summaryrefslogtreecommitdiffstats
path: root/user_guide_src
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src')
-rw-r--r--user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css15
-rw-r--r--user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js36
-rw-r--r--user_guide_src/source/changelog.rst18
-rw-r--r--user_guide_src/source/database/db_driver_reference.rst6
-rw-r--r--user_guide_src/source/database/query_builder.rst2
-rw-r--r--user_guide_src/source/installation/downloads.rst4
-rw-r--r--user_guide_src/source/installation/upgrade_300.rst45
-rw-r--r--user_guide_src/source/installation/upgrade_303.rst43
-rw-r--r--user_guide_src/source/installation/upgrade_304.rst14
-rw-r--r--user_guide_src/source/installation/upgrading.rst1
10 files changed, 172 insertions, 12 deletions
diff --git a/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css b/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css
index 192af2004..a2a3b3e91 100644
--- a/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css
+++ b/user_guide_src/source/_themes/sphinx_rtd_theme/static/css/citheme.css
@@ -70,4 +70,19 @@ div#pulldown-menu {
font-weight: 300;
font-family: Lucida Grande,Verdana,Geneva,sans-serif;
color: #aaaaaa;
+}
+
+/*hide pulldown menu on mobile devices*/
+@media (max-width: 768px) { /*tablet size defined by theme*/
+ #closeMe {
+ display: none;
+ }
+
+ #pulldown {
+ display: none;
+ }
+
+ #openToc {
+ display: none;
+ }
} \ No newline at end of file
diff --git a/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js b/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js
index b77789d06..081d77bdf 100644
--- a/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js
+++ b/user_guide_src/source/_themes/sphinx_rtd_theme/static/js/theme.js
@@ -25,7 +25,7 @@ $(document).ready(function () {
$('#closeMe').toggle(
function ()
{
- setCookie('ciNav', true, 365);
+ setCookie('ciNav', 'yes', 365);
$('#nav2').show();
$('#topMenu').remove();
$('body').css({background: 'none'});
@@ -35,7 +35,7 @@ $(document).ready(function () {
},
function ()
{
- setCookie('ciNav', false, 365);
+ setCookie('ciNav', 'no', 365);
$('#topMenu').remove();
$('#nav').hide();
$('#nav2').hide();
@@ -44,20 +44,25 @@ $(document).ready(function () {
$('.wy-nav-side').show();
}
);
- if (getCookie('ciNav') == 'true')
+ if (getCookie('ciNav') == 'yes')
{
$('#closeMe').trigger('click');
//$('#nav').slideToggle();
}
// END MODIFICATION ---
+
});
// Rufnex Cookie functions
function setCookie(cname, cvalue, exdays) {
+ // expire the old cookie if existed to avoid multiple cookies with the same name
+ if (getCookie(cname)) {
+ document.cookie = cname + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
+ }
var d = new Date();
d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
var expires = "expires=" + d.toGMTString();
- document.cookie = cname + "=" + cvalue + "; " + expires;
+ document.cookie = cname + "=" + cvalue + "; " + expires + "; path=/";
}
function getCookie(cname) {
var name = cname + "=";
@@ -70,10 +75,31 @@ function getCookie(cname) {
return c.substring(name.length, c.length);
}
}
- return false;
+ return '';
}
// End
+// resize window
+$(window).on('resize', function(){
+ // show side nav on small screens when pulldown is enabled
+ if (getCookie('ciNav') == 'yes' && $(window).width() <= 768) { // 768px is the tablet size defined by the theme
+ $('.wy-nav-side').show();
+ }
+ // changing css with jquery seems to override the default css media query
+ // change margin
+ else if (getCookie('ciNav') == 'no' && $(window).width() <= 768) {
+ $('.wy-nav-content-wrap').css({'margin-left': 0});
+ }
+ // hide side nav on large screens when pulldown is enabled
+ else if (getCookie('ciNav') == 'yes' && $(window).width() > 768) {
+ $('.wy-nav-side').hide();
+ }
+ // change margin
+ else if (getCookie('ciNav') == 'no' && $(window).width() > 768) {
+ $('.wy-nav-content-wrap').css({'margin-left': '300px'});
+ }
+});
+
window.SphinxRtdTheme = (function (jquery) {
var stickyNav = (function () {
var navBar,
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 03cbeb673..f28fd8930 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -11,15 +11,31 @@ Release Date: Not Released
Version 3.0.3
=============
-Release Date: Not Released
+Release Date: October 31, 2015
+
+- **Security**
+
+ - Fixed an XSS attack vector in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
+ - Changed :doc:`Config Library <libraries/config>` method ``base_url()`` to fallback to ``$_SERVER['SERVER_ADDR']`` when ``$config['base_url']`` is empty in order to avoid *Host* header injections.
+ - Changed :doc:`CAPTCHA Helper <helpers/captcha_helper>` to use the operating system's PRNG when possible.
- Database
- Optimized :doc:`Database Utility <database/utilities>` method ``csv_from_result()`` for speed with larger result sets.
+ - Added proper return values to :doc:`Database Transactions <database/transactions>` method ``trans_start()``.
Bug fixes for 3.0.3
-------------------
+- Fixed a bug (#4170) - :doc:`Database <database/index>` method ``insert_id()`` could return an identity from the wrong scope with the 'sqlsrv' driver.
+- Fixed a bug (#4179) - :doc:`Session Library <libraries/sessions>` doesn't properly maintain its state after ID regeneration with the 'database' driver on PHP7.
+- Fixed a bug (#4173) - :doc:`Database Forge <database/forge>` method ``add_key()`` didn't allow creation of non-PRIMARY composite keys after the "bugfix" for #3968.
+- Fixed a bug (#4171) - :doc:`Database Transactions <database/transactions>` didn't work with nesting in methods ``trans_begin()``, ``trans_commit()``, ``trans_rollback()``.
+- Fixed a bug where :doc:`Database Transaction <database/transactions>` methods ``trans_begin()``, ``trans_commit()``, ``trans_rollback()`` ignored failures.
+- Fixed a bug where all :doc:`Database Transaction <database/transactions>` methods returned TRUE while transactions are actually disabled.
+- Fixed a bug where :doc:`common function <general/common_functions>` :php:func:`html_escape()` modified keys of its array inputs.
+- Fixed a bug (#4192) - :doc:`Email Library <libraries/email>` wouldn't always have proper Quoted-printable encoding due to a bug in PHP's own ``mb_mime_encodeheader()`` function.
+
Version 3.0.2
=============
diff --git a/user_guide_src/source/database/db_driver_reference.rst b/user_guide_src/source/database/db_driver_reference.rst
index ea692515c..8fc26c01b 100644
--- a/user_guide_src/source/database/db_driver_reference.rst
+++ b/user_guide_src/source/database/db_driver_reference.rst
@@ -140,13 +140,15 @@ This article is intended to be a reference for them.
.. php:method:: trans_start([$test_mode = FALSE])
:param bool $test_mode: Test mode flag
- :rtype: void
+ :returns: TRUE on success, FALSE on failure
+ :rtype: bool
Start a transaction.
.. php:method:: trans_complete()
- :rtype: void
+ :returns: TRUE on success, FALSE on failure
+ :rtype: bool
Complete Transaction.
diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst
index 9c3ff306f..5d9ae4592 100644
--- a/user_guide_src/source/database/query_builder.rst
+++ b/user_guide_src/source/database/query_builder.rst
@@ -1018,7 +1018,7 @@ Here's a usage example::
.. note:: The following statements can be cached: select, from, join,
- where, like, group_by, having, order_by, set
+ where, like, group_by, having, order_by
***********************
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index d3081719f..c5ce2e836 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -2,8 +2,10 @@
Downloading CodeIgniter
#######################
+<<<<<<< HEAD
- `CodeIgniter v3.1.0-dev (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/develop>`_
-- `CodeIgniter v3.0.3-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_
+- `CodeIgniter v3.0.4-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_
+- `CodeIgniter v3.0.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.3>`_
- `CodeIgniter v3.0.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.2>`_
- `CodeIgniter v3.0.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.1>`_
- `CodeIgniter v3.0.0 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.0>`_
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index 4b3b408a7..a29f400f8 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -464,8 +464,51 @@ files and error messages format:
Therefore you're encouraged to update its usage sooner rather than
later.
+************************************************************
+Step 19: Make sure your 'base_url' config value is not empty
+************************************************************
+
+When ``$config['base_url']`` is not set, CodeIgniter tries to automatically
+detect what your website's base URL is. This is done purely for convenience
+when you are starting development of a new application.
