diff options
Diffstat (limited to 'user_guide_src')
19 files changed, 200 insertions, 74 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8492be289..0e4930289 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -61,6 +61,7 @@ Release Date: Not Released - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required. - Added support for changing the file extension of log files using ``$config['log_file_extension']``. - Added support for turning newline standardization on/off via ``$config['standardize_newlines']`` and set it to FALSE by default. + - Added configuration setting ``$config['composer_autoload']`` to enable loading of a `Composer <https://getcomposer.org/>`_ auto-loader. - Helpers @@ -79,6 +80,7 @@ Release Date: Not Released - :func:`url_title()` will now trim extra dashes from beginning and end. - :func:`anchor_popup()` will now fill the *href* attribute with the URL and its JS code will return FALSE instead. - Added JS window name support to the :func:`anchor_popup()` function. + - Added support for menubar attribute to the :func:`anchor_popup()`. - Added support (auto-detection) for HTTP/1.1 response codes 303, 307 in :func:`redirect()`. - Changed :func:`redirect()` to choose the **refresh** method only on IIS servers, instead of all servers on Windows (when **auto** is used). - Changed :func:`anchor()`, :func:`anchor_popup()`, and :func:`redirect()` to support protocol-relative URLs (e.g. *//ellislab.com/codeigniter*). @@ -135,6 +137,7 @@ Release Date: Not Released - Added *word_length* and *pool* options to allow customization of the generated word. - Added *colors* configuration to allow customization for the *background*, *border*, *text* and *grid* colors. - Added *filename* to the returned array elements. + - Updated to use `imagepng()` in case that `imagejpeg()` isn't available. - :doc:`Text Helper <helpers/text_helper>` changes include: @@ -184,6 +187,7 @@ Release Date: Not Released - Changed ``limit()`` to ignore NULL values instead of always casting to integer. - Changed ``offset()`` to ignore empty values instead of always casting to integer. - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. + - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``. - :doc:`Database Results <database/results>` changes include: @@ -302,6 +306,7 @@ Release Date: Not Released - Added a ``$reset`` parameter to method ``initialize()``. - Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library <libraries/security>`'s ``sanitize_filename()``. - Removed method ``mimes_types()``. + - Changed ``CI_Upload::_prep_filename()`` to simply replace all (but the last) dots in the filename with underscores, instead of suffixing them. - :doc:`Calendar Library <libraries/calendar>` changes include: @@ -328,6 +333,7 @@ Release Date: Not Released - If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified. - Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library. - Added support for maintaining transparency for PNG images in method ``text_watermark()``. + - Added a **file_permissions** setting. - :doc:`Form Validation Library <libraries/form_validation>` changes include: @@ -347,6 +353,7 @@ Release Date: Not Released - Added rule **alpha_numeric_spaces**. - Added support for custom error messages per field rule. - Added support for callable rules when they are passed as an array. + - Added support for non-ASCII domains in **valid_email** rule, depending on the Intl extension. - :doc:`Caching Library <libraries/caching>` changes include: @@ -375,6 +382,7 @@ Release Date: Not Released - Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body'). - Added SMTP keepalive option to avoid opening the connection for each ``send()`` call. Accessible as ``$smtp_keepalive``. - Public method ``set_header()`` now filters the input by removing all "\\r" and "\\n" characters. + - Added support for non-ASCII domains in ``valid_email()``, depending on the Intl extension. - :doc:`Pagination Library <libraries/pagination>` changes include: @@ -385,6 +393,7 @@ Release Date: Not Released - Added support for language translations of the *first_link*, *next_link*, *prev_link* and *last_link* values. - Added ``$config['reuse_query_string']`` to allow automatic repopulation of query string arguments, combined with normal URI segments. - Removed the default `` `` from a number of the configuration variables. + - Added support for ``$config['num_links'] = 0`` configuration. - :doc:`Profiler Library <general/profiling>` changes include: @@ -482,6 +491,8 @@ Release Date: Not Released - Removed the third (`$php_error`) argument from function :func:`log_message()`. - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :func:`is_php()`. + - Added a second argument ``$double_encode`` to :func:`html_escape()`. + - Changed function ``config_item()`` to return NULL instead of FALSE when no value is found. - :doc:`Output Library <libraries/output>` changes include: @@ -499,10 +510,12 @@ Release Date: Not Released - :doc:`Security Library <libraries/security>` changes include: + - Added ``$config['csrf_regeneration']``, which makes CSRF token regeneration optional. + - Added ``$config['csrf_exclude_uris']``, allowing for exclusion of URIs from the CSRF protection (regular expressions are supported). - Added method ``strip_image_tags()``. - - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. - - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. + - Added method ``get_random_bytes()`` and switched CSRF & XSS token generation to use it. - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. + - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. - :doc:`Language Library <libraries/language>` changes include: @@ -522,15 +535,19 @@ Release Date: Not Released - Changed method ``clean_string()`` to utilize ``mb_convert_encoding()`` if it is available. - Renamed method ``_is_ascii()`` to ``is_ascii()`` and made it public. + - Log Library changes include: + + - Added a ``$config['log_file_permissions']`` setting. + - Changed the library constructor to try to create the **log_path** directory if it doesn't exist. + - Added `compatibility layers <general/compatibility_functions>` for: - `Multibyte String <http://php.net/mbstring>`_ (limited support). - `Hash <http://php.net/hash>`_ (``hash_equals()``, ``hash_pbkdf2()``). - `Password Hashing <http://php.net/password>`_. - - `Array Functions <http://php.net/book.array>`_ (``array_column()``, ``array_replace()``, ``array_replace_recursive()``). + - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``. - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). - - Log Library will now try to create the **log_path** directory if it doesn't exist. - Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE). - ``$config['time_reference']`` now supports all timezone strings supported by PHP. - Fatal PHP errors are now also passed to ``_exception_handler()``, so they can be logged. @@ -733,6 +750,8 @@ Bug fixes for 3.0 - Partially fixed a bug (#261) - UTF-8 class method ``clean_string()`` generating log messages and/or not producing the desired result due to an upstream bug in iconv. - Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated. - Fixed a bug in :doc:`Zip Library <libraries/zip>` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``. +- Fixed a bug (#3161) - :doc:`Cache Library <libraries/cache>` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. +- Fixed a bug (#3189) - :doc:`Parser Library <libraries/parser>` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. Version 2.2.0 ============= @@ -789,7 +808,7 @@ Bug fixes for 2.1.3 - Fixed a bug (#227) - :doc:`Input Library <libraries/input>` allowed unconditional spoofing of HTTP clients' IP addresses through the *HTTP_CLIENT_IP* header. - Fixed a bug (#907) - :doc:`Input Library <libraries/input>` ignored *HTTP_X_CLUSTER_CLIENT_IP* and *HTTP_X_CLIENT_IP* headers when checking for proxies. - Fixed a bug (#940) - ``csrf_verify()`` used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. -- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set tot FALSE. +- Fixed a bug (#499) - :doc:`Security Library <libraries/security>` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set to FALSE. - Fixed a bug (#1715) - :doc:`Input Library <libraries/input>` triggered ``csrf_verify()`` on CLI requests. - Fixed a bug (#751) - :doc:`Query Builder <database/query_builder>` didn't properly handle cached field escaping overrides. - Fixed a bug (#2004) - :doc:`Query Builder <database/query_builder>` didn't properly merge cached calls with non-cache ones. diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst index edb3a14fb..f9b6ba231 100644 --- a/user_guide_src/source/general/ancillary_classes.rst +++ b/user_guide_src/source/general/ancillary_classes.rst @@ -78,7 +78,7 @@ Example:: public function bar() { - $this->CI->config_item('base_url'); + $this->CI->config->item('base_url'); } } diff --git a/user_guide_src/source/general/autoloader.rst b/user_guide_src/source/general/autoloader.rst index bf2e3935a..2f1223e28 100644 --- a/user_guide_src/source/general/autoloader.rst +++ b/user_guide_src/source/general/autoloader.rst @@ -20,4 +20,8 @@ file and add the item you want loaded to the autoload array. You'll find instructions in that file corresponding to each type of item. .. note:: Do not include the file extension (.php) when adding items to - the autoload array.
\ No newline at end of file + the autoload array. + +Additionally, if you want CodeIgniter to use a `Composer <https://getcomposer.org/>`_ +auto-loader, just set ``$config['composer_autoload']`` to ``TRUE`` or +a custom path in **application/config/config.php**.
\ No newline at end of file diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst index 9c0a7cbe1..399a323cc 100644 --- a/user_guide_src/source/general/common_functions.rst +++ b/user_guide_src/source/general/common_functions.rst @@ -63,7 +63,7 @@ loading any libraries or helpers. .. function:: config_item($key) :param string $key: Config item key - :returns: Configuration key value or FALSE if not found + :returns: Configuration key value or NULL if not found :rtype: mixed The :doc:`Config Library <../libraries/config>` is the preferred way of diff --git a/user_guide_src/source/general/compatibility_functions.rst b/user_guide_src/source/general/compatibility_functions.rst index e685073a1..aee9b1ef0 100644 --- a/user_guide_src/source/general/compatibility_functions.rst +++ b/user_guide_src/source/general/compatibility_functions.rst @@ -7,12 +7,12 @@ you to use functions what are otherwise natively available in PHP, but only in higher versions or depending on a certain extension. Being custom implementations, these functions will also have some -set of dependancies on their own, but are still useful if your +set of dependencies on their own, but are still useful if your PHP setup doesn't offer them natively. .. note:: Much like the `common functions <common_functions>`, the compatibility functions are always available, as long as - their dependancies are met. + their dependencies are met. .. contents:: :local: @@ -29,7 +29,7 @@ This set of compatibility functions offers a "backport" of PHP's standard `Password Hashing extension <http://php.net/password>`_ that is otherwise available only since PHP 5.5. -Dependancies +Dependencies ============ - PHP 5.3.7 @@ -65,7 +65,7 @@ Function reference password_hash() <http://php.net/password_hash>`_. .. note:: Unless you provide your own (and valid) salt, this function - has a further dependancy on an available CSPRNG source. Each + has a further dependency on an available CSPRNG source. Each of the following would satisfy that: - ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM`` - ``openssl_random_pseudo_bytes()`` @@ -101,7 +101,7 @@ This compatibility layer contains backports for the ``hash_equals()`` and ``hash_pbkdf2()`` functions, which otherwise require PHP 5.6 and/or PHP 5.5 respectively. -Dependancies +Dependencies ============ - None @@ -144,19 +144,19 @@ the limited alternative solutions, only a few functions are available. .. note:: When a character set parameter is ommited, ``$config['charset']`` will be used. -Dependancies +Dependencies ============ - `iconv <http://php.net/iconv>`_ extension -.. important:: This dependancy is optional and these functions will +.. important:: This dependency is optional and these functions will always be declared. If iconv is not available, they WILL fall-back to their non-mbstring versions. .. important:: Where a character set is supplied, it must be supported by iconv and in a format that it recognizes. -.. note:: For you own dependancy check on the actual mbstring +.. note:: For you own dependency check on the actual mbstring extension, use the ``MB_ENABLED`` constant. Function reference @@ -196,15 +196,14 @@ Function reference For more information, please refer to the `PHP manual for mb_substr() <http://php.net/mb_substr>`_. -*************** -Array Functions -*************** +****************** +Standard Functions +****************** This set of compatibility functions offers support for a few -standard `Array Functions <http://php.net/book.array>`_ in PHP -that otherwise require a newer PHP version. +standard functions in PHP that otherwise require a newer PHP version. -Dependancies +Dependencies ============ - None @@ -244,4 +243,22 @@ Function reference array_replace_recursive() <http://php.net/array_replace_recursive>`_. .. important:: Only PHP's native function can detect endless recursion. - Unless you are running PHP 5.3+, be careful with references!
