From 21ca8cca94e969dd83e410c26920ec80822959d0 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 27 Sep 2010 08:49:29 -0500 Subject: added sess_expire_on_close to config file, corrected comment block for session config vars. Fixes #149 --- application/config/config.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index c5eae8f5b..3f2be480f 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -224,15 +224,22 @@ $config['encryption_key'] = ""; | Session Variables |-------------------------------------------------------------------------- | -| 'session_cookie_name' = the name you want for the cookie -| 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie -| 'session_expiration' = the number of SECONDS you want the session to last. -| by default sessions last 7200 seconds (two hours). Set to zero for no expiration. -| 'time_to_update' = how many seconds between CI refreshing Session Information +| 'sess_cookie_name' = the name you want for the cookie +| 'sess_expiration' = the number of SECONDS you want the session to last. +| by default sessions last 7200 seconds (two hours). Set to zero for no expiration. +| 'sess_expire_on_close' = Whether to cause the session to expire automatically +| when the browser window is closed +| 'sess_encrypt_cookie' = Whether to encrypt the cookie +| 'sess_use_database' = Whether to save the session data to a database +| 'sess_table_name' = The name of the session database table +| 'sess_match_ip' = Whether to match the user's IP address when reading the session data +| 'sess_match_useragent' = Whether to match the User Agent when reading the session data +| 'sess_time_to_update' = how many seconds between CI refreshing Session Information | */ $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; +$config['sess_expire_on_close'] = FALSE; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; -- cgit v1.2.3-24-g4f1b From e77162b9d3233cf6de1f4830262b79b3c2235ed3 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 27 Sep 2010 09:08:00 -0500 Subject: fixed some grammar errors in the Views documentation. Fixes #154 --- user_guide/general/views.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide/general/views.html b/user_guide/general/views.html index 107446946..b5dea05a1 100644 --- a/user_guide/general/views.html +++ b/user_guide/general/views.html @@ -109,12 +109,12 @@ class Blog extends Controller { -

If you visit the your site using the URL you did earlier you should see your new view. The URL was similar to this:

+

If you visit your site using the URL you did earlier you should see your new view. The URL was similar to this:

example.com/index.php/blog/

Loading multiple views

-

CodeIgniter will intelligently handle multiple calls to $this->load->view from within a controller. If more then one call happens they will be appended together. For example, you may wish to have a header view, a menu view, a content view, and a footer view. That might look something like this:

+

CodeIgniter will intelligently handle multiple calls to $this->load->view from within a controller. If more than one call happens they will be appended together. For example, you may wish to have a header view, a menu view, a content view, and a footer view. That might look something like this:

<?php

class Page extends Controller {

-- cgit v1.2.3-24-g4f1b From d76334998db618d4633886bbcecc84658b50ab23 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Tue, 28 Sep 2010 13:14:57 -0500 Subject: fixed a bug where the Output class would send incorrect cached data for controllers implementing their own _output() methods --- system/core/Output.php | 21 +++++++++++++-------- user_guide/changelog.html | 1 + user_guide/general/controllers.html | 11 ++++++++++- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/system/core/Output.php b/system/core/Output.php index 7d3e2e180..ad9ffbabe 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -212,7 +212,13 @@ class CI_Output { // since this function is sometimes called by the caching mechanism, // which happens before the CI super object is available. global $BM, $CFG; - + + // Grab the super object if we can. + if (function_exists('get_instance')) + { + $CI =& get_instance(); + } + // -------------------------------------------------------------------- // Set the output data @@ -223,8 +229,10 @@ class CI_Output { // -------------------------------------------------------------------- - // Do we need to write a cache file? - if ($this->cache_expiration > 0) + // Do we need to write a cache file? Only if the controller does not have its + // own _output() method and we are not dealing with a cache file, which we + // can determine by the existence of the $CI object above + if ($this->cache_expiration > 0 && isset($CI) && ! method_exists($CI, '_output')) { $this->_write_cache($output); } @@ -271,10 +279,10 @@ class CI_Output { // -------------------------------------------------------------------- - // Does the get_instance() function exist? + // Does the $CI object exist? // If not we know we are dealing with a cache file so we'll // simply echo out the data and exit. - if ( ! function_exists('get_instance')) + if ( ! isset($CI)) { echo $output; log_message('debug', "Final output sent to browser"); @@ -283,9 +291,6 @@ class CI_Output { } // -------------------------------------------------------------------- - - // Grab the super object. We'll need it in a moment... - $CI =& get_instance(); // Do we need to generate profile data? // If so, load the Profile class and run it. diff --git a/user_guide/changelog.html b/user_guide/changelog.html index fb533b082..58fd78008 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -162,6 +162,7 @@ Hg Tag:

Bug fixes for 2.0.0

 @@ -252,7 +252,7 @@ Hg Tag: v1.7.2

  • Fixed a bug in form_textarea() where form data was not prepped correctly.
  • Fixed a bug in form_prep() causing it to not preserve entities in the user's original input when called back into a form element
  • Fixed a bug in _protect_identifiers() where the swap prefix ($swap_pre) was not being observed.
    • -
  • Fixed a bug where the 400 status header sent with the 'disallowed URI characters' was not compatible with CGI environments.
    • +
  • Fixed a bug where the 400 status header sent with the 'disallowed URI characters' was not compatible with CGI environments.
  • Fixed a bug in the typography class where heading tags could have paragraph tags inserted when using auto_typography().
    • @@ -363,7 +363,7 @@ Hg Tag: 1.7.0

  • Database
      -
    • Improved Active Record class to allow full path column and table names: hostname.database.table.column. Also improved the alias handling.
      • +
    • Improved Active Record class to allow full path column and table names: hostname.database.table.column. Also improved the alias handling.
    • Improved how table and column names are escaped and prefixed. It now honors full path names when adding prefixes and escaping.
    • Added Active Record caching feature to "update" and "delete" functions.
    • Added removal of non-printing control characters in escape_str() of DB drivers that do not have native PHP escaping mechanisms (mssql, oci8, odbc), to avoid potential SQL errors, and possible sources of SQL injection.
      • @@ -553,7 +553,7 @@ Hg Tag: 1.6.2

      • Added ability for xss_clean() to accept arrays.
      • Removed closing PHP tags from all PHP files to avoid accidental output and potential 'cannot modify headers' errors.
        • -
      • Removed "scripts" from the auto-load search path. Scripts were deprecated +
      • Removed "scripts" from the auto-load search path. Scripts were deprecated in Version 1.4.1 (September 21, 2006). If you still need to use them for legacy reasons, they must now be manually loaded in each Controller.
      • Added a Reserved Names page to the userguide, and migrated reserved controller names into it.
      • Added a Common Functions page to the userguide for globally available functions.
        • @@ -599,7 +599,7 @@ Hg Tag: 1.6.2

        Release Date: February 12, 2008
        Hg Tag: 1.6.1

          -
        • Active Record +
        • Active Record
          • Added Active Record Caching.
          • Made Active Record fully database-prefix aware.
            • @@ -674,7 +674,7 @@ Hg Tag: 1.6.1

          • Changed the behaviour of variables submitted to the where() clause with no values to auto set "IS NULL"
          • - +
        • Other Database Related
          • MySQL driver now requires MySQL 4.1+
            • @@ -690,19 +690,19 @@ Hg Tag: 1.6.1

            in harmony with the global nature of the behavior (#1834).
          • - +
        • Core changes
          • Added ability to load multiple views, whose content will be appended to the output in the order loaded.
          • Added the ability to auto-load Models.
          • Reorganized the URI and Routes classes for better clarity.
            • -
          • Added Compat.php to allow function overrides for older versions of PHP or PHP environments missing certain extensions / libraries
            • +
          • Added Compat.php to allow function overrides for older versions of PHP or PHP environments missing certain extensions / libraries
          • Added memory usage, GET, URI string data, and individual query execution time to Profiler output.
          • Deprecated Scaffolding.
          • Added is_really_writable() to Common.php to provide a cross-platform reliable method of testing file/folder writability.
          • - +
        • Libraries
          • Changed the load protocol of Models to allow for extension.
            • @@ -722,7 +722,7 @@ Hg Tag: 1.6.1

          • Enabled the 'system' methods for the XML-RPC Server library, except for 'system.multicall' which is still disabled.
          • - +
        • Helpers & Plugins
          • Added link_tag() to the HTML helper.
            • @@ -738,8 +738,8 @@ Hg Tag: 1.6.1

          • Javascript Calendar plugin now uses the months and days from the calendar language file, instead of hard-coded values, internationalizing it.
          • + -
        • Documentation Changes
          • Added Writing Documentation section for the community to use in writing their own documentation.
            • @@ -756,7 +756,7 @@ Hg Tag: 1.6.1

          Bug fixes for Version 1.6.0

          - +
          • Fixed a bug (#1813) preventing using $CI->db in the same application with returned database objects.
          • Fixed a bug (#1842) where the $this->uri->rsegments array would not include the 'index' method if routed to the controller without an implicit method.
            • diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html index 482115ccd..065db4913 100644 --- a/user_guide/database/active_record.html +++ b/user_guide/database/active_record.html @@ -220,20 +220,20 @@ $this->db->join('comments', 'comments.id = blogs.id', 'left');< $this->db->where('name', $name);

            // Produces: WHERE name = 'Joe'             - +

            Notice that the equal sign is added for you.