+
+Auto-detection is never reliable and also has security implications, which
+is why you should **always** have it manually configured!
+
+One of the changes in CodeIgniter 3.0.3 is how this auto-detection works,
+and more specifically it now falls back to the server's IP address instead
+of the hostname requested by the client. Therefore, if you've ever relied
+on auto-detection, it will change how your website works now.
+
+In case you need to allow e.g. multiple domains, or both http:// and
+https:// prefixes to be dynamically used depending on the request,
+remember that *application/config/config.php* is still a PHP script, in
+which you can create this logic with a few lines of code. For example::
+
+ $allowed_domains = array('domain1.tld', 'domain2.tld');
+ $default_domain = 'domain1.tld';
+
+ if (in_array($_SERVER['HTTP_HOST'], $allowed_domains, TRUE))
+ {
+ $domain = $_SERVER['HTTP_HOST'];
+ }
+ else
+ {
+ $domain = $default_domain;
+ }
+
+ if ( ! empty($_SERVER['HTTPS']))
+ {
+ $config['base_url'] = 'https://'.$domain;
+ }
+ else
+ {
+ $config['base_url'] = 'http://'.$domain;
+ }
+
+
****************************************************************
-Step 19: Remove usage of (previously) deprecated functionalities
+Step 20: Remove usage of (previously) deprecated functionalities
****************************************************************
In addition to the ``$autoload['core']`` configuration setting, there's a
diff --git a/user_guide_src/source/installation/upgrade_303.rst b/user_guide_src/source/installation/upgrade_303.rst
index a98eed0d4..d13a0fe46 100644
--- a/user_guide_src/source/installation/upgrade_303.rst
+++ b/user_guide_src/source/installation/upgrade_303.rst
@@ -11,4 +11,45 @@ Step 1: Update your CodeIgniter files
Replace all files and directories in your *system/* directory.
.. note:: If you have any custom developed files in these directories,
- please make copies of them first. \ No newline at end of file
+ please make copies of them first.
+
+Step 2: Make sure your 'base_url' config value is not empty
+===========================================================
+
+When ``$config['base_url']`` is not set, CodeIgniter tries to automatically
+detect what your website's base URL is. This is done purely for convenience
+when you are starting development of a new application.
+
+Auto-detection is never reliable and also has security implications, which
+is why you should **always** have it manually configured!
+
+One of the changes in CodeIgniter 3.0.3 is how this auto-detection works,
+and more specifically it now falls back to the server's IP address instead
+of the hostname requested by the client. Therefore, if you've ever relied
+on auto-detection, it will change how your website works now.
+
+In case you need to allow e.g. multiple domains, or both http:// and
+https:// prefixes to be dynamically used depending on the request,
+remember that *application/config/config.php* is still a PHP script, in
+which you can create this logic with a few lines of code. For example::
+
+ $allowed_domains = array('domain1.tld', 'domain2.tld');
+ $default_domain = 'domain1.tld';
+
+ if (in_array($_SERVER['HTTP_HOST'], $allowed_domains, TRUE))
+ {
+ $domain = $_SERVER['HTTP_HOST'];
+ }
+ else
+ {
+ $domain = $default_domain;
+ }
+
+ if ( ! empty($_SERVER['HTTPS']))
+ {
+ $config['base_url'] = 'https://'.$domain;
+ }
+ else
+ {
+ $config['base_url'] = 'http://'.$domain;
+ }
diff --git a/user_guide_src/source/installation/upgrade_304.rst b/user_guide_src/source/installation/upgrade_304.rst
new file mode 100644
index 000000000..4d5bd2bb0
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_304.rst
@@ -0,0 +1,14 @@
+#############################
+Upgrading from 3.0.3 to 3.0.4
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+ please make copies of them first.
diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst
index de2877165..2a3b0b047 100644
--- a/user_guide_src/source/installation/upgrading.rst
+++ b/user_guide_src/source/installation/upgrading.rst
@@ -9,6 +9,7 @@ upgrading from.
:titlesonly:
Upgrading from 3.0.x to 3.1.x <upgrade_310>
+ Upgrading from 3.0.3 to 3.0.4 <upgrade_304>
Upgrading from 3.0.2 to 3.0.3 <upgrade_303>
Upgrading from 3.0.1 to 3.0.2 <upgrade_302>
Upgrading from 3.0.0 to 3.0.1 <upgrade_301>