diff options
Diffstat (limited to 'user_guide_src')
-rw-r--r-- | user_guide_src/source/changelog.rst | 91 | ||||
-rw-r--r-- | user_guide_src/source/database/configuration.rst | 4 | ||||
-rw-r--r-- | user_guide_src/source/database/connecting.rst | 6 | ||||
-rw-r--r-- | user_guide_src/source/database/helpers.rst | 6 | ||||
-rw-r--r-- | user_guide_src/source/database/queries.rst | 17 | ||||
-rw-r--r-- | user_guide_src/source/database/results.rst | 9 | ||||
-rw-r--r-- | user_guide_src/source/database/utilities.rst | 6 | ||||
-rw-r--r-- | user_guide_src/source/general/creating_libraries.rst | 16 | ||||
-rw-r--r-- | user_guide_src/source/general/styleguide.rst | 16 | ||||
-rw-r--r-- | user_guide_src/source/general/urls.rst | 11 | ||||
-rw-r--r-- | user_guide_src/source/installation/upgrade_300.rst | 9 | ||||
-rw-r--r-- | user_guide_src/source/libraries/form_validation.rst | 115 | ||||
-rw-r--r-- | user_guide_src/source/libraries/input.rst | 16 | ||||
-rw-r--r-- | user_guide_src/source/libraries/security.rst | 4 | ||||
-rw-r--r-- | user_guide_src/source/overview/at_a_glance.rst | 2 | ||||
-rw-r--r-- | user_guide_src/source/tutorial/static_pages.rst | 2 |
16 files changed, 271 insertions, 59 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 668f073df..4c6fd38bc 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -28,15 +28,20 @@ Release Date: Not Released - Added support for 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php. - Added support for m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php. - Added support for kmz and kml (Google Earth) files to mimes.php. + - Updated support for doc files in mimes.php. - Added application/xml for xml and application/xml, text/xsl for xsl in mimes.php. - Changed logger to only chmod when file is first created. - Removed previously deprecated SHA1 Library. + - Removed previously deprecated use of ``$autoload['core']`` in application/config/autoload.php. + Only entries in ``$autoload['libraries']`` are auto-loaded now. - Helpers - url_title() will now trim extra dashes from beginning and end. - Added XHTML Basic 1.1 doctype to :doc:`HTML Helper <helpers/html_helper>`. - Changed humanize to include a second param for the separator. + - Refactored ``plural()`` and ``singular()`` to avoid double pluralization and support more words. + - Added an optional third parameter to ``force_download()`` that enables/disables sending the actual file MIME type in the Content-Type header (disabled by default). - Database @@ -45,13 +50,28 @@ Release Date: Not Released get_compiled_insert(), get_compiled_update(), get_compiled_delete(). - Taking care of LIKE condition when used with MySQL UPDATE statement. - Adding $escape parameter to the order_by function, this enables ordering by custom fields. + - MySQLi driver now uses mysqli_get_server_info() for server version checking. + - MySQLi driver now supports persistent connections when running on PHP >= 5.3. + - Added dsn if the group connections in the config use PDO or any driver which need DSN. + - Improved PDO database support. + - Added Interbase/Firebird database support via the "interbase" driver + - Added an optional database name parameter to db_select(). + - Replaced the _error_message() and _error_number() methods with error(), that returns an array containing the last database error code and message. + - Improved version() implementation so that drivers that have a native function to get the version number don't have to be defined in the core DB_driver class. + - Improved support of the PostgreSQL driver, including: + - pg_version() is now used to get the database version number, when possible. + - Added db_set_charset() support. + - Added _optimize_table() support for the :doc:`Database Utility Class <database/utilities>` (rebuilds table indexes). + - Added a constructor to the DB_result class and moved all driver-specific properties and logic out of the base DB_driver class to allow better abstraction. + - Removed limit() and order_by() support for UPDATE and DELETE queries in PostgreSQL driver. Postgres does not support those features. + - Removed protect_identifiers() and renamed _protect_identifiers() to it instead - it was just an alias. - Libraries - Added max_filename_increment config setting for Upload library. - CI_Loader::_ci_autoloader() is now a protected method. - Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the :doc:`Form Validation library <libraries/form_validation>`. - - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname) + - Added custom filename to Email::attach() as $this->email->attach($filename, $disposition, $newname) - Cart library changes include: - It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites. - Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe" @@ -61,22 +81,29 @@ Release Date: Not Released - Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them. - Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method if they are set manually after initialization. + - If property maintain_ratio is set to TRUE, image_reproportion() now doesn't need both width and height to be specified. - Minor speed optimizations and method & property visibility declarations in the Calendar Library. - Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`. + - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional. + - Added function error_array() to return all error messages as an array in the Form_validation class. + - Added function set_data() to Form_validation library, which can be used in place of the default $_POST array. + - Added function reset_validation() to form validation library, which resets internal validation variables in case of multiple validation routines. + - Changed the Session library to select only one row when using database sessions. - Core - - Changed private functions in CI_URI to protected so MY_URI can - override them. + - Changed private functions in CI_URI to protected so MY_URI can override them. - Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions). - - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars() + - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). + - is_loaded() function from system/core/Commons.php now returns a reference. + - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available. + - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD']. Bug fixes for 3.0 ------------------ - Unlink raised an error if cache file did not exist when you try to delete it. -- Fixed a bug (#181) where a mis-spelling was in the form validation - language file. +- Fixed a bug (#181) where a mis-spelling was in the form validation language file. - Fixed a bug (#159, #163) that mishandled Active Record nested transactions because _trans_depth was not getting incremented. - Fixed a bug (#737, #75) where pagination anchor class was not set properly when using initialize method. - Fixed a bug (#419) - auto_link() now recognizes URLs that come after a word boundary. @@ -92,13 +119,63 @@ Bug fixes for 3.0 - Fixed a bug (#406) - sqlsrv DB driver not reuturning resource on <samp>db_pconnect()</samp>. - Fixed a bug in CI_Image_lib::gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted. - In Pagination library, when use_page_numbers=TRUE previous link and page 1 link do not have the same url +- Fixed a bug (#561) - Errors in :doc:`XML-RPC Library <libraries/xmlrpc>` were not properly escaped. +- Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used. +- Fixed a hosting edge case where an empty $_SERVER['HTTPS'] variable would evaluate to 'on' +- Fixed a bug (#154) - ``CI_Session::sess_update()`` caused the session to be destroyed on pages where multiple AJAX requests were executed at once. +- Fixed a possible bug in ``CI_Input::is_ajax_request()`` where some clients might not send the X-Requested-With HTTP header value exactly as 'XmlHttpRequest'. +- Fixed a bug (#1039) - MySQL's _backup() method failed due to a table name not being escaped. +- Fixed a bug (#1070) - CI_DB_driver::initialize() didn't set a character set if a database is not selected. +- Fixed a bug (#177) - CI_Form_validation::set_value() didn't set the default value if POST data is NULL. +- Fixed a bug (#68, #414) - Oracle's escape_str() didn't properly escape LIKE wild characters. +- Fixed a bug (#81) - ODBC's list_fields() and field_data() methods skipped the first column due to odbc_field_*() functions' index starting at 1 instead of 0. +- Fixed a bug (#129) - ODBC's num_rows() returned -1 in some cases, due to not all subdrivers supporting the odbc_num_rows() function. +- Fixed a bug (#153) - E_NOTICE being generated by getimagesize() in the :doc:`File Uploading Library <libraries/file_uploading>`. +- Fixed a bug (#611) - SQLSRV's error handling methods used to issue warnings when there's no actual error. +- Fixed a bug (#1036) - is_write_type() method in the :doc:`Database Library <database/index>` didn't return TRUE for RENAME and OPTIMIZE queries. +- Fixed a bug in PDO's _version() method where it used to return the client version as opposed to the server one. +- Fixed a bug in PDO's insert_id() method where it could've failed if it's used with Postgre versions prior to 8.1. +- Fixed a bug in CUBRID's affected_rows() method where a connection resource was passed to cubrid_affected_rows() instead of a result. +- Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset and collation instead. +- Fixed a bug (#413) - Oracle's error handling methods used to only return connection-related errors. +- Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars(). +- Fixed a bug (#1101) - MySQL/MySQLi result method field_data() was implemented as if it was handling a DESCRIBE result instead of the actual result set. +- Fixed a bug in Oracle's :doc:`Database Forge Class <database/forge>` method _create_table() where it failed with AUTO_INCREMENT as it's not supported. +- Fixed a bug (#1080) - When using the SMTP protocol, the :doc:`Email Library <libraries/email>` send() method was returning TRUE even if the connection/authentication against the server failed. +- Fixed a bug (#499) - a CSRF cookie was created even with CSRF protection being disabled. +- Fixed a bug (#306) - ODBC's insert_id() method was calling non-existent function odbc_insert_id(), which resulted in a fatal error. +- Fixed a bug in Oracle's DB_result class where the cursor id passed to it was always NULL. +- Fixed a bug (#64) - Regular expression in DB_active_rec.php failed to handle queries containing SQL bracket delimiters in the join condition. +- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. +- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`. + +Version 2.1.1 +============= +Release Date: Not Released +- General Changes + - Fixed support for docx, xlsx files in mimes.php. + +- Libraries + - Further improved MIME type detection in the :doc:`File Uploading Library <libraries/file_uploading>`. + +- Helpers + - url_title() performance and output improved. You can now use any string as the word delimiter, but 'dash' and 'underscore' are still supported. + +Bug fixes for 2.1.1 +------------------- + +- Fixed a bug (#697) - A wrong array key was used in the Upload library to check for mime-types. +- Fixed a bug - form_open() compared $action against site_url() instead of base_url(). +- Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE. +- Fixed a bug (#538) - Windows paths were ignored when using the :doc:`Image Manipulation Library <libraries/image_lib>` to create a new file. +- Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found Version 2.1.0 ============= -Release Date: Not Released +Release Date: November 14, 2011 - General Changes diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index 4f88c25ab..040e7e33f 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -28,6 +28,10 @@ prototype:: $db['default']['autoinit'] = TRUE; $db['default']['stricton'] = FALSE; +If you use PDO as your dbdriver, you can specify the full DSN string describe a connection to the database like this:: + + $db['default']['dsn'] = 'pgsql:host=localhost;port=5432;dbname=database_name'; + You can also specify failovers for the situation when the main connection cannot connect for some reason. These failovers can be specified by setting the failover for a connection like this:: diff --git a/user_guide_src/source/database/connecting.rst b/user_guide_src/source/database/connecting.rst index a834cc0f7..fb4524116 100644 --- a/user_guide_src/source/database/connecting.rst +++ b/user_guide_src/source/database/connecting.rst @@ -122,6 +122,12 @@ return the database object. | $DB1->result(); | etc... +.. note:: You don't need to create separate database configurations if you + only need to use a different database on the same connection. You + can switch to a different database when you need to, like this: + + | $this->db->db_select($database2_name); + Reconnecting / Keeping the Connection Alive =========================================== diff --git a/user_guide_src/source/database/helpers.rst b/user_guide_src/source/database/helpers.rst index 7ea19e9f6..e8a5ac801 100644 --- a/user_guide_src/source/database/helpers.rst +++ b/user_guide_src/source/database/helpers.rst @@ -7,9 +7,9 @@ $this->db->insert_id() The insert ID number when performing database inserts. -.. note:: If using the PDO driver with PostgreSQL, this function requires - a $name parameter, which specifies the appropriate sequence to check - for the insert id. +.. note:: If using the PDO driver with PostgreSQL, or using the Interbase + driver, this function requires a $name parameter, which specifies the + appropriate sequence to check for the insert id. $this->db->affected_rows() =========================== diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst index 971d5d61d..15a73614a 100644 --- a/user_guide_src/source/database/queries.rst +++ b/user_guide_src/source/database/queries.rst @@ -112,3 +112,20 @@ The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you. + +*************** +Handling Errors +*************** + +$this->db->error(); +=================== + +If you need to get the last error that has occured, the error() method +will return an array containing its code and message. Here's a quick +example:: + + if ( ! $this->db->simple_query('SELECT `example_field` FROM `example_table`')) + { + $error = $this->db->error(); // Has keys 'code' and 'message' + } + diff --git a/user_guide_src/source/database/results.rst b/user_guide_src/source/database/results.rst index 4f93c794d..865345762 100644 --- a/user_guide_src/source/database/results.rst +++ b/user_guide_src/source/database/results.rst @@ -150,6 +150,12 @@ is the variable that the query result object is assigned to:: echo $query->num_rows(); +.. note:: + Not all database drivers have a native way of getting the total + number of rows for a result set. When this is the case, all of + the data is prefetched and count() is manually called on the + resulting array in order to achieve the same functionality. + $query->num_fields() ===================== @@ -182,5 +188,4 @@ Example:: $row = $query2->row(); echo $row->name; - $query2->free_result();// The $query2 result object will no longer be available - + $query2->free_result(); // The $query2 result object will no longer be available diff --git a/user_guide_src/source/database/utilities.rst