string. + + .. note:: Usage of the ``$img_path``, ``$img_url`` and ``$font_path`` + parameters is DEPRECATED. Provide them in the ``$data`` array + instead. diff --git a/user_guide_src/source/helpers/string_helper.rst b/user_guide_src/source/helpers/string_helper.rst index a1fd7ee15..6dabc60d3 100644 --- a/user_guide_src/source/helpers/string_helper.rst +++ b/user_guide_src/source/helpers/string_helper.rst @@ -127,7 +127,7 @@ The following functions are available: :rtype: string Converts double slashes in a string to a single slash, except those - found in URL protocol prefixes (e.g. http://). + found in URL protocol prefixes (e.g. \http://). Example:: @@ -220,4 +220,4 @@ The following functions are available: Removes single and double quotes from a string. Example:: $string = "Joe's \"dinner\""; - $string = strip_quotes($string); //results in "Joes dinner"
\ No newline at end of file + $string = strip_quotes($string); //results in "Joes dinner" diff --git a/user_guide_src/source/helpers/url_helper.rst b/user_guide_src/source/helpers/url_helper.rst index 435a21df4..e117d37c0 100644 --- a/user_guide_src/source/helpers/url_helper.rst +++ b/user_guide_src/source/helpers/url_helper.rst @@ -144,7 +144,7 @@ The following functions are available: be a string or an array. .. note:: If you are building links that are internal to your application - do not include the base URL (http://...). This will be added + do not include the base URL (\http://...). This will be added automatically from the information specified in your config file. Include only the URI segments you wish appended to the URL. @@ -317,7 +317,7 @@ The following functions are available: :returns: Protocol-prefixed URL string :rtype: string - This function will add http:// in the event that a protocol prefix + This function will add \http:// in the event that a protocol prefix is missing from a URL. Pass the URL string to the function like this:: diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index 76335bb67..e2c764c82 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,7 +2,10 @@ Downloading CodeIgniter ####################### -- `CodeIgniter v3.1.6 (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.6>`_ +- `CodeIgniter v3.1.9 (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.9>`_ +- `CodeIgniter v3.1.8 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.8>`_ +- `CodeIgniter v3.1.7 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.7>`_ +- `CodeIgniter v3.1.6 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.6>`_ - `CodeIgniter v3.1.5 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.5>`_ - `CodeIgniter v3.1.4 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.4>`_ - `CodeIgniter v3.1.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.3>`_ @@ -16,6 +19,9 @@ Downloading CodeIgniter - `CodeIgniter v3.0.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.2>`_ - `CodeIgniter v3.0.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.1>`_ - `CodeIgniter v3.0.0 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.0>`_ +- `CodeIgniter v2.2.6 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/2.2.6>`_ +- `CodeIgniter v2.2.5 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/2.2.5>`_ +- `CodeIgniter v2.2.4 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/2.2.4>`_ - `CodeIgniter v2.2.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/2.2.3>`_ - `CodeIgniter v2.2.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/2.2.2>`_ - `CodeIgniter v2.2.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/2.2.1>`_ diff --git a/user_guide_src/source/installation/upgrade_317.rst b/user_guide_src/source/installation/upgrade_317.rst new file mode 100644 index 000000000..dc1ee1868 --- /dev/null +++ b/user_guide_src/source/installation/upgrade_317.rst @@ -0,0 +1,27 @@ +############################# +Upgrading from 3.1.6 to 3.1.7 +############################# + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. + +Step 2: Remove usage of CAPTCHA helper extra parameters (deprecation) +===================================================================== + +The :doc:`CAPTCHA Helper <../helpers/captcha_helper>` function +:php:func:`create_captcha()` allows passing of its ``img_path``, ``img_url`` +and ``font_path`` options as the 2nd, 3rd and 4th parameters respectively. + +This kind of usage is now deprecated and you should just pass the options +in question as part of the first parameter array. + +.. note:: The functionality in question is still available, but you're + strongly encouraged to remove its usage sooner rather than later. diff --git a/user_guide_src/source/installation/upgrade_318.rst b/user_guide_src/source/installation/upgrade_318.rst new file mode 100644 index 000000000..8b13f5c50 --- /dev/null +++ b/user_guide_src/source/installation/upgrade_318.rst @@ -0,0 +1,14 @@ +############################# +Upgrading from 3.1.7 to 3.1.8 +############################# + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. diff --git a/user_guide_src/source/installation/upgrade_319.rst b/user_guide_src/source/installation/upgrade_319.rst new file mode 100644 index 000000000..3b8da3367 --- /dev/null +++ b/user_guide_src/source/installation/upgrade_319.rst @@ -0,0 +1,21 @@ +############################# +Upgrading from 3.1.8 to 3.1.9 +############################# + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. + +******************************** +Step 3: Replace config/mimes.php +******************************** + +This config file has received some updates. Please copy it to +*application/config/mimes.php*. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index 991d5cf4c..95525a7c6 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -8,6 +8,9 @@ upgrading from. .. toctree:: :titlesonly: + Upgrading from 3.1.8 to 3.1.9 <upgrade_319> + Upgrading from 3.1.7 to 3.1.8 <upgrade_318> + Upgrading from 3.1.6 to 3.1.7 <upgrade_317> Upgrading from 3.1.5 to 3.1.6 <upgrade_316> Upgrading from 3.1.4 to 3.1.5 <upgrade_315> Upgrading from 3.1.3 to 3.1.4 <upgrade_314> diff --git a/user_guide_src/source/libraries/file_uploading.rst b/user_guide_src/source/libraries/file_uploading.rst index 6d2106be8..babdc04f9 100644 --- a/user_guide_src/source/libraries/file_uploading.rst +++ b/user_guide_src/source/libraries/file_uploading.rst @@ -344,7 +344,7 @@ Class Reference full_path Absolute server path, including the file name raw_name File name, without the extension orig_name Original file name. This is only useful if you use the encrypted name option. - client_name File name as supplied by the client user agent, prior to any file name preparation or incrementing + client_name File name supplied by the client user agent, but possibly sanitized file_ext Filename extension, period included file_size File size in kilobytes is_image Whether the file is an image or not. 1 = image. 0 = not. diff --git a/user_guide_src/source/libraries/pagination.rst b/user_guide_src/source/libraries/pagination.rst index 99b5a80a2..fbc75ea56 100644 --- a/user_guide_src/source/libraries/pagination.rst +++ b/user_guide_src/source/libraries/pagination.rst @@ -128,7 +128,7 @@ the offset segment. **$config['suffix'] = '';** -A custom suffix added to the path. The sufix value will be right after +A custom suffix added to the path. The suffix value will be right after the offset segment. **$config['use_global_url_suffix'] = FALSE;** @@ -311,4 +311,4 @@ Class Reference :returns: HTML-formatted pagination :rtype: string - Returns a "pagination" bar, containing the generated links or an empty string if there's just a single page.
\ No newline at end of file + Returns a "pagination" bar, containing the generated links or an empty string if there's just a single page. diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index b1f658d8f..994dc2e08 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -757,8 +757,8 @@ when creating a session driver for CodeIgniter: <http://php.net/sessionhandlerinterface>`_ interface. .. note:: You may notice that ``SessionHandlerInterface`` is provided - by PHP since version 5.4.0. CodeIgniter will automatically declare - the same interface if you're running an older PHP version. + by PHP since version 5.4.0. CodeIgniter will automatically declare + the same interface if you're running an older PHP version. The link will explain why and how. diff --git a/user_guide_src/source/license.rst b/user_guide_src/source/license.rst index c943c294a..d65b56431 100644 --- a/user_guide_src/source/license.rst +++ b/user_guide_src/source/license.rst @@ -2,7 +2,7 @@ The MIT License (MIT) ##################### -Copyright (c) 2014 - 2017, British Columbia Institute of Technology +Copyright (c) 2014 - 2018, British Columbia Institute of Technology Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal |