diff options
Diffstat (limited to 'user_guide_src/source')
10 files changed, 172 insertions, 12 deletions
diff --git a/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css b/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css index 192af2004..a2a3b3e91 100644 --- a/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css +++ b/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css @@ -70,4 +70,19 @@ div#pulldown-menu { font-weight: 300; font-family: Lucida Grande,Verdana,Geneva,sans-serif; color: #aaaaaa; +} + +/*hide pulldown menu on mobile devices*/ +@media (max-width: 768px) { /*tablet size defined by theme*/ + #closeMe { + display: none; + } + + #pulldown { + display: none; + } + + #openToc { + display: none; + } }
\ No newline at end of file diff --git a/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js b/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js index b77789d06..081d77bdf 100644 --- a/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js +++ b/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js @@ -25,7 +25,7 @@ $(document).ready(function () { $('#closeMe').toggle( function () { - setCookie('ciNav', true, 365); + setCookie('ciNav', 'yes', 365); $('#nav2').show(); $('#topMenu').remove(); $('body').css({background: 'none'}); @@ -35,7 +35,7 @@ $(document).ready(function () { }, function () { - setCookie('ciNav', false, 365); + setCookie('ciNav', 'no', 365); $('#topMenu').remove(); $('#nav').hide(); $('#nav2').hide(); @@ -44,20 +44,25 @@ $(document).ready(function () { $('.wy-nav-side').show(); } ); - if (getCookie('ciNav') == 'true') + if (getCookie('ciNav') == 'yes') { $('#closeMe').trigger('click'); //$('#nav').slideToggle(); } // END MODIFICATION --- + }); // Rufnex Cookie functions function setCookie(cname, cvalue, exdays) { + // expire the old cookie if existed to avoid multiple cookies with the same name + if (getCookie(cname)) { + document.cookie = cname + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT"; + } var d = new Date(); d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000)); var expires = "expires=" + d.toGMTString(); - document.cookie = cname + "=" + cvalue + "; " + expires; + document.cookie = cname + "=" + cvalue + "; " + expires + "; path=/"; } function getCookie(cname) { var name = cname + "="; @@ -70,10 +75,31 @@ function getCookie(cname) { return c.substring(name.length, c.length); } } - return false; + return ''; } // End +// resize window +$(window).on('resize', function(){ + // show side nav on small screens when pulldown is enabled + if (getCookie('ciNav') == 'yes' && $(window).width() <= 768) { // 768px is the tablet size defined by the theme + $('.wy-nav-side').show(); + } + // changing css with jquery seems to override the default css media query + // change margin + else if (getCookie('ciNav') == 'no' && $(window).width() <= 768) { + $('.wy-nav-content-wrap').css({'margin-left': 0}); + } + // hide side nav on large screens when pulldown is enabled + else if (getCookie('ciNav') == 'yes' && $(window).width() > 768) { + $('.wy-nav-side').hide(); + } + // change margin + else if (getCookie('ciNav') == 'no' && $(window).width() > 768) { + $('.wy-nav-content-wrap').css({'margin-left': '300px'}); + } +}); + window.SphinxRtdTheme = (function (jquery) { var stickyNav = (function () { var navBar, diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 03cbeb673..f28fd8930 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -11,15 +11,31 @@ Release Date: Not Released Version 3.0.3 ============= -Release Date: Not Released +Release Date: October 31, 2015 + +- **Security** + + - Fixed an XSS attack vector in :doc:`Security Library <libraries/security>` method ``xss_clean()``. + - Changed :doc:`Config Library <libraries/config>` method ``base_url()`` to fallback to ``$_SERVER['SERVER_ADDR']`` when ``$config['base_url']`` is empty in order to avoid *Host* header injections. + - Changed :doc:`CAPTCHA Helper <helpers/captcha_helper>` to use the operating system's PRNG when possible. - Database - Optimized :doc:`Database Utility <database/utilities>` method ``csv_from_result()`` for speed with larger result sets. + - Added proper return values to :doc:`Database Transactions <database/transactions>` method ``trans_start()``. Bug fixes for 3.0.3 ------------------- +- Fixed a bug (#4170) - :doc:`Database <database/index>` method ``insert_id()`` could return an identity from the wrong scope with the 'sqlsrv' driver. +- Fixed a bug (#4179) - :doc:`Session Library <libraries/sessions>` doesn't properly maintain its state after ID regeneration with the 'database' driver on PHP7. +- Fixed a bug (#4173) - :doc:`Database Forge <database/forge>` method ``add_key()`` didn't allow creation of non-PRIMARY composite keys after the "bugfix" for #3968. +- Fixed a bug (#4171) - :doc:`Database Transactions <database/transactions>` didn't work with nesting in methods ``trans_begin()``, ``trans_commit()``, ``trans_rollback()``. +- Fixed a bug where :doc:`Database Transaction <database/transactions>` methods ``trans_begin()``, ``trans_commit()``, ``trans_rollback()`` ignored failures. +- Fixed a bug where all :doc:`Database Transaction <database/transactions>` methods returned TRUE while transactions are actually disabled. +- Fixed a bug where :doc:`common function <general/common_functions>` :php:func:`html_escape()` modified keys of its array inputs. +- Fixed a bug (#4192) - :doc:`Email Library <libraries/email>` wouldn't always have proper Quoted-printable encoding due to a bug in PHP's own ``mb_mime_encodeheader()`` function. + Version 3.0.2 ============= diff --git a/user_guide_src/source/database/db_driver_reference.rst b/user_guide_src/source/database/db_driver_reference.rst index ea692515c..8fc26c01b 100644 --- a/user_guide_src/source/database/db_driver_reference.rst +++ b/user_guide_src/source/database/db_driver_reference.rst @@ -140,13 +140,15 @@ This article is intended to be a reference for them. .. php:method:: trans_start([$test_mode = FALSE]) :param bool $test_mode: Test mode flag - :rtype: void + :returns: TRUE on success, FALSE on failure + :rtype: bool Start