b/user_guide_src/source/database/utilities.rst index b0920109f..3805ffb87 100644 --- a/user_guide_src/source/database/utilities.rst +++ b/user_guide_src/source/database/utilities.rst @@ -161,7 +161,11 @@ $this->dbutil->backup() Permits you to backup your full database or individual tables. The backup data can be compressed in either Zip or Gzip format. -.. note:: This features is only available for MySQL databases. +.. note:: This features is only available for MySQL and Interbase/Firebird databases. + +.. note:: For Interbase/Firebird databases, the backup file name is the only parameter. + + Eg. $this->dbutil->backup('db_backup_filename'); .. note:: Due to the limited execution time and memory available to PHP, backing up very large databases may not be possible. If your database is diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index bc545b483..673fbd4bb 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -188,17 +188,23 @@ application/libraries/MY_Email.php, and declare your class with:: } -Note: If you need to use a constructor in your class make sure you +If you need to use a constructor in your class make sure you extend the parent constructor:: class MY_Email extends CI_Email { - public function __construct() - { - parent::__construct(); - } + public function __construct($config = array()) + { + parent::__construct($config); + } + } +.. note:: + Not all of the libraries have the same (or any) parameters + in their constructor. Take a look at the library that you're + extending first to see how it should be implemented. + Loading Your Sub-class ---------------------- diff --git a/user_guide_src/source/general/styleguide.rst b/user_guide_src/source/general/styleguide.rst index b3dc08871..d8bdd0531 100644 --- a/user_guide_src/source/general/styleguide.rst +++ b/user_guide_src/source/general/styleguide.rst @@ -441,6 +441,13 @@ same level as the control statement that "owns" them. // ... } } + + try { + // ... + } + catch() { + // ... + } **CORRECT**:: @@ -470,6 +477,15 @@ same level as the control statement that "owns" them. // ... } } + + try + { + // ... + } + catch() + { + // ... + } Bracket and Parenthetic Spacing =============================== diff --git a/user_guide_src/source/general/urls.rst b/user_guide_src/source/general/urls.rst index 3126fcf36..6b390b559 100644 --- a/user_guide_src/source/general/urls.rst +++ b/user_guide_src/source/general/urls.rst @@ -39,20 +39,23 @@ By default, the **index.php** file will be included in your URLs:: example.com/index.php/news/article/my_article -You can easily remove this file by using a .htaccess file with some -simple rules. Here is an example of such a file, using the "negative" -method in which everything is redirected except the specified items: +If your Apache server has mod_rewrite enabled, you can easily remove this +file by using a .htaccess file with some simple rules. Here is an example +of such a file, using the "negative" method in which everything is redirected +except the specified items: :: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ /index.php/$1 [L] + RewriteRule ^(.*)$ index.php/$1 [L] In the above example, any HTTP request other than those for existing directories and existing files is treated as a request for your index.php file. +.. note:: Note: These specific rules might not work for all server configurations. + Adding a URL Suffix =================== diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 960485ae3..4c594ab17 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -15,6 +15,9 @@ Replace all files and directories in your "system" folder and replace your index.php file. If any modifications were made to your index.php they will need to be made fresh in this new one. +.. note:: If you have any custom developed files in these folders please + make copies of them first. + Step 2: Change References to the SHA Library ============================================ @@ -23,6 +26,8 @@ Alter your code to use the native `sha1()` PHP function to generate a sha1 hash. Additionally, the `sha1()` method in the :doc:`Encryption Library <../libraries/encryption>` has been removed. +Step 3: Remove $autoload['core'] from your config/autoload.php +============================================================== -.. note:: If you have any custom developed files in these folders please - make copies of them first. +Use of the `$autoload['core']` config array has been deprecated as of CodeIgniter 1.4.1 and is now removed. +Move any entries that you might have listed there to `$autoload['libraries']` instead. diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index e7875bc22..5aa64d032 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -579,7 +579,30 @@ must supply it as an array to the function. Example:: For more info please see the :ref:`using-arrays-as-field-names` section below. -.. _saving-groups: +Validating an Array (other than $_POST) +======================================= + +Sometimes you may want to validate an array that does not originate from $_POST data. + +In this case, you can specify the array to be validated:: + + $data = array( + 'username' => 'johndoe', + 'password' => 'mypassword', + 'passconf' => 'mypassword' + ); + + $this->form_validation->set_data($data); + +Creating validation rules, running the validation and retrieving error messages works the same whether you are +validating $_POST data or an array. + +**Important Note:** If you want to validate more than one array during a single execution, then you should +call the reset_validation() function before setting up rules and validating the new array. + +For more info please see the :ref:`function-reference` section below. + +-.. _saving-groups: ************************************************ Saving Sets of Validation Rules to a Config File @@ -823,34 +846,40 @@ Rule Reference The following is a list of all the native rules that are available to use: -======================= ========== ============================================================================================= ======================= -Rule Parameter Description Example -======================= ========== ============================================================================================= ======================= -**required** No Returns FALSE if the form element is empty. -**matches** Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item] -**is_unique** Yes Returns FALSE if the form element is not unique to the is_unique[table.field] - table and field name in the parameter. is_unique[table.field] -**max_length** Yes Returns FALSE if the form element is longer then the parameter value. max_length[12] -**exact_length** Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8] -**greater_than** Yes Returns FALSE if the form element is less than the parameter value or not numeric. greater_than[8] -**less_than** Yes Returns FALSE if the form element is greater than the parameter value or not numeric. less_than[8] -**alpha** No Returns FALSE if the form element contains anything other than alphabetical characters. -**alpha_numeric** No Returns FALSE if the form element contains anything other than alpha-numeric characters. -**alpha_dash** No Returns FALSE if the form element contains anything other than alpha-numeric characters, - underscores or dashes. -**numeric** No Returns FALSE if the form element contains anything other than numeric characters. -**integer** No Returns FALSE if the form element contains anything other than an integer. -**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. -**is_natural** No Returns FALSE if the form element contains anything other than a natural number: - 0, 1, 2, 3, etc. -**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural - number, but not zero: 1, 2, 3, etc. -**is_unique** Yes Returns FALSE if the form element is not unique in a database table. is_unique[table.field] -**valid_email** No Returns FALSE if the form element does not contain a valid email address. -**valid_emails** No Returns FALSE if any value provided in a comma separated list is not a valid email. -**valid_ip** No Returns FALSE if the supplied IP is not valid. -**valid_base64** No Returns FALSE if the supplied string contains anything other than valid Base64 characters. -======================= ========== ============================================================================================= ======================= +========================= ========== ============================================================================================= ======================= +Rule Parameter Description Example +========================= ========== ============================================================================================= ======================= +**required** No Returns FALSE if the form element is empty. +**matches** Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item] +**is_unique** Yes Returns FALSE if the form element is not unique to the is_unique[table.field] + table and field name in the parameter. is_unique[table.field] +**max_length** Yes Returns FALSE if the form element is longer then the parameter value. max_length[12] +**exact_length** Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8] +**greater_than** Yes Returns FALSE if the form element is less than or equal to the parameter value or not greater_than[8] + numeric. +**greater_than_equal_to** Yes Returns FALSE if the form element is less than the parameter value, greater_than_equal_to[8] + or not numeric. +**less_than** Yes Returns FALSE if the form element is greater than or equal to the parameter value or less_than[8] + not numeric. +**less_than_equal_to** Yes Returns FALSE if the form element is greater than the parameter value, less_than_equal_to[8] + or not numeric. +**alpha** No Returns FALSE if the form element contains anything other than alphabetical characters. +**alpha_numeric** No Returns FALSE if the form element contains anything other than alpha-numeric characters. +**alpha_dash** No Returns FALSE if the form element contains anything other than alpha-numeric characters, + underscores or dashes. +**numeric** No Returns FALSE if the form element contains anything other than numeric