            - +

            If you use multiple function calls they will be chained together with AND between them:

            - + $this->db->where('name', $name);
            $this->db->where('title', $title);
            $this->db->where('status', $status);

            // WHERE name = 'Joe' AND title = 'boss' AND status = 'active'             - +
          • Custom key/value method: - +

            You can include an operator in the first parameter in order to control the comparison:

            - + $this->db->where('name !=', $name);
            $this->db->where('id <', $id);

            // Produces: WHERE name != 'Joe' AND id < 45
            • @@ -242,7 +242,7 @@ $this->db->join('comments', 'comments.id = blogs.id', 'left');< $array = array('name' => $name, 'title' => $title, 'status' => $status);

            - + $this->db->where($array);

            // Produces: WHERE name = 'Joe' AND title = 'boss' AND status = 'active'             @@ -250,10 +250,10 @@ $this->db->join('comments', 'comments.id = blogs.id', 'left');< $array = array('name !=' => $name, 'id <' => $id, 'date >' => $date);

            - + $this->db->where($array);
          • Custom string: - +

            You can write your own clauses manually:

            @@ -263,7 +263,7 @@ $this->db->join('comments', 'comments.id = blogs.id', 'left');<

            $this->db->where() accepts an optional third parameter. If you set it to FALSE, CodeIgniter will not try to protect your field or table names with backticks.

            -

            $this->db->where('MATCH (field) AGAINST ("value")', NULL, FALSE);
            +

            $this->db->where('MATCH (field) AGAINST ("value")', NULL, FALSE);

            $this->db->or_where();

            This function is identical to the one above, except that multiple instances are joined by OR:

            @@ -290,7 +290,7 @@ $this->db->or_where('id >', $id); $names = array('Frank', 'Todd', 'James');
            $this->db->or_where_in('username', $names);
            // Produces: OR username IN ('Frank', 'Todd', 'James')

            - +

            $this->db->where_not_in();

            Generates a WHERE field NOT IN ('item', 'item') SQL query joined with AND if appropriate

            @@ -316,14 +316,14 @@ $this->db->or_where('id >', $id); $this->db->like('title', 'match');

            // Produces: WHERE title LIKE '%match%'             - +

            If you use multiple function calls they will be chained together with AND between them:

            - + $this->db->like('title', 'match');
            $this->db->like('body', 'match');

            // WHERE title LIKE '%match%' AND body LIKE '%match%             - If you want to control where the wildcard (%) is placed, you can use an optional third argument. Your options are 'before', 'after' and 'both' (which is the default). + If you want to control where the wildcard (%) is placed, you can use an optional third argument. Your options are 'before', 'after' and 'both' (which is the default). $this->db->like('title', 'match', 'before');
            // Produces: WHERE title LIKE '%match'
            @@ -333,17 +333,17 @@ $this->db->or_where('id >', $id);
            $this->db->like('title', 'match', 'both');
            // Produces: WHERE title LIKE '%match%'
            • - +
          • Associative array method: $array = array('title' => $match, 'page1' => $match, 'page2' => $match);

            - + $this->db->like($array);

            // WHERE title LIKE '%match%' AND page1 LIKE '%match%' AND page2 LIKE '%match%'
            • - - + +

            $this->db->or_like();

            This function is identical to the one above, except that multiple instances are joined by OR:

            @@ -355,7 +355,7 @@ $this->db->or_like('body', $match); - +

            Note: or_like() was formerly known as orlike(), which has been removed.

            $this->db->not_like();

            This function is identical to like(), except that it generates NOT LIKE statements:

            @@ -370,17 +370,17 @@ $this->db->or_not_like('body', 'match');
            // WHERE title LIKE '%match% OR body NOT LIKE '%match%'

            $this->db->group_by();

            Permits you to write the GROUP BY portion of your query:

            - + $this->db->group_by("title");

            // Produces: GROUP BY title

            You can also pass an array of multiple values as well:

            - + $this->db->group_by(array("title", "date"));

            // Produces: GROUP BY title, date             - +

            Note: group_by() was formerly known as groupby(), which has been removed.

            $this->db->distinct();
            @@ -392,7 +392,7 @@ $this->db->or_not_like('body', 'match');
            // Produces: SELECT DISTINCT * FROM table

            $this->db->having();

            Permits you to write the HAVING portion of your query. There are 2 possible syntaxes, 1 argument or 2:

            - + $this->db->having('user_id = 45');
            // Produces: HAVING user_id = 45
            @@ -401,7 +401,7 @@ $this->db->having('user_id', 45);
            // Produces: HAVING user_id = 45

             - +

            You can also pass an array of multiple values as well:

            @@ -419,14 +419,14 @@ $this->db->having('user_id', 45);

            $this->db->order_by();

            Lets you set an ORDER BY clause. The first parameter contains the name of the column you would like to order by. The second parameter lets you set the direction of the result. Options are asc or desc, or random.

            - + $this->db->order_by("title", "desc");

            // Produces: ORDER BY title DESC

            You can also pass your own string in the first parameter:

            - + $this->db->order_by('title desc, name asc');

            // Produces: ORDER BY title DESC, name ASC @@ -479,10 +479,10 @@ echo $this->db->count_all_results();
            // Produces an integer, like 25             - +  

            Inserting Data

            - +

            $this->db->insert();

            Generates an insert string based on the data you supply, and runs the query. You can either pass an array or an object to the function. Here is an example using an array:

            @@ -520,9 +520,9 @@ $this->db->insert('mytable', $object);

            The first parameter will contain the table name, the second is an associative array of values.

            Note: All values are escaped automatically producing safer queries.

            - - - + + +

            $this->db->set();

            This function enables you to set values for inserts or updates.

            @@ -576,10 +576,10 @@ $this->db->insert('mytable'); - +  

            Updating Data

            - +

            $this->db->update();

            Generates an update string and runs the query based on the data you supply. You can pass an array or an object to the function. Here is an example using @@ -625,7 +625,7 @@ $this->db->update('mytable', $object);

            Note: All values are escaped automatically producing safer queries.

            - +

            You'll notice the use of the $this->db->where() function, enabling you to set the WHERE clause. You can optionally pass this information directly into the update function as a string:

            @@ -634,15 +634,15 @@ You can optionally pass this information directly into the update function as a

            Or as an array:

            $this->db->update('mytable', $data, array('id' => $id)); - +

            You may also use the $this->db->set() function described above when performing updates.

            - +  

            Deleting Data

            - +

            $this->db->delete();

            Generates a delete SQL string and runs the query.

            diff --git a/user_guide/database/call_function.html b/user_guide/database/call_function.html index fe09d2b14..46dfe89dc 100644 --- a/user_guide/database/call_function.html +++ b/user_guide/database/call_function.html @@ -97,7 +97,7 @@ Obviously not all function calls are identical between platforms, so there are l - + diff --git a/user_guide/database/fields.html b/user_guide/database/fields.html index 30d39a42d..e5cc4777d 100644 --- a/user_guide/database/fields.html +++ b/user_guide/database/fields.html @@ -142,7 +142,7 @@ $fields = $query->field_data();
          • primary_key - 1 if the column is a primary key
          • type - the type of the column
          - + diff --git a/user_guide/database/index.html b/user_guide/database/index.html index 45d15dba4..381592c26 100644 --- a/user_guide/database/index.html +++ b/user_guide/database/index.html @@ -78,7 +78,7 @@ structures and Active Record patterns. The database functions offer clear, simpl
        • Database manipulation with Database Forge
        • Database Utilities Class
        - + diff --git a/user_guide/database/queries.html b/user_guide/database/queries.html index 7a6734c4a..c8a304943 100644 --- a/user_guide/database/queries.html +++ b/user_guide/database/queries.html @@ -132,7 +132,7 @@ $this->db->query($sql, array(3, 'live', 'Rick'));

        The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.

        The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you.

        - + diff --git a/user_guide/database/results.html b/user_guide/database/results.html index 9eaa1793e..410dac840 100644 --- a/user_guide/database/results.html +++ b/user_guide/database/results.html @@ -65,11 +65,11 @@ Query Results

        There are several ways to generate query results:

        result()

        - +

        This function returns the query result as an array of objects, or an empty array on failure. - + Typically you'll use this in a foreach loop, like this:

        - + $query = $this->db->query("YOUR QUERY");

        @@ -79,11 +79,11 @@ Query Results    echo $row->name;
           echo $row->body;
        }         - +

        The above function is an alias of result_object().