\ No newline at end of file + Unless you are running PHP 5.3+, be careful with references! + +.. function:: hex2bin($data) + + :param array $data: Hexadecimal representation of data + :returns: Binary representation of the given data + :rtype: string + + For more information, please refer to the `PHP manual for hex2bin() + <http://php.net/hex2bin>`_. + +.. function:: quoted_printable_encode($str) + + :param string $str: Input string + :returns: 8bit-encoded string + :rtype: string + + For more information, please refer to the `PHP manual for + quoted_printable_encode() <http://php.net/quoted_printable_encode>`_.
\ No newline at end of file diff --git a/user_guide_src/source/general/creating_drivers.rst b/user_guide_src/source/general/creating_drivers.rst index cf4ea5d7f..63ac83902 100644 --- a/user_guide_src/source/general/creating_drivers.rst +++ b/user_guide_src/source/general/creating_drivers.rst @@ -18,4 +18,8 @@ Sample driver directory and file structure layout: .. note:: In order to maintain compatibility on case-sensitive file systems, the Driver_name directory must be - named in the format returned by ``ucfirst()``.
\ No newline at end of file + named in the format returned by ``ucfirst()``. + +.. note:: The Driver library's architecture is such that + the subclasses don't extend and therefore don't inherit + properties or methods of the main driver.
\ No newline at end of file diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index a1e1b3e78..0e3ae4c85 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -170,7 +170,7 @@ methods, you're encouraged to assign it to a property instead:: public function bar() { - echo $this->CI->config_item('base_url'); + echo $this->CI->config->item('base_url'); } } diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst index 0b91d3fa9..766e0b2ab 100644 --- a/user_guide_src/source/general/routing.rst +++ b/user_guide_src/source/general/routing.rst @@ -116,15 +116,13 @@ call the "shirts" controller class and the "id_123" method. With regular expressions, you can also catch a segment containing a forward slash ('/'), which would usually represent the delimiter between multiple segments. + For example, if a user accesses a password protected area of your web application and you wish to be able to redirect them back to the same page after they log in, you may find this example useful:: $route['login/(.+)'] = 'auth/login/$1'; -That will call the "auth" controller class and its ``login()`` method, -passing everything contained in the URI after *login/* as a parameter. - For those of you who don't know regular expressions and want to learn more about them, `regular-expressions.info <http://www.regular-expressions.info/>` might be a good starting point. diff --git a/user_guide_src/source/helpers/captcha_helper.rst b/user_guide_src/source/helpers/captcha_helper.rst index d83490b8e..1b74d08ad 100644 --- a/user_guide_src/source/helpers/captcha_helper.rst +++ b/user_guide_src/source/helpers/captcha_helper.rst @@ -54,7 +54,7 @@ Once loaded you can generate a CAPTCHA like this:: can draw randomly from. - If you do not specify a path to a TRUE TYPE font, the native ugly GD font will be used. -- The "captcha" folder must be writable (666, or 777) +- The "captcha" directory must be writable - The **expiration** (in seconds) signifies how long an image will remain in the captcha folder before it will be deleted. The default is two hours. diff --git a/user_guide_src/source/helpers/file_helper.rst b/user_guide_src/source/helpers/file_helper.rst index 59cabcce2..013b583a0 100644 --- a/user_guide_src/source/helpers/file_helper.rst +++ b/user_guide_src/source/helpers/file_helper.rst @@ -80,8 +80,8 @@ The following functions are available: for mode options. .. note: In order for this function to write data to a file, its permissions must - be set such that it is writable (666, 777, etc.). If the file does not - already exist, the directory containing it must be writable. + be set such that it is writable. If the file does not already exist, + then the directory containing it must be writable. .. note:: The path is relative to your main site index.php file, NOT your controller or view files. CodeIgniter uses a front controller so paths diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 6915fafe2..81340e6ad 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -158,6 +158,10 @@ Step 10: Many functions now return NULL instead of FALSE on missing items Many methods and functions now return NULL instead of FALSE when the required items don't exist: + - :doc:`Common functions <../general/common_functions>` + + - config_item() + - :doc:`Config Class <../libraries/config>` - config->item() diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index a4415f510..f29ebf4ed 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -5,13 +5,13 @@ Encryption Library The Encryption Library provides two-way data encryption. To do so in a cryptographically secure way, it utilizes PHP extensions that are unfortunately not always available on all systems. -You must meet one of the following dependancies in order to use this +You must meet one of the following dependencies in order to use this library: - `OpenSSL <http://php.net/openssl>`_ (and PHP 5.3.3) - `MCrypt <http://php.net/mcrypt>`_ (and `MCRYPT_DEV_URANDOM` availability) -If neither of the above dependancies is met, we simply cannot offer +If neither of the above dependencies is met, we simply cannot offer you a good enough implementation to meet the high standards required for proper cryptography. @@ -84,14 +84,19 @@ your server is not totally under your control it's impossible to ensure key security so you may want to think carefully before using it for anything that requires high security, like storing credit card numbers. -Your encryption key should be as long as the encyption algorithm in use -allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. The -key should be as random as possible and it should **not** be a simple -text string. - +Your encryption key **must** be as long as the encyption algorithm in use +allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. You will find a table below that shows the supported key lengths of different ciphers. +The key should be as random as possible and it **must not** be a regular +text string, nor the output of a hashing function, etc. In order to create +a proper key, you must use the Encryption library's ``create_key()`` method +:: + + // $key will be assigned a 16-byte (128-bit) random key + $key = $this->encryption->create_key(16); + The key can be either stored in your *application/config/config.php*, or you can design your own storage mechanism and pass the key dynamically when encrypting/decrypting. @@ -168,9 +173,9 @@ but regardless, here's a list of most of them: ============== ========= ============================== ========================================= Cipher name Driver Key lengths (bits / bytes) Supported modes ============== ========= ============================== ========================================= -AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS -AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS -AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS +AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, XTS +AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, XTS +AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, XTS Rijndael-128 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB Rijndael-192 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB Rijndael-256 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB @@ -234,7 +239,6 @@ CFB8 cfb8 MCrypt, OpenSSL Same as CFB, but operates in 8- OFB ofb MCrypt, OpenSSL N/A OFB8 ofb8 MCrypt Same as OFB, but operates in 8-bit mode (not recommended). ECB ecb MCrypt, OpenSSL Ignores IV (not recommended). -GCM gcm OpenSSL Provides authentication and therefore doesn't need a HMAC. XTS xts OpenSSL Usually used for encrypting random access data such as RAM or hard-disk storage. Stream stream MCrypt, OpenSSL This is not actually a mode, it just says that a stream cipher is being used. Required because of the general cipher+mode initialization process. =========== ================== ================= =================================================================================================================================================== @@ -246,10 +250,9 @@ It's probably important for you to know that an encrypted string is usually longer than the original, plain-text string (depending on the cipher). This is influenced by the cipher algorithm itself, the IV prepended to the -cipher-text and (unless you are using GCM mode) the HMAC authentication -message that is also prepended. Furthermore, the encrypted message is also -Base64-encoded so that it is safe for storage and transmission, regardless -of a possible character set in use. +cipher-text and the HMAC authentication message that is also prepended. +Furthermore, the encrypted message is also Base64-encoded so that it is safe +for storage and transmission, regardless of a possible character set in use. Keep this information in mind when selecting your data storage mechanism. Cookies, for example, can only hold 4K of information. @@ -425,9 +428,6 @@ Option Default value Mandatory / Optional Description cipher N/A Yes