characters. +**integer** No Returns FALSE if the form element contains anything other than an integer. +**decimal** Yes Returns FALSE if the form element is not exactly the parameter value. +**is_natural** No Returns FALSE if the form element contains anything other than a natural number: + 0, 1, 2, 3, etc. +**is_natural_no_zero** No Returns FALSE if the form element contains anything other than a natural + number, but not zero: 1, 2, 3, etc. +**is_unique** Yes Returns FALSE if the form element is not unique in a database table. is_unique[table.field] +**valid_email** No Returns FALSE if the form element does not contain a valid email address. +**valid_emails** No Returns FALSE if any value provided in a comma separated list is not a valid email. +**valid_ip** No Returns FALSE if the supplied IP is not valid. +**valid_base64** No Returns FALSE if the supplied string contains anything other than valid Base64 characters. +========================= ========== ============================================================================================= ======================= .. note:: These rules can also be called as discrete functions. For example:: @@ -930,6 +959,33 @@ $this->form_validation->set_message(); Permits you to set custom error messages. See :ref:`setting-error-messages` +$this->form_validation->set_data(); +======================================== + + .. php:method:: set_data ($data = '') + + :param array $data: The data to validate + + Permits you to set an array for validation, instead of using the default + $_POST array. + +$this->form_validation->reset_validation(); +======================================== + + .. php:method:: reset_validation () + + Permits you to reset the validation when you validate more than one array. + This function should be called before validating each new array. + +$this->form_validation->error_array(); +======================================== + + .. php:method:: error_array () + + :rtype: Array + + Returns the error messages as an array. + .. _helper-functions: **************** @@ -1011,4 +1067,3 @@ This function is identical to the **set_checkbox()** function above. <input type="radio" name="myradio" value="1" <?php echo set_radio('myradio', '1', TRUE); ?> /> <input type="radio" name="myradio" value="2" <?php echo set_radio('myradio', '2'); ?> /> - diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index bcf117358..1f2ea650a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -99,7 +99,7 @@ The function returns FALSE (boolean) if there are no items in the POST. :: - $this->input->post(NULL, TRUE); // returns all POST items with XSS filter + $this->input->post(NULL, TRUE); // returns all POST items with XSS filter $this->input->post(); // returns all POST items without XSS filter $this->input->get() @@ -119,9 +119,9 @@ The function returns FALSE (boolean) if there are no items in the GET. :: - $this->input->get(NULL, TRUE); // returns all GET items with XSS filter + $this->input->get(NULL, TRUE); // returns all GET items with XSS filter $this->input->get(); // returns all GET items without XSS filtering - + $this->input->get_post() ========================= @@ -298,3 +298,13 @@ see if PHP is being run on the command line. $this->input->is_cli_request() +$this->input->method(); +===================================== + +Returns the $_SERVER['REQUEST_METHOD'], optional set uppercase or lowercase (default lowercase). + +:: + + echo $this->input->method(TRUE); // Outputs: POST + echo $this->input->method(FALSE); // Outputs: post + echo $this->input->method(); // Outputs: post diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 8ee0c6e77..e7d25555f 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -85,6 +85,10 @@ If you use the :doc:`form helper <../helpers/form_helper>` the form_open() function will automatically insert a hidden csrf field in your forms. +Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter:: + + $config['csrf_regeneration'] = TRUE; + Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:: diff --git a/user_guide_src/source/overview/at_a_glance.rst b/user_guide_src/source/overview/at_a_glance.rst index 31f0b4dd9..6dcfdbb14 100644 --- a/user_guide_src/source/overview/at_a_glance.rst +++ b/user_guide_src/source/overview/at_a_glance.rst @@ -41,7 +41,7 @@ CodeIgniter Uses M-V-C CodeIgniter uses the Model-View-Controller approach, which allows great separation between logic and presentation. This is particularly good for projects in which designers are working with your template files, as the -code these file contain will be minimized. We describe MVC in more +code these files contain will be minimized. We describe MVC in more detail on its own page. CodeIgniter Generates Clean URLs diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index c7f737951..708eaeb7b 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -97,7 +97,7 @@ page actually exists: public function view($page = 'home') { - if ( ! file_exists('application/views/pages/'.$page.'.php')) + if ( ! file_exists(APPPATH.'/views/pages/'.$page.'.php')) { // Whoops, we don't have a page for that! show_404(); |