        If you run queries that might not produce a result, you are encouraged to test the result first:

        - + $query = $this->db->query("YOUR QUERY");

        @@ -97,9 +97,9 @@ Query Results    }
        }         - +

        result_array()

        - +

        This function returns the query result as a pure array, or an empty array when no result is produced. Typically you'll use this in a foreach loop, like this:

        $query = $this->db->query("YOUR QUERY");
        @@ -113,7 +113,7 @@ Query Results

        row()

        - +

        This function returns a single result row. If your query has more than one row, it returns only the first row. The result is returned as an object. Here's a usage example:

        @@ -128,9 +128,9 @@ Query Results    echo $row->body;
        }         - +

        If you want a specific row returned you can submit the row number as a digit in the first parameter:

        - + $row = $query->row(5); @@ -151,13 +151,13 @@ Query Results }         - +

        If you want a specific row returned you can submit the row number as a digit in the first parameter:

        - + $row = $query->row_array(5); - -

        In addition, you can walk forward/backwards/first/last through your results using these variations:

        + +

        In addition, you can walk forward/backwards/first/last through your results using these variations:

        $row = $query->first_row()
        @@ -217,7 +217,7 @@ $query2->free_result(); // The $query2 result object will no longer be availabl - + diff --git a/user_guide/database/table_data.html b/user_guide/database/table_data.html index c85408fab..8b86ed58e 100644 --- a/user_guide/database/table_data.html +++ b/user_guide/database/table_data.html @@ -92,7 +92,7 @@ if ($this->db->table_exists('table_name'))
        - + diff --git a/user_guide/doc_style/template.html b/user_guide/doc_style/template.html index 26831ac06..d5ef5caa4 100644 --- a/user_guide/doc_style/template.html +++ b/user_guide/doc_style/template.html @@ -54,7 +54,7 @@ Foo Class

        Brief description of Foo Class. If it extends a native CodeIgniter class, please link to the class in the CodeIgniter documents here.

        Important:  This is an important note with EMPHASIS.

        - +

        Features:

          diff --git a/user_guide/general/alternative_php.html b/user_guide/general/alternative_php.html index b9069a8be..3193c0585 100644 --- a/user_guide/general/alternative_php.html +++ b/user_guide/general/alternative_php.html @@ -58,14 +58,14 @@ Alternate PHP Syntax

          Alternate PHP Syntax for View Files

          If you do not utilize CodeIgniter's template engine, you'll be using pure PHP -in your View files. To minimize the PHP code in these files, and to make it easier to identify the code blocks it is recommended that you use +in your View files. To minimize the PHP code in these files, and to make it easier to identify the code blocks it is recommended that you use PHPs alternative syntax for control structures and short tag echo statements. If you are not familiar with this syntax, it allows you to eliminate the braces from your code, and eliminate "echo" statements.

          Automatic Short Tag Support

          Note: If you find that the syntax described in this page does not work on your server it might -be that "short tags" are disabled in your PHP ini file. CodeIgniter will optionally rewrite short tags on-the-fly, +be that "short tags" are disabled in your PHP ini file. CodeIgniter will optionally rewrite short tags on-the-fly, allowing you to use that syntax even if your server doesn't support it. This feature can be enabled in your config/config.php file.

          diff --git a/user_guide/general/creating_libraries.html b/user_guide/general/creating_libraries.html index 0b4d642ae..3f0e32cb0 100644 --- a/user_guide/general/creating_libraries.html +++ b/user_guide/general/creating_libraries.html @@ -200,7 +200,7 @@ etc. This is very important. Assigning by reference allows you to use the original CodeIgniter object rather than creating a copy of it.

          Also, please note: If you are running PHP 4 it's usually best to avoid calling get_instance() -from within your class constructors. PHP 4 has trouble referencing the CI super object within application constructors +from within your class constructors. PHP 4 has trouble referencing the CI super object within application constructors since objects do not exist until the class is fully instantiated.

          diff --git a/user_guide/general/credits.html b/user_guide/general/credits.html index b77528a7e..5423d5838 100644 --- a/user_guide/general/credits.html +++ b/user_guide/general/credits.html @@ -58,8 +58,8 @@ Credits

          Credits

          CodeIgniter was originally developed by Rick Ellis (CEO of -EllisLab, Inc.). The framework was written for performance in the real -world, with many of the class libraries, helpers, and sub-systems borrowed from the code-base of +EllisLab, Inc.). The framework was written for performance in the real +world, with many of the class libraries, helpers, and sub-systems borrowed from the code-base of ExpressionEngine.

          It is currently developed and maintained by the ExpressionEngine Development Team.

          diff --git a/user_guide/general/drivers.html b/user_guide/general/drivers.html index 9c86f0216..3163c11a7 100644 --- a/user_guide/general/drivers.html +++ b/user_guide/general/drivers.html @@ -75,7 +75,7 @@ Using CodeIgniter Drivers $this->some_parent->some_method();

          The child classes, the drivers themselves, can then be called directly through the parent class, without initializing them:

          - + $this->some_parent->child_one->some_method();
          $this->some_parent->child_two->another_method();           diff --git a/user_guide/general/managing_apps.html b/user_guide/general/managing_apps.html index 04af6e6a3..a1a96cf82 100644 --- a/user_guide/general/managing_apps.html +++ b/user_guide/general/managing_apps.html @@ -70,7 +70,7 @@ file and set its name using the $application_folder variable:

          Relocating your Application Folder

          -

          It is possible to move your application folder to a different location on your server than your system folder. +

          It is possible to move your application folder to a different location on your server than your system folder. To do so open your main index.php and set a full server path in the $application_folder variable.

          @@ -79,7 +79,7 @@ To do so open your main index.php and set a full server path

          Running Multiple Applications with one CodeIgniter Installation

          -

          If you would like to share a common CodeIgniter installation to manage several different applications simply +

          If you would like to share a common CodeIgniter installation to manage several different applications simply put all of the directories located inside your application folder into their own sub-folder.

          @@ -107,7 +107,7 @@ variable. For example, to select the "foo" application for use you would do thi $application_folder = "applications/foo"; -

          Note:  Each of your applications will need its own index.php file which +

          Note:  Each of your applications will need its own index.php file which calls the desired application. The index.php file can be named anything you want.

          diff --git a/user_guide/general/models.html b/user_guide/general/models.html index e405dd1b6..35ab08d20 100644 --- a/user_guide/general/models.html +++ b/user_guide/general/models.html @@ -212,7 +212,7 @@ class Blog_controller extends Controller {
        • You can tell the model loading function to auto-connect by passing TRUE (boolean) via the third parameter, and connectivity settings, as defined in your database config file will be used: - $this->load->model('Model_name', '', TRUE); + $this->load->model('Model_name', '', TRUE);
          • diff --git a/user_guide/general/profiling.html b/user_guide/general/profiling.html index 47c1a5abc..7cb3f158d 100644 --- a/user_guide/general/profiling.html +++ b/user_guide/general/profiling.html @@ -129,7 +129,7 @@ This information can be useful during development in order to help with debuggin Any GET data passed in the request TRUE - + http_headers The HTTP headers for the current request TRUE @@ -149,7 +149,7 @@ This information can be useful during development in order to help with debuggin Listing of all database queries executed, including execution time TRUE - + uri_string The URI of the current request TRUE diff --git a/user_guide/general/styleguide.html b/user_guide/general/styleguide.html index 1200a2c12..7b7d837d9 100644 --- a/user_guide/general/styleguide.html +++ b/user_guide/general/styleguide.html @@ -107,12 +107,12 @@ Style Guide a UTF-8 encoded file, and the BOM can have a negative side effect in PHP of sending output, preventing the application from being able to set its own headers. Unix line endings should be used (LF).

          - +

          Here is how to apply these settings in some of the more common text editors. Instructions for your text editor may vary; check your text editor's documentation.

          - +
          TextMate
          - +
          1. Open the Application Preferences
          2. Click Advanced, and then the "Saving" tab
            3. @@ -121,9 +121,9 @@ Style Guide
          3. Optional: Check "Use for existing files as well" if you wish to modify the line endings of files you open to your new preference.
          - +
          BBEdit
          - +
          1. Open the Application Preferences
          2. Select "Text Encodings" on the left.
            3. @@ -137,7 +137,7 @@ Style Guide

            PHP Closing Tag

            -

            The PHP closing tag on a PHP document ?> is optional to the PHP parser. However, if used, any whitespace following the closing tag, whether introduced +

            The PHP closing tag on a PHP document ?> is optional to the PHP parser. However, if used, any whitespace following the closing tag, whether introduced by the developer, user, or an FTP application, can cause unwanted output, PHP errors, or if the latter are suppressed, blank pages. For this reason, all PHP files should OMIT the closing PHP tag, and instead use a comment block to mark the end of file and it's location relative to the application root. This allows you to still identify a file as being complete and not truncated.

            @@ -158,7 +158,7 @@ echo "Here's my code!";
            - +

            Class and Method Naming

            Class names should always have their first letter uppercase, and the constructor method should match identically. Multiple words should be separated with an underscore, and not CamelCased. All other class methods should be entirely lowercased and named to clearly indicate their function, preferably including a verb. Try to avoid overly long and verbose names.