Encryption algorithm (see :ref:`ciphers-and-modes`). mode N/A Yes Encryption mode (see :ref:`encryption-modes`). key N/A Yes Encryption key. -iv N/A No Initialization vector (IV). - If not provided it will be automatically generated - during encryption and looked for during decryption. hmac TRUE No Whether to use a HMAC. Boolean. If set to FALSE, then *hmac_digest* and *hmac_key* will be ignored. @@ -444,9 +444,6 @@ raw_data FALSE No Whether the cipher-t value is incorrect. This includes *hmac_key*, unless *hmac* is set to FALSE. -.. note:: If GCM mode is used, *hmac* will always be FALSE. This is - because GCM mode itself provides authentication. - .. _digests: Supported HMAC authentication algorithms diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 2ae56d29a..aae9e3b89 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -505,11 +505,40 @@ function:: 'required', function($value) { - // Check $value and return TRUE/FALSE + // Check $value } ) ); +Of course, since a Callable rule by itself is not a string, it isn't +a rule name either. That is a problem when you want to set error messages +for them. In order to get around that problem, you can put such rules as +the second element of an array, with the first one being the rule name:: + + $this->form_validation->set_rules( + 'username', 'Username', + array( + 'required', + array('username_callable', array($this->users_model, 'valid_username')) + ) + ); + +Anonymous function (PHP 5.3+) version:: + + $this->form_validation->set_rules( + 'username', 'Username', + array( + 'required', + array( + 'username_callable', + function($str) + { + // Check validity of $str and return TRUE or FALSE + } + ) + ) + ); + .. _setting-error-messages: Setting Error Messages diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst index dd9440443..4be1a6ea4 100644 --- a/user_guide_src/source/libraries/ftp.rst +++ b/user_guide_src/source/libraries/ftp.rst @@ -270,7 +270,7 @@ Class Reference :: // Creates a folder named "bar" - $this->ftp->mkdir('/public_html/foo/bar/', DIR_WRITE_MODE); + $this->ftp->mkdir('/public_html/foo/bar/', 0755); .. method:: chmod($path, $perm) @@ -282,8 +282,8 @@ Class Reference Permits you to set file permissions. Supply the path to the file or directory you wish to alter permissions on:: - // Chmod "bar" to 777 - $this->ftp->chmod('/public_html/foo/bar/', DIR_WRITE_MODE); + // Chmod "bar" to 755 + $this->ftp->chmod('/public_html/foo/bar/', 0755); .. method:: changedir($path[, $suppress_debug = FALSE]) diff --git a/user_guide_src/source/libraries/image_lib.rst b/user_guide_src/source/libraries/image_lib.rst index 16acf090b..a52cf3e02 100644 --- a/user_guide_src/source/libraries/image_lib.rst +++ b/user_guide_src/source/libraries/image_lib.rst @@ -137,6 +137,8 @@ Preference Default Value Options image can be shown at a time, and it can't be positioned on the page. It simply outputs the raw image dynamically to your browser, along with image headers. +**file_permissions** 0644 (integer) File system permissions to apply on the resulting image file, R, C, X, W + writing it to the disk. WARNING: Use octal integer notation! **quality** 90% 1 - 100% Sets the quality of the image. The higher the quality the larger the R, C, X, W file size. **new_image** None None Sets the destination image name/path. You'll use this preference when R, C, X, W diff --git a/user_guide_src/source/libraries/output.rst b/user_guide_src/source/libraries/output.rst index e49ea5366..218ec5896 100644 --- a/user_guide_src/source/libraries/output.rst +++ b/user_guide_src/source/libraries/output.rst @@ -205,4 +205,28 @@ Class Reference Caches the current page for the specified amount of seconds. - For more information, please see the :doc:`caching documentation <../general/caching>`.
\ No newline at end of file + For more information, please see the :doc:`caching documentation <../general/caching>`. + + .. method:: _display([$output = '']) + + :param string $output: Output data override + :returns: void + :rtype: void + + Sends finalized output data to the browser along with any server headers. It also stops benchmark + timers. + + .. note:: This method is called automatically at the end of script execution, you won't need to + call it manually unless you are aborting script execution using ``exit()`` or ``die()`` in your code. + + Example:: + $response = array('status' => 'OK'); + + $this->output + ->set_status_header(200) + ->set_content_type('application/json', 'utf-8') + ->set_output(json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)) + ->_display(); + exit; + + .. note:: Calling this method manually without aborting script execution will result in duplicated output.
