diff options
Diffstat (limited to 'user_guide_src/source')
-rw-r--r-- | user_guide_src/source/changelog.rst | 5 | ||||
-rw-r--r-- | user_guide_src/source/helpers/form_helper.rst | 47 | ||||
-rw-r--r-- | user_guide_src/source/installation/upgrade_300.rst | 43 |
3 files changed, 55 insertions, 40 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 0d832425c..54338f3ee 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -75,7 +75,9 @@ Release Date: Not Released - Refactored ``plural()`` and ``singular()`` to avoid double pluralization and support more words. - Added an optional third parameter to ``force_download()`` that enables/disables sending the actual file MIME type in the Content-Type header (disabled by default). - Added a work-around in ``force_download()`` for a bug Android <= 2.1, where the filename extension needs to be in uppercase. - - ``form_dropdown()`` will now also take an array for unity with other form helpers. + - :doc:`Form Helper <helpers/form_helper>` changes include: + - ``form_dropdown()`` will now also take an array for unity with other form helpers. + - ``form_prep()`` is now **DEPRECATED** and only acts as an alias for :doc:`common function <general/common_functions>` ``html_escape()``. - ``do_hash()`` now uses PHP's native ``hash()`` function (supporting more algorithms) and is deprecated. - Removed previously deprecated helper function ``js_insert_smiley()`` from :doc:`Smiley Helper <helpers/smiley_helper>`. - :doc:`File Helper <helpers/file_helper>` changes include: @@ -387,6 +389,7 @@ Bug fixes for 3.0 - Fixed a bug (#1506) - :doc:`Form Helpers <helpers/form_helper>` set empty *name* attributes. - Fixed a bug (#59) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` ignored the DISTINCT clause. - Fixed a bug (#1624) - :doc:`Form Validation Library <libraries/form_validation>` rule **matches** didn't property handle array field names. +- Fixed a bug (#1630) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't escape HTML entities. Version 2.1.3 ============= diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst index fa7b3dbf9..015bf1162 100644 --- a/user_guide_src/source/helpers/form_helper.rst +++ b/user_guide_src/source/helpers/form_helper.rst @@ -463,29 +463,6 @@ the tag. For example echo form_close($string); // Would produce: </form> </div></div> -form_prep() -=========== - -Allows you to safely use HTML and characters such as quotes within form -elements without breaking out of the form. Consider this example - -:: - - $string = 'Here is a string containing "quoted" text.'; - <input type="text" name="myform" value="$string" /> - -Since the above string contains a set of quotes it will cause the form -to break. The `form_prep()` function converts HTML so that it can be used -safely - -:: - - <input type="text" name="myform" value="<?php echo form_prep($string); ?>" /> - -.. note:: If you use any of the form helper functions listed in this page the form - values will be prepped automatically, so there is no need to call this - function. Use it only if you are creating your own form elements. - set_value() =========== @@ -546,4 +523,26 @@ This function is identical to the **set_checkbox()** function above. .. note:: If you are using the Form Validation class, you must always specify a rule for your field, even if empty, in order for the set_*() functions to work. This is because if a Form Validation object is defined, the control for set_*() is handed over to a method of the class instead of the generic helper - function.
\ No newline at end of file + function. + +Escaping field values +===================== + +You may need to use HTML and characters such as quotes within form +elements. In order to do that safely, you'll need to use +:doc:`common function <../general/common_functions>` ``html_escape()``. + +Consider the following example:: + + $string = 'Here is a string containing "quoted" text.'; + <input type="text" name="myform" value="$string" /> + +Since the above string contains a set of quotes it will cause the form +to break. The ``html_escape()`` function converts HTML so that it can be +used safely:: + + <input type="text" name="myform" value="<?php echo html_escape($string); ?>" /> + +.. note:: If you use any of the form helper functions listed in this page, the form + values will be prepped automatically, so there is no need to call this + function. Use it only if you are creating your own form elements.
\ No newline at end of file diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 31a5c0761..952108356 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -71,8 +71,24 @@ Step 7: Check the calls to Array Helper's element() and elements() functions The default return value of these functions, when the required elements don't exist, has been changed from FALSE to NULL. +********************************************************** +Step 8: Change usage of Email library with multiple emails +********************************************************** + +The :doc:`Email library <../libraries/email>` will automatically clear the +set parameters after successfully sending emails. To override this behaviour, +pass FALSE as the first parameter in the ``send()`` method: + +:: + + if ($this->email->send(FALSE)) + { + // Parameters won't be cleared + } + + *************************************************************** -Step 8: Remove usage of (previously) deprecated functionalities +Step 9: Remove usage of (previously) deprecated functionalities *************************************************************** In addition to the ``$autoload['core']`` configuration setting, there's a number of other functionalities @@ -118,6 +134,16 @@ CodeIgniter 3.1+. .. note:: This function is still available, but you're strongly encouraged to remove it's usage sooner rather than later. +Form helper form_prep() +======================= + +:doc:`Form Helper <../helpers/form_helper>` function ``form_prep()`` is now just an alias for +:doc:`common function <../general/common_functions>` ``html_escape()`` and it's second argument +is ignored. It is deprecated and scheduled for removal in CodeIgniter 3.1+. + +.. note:: This function is still available, but you're strongly encouraged to remove it's usage sooner + rather than later. + Date helper standard_date() =========================== @@ -154,17 +180,4 @@ As a result of that, the 'anchor_class' setting is now deprecated and scheduled CodeIgniter 3.1+. .. note:: This setting is still available, but you're strongly encouraged to remove its' usage sooner - rather than later. - -Email library -============= - -The :doc:`Email library <../libraries/email>` will automatically clear the set parameters after successfully sending -emails. To override this behaviour, pass FALSE as the first parameter in the ``send()`` function: - -:: - - if ($this->email->send(FALSE)) - { - // Parameters won't be cleared - } + rather than later.
\ No newline at end of file |