            @@ -193,8 +193,8 @@ function get_the_file_properties_from_the_file() // wordy function get_file_properties() // descriptive, underscore separator, and all lowercase letters
            - - + +

            Variable Names

            The guidelines for variable naming is very similar to that used for class methods. Namely, variables should contain only lowercase letters, use underscore separators, and be reasonably named to indicate their purpose and contents. Very short, non-word variables should only be used as iterators in for() loops.

            @@ -213,8 +213,8 @@ $group_id $last_city
            - - + +

            Commenting

            In general, code should be commented prolifically. It not only helps describe the flow and intent of the code for less experienced programmers, but can prove invaluable when returning to your own code months down the line. There is not a required format for comments, but the following are recommended.

            @@ -257,8 +257,8 @@ $parts = explode("\n", $str); $parts = $this->foo($parts);
            - - + +

            Constants

            Constants follow the same guidelines as do variables, except constants should always be fully uppercase. Always use CodeIgniter constants when appropriate, i.e. SLASH, LD, RD, PATH_CACHE, etc.

            @@ -275,8 +275,8 @@ SUPER_CLASS_VERSION $str = str_replace(LD.'foo'.RD, 'bar', $str);
            - - + +

            TRUE, FALSE, and NULL

            TRUE, FALSE, and NULL keywords should always be fully uppercase.

            @@ -290,9 +290,9 @@ if ($foo == TRUE) $bar = FALSE; function foo($bar = NULL)
            - - + +

            Logical Operators

            Use of || is discouraged as its clarity on some output devices is low (looking like the number 11 for instance). @@ -310,9 +310,9 @@ if ( ! $foo) if ( ! is_array($foo))

            - - - + + +

            Comparing Return Values and Typecasting

            Some PHP functions return FALSE on failure, but may also have a valid return value of "" or 0, which would evaluate to FALSE in loose comparisons. Be explicit by comparing the variable type when using these return values in conditionals to ensure the return value is indeed what you expect, and not a value that has an equivalent loose-type evaluation.

            @@ -350,27 +350,27 @@ function build_string($str = "") $str = (string) $str; // cast $str as a string
            - - + +

            Debugging Code

            No debugging code can be left in place for submitted add-ons unless it is commented out, i.e. no var_dump(), print_r(), die(), and exit() calls that were used while creating the add-on, unless they are commented out.

            // print_r($foo);
            - - + +

            Whitespace in Files

            No whitespace can precede the opening PHP tag or follow the closing PHP tag. Output is buffered, so whitespace in your files can cause output to begin before CodeIgniter outputs its content, leading to errors and an inability for CodeIgniter to send proper headers. In the examples below, select the text with your mouse to reveal the incorrect whitespace.

            INCORRECT:

            - + <?php // ...there is whitespace and a linebreak above the opening PHP tag // as well as whitespace after the closing PHP tag -?> +?>

            CORRECT:

            <?php @@ -378,15 +378,15 @@ function build_string($str = "") ?>
            - - + +

            Compatibility

            Unless specifically mentioned in your add-on's documentation, all code must be compatible with PHP version 4.3+. Additionally, do not use PHP functions that require non-default libraries to be installed unless your code contains an alternative method when the function is not available, or you implicitly document that your add-on requires said PHP libraries.

            - - + +

            Class and File Names using Common Words

            When your class or filename is a common word, or might quite likely be identically named in another PHP script, provide a unique prefix to help prevent collision. Always realize that your end users may be running other add-ons or third party PHP scripts. Choose a prefix that is unique to your identity as a developer or company.

            @@ -402,8 +402,8 @@ class Pre_xml ext.pre_xml.php class Pre_import mod.pre_import.php
            - - + +

            Database Table Names

            Any tables that your add-on might use must use the 'exp_' prefix, followed by a prefix uniquely identifying you as the developer or company, and then a short descriptive table name. You do not need to be concerned about the database prefix being used on the user's installation, as CodeIgniter's database class will automatically convert 'exp_' to what is actually being used.

            @@ -419,30 +419,30 @@ exp_pre_email_addresses

            NOTE: Be mindful that MySQL has a limit of 64 characters for table names. This should not be an issue as table names that would exceed this would likely have unreasonable names. For instance, the following table name exceeds this limitation by one character. Silly, no? exp_pre_email_addresses_of_registered_users_in_seattle_washington

            - - + +

            One File per Class

            Use separate files for each class your add-on uses, unless the classes are closely related. An example of CodeIgniter files that contains multiple classes is the Database class file, which contains both the DB class and the DB_Cache class, and the Magpie plugin, which contains both the Magpie and Snoopy classes.

            - - + +

            Whitespace

            Use tabs for whitespace in your code, not spaces. This may seem like a small thing, but using tabs instead of whitespace allows the developer looking at your code to have indentation at levels that they prefer and customize in whatever application they use. And as a side benefit, it results in (slightly) more compact files, storing one tab character versus, say, four space characters.

            - - + +

            Line Breaks

            Files must be saved with Unix line breaks. This is more of an issue for developers who work in Windows, but in any case ensure that your text editor is setup to save files with Unix line breaks.

            - - + +

            Code Indenting

            Use Allman style indenting. With the exception of Class declarations, braces are always placed on a line by themselves, and indented at the same level as the control statement that "owns" them.

            @@ -498,12 +498,12 @@ for ($i = 0; $i < 10; $i++) } }
            - +

            Bracket and Parenthetic Spacing

            In general, parenthesis and brackets should not use any additional spaces. The exception is that a space should always follow PHP control structures that accept arguments with parenthesis (declare, do-while, elseif, for, foreach, if, switch, while), to help distinguish them from functions and increase readability.

            - + INCORRECT: $arr[ $foo ] = 'foo'; @@ -514,13 +514,13 @@ $arr[$foo] = 'foo'; // no spaces around array keys INCORRECT: function foo ( $bar ) { - + } CORRECT: function foo($bar) // no spaces around parenthesis in function declarations { - + } @@ -531,9 +531,9 @@ CORRECT: foreach ($query->result() as $row) // single space following PHP control structures, but not in interior parenthesis
            - - - + + +

            Localized Text

            Any text that is output in the control panel should use language variables in your lang file to allow localization.

            @@ -544,9 +544,9 @@ return "Invalid Selection"; CORRECT: return $this->lang->line('invalid_selection');
            - - + +

            Private Methods and Variables

            Methods and variables that are only accessed internally by your class, such as utility and helper functions that your public methods use for code abstraction, should be prefixed with an underscore.

            @@ -554,9 +554,9 @@ return $this->lang->line('invalid_selection'); convert_text() // public method _convert_text() // private method
            - - + +

            PHP Errors

            Code must run error free and not rely on warnings and notices to be hidden to meet this requirement. For instance, never access a variable that you did not set yourself (such as $_POST array keys) without first checking to see that it isset().

            @@ -574,9 +574,9 @@ _convert_text() // private method

            NOTE: Setting the display_errors setting with ini_set() at runtime is not identical to having it enabled in the PHP environment. Namely, it will not have any effect if the script has fatal errors

            - - + +

            Short Open Tags

            Always use full PHP opening tags, in case a server does not have short_open_tag enabled.

            @@ -589,9 +589,9 @@ _convert_text() // private method CORRECT: <?php echo $foo; ?>
            - - + +

            One Statement Per Line

            Never combine statements on one line.

            @@ -605,9 +605,9 @@ $bar = 'that'; $bat = str_replace($foo, $bar, $bag);
            - - + +

            Strings

            Always use single quoted strings unless you need variables parsed, and in cases where you do need variables parsed, use braces to prevent greedy token parsing. You may also use double-quoted strings if the string contains single quotes, so you do not have to use escape characters.

            @@ -622,9 +622,9 @@ $bat = str_replace($foo, $bar, $bag); "My string {$foo}" "SELECT foo FROM bar WHERE baz = 'bag'"
            - - + +

            SQL Queries

            MySQL keywords are always capitalized: SELECT, INSERT, UPDATE, WHERE, AS, JOIN, ON, IN, etc.

            @@ -645,16 +645,16 @@ $query = $this->db->query("SELECT foo, bar, baz, foofoo, foobar AS raboof, fooba ORDER BY foobaz LIMIT 5, 100");
            - - + +

            Default Function Arguments

            Whenever appropriate, provide function argument defaults, which helps prevent PHP errors with mistaken calls and provides common fallback values which can save a few lines of code. Example:

            function foo($bar = '', $baz = FALSE)
            - + diff --git a/user_guide/general/views.html b/user_guide/general/views.html index b5dea05a1..8f317109e 100644 --- a/user_guide/general/views.html +++ b/user_guide/general/views.html @@ -169,7 +169,7 @@ class Blog extends Controller { { $data['title'] = "My Real Title"; $data['heading'] = "My Real Heading"; - + $this->load->view('blogview', $data); } } @@ -211,7 +211,7 @@ class Blog extends Controller { $data['title'] = "My Real Title"; $data['heading'] = "My Real Heading"; - + $this->load->view('blogview', $data); } } @@ -229,8 +229,8 @@ class Blog extends Controller { </head> <body> <h1><?php echo $heading;?></h1> - -<h3>My Todo List</h3> + +<h3>My Todo List</h3> <ul> <?php foreach($todo_list as $item):?> @@ -239,7 +239,7 @@ class Blog extends Controller { <?php endforeach;?> </ul> - + </body> </html> diff --git a/user_guide/helpers/captcha_helper.html b/user_guide/helpers/captcha_helper.html index c4aa65fad..bd7482266 100644 --- a/user_guide/helpers/captcha_helper.html +++ b/user_guide/helpers/captcha_helper.html @@ -87,9 +87,9 @@ CAPTCHA Helper

            The "word" is the word that appears in the captcha image, which if not supplied to the function, will be a random string.