a transaction. .. php:method:: trans_complete() - :rtype: void + :returns: TRUE on success, FALSE on failure + :rtype: bool Complete Transaction. diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index 9c3ff306f..5d9ae4592 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -1018,7 +1018,7 @@ Here's a usage example:: .. note:: The following statements can be cached: select, from, join, - where, like, group_by, having, order_by, set + where, like, group_by, having, order_by *********************** diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index d3081719f..c5ce2e836 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,8 +2,10 @@ Downloading CodeIgniter ####################### +<<<<<<< HEAD - `CodeIgniter v3.1.0-dev (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/develop>`_ -- `CodeIgniter v3.0.3-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_ +- `CodeIgniter v3.0.4-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_ +- `CodeIgniter v3.0.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.3>`_ - `CodeIgniter v3.0.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.2>`_ - `CodeIgniter v3.0.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.1>`_ - `CodeIgniter v3.0.0 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.0>`_ diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 4b3b408a7..a29f400f8 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -464,8 +464,51 @@ files and error messages format: Therefore you're encouraged to update its usage sooner rather than later. +************************************************************ +Step 19: Make sure your 'base_url' config value is not empty +************************************************************ + +When ``$config['base_url']`` is not set, CodeIgniter tries to automatically +detect what your website's base URL is. This is done purely for convenience +when you are starting development of a new application. + +Auto-detection is never reliable and also has security implications, which +is why you should **always** have it manually configured! + +One of the changes in CodeIgniter 3.0.3 is how this auto-detection works, +and more specifically it now falls back to the server's IP address instead +of the hostname requested by the client. Therefore, if you've ever relied +on auto-detection, it will change how your website works now. + +In case you need to allow e.g. multiple domains, or both http:// and +https:// prefixes to be dynamically used depending on the request, +remember that *application/config/config.php* is still a PHP script, in +which you can create this logic with a few lines of code. For example:: + + $allowed_domains = array('domain1.tld', 'domain2.tld'); + $default_domain = 'domain1.tld'; + + if (in_array($_SERVER['HTTP_HOST'], $allowed_domains, TRUE)) + { + $domain = $_SERVER['HTTP_HOST']; + } + else + { + $domain = $default_domain; + } + + if ( ! empty($_SERVER['HTTPS'])) + { + $config['base_url'] = 'https://'.$domain; + } + else + { + $config['base_url'] = 'http://'.$domain; + } + + **************************************************************** -Step 19: Remove usage of (previously) deprecated functionalities +Step 20: Remove usage of (previously) deprecated functionalities **************************************************************** In addition to the ``$autoload['core']`` configuration setting, there's a diff --git a/user_guide_src/source/installation/upgrade_303.rst b/user_guide_src/source/installation/upgrade_303.rst index a98eed0d4..d13a0fe46 100644 --- a/user_guide_src/source/installation/upgrade_303.rst +++ b/user_guide_src/source/installation/upgrade_303.rst @@ -11,4 +11,45 @@ Step 1: Update your CodeIgniter files Replace all files and directories in your *system/* directory. .. note:: If you have any custom developed files in these directories, - please make copies of them first.
\ No newline at end of file + please make copies of them first. + +Step 2: Make sure your 'base_url' config value is not empty +=========================================================== + +When ``$config['base_url']`` is not set, CodeIgniter tries to automatically +detect what your website's base URL is. This is done purely for convenience +when you are starting development of a new application. + +Auto-detection is never reliable and also has security implications, which +is why you should **always** have it manually configured! + +One of the changes in CodeIgniter 3.0.3 is how this auto-detection works, +and more specifically it now falls back to the server's IP address instead +of the hostname requested by the client. Therefore, if you've ever relied +on auto-detection, it will change how your website works now. + +In case you need to allow e.g. multiple domains, or both http:// and +https:// prefixes to be dynamically used depending on the request, +remember that *application/config/config.php* is still a PHP script, in +which you can create this logic with a few lines of code. For example:: + + $allowed_domains = array('domain1.tld', 'domain2.tld'); + $default_domain = 'domain1.tld'; + + if (in_array($_SERVER['HTTP_HOST'], $allowed_domains, TRUE)) + { + $domain = $_SERVER['HTTP_HOST']; + } + else + { + $domain = $default_domain; + } + + if ( ! empty($_SERVER['HTTPS'])) + { + $config['base_url'] = 'https://'.$domain; + } + else + { + $config['base_url'] = 'http://'.$domain; + } diff --git a/user_guide_src/source/installation/upgrade_304.rst b/user_guide_src/source/installation/upgrade_304.rst new file mode 100644 index 000000000..4d5bd2bb0 --- /dev/null +++ b/user_guide_src/source/installation/upgrade_304.rst @@ -0,0 +1,14 @@ +############################# +Upgrading from 3.0.3 to 3.0.4 +############################# + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index de2877165..2a3b0b047 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -9,6 +9,7 @@ upgrading from. :titlesonly: Upgrading from 3.0.x to 3.1.x <upgrade_310> + Upgrading from 3.0.3 to 3.0.4 <upgrade_304> Upgrading from 3.0.2 to 3.0.3 <upgrade_303> Upgrading from 3.0.1 to 3.0.2 <upgrade_302> Upgrading from 3.0.0 to 3.0.1 <upgrade_301> |