\ No newline at end of file diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index fb875a0d9..0c51e342b 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -97,6 +97,13 @@ by editing the 'csrf_exclude_uris' config parameter:: $config['csrf_exclude_uris'] = array('api/person/add'); +Regular expressions are also supported (case-insensitive):: + + $config['csrf_exclude_uris'] = array( + 'api/record/[0-9]+', + 'api/title/[a-z]+' + ); + *************** Class Reference *************** @@ -156,4 +163,19 @@ Class Reference This method acts a lot like PHP's own native ``html_entity_decode()`` function in ENT_COMPAT mode, only it tries to detect HTML entities that don't end in a semicolon because some browsers allow that. - If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used.
\ No newline at end of file + If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. + + .. method:: get_random_bytes($length) + + :param int $length: Output length + :returns: A binary stream of random bytes or FALSE on failure + :rtype: string + + A convenience method for getting proper random bytes via ``mcrypt_create_iv()``, + ``/dev/urandom`` or ``openssl_random_pseudo_bytes()`` (in that order), if one + of them is available. + + Used for generating CSRF and XSS tokens. + + .. note:: The output is NOT guaranteed to be cryptographically secure, + just the best attempt at that.
\ No newline at end of file diff --git a/user_guide_src/source/libraries/table.rst b/user_guide_src/source/libraries/table.rst index 9d95eddfc..bb001e84c 100644 --- a/user_guide_src/source/libraries/table.rst +++ b/user_guide_src/source/libraries/table.rst @@ -95,24 +95,30 @@ The Table Class permits you to set a table template with which you can specify the design of your layout. Here is the template prototype:: $template = array( - 'table_open' => '<table border="0" cellpadding="4" cellspacing="0">', + 'table_open' => '<table border="0" cellpadding="4" cellspacing="0">', - 'heading_row_start' => '<tr>', - 'heading_row_end' => '</tr>', - 'heading_cell_start' => '<th>', - 'heading_cell_end' => '</th>', + 'thead_open' => '<thead>', + 'thead_close' => '</thead>', - 'row_start' => '<tr>', - 'row_end' => '</tr>', - 'cell_start' => '<td>', - 'cell_end' => '</td>', + 'heading_row_start' => '<tr>', + 'heading_row_end' => '</tr>', + 'heading_cell_start' => '<th>', + 'heading_cell_end' => '</th>', - 'row_alt_start' => '<tr>', - 'row_alt_end' => '</tr>', - 'cell_alt_start' => '<td>', - 'cell_alt_end' => '</td>', + 'tbody_open' => '<tbody>', + 'tbody_close' => '</tbody>', - 'table_close' => '</table>' + 'row_start' => '<tr>', + 'row_end' => '</tr>', + 'cell_start' => '<td>', + 'cell_end' => '</td>', + + 'row_alt_start' => '<tr>', + 'row_alt_end' => '</tr>', + 'cell_alt_start' => '<td>', + 'cell_alt_end' => '</td>', + + 'table_close' => '</table>' ); $this->table->set_template($template); @@ -288,4 +294,4 @@ Class Reference $this->table->add_row('Mary', 'Monday', 'Air'); $this->table->add_row('John', 'Saturday', 'Overnight'); - echo $this->table->generate();
\ No newline at end of file + echo $this->table->generate(); diff --git a/user_guide_src/source/libraries/zip.rst b/user_guide_src/source/libraries/zip.rst index 5ff7d07d6..4ca14086a 100644 --- a/user_guide_src/source/libraries/zip.rst +++ b/user_guide_src/source/libraries/zip.rst @@ -173,7 +173,7 @@ Class Reference :rtype: bool Writes the Zip-encoded file to a directory on your server. Submit a valid server path ending in the file name. - Make sure the directory is writable (660 or 666 is usually OK). Example:: + Make sure the directory is writable (755 is usually OK). Example:: $this->zip->archive('/path/to/folder/myarchive.zip'); // Creates a file named myarchive.zip |