            - +

            Using the CAPTCHA helper

            - +

            Once loaded you can generate a captcha like this:

            $vals = array(
            @@ -120,14 +120,14 @@ echo $cap['image'];

        Adding a Database

        - +

        In order for the captcha function to prevent someone from submitting, you will need to add the information returned from create_captcha() function to your database. Then, when the data from the form is submitted by the user you will need to verify that the data exists in the database and has not expired.

        - +

        Here is a table prototype:

        - + CREATE TABLE captcha (
         captcha_id bigint(13) unsigned NOT NULL auto_increment,
         captcha_time int(10) unsigned NOT NULL,
        @@ -138,7 +138,7 @@ echo $cap['image'];         )

        Here is an example of usage with a database. On the page where the CAPTCHA will be shown you'll have something like this:

        - + $this->load->helper('captcha');
        $vals = array(
            'img_path' => './captcha/',
        @@ -161,10 +161,10 @@ echo $cap['image'];
        echo '<input type="text" name="captcha" value="" />';

        Then, on the page that accepts the submission you'll have something like this:

        - + // First, delete old captchas
        $expiration = time()-7200; // Two hour limit
        -$this->db->query("DELETE FROM captcha WHERE captcha_time < ".$expiration);
        +$this->db->query("DELETE FROM captcha WHERE captcha_time < ".$expiration);

        // Then see if a captcha exists:
        $sql = "SELECT COUNT(*) AS count FROM captcha WHERE word = ? AND ip_address = ? AND date > ?";
        @@ -176,7 +176,7 @@ if ($row->count == 0)
        {
            echo "You must submit the word that appears in the image";
        }         - + diff --git a/user_guide/helpers/compatibility_helper.html b/user_guide/helpers/compatibility_helper.html index de8c49d0a..9afec6541 100644 --- a/user_guide/helpers/compatibility_helper.html +++ b/user_guide/helpers/compatibility_helper.html @@ -68,7 +68,7 @@ Compatibility Helper You may use those functions without loading this helper. The functions are split between that file and this Helper so that only functions required by the framework are included by default. This way, whether or not you load the additional functions in this Helper remains your choice.

        - +

        Loading this Helper

        This helper is loaded using the following code:

        diff --git a/user_guide/helpers/date_helper.html b/user_guide/helpers/date_helper.html index 2d908705e..f8775b146 100644 --- a/user_guide/helpers/date_helper.html +++ b/user_guide/helpers/date_helper.html @@ -116,7 +116,7 @@ echo standard_date($format, $time); Description Example - + DATE_ATOM Atom 2005-08-15T16:13:03+0000 @@ -149,7 +149,7 @@ echo standard_date($format, $time); DATE_RFC1123 RFC 1123 - Sun, 14 Aug 2005 16:13:03 UTC + Sun, 14 Aug 2005 16:13:03 UTC DATE_RFC2822 diff --git a/user_guide/helpers/directory_helper.html b/user_guide/helpers/directory_helper.html index 2324252dd..6e4faef02 100644 --- a/user_guide/helpers/directory_helper.html +++ b/user_guide/helpers/directory_helper.html @@ -83,7 +83,7 @@ you can do so using the second parameter (integer). A depth of 1 will only map t $map = directory_map('./mydirectory/', 1); -

        By default, hidden files will not be included in the returned array. To override this behavior, +

        By default, hidden files will not be included in the returned array. To override this behavior, you may set a third parameter to true (boolean):

        $map = directory_map('./mydirectory/', FALSE, TRUE); diff --git a/user_guide/helpers/form_helper.html b/user_guide/helpers/form_helper.html index 03a60685b..0aaa8f60f 100644 --- a/user_guide/helpers/form_helper.html +++ b/user_guide/helpers/form_helper.html @@ -258,11 +258,11 @@ echo form_fieldset_close();

        // Produces
        -<fieldset> +<fieldset>
        -<legend>Address Information</legend> +<legend>Address Information</legend>
        -<p>form content here</p> +<p>form content here</p>
        </fieldset>

        Similar to other functions, you can submit an associative array in the second parameter if you prefer to set additional attributes.

        diff --git a/user_guide/helpers/html_helper.html b/user_guide/helpers/html_helper.html index 50a1c48a4..845ecf109 100644 --- a/user_guide/helpers/html_helper.html +++ b/user_guide/helpers/html_helper.html @@ -118,7 +118,7 @@ echo link_tag('css/mystyles.css');
        echo link_tag('favicon.ico', 'shortcut icon', 'image/ico');
        - // <link href="http://site.com/favicon.ico" rel="shortcut icon" type="image/ico" /> + // <link href="http://site.com/favicon.ico" rel="shortcut icon" type="image/ico" />

        echo link_tag('feed', 'alternate', 'application/rss+xml', 'My RSS Feed');
        @@ -134,7 +134,7 @@ echo link_tag('css/mystyles.css');

        echo link_tag($link);
        // <link href="http://site.com/css/printer.css" rel="stylesheet" type="text/css" media="print" />

        - +

        nbs()

        Generates non-breaking spaces (&nbsp;) based on the number you submit. Example:

        echo nbs(3); diff --git a/user_guide/helpers/smiley_helper.html b/user_guide/helpers/smiley_helper.html index 661330aab..d95562d94 100644 --- a/user_guide/helpers/smiley_helper.html +++ b/user_guide/helpers/smiley_helper.html @@ -91,7 +91,7 @@ a publicly accessible place on your server. This helper also assumes you have t

        In your application/controllers/ folder, create a file called smileys.php and place the code below in it.

        -

        Important: Change the URL in the get_clickable_smileys() function below so that it points to +

        Important: Change the URL in the get_clickable_smileys() function below so that it points to your smiley folder.

        You'll notice that in addition to the smiley helper we are using the Table Class.

        @@ -105,21 +105,21 @@ class Smileys extends Controller { { parent::Controller(); } - + function index() { $this->load->helper('smiley'); $this->load->library('table'); - + $image_array = get_clickable_smileys('http://example.com/images/smileys/', 'comments'); - + $col_array = $this->table->make_columns($image_array, 8); - + $data['smiley_table'] = $this->table->generate($col_array); - + $this->load->view('smiley_view', $data); } - + } ?> diff --git a/user_guide/helpers/string_helper.html b/user_guide/helpers/string_helper.html index 2b12c2a2a..d3f97fb52 100644 --- a/user_guide/helpers/string_helper.html +++ b/user_guide/helpers/string_helper.html @@ -145,7 +145,7 @@ The third parameter is FALSE by default; if set to TRUE it will remove occurence $string=",Fred, Bill,, Joe, Jimmy,";
        $string=reduce_multiples($string, ", ", TRUE); //results in "Fred, Bill, Joe, Jimmy" -

        +

        quotes_to_entities()

        Converts single and double quotes in a string to the corresponding HTML entities. Example:

        diff --git a/user_guide/helpers/text_helper.html b/user_guide/helpers/text_helper.html index 438eaec45..6a68180b6 100644 --- a/user_guide/helpers/text_helper.html +++ b/user_guide/helpers/text_helper.html @@ -120,7 +120,7 @@ part it should correctly identify characters outside the normal range (like acce

        Transliterates high ASCII characters to low ASCII equivalents, useful when non-English characters need to be used where only standard ASCII characters are safely used, for instance, in URLs.

        $string = convert_accented_characters($string); - +

        This function uses a companion config file application/config/foreign_chars.php to define the to and from array for transliteration.

        word_censor()

        diff --git a/user_guide/images/ci_logo.jpg b/user_guide/images/ci_logo.jpg index 3ae0eee07..9ab5a8e24 100644 Binary files a/user_guide/images/ci_logo.jpg and b/user_guide/images/ci_logo.jpg differ diff --git a/user_guide/images/ci_logo_flame.jpg b/user_guide/images/ci_logo_flame.jpg index 17e9c586b..5bf38adbb 100644 Binary files a/user_guide/images/ci_logo_flame.jpg and b/user_guide/images/ci_logo_flame.jpg differ diff --git a/user_guide/images/ci_quick_ref.png b/user_guide/images/ci_quick_ref.png index c07d6b469..a4aa49585 100644 Binary files a/user_guide/images/ci_quick_ref.png and b/user_guide/images/ci_quick_ref.png differ diff --git a/user_guide/images/codeigniter_1.7.1_helper_reference.png b/user_guide/images/codeigniter_1.7.1_helper_reference.png index 15a7c1576..6a7d9f8c9 100644 Binary files a/user_guide/images/codeigniter_1.7.1_helper_reference.png and b/user_guide/images/codeigniter_1.7.1_helper_reference.png differ diff --git a/user_guide/images/codeigniter_1.7.1_library_reference.png b/user_guide/images/codeigniter_1.7.1_library_reference.png index 7f054f95f..08636857e 100644 Binary files a/user_guide/images/codeigniter_1.7.1_library_reference.png and b/user_guide/images/codeigniter_1.7.1_library_reference.png differ diff --git a/user_guide/images/nav_bg.jpg b/user_guide/images/nav_bg.jpg index 440e04ddb..35640707b 100644 Binary files a/user_guide/images/nav_bg.jpg and b/user_guide/images/nav_bg.jpg differ diff --git a/user_guide/installation/downloads.html b/user_guide/installation/downloads.html index f4114b7d1..f557a7887 100644 --- a/user_guide/installation/downloads.html +++ b/user_guide/installation/downloads.html @@ -84,11 +84,11 @@ Downloading CodeIgniter

        Mercurial Server

        Mercurial is a distributed version control system.

        - +

        Public Hg access is available at BitBucket. Please note that while every effort is made to keep this code base functional, we cannot guarantee the functionality of code taken from the tip.

        - +

        Beginning with version 1.6.1, stable tags are also available via BitBucket, simply select the version from the Tags dropdown.

        diff --git a/user_guide/installation/index.html b/user_guide/installation/index.html index 3d58725ed..973d21064 100644 --- a/user_guide/installation/index.html +++ b/user_guide/installation/index.html @@ -73,7 +73,7 @@ variables at the top of the file with the new name you've chosen.

        For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn't abide by the .htaccess.

        After moving them, open your main index.php file and set the $system_folder and $application_folder variables, preferably with a full path, e.g. '/www/MyUser/system'.

        - +

        That's it!

        diff --git a/user_guide/installation/upgrade_160.html b/user_guide/installation/upgrade_160.html index e0e987ede..b6a946d7e 100644 --- a/user_guide/installation/upgrade_160.html +++ b/user_guide/installation/upgrade_160.html @@ -79,7 +79,7 @@ Upgrading from 1.5.4 to 1.6.0

        Step 2: Add time_to_update to your config.php

        Add the following to application/config/config.php with the other session configuration options

        -

        $config['sess_time_to_update'] = 300;

        +

        $config['sess_time_to_update'] = 300;

        Step 3: Add $autoload['model']

        Add the following to application/config/autoload.php

        /*
        diff --git a/user_guide/installation/upgrade_170.html b/user_guide/installation/upgrade_170.html index 7f3cec614..91238ecbc 100644 --- a/user_guide/installation/upgrade_170.html +++ b/user_guide/installation/upgrade_170.html @@ -79,7 +79,7 @@ Upgrading from 1.6.3 to 1.7.0

        Step 2: Update your Session Table

        -

        If you are using the Session class in your application, AND if you are storing session data to a database, you must add a new column named user_data to your session table. +

        If you are using the Session class in your application, AND if you are storing session data to a database, you must add a new column named user_data to your session table. Here is an example of what this column might look like for MySQL:

        user_data text NOT NULL @@ -93,7 +93,7 @@ Here is an example of what this column might look like for MySQL:

        Step 3: Update your Validation Syntax

        -

        This is an optional, but recommended step, for people currently using the Validation class. CI 1.7 introduces a new Form Validation class, which +

        This is an optional, but recommended step, for people currently using the Validation class. CI 1.7 introduces a new Form Validation class, which deprecates the old Validation library. We have left the old one in place so that existing applications that use it will not break, but you are encouraged to migrate to the new version as soon as possible. Please read the user guide carefully as the new library works a little differently, and has several new features.

        diff --git a/user_guide/installation/upgrade_200.html b/user_guide/installation/upgrade_200.html index 155df90d3..58ed6e5ce 100644 --- a/user_guide/installation/upgrade_200.html +++ b/user_guide/installation/upgrade_200.html @@ -80,9 +80,9 @@ Upgrading from 1.7.2 to 2.0.0

        Step 3: Convert your Plugins to Helpers

        2.0.0 gets rid of the "Plugin" system as their functionality was identical to Helpers, but non-extensible. You will need to rename your plugin files from filename_pi.php to filename_helper.php, move them to your helpers folder, and change all instances of: - + $this->load->plugin('foo'); - + to $this->load->helper('foo'); @@ -97,7 +97,7 @@ to making it no longer possible to decode encrypted data produced by the original version of this library. To help with the transition, a new method has been added, encode_from_legacy() that will decode the data with the original algorithm and return a re-encoded string using the improved methods. This will enable you to easily replace stale encrypted data with fresh in your applications, either on the fly or en masse.

        - +

        Please read how to use this method in the Encryption library documentation.

        diff --git a/user_guide/libraries/calendar.html b/user_guide/libraries/calendar.html index 74a8619bf..2c052424d 100644 --- a/user_guide/libraries/calendar.html +++ b/user_guide/libraries/calendar.html @@ -114,7 +114,7 @@ how data passed to your cells is handled so you can pass different types of info

        Setting Display Preferences

        -

        There are seven preferences you can set to control various aspects of the calendar. Preferences are set by passing an +

        There are seven preferences you can set to control various aspects of the calendar. Preferences are set by passing an array of preferences in the second parameter of the loading function. Here is an example:

        diff --git a/user_guide/libraries/cart.html b/user_guide/libraries/cart.html index 0dcf04acc..fb5f6621c 100644 --- a/user_guide/libraries/cart.html +++ b/user_guide/libraries/cart.html @@ -58,7 +58,7 @@ Shopping Cart Class

        Shopping Cart Class

        -

        The Cart Class permits items to be added to a session that stays active while a user is browsing your site. +

        The Cart Class permits items to be added to a session that stays active while a user is browsing your site. These items can be retrieved and displayed in a standard "shopping cart" format, allowing the user to update the quantity or remove items from the cart.

        Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.

        @@ -109,7 +109,7 @@ It is intended to be used in cases where your product has options associated wit
      • options - Any additional attributes that are needed to identify the product. These must be passed via an array.
      -

      In addition to the five indexes above, there are two reserved words: rowid and subtotal. These are used internally by the Cart class, so +

      In addition to the five indexes above, there are two reserved words: rowid and subtotal. These are used internally by the Cart class, so please do NOT use those words as index names when inserting data into the cart.

      Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among @@ -181,24 +181,24 @@ $this->cart->insert($data); <?php foreach($this->cart->contents() as $items): ?> <?php echo form_hidden($i.'[rowid]', $items['rowid']); ?> - + <tr> <td><?php echo form_input(array('name' => $i.'[qty]', 'value' => $items['qty'], 'maxlength' => '3', 'size' => '5')); ?></td> <td> <?php echo $items['name']; ?> - + <?php if ($this->cart->has_options($items['rowid']) == TRUE): ?> - + <p> <?php foreach ($this->cart->product_options($items['rowid']) as $option_name => $option_value): ?> - + <strong><?php echo $option_name; ?>:</strong> <?php echo $option_value; ?><br /> - + <?php endforeach; ?> </p> - + <?php endif; ?> - + </td> <td style="text-align:right"><?php echo $this->cart->format_number($items['price']); ?></td> <td style="text-align:right">$<?php echo $this->cart->format_number($items['subtotal']); ?></td> diff --git a/user_guide/libraries/email.html b/user_guide/libraries/email.html index e144826be..b863ef4c1 100644 --- a/user_guide/libraries/email.html +++ b/user_guide/libraries/email.html @@ -83,7 +83,7 @@ Email Class $this->load->library('email');

      -$this->email->from('your@example.com', 'Your Name');
      +$this->email->from('your@example.com', 'Your Name');
      $this->email->to('someone@example.com');
      $this->email->cc('another@another-example.com');
      $this->email->bcc('them@their-example.com');
      @@ -233,7 +233,7 @@ in a loop, permitting the data to be reset between cycles.

      foreach ($list as $name => $address)
      {
          $this->email->clear();

      - +     $this->email->to($address);
          $this->email->from('your@example.com');
          $this->email->subject('Here is your info '.$name);
      diff --git a/user_guide/libraries/file_uploading.html b/user_guide/libraries/file_uploading.html index 31041341f..254b2666a 100644 --- a/user_guide/libraries/file_uploading.html +++ b/user_guide/libraries/file_uploading.html @@ -145,15 +145,15 @@ folder:

      diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html index 2099135a0..1d0b57181 100644 --- a/user_guide/libraries/form_validation.html +++ b/user_guide/libraries/form_validation.html @@ -106,7 +106,7 @@ have left the old class in the library so applications currently using it will n
      1. A form is displayed.
      2. You fill it in and submit it.
        3. -
      3. If you submitted something invalid, or perhaps missed a required item, the form is redisplayed containing your data +
      4. If you submitted something invalid, or perhaps missed a required item, the form is redisplayed containing your data along with an error message describing the problem.
      5. This process continues until you have submitted a valid form.
      @@ -225,13 +225,13 @@ folder:

      @@ -616,7 +616,7 @@ $this->form_validation->set_rules('first_name', 'lang:first_name', 'r

      Changing the Error Delimiters

      -

      By default, the Form Validation class adds a paragraph tag (<p>) around each error message shown. You can either change these delimiters globally or +

      By default, the Form Validation class adds a paragraph tag (<p>) around each error message shown. You can either change these delimiters globally or individually.

        diff --git a/user_guide/libraries/ftp.html b/user_guide/libraries/ftp.html index a46b155b9..493177655 100644 --- a/user_guide/libraries/ftp.html +++ b/user_guide/libraries/ftp.html @@ -82,7 +82,7 @@ $this->load->library('ftp');
        $config['hostname'] = 'ftp.example.com';
        $config['username'] = 'your-username';
        $config['password'] = 'your-password';
        -$config['debug'] = TRUE;
        +$config['debug'] = TRUE;

        $this->ftp->connect($config);

        @@ -101,7 +101,7 @@ $this->load->library('ftp');
        $config['hostname'] = 'ftp.example.com';
        $config['username'] = 'your-username';
        $config['password'] = 'your-password';
        -$config['debug'] = TRUE;
        +$config['debug'] = TRUE;

        $this->ftp->connect($config);

        @@ -121,7 +121,7 @@ $this->load->library('ftp');
        $config['hostname'] = 'ftp.example.com';
        $config['username'] = 'your-username';
        $config['password'] = 'your-password';
        -$config['debug'] = TRUE;
        +$config['debug'] = TRUE;

        $this->ftp->connect($config);

        @@ -231,7 +231,7 @@ $this->ftp->delete_file('/public_html/joe/blog.html');

        $this->ftp->delete_dir()

        Lets you delete a directory and everything it contains. Supply the source path to the directory with a trailing slash.

        -

        Important  Be VERY careful with this function. It will recursively delete +

        Important  Be VERY careful with this function. It will recursively delete everything within the supplied path, including sub-folders and all files. Make absolutely sure your path is correct. Try using the list_files() function first to verify that your path is correct.

        @@ -242,7 +242,7 @@ $this->ftp->delete_dir('/public_html/path/to/folder/');

        $this->ftp->list_files()

        -

        Permits you to retrieve a list of files on your server returned as an array. You must supply +

        Permits you to retrieve a list of files on your server returned as an array. You must supply the path to the desired directory.

        @@ -254,7 +254,7 @@ print_r($list);

        $this->ftp->mirror()

        -

        Recursively reads a local folder and everything it contains (including sub-folders) and creates a +

        Recursively reads a local folder and everything it contains (including sub-folders) and creates a mirror via FTP based on it. Whatever the directory structure of the original file path will be recreated on the server. You must supply a source path and a destination path:

        diff --git a/user_guide/libraries/image_lib.html b/user_guide/libraries/image_lib.html index 3dce50bf2..98ed4f6dd 100644 --- a/user_guide/libraries/image_lib.html +++ b/user_guide/libraries/image_lib.html @@ -447,7 +447,7 @@ calling the watermark function. Here is an example:

        $config['source_image'] = '/path/to/image/mypic.jpg';
        -$config['wm_text'] = 'Copyright 2006 - John Doe';
        +$config['wm_text'] = 'Copyright 2006 - John Doe';
        $config['wm_type'] = 'text';
        $config['wm_font_path'] = './system/fonts/texb.ttf';
        $config['wm_font_size'] = '16';
        diff --git a/user_guide/libraries/loader.html b/user_guide/libraries/loader.html index 1d5a47f40..34e3929a9 100644 --- a/user_guide/libraries/loader.html +++ b/user_guide/libraries/loader.html @@ -78,8 +78,8 @@ Note: We use the terms "class" and "library" interchangeably.

        Once loaded, the library will be ready for use, using $this->email->some_function().

        -

        Library files can be stored in subdirectories within the main "libraries" folder, or within your personal application/libraries folder. -To load a file located in a subdirectory, simply include the path, relative to the "libraries" folder. +

        Library files can be stored in subdirectories within the main "libraries" folder, or within your personal application/libraries folder. +To load a file located in a subdirectory, simply include the path, relative to the "libraries" folder. For example, if you have file located at:

        libraries/flavors/chocolate.php @@ -217,7 +217,7 @@ $this->load->library('foo_bar');

        When your controller is finished using resources from an application package, and particularly if you have other application packages you want to work with, you may wish to remove the package path so the Loader no longer looks in that folder for resources. To remove the last path added, simply call the method with no parameters.

        $this->load->remove_package_path()

        - +

        Or to remove a specific package path, specify the same path previously given to add_package_path() for a package.:

        $this->load->remove_package_path(APPPATH.'third_party/foo_bar/'); diff --git a/user_guide/libraries/output.html b/user_guide/libraries/output.html index eeb278371..a1427de7b 100644 --- a/user_guide/libraries/output.html +++ b/user_guide/libraries/output.html @@ -140,9 +140,9 @@ at the bottom of your pages for debugging and optimization purposes.

        Parsing Execution Variables

        CodeIgniter will parse the pseudo-variables {elapsed_time} and {memory_usage} in your output by default. To disable this, set the $parse_exec_vars class property to FALSE in your controller. - + $this->output->parse_exec_vars = FALSE; - + diff --git a/user_guide/libraries/pagination.html b/user_guide/libraries/pagination.html index 521b708b1..42c102c8d 100644 --- a/user_guide/libraries/pagination.html +++ b/user_guide/libraries/pagination.html @@ -69,7 +69,7 @@ Pagination Class

        Here is a simple example showing how to create pagination in one of your controller functions:

        -$this->load->library('pagination');

        +$this->load->library('pagination');

        $config['base_url'] = 'http://example.com/index.php/test/page/';
        $config['total_rows'] = '200';
        $config['per_page'] = '20'; diff --git a/user_guide/libraries/table.html b/user_guide/libraries/table.html index f1a46fca0..e90aca3d2 100644 --- a/user_guide/libraries/table.html +++ b/user_guide/libraries/table.html @@ -83,7 +83,7 @@ $data = array(
                     array('John', 'Green', 'Medium')
                     );

        -echo $this->table->generate($data); +echo $this->table->generate($data);

        Here is an example of a table created from a database query result. The table class will automatically generate the @@ -95,7 +95,7 @@ $this->load->library('table');

        $query = $this->db->query("SELECT * FROM my_table");

        -echo $this->table->generate($query); +echo $this->table->generate($query);         @@ -110,7 +110,7 @@ $this->table->add_row('Fred', 'Blue', 'Small');
        $this->table->add_row('Mary', 'Red', 'Large');
        $this->table->add_row('John', 'Green', 'Medium');

        -echo $this->table->generate(); +echo $this->table->generate();

        Here is the same example, except instead of individual parameters, arrays are used:

        @@ -124,7 +124,7 @@ $this->table->add_row(array('Fred', 'Blue', 'Small'));
        $this->table->add_row(array('Mary', 'Red', 'Large'));
        $this->table->add_row(array('John', 'Green', 'Medium'));

        -echo $this->table->generate(); +echo $this->table->generate(); diff --git a/user_guide/libraries/typography.html b/user_guide/libraries/typography.html index 2675fa759..e78af5f9a 100644 --- a/user_guide/libraries/typography.html +++ b/user_guide/libraries/typography.html @@ -134,7 +134,7 @@ This function is identical to the native PHP nl2br() function, except

        When using the Typography library in conjunction with the Template Parser library it can often be desirable to protect single and double quotes within curly braces. To enable this, set the protect_braced_quotes class property to TRUE.

        - +

        Usage example:

        $this->load->library('typography');
        diff --git a/user_guide/libraries/unit_testing.html b/user_guide/libraries/unit_testing.html index 0e7d1d696..84db54431 100644 --- a/user_guide/libraries/unit_testing.html +++ b/user_guide/libraries/unit_testing.html @@ -81,7 +81,7 @@ to determine if it is producing the correct data type and result.

        $this->unit->run( test, expected result, 'test name', 'notes');

        -

        Where test is the result of the code you wish to test, expected result is the data type you expect, +

        Where test is the result of the code you wish to test, expected result is the data type you expect, test name is an optional name you can give your test, and notes are optional notes. Example:

        $test = 1 + 1;
        diff --git a/user_guide/libraries/xmlrpc.html b/user_guide/libraries/xmlrpc.html index 8d1dbdf5f..971ab0296 100644 --- a/user_guide/libraries/xmlrpc.html +++ b/user_guide/libraries/xmlrpc.html @@ -192,7 +192,7 @@ The allowed methods are on the left side of the array. When either of those are

        The 'object' key is a special key that you pass an instantiated class object with, which is necessary when the method you are mapping to is not part of the CodeIgniter super object.

        - +

        In other words, if an XML-RPC Client sends a request for the new_post method, your server will load the My_blog class and call the new_entry function. If the request is for the update_post method, your @@ -202,7 +202,7 @@ server will load the My_blog class and call the update_entry

        There are two additional configuration keys you may make use of when initializing the server class: debug can be set to TRUE in order to enable debugging, and xss_clean may be set to FALSE to prevent sending data through the Security library's xss_clean function. - +

        Processing Server Requests

        When the XML-RPC Server receives a request and loads the class/method for processing, it will pass @@ -324,20 +324,20 @@ In it, place this code and save it to your applications/controllers/<?php class Xmlrpc_client extends Controller { - + function index() - { + { $this->load->helper('url'); $server_url = site_url('xmlrpc_server'); - + $this->load->library('xmlrpc'); - + $this->xmlrpc->server($server_url, 80); $this->xmlrpc->method('Greetings'); - + $request = array('How is it going?'); - $this->xmlrpc->request($request); - + $this->xmlrpc->request($request); + if ( ! $this->xmlrpc->send_request()) { echo $this->xmlrpc->display_error(); @@ -367,24 +367,24 @@ class Xmlrpc_server extends Controller { { $this->load->library('xmlrpc'); $this->load->library('xmlrpcs'); - + $config['functions']['Greetings'] = array('function' => 'Xmlrpc_server.process'); - + $this->xmlrpcs->initialize($config); $this->xmlrpcs->serve(); } - - + + function process($request) { $parameters = $request->output_parameters(); - + $response = array( array( 'you_said' => $parameters['0'], 'i_respond' => 'Not bad at all.'), 'struct'); - + return $this->xmlrpc->send_response($response); } } @@ -422,7 +422,7 @@ The Server receives the request and maps it to the "process" function, where a r                        )
                         );
        $this->xmlrpc->request($request);         - +

        You can retrieve the associative array when processing the request in the Server.

        $parameters = $request->output_parameters();
        diff --git a/user_guide/nav/moo.fx.js b/user_guide/nav/moo.fx.js index 53cfa925f..c80697fd2 100755 --- a/user_guide/nav/moo.fx.js +++ b/user_guide/nav/moo.fx.js @@ -71,7 +71,7 @@ fx.Layout.prototype = Object.extend(new fx.Base(), { }); fx.Height = Class.create(); -Object.extend(Object.extend(fx.Height.prototype, fx.Layout.prototype), { +Object.extend(Object.extend(fx.Height.prototype, fx.Layout.prototype), { increase: function() { this.el.style.height = this.now + "px"; }, @@ -83,7 +83,7 @@ Object.extend(Object.extend(fx.Height.prototype, fx.Layout.prototype), { }); fx.Width = Class.create(); -Object.extend(Object.extend(fx.Width.prototype, fx.Layout.prototype), { +Object.extend(Object.extend(fx.Width.prototype, fx.Layout.prototype), { increase: function() { this.el.style.width = this.now + "px"; }, diff --git a/user_guide/nav/moo.fx.pack.js b/user_guide/nav/moo.fx.pack.js index 574f27cff..e2ce39927 100755 --- a/user_guide/nav/moo.fx.pack.js +++ b/user_guide/nav/moo.fx.pack.js @@ -113,7 +113,7 @@ fx.MultiFadeSize.prototype = Object.extend(new Multi(), { this.el[i].fs.toggle(mode); setTimeout(function(){el.fs.toggle(mode);}.bind(el), delay); } - + } }, @@ -170,13 +170,13 @@ fx.RememberHeight.prototype = Object.extend(new Remember(), { this.fx = new fx.Height(this.el, this.options); this.prefix = 'height'; }, - + toggle: function(){ if (this.el.offsetHeight == 0) this.setCookie(this.el.scrollHeight); else this.setCookie(0); this.fx.toggle(); }, - + resize: function(to){ this.setCookie(this.el.offsetHeight+to); this.fx.custom(this.el.offsetHeight,this.el.offsetHeight+to); diff --git a/user_guide/overview/at_a_glance.html b/user_guide/overview/at_a_glance.html index f07313721..984eb0867 100644 --- a/user_guide/overview/at_a_glance.html +++ b/user_guide/overview/at_a_glance.html @@ -103,7 +103,7 @@ approach to URLs that is synonymous with dynamic systems, CodeIgniter uses a seg

        CodeIgniter Packs a Punch

        CodeIgniter comes with full-range of libraries that enable the most commonly needed web development tasks, -like accessing a database, sending email, validating form data, maintaining sessions, manipulating images, working with XML-RPC data and +like accessing a database, sending email, validating form data, maintaining sessions, manipulating images, working with XML-RPC data and much more.

        CodeIgniter is Extensible

        diff --git a/user_guide/overview/index.html b/user_guide/overview/index.html index 3cb56f42b..59ee05c5a 100644 --- a/user_guide/overview/index.html +++ b/user_guide/overview/index.html @@ -67,7 +67,7 @@ Introduction
      1. Design and Architectural Goals
      2. Package Description
    - + diff --git a/user_guide/toc.html b/user_guide/toc.html index db9e9a824..d0caa6231 100644 --- a/user_guide/toc.html +++ b/user_guide/toc.html @@ -68,7 +68,7 @@ Table of Contents
  • License Agreement
  • Change Log
  • Credits
    • - +

    Installation

    + @@ -114,7 +114,7 @@ Table of Contents
  • Managing Applications
  • Alternative PHP Syntax
  • Security
    • -
  • PHP Style Guide
    • +
  • PHP Style Guide
  • Writing Documentation
    • @@ -134,7 +134,7 @@ Table of Contents
  • Form Validation Class
  • FTP Class
  • HTML Table Class
    • -
  • Image Manipulation Class
    • +
  • Image Manipulation Class
  • Input Class
  • Loader Class
  • Language Class
    • @@ -180,7 +180,7 @@ Table of Contents
  • Typography Helper
  • URL Helper
  • XML Helper
    • - +

    Additional Resources

    -- cgit v1.2.3-24-g4f1b From 71eee841e278ba5d08f836c047ef3c2e38fa34e1 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Tue, 5 Oct 2010 09:40:43 -0500 Subject: fixed bug where sess_expire_on_close was not being set from a config file, fixes #173 --- system/libraries/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Session.php b/system/libraries/Session.php index fc3ee0542..7394e5897 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -61,7 +61,7 @@ class CI_Session { // Set all the session preferences, which can either be set // manually via the $params array above or via the config file - foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key) + foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key) { $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key); } -- cgit v1.2.3-24-g4f1b From 79bd0363faf287cafd9e9bd5608bc3e08df9ac87 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 6 Oct 2010 10:06:37 -0500 Subject: added suggested value to index.php for error_reporting() when a site goes live, closes #177 --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index 0eef7b895..c885893dd 100644 --- a/index.php +++ b/index.php @@ -6,7 +6,7 @@ *--------------------------------------------------------------- * * By default CI runs with error reporting set to ALL. For security - * reasons you are encouraged to change this when your site goes live. + * reasons you are encouraged to change this to 0 when your site goes live. * For more info visit: http://www.php.net/error_reporting * */ -- cgit v1.2.3-24-g4f1b From 49ced91d1f5ab50068a66fdddff6be3f5c420565 Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Wed, 6 Oct 2010 17:31:40 -0500 Subject: Fixed CSRF comments to avoid confusion. --- application/config/config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index 3f2be480f..0b85ac5fc 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -274,9 +274,9 @@ $config['global_xss_filtering'] = FALSE; /* |-------------------------------------------------------------------------- -| Cross Site Forgery Request +| Cross Site Request Forgery |-------------------------------------------------------------------------- -| Enables a CSFR cookie token to be set. When set to TRUE, token will be +| Enables a CSRF cookie token to be set. When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly | recommended CSRF protection be enabled. */ -- cgit v1.2.3-24-g4f1b From 2615e418539c3d6e2f912c66be99ffebfb8513ff Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 6 Oct 2010 17:51:16 -0500 Subject: fixed a security issue which in certain cases could result in directory traversal --- system/core/Router.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/core/Router.php b/system/core/Router.php index b371d5241..d911eb224 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -345,7 +345,7 @@ class CI_Router { */ function set_class($class) { - $this->class = $class; + $this->class = str_replace(array('/', '.'), '', $class); } // -------------------------------------------------------------------- @@ -404,7 +404,7 @@ class CI_Router { */ function set_directory($dir) { - $this->directory = trim($dir, '/').'/'; + $this->directory = str_replace(array('/', '.'), '', $dir).'/'; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 2ef375969b77c5fdf84118d4a7a8e0bc97d9d2f6 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 6 Oct 2010 17:51:59 -0500 Subject: modified the security helper to assist in preventing directory traversal when using sanitize_filename() for user input --- system/libraries/Security.php | 10 +++++++--- user_guide/libraries/security.html | 5 +++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/system/libraries/Security.php b/system/libraries/Security.php index 9a1590b5c..3c1e9cfba 100644 --- a/system/libraries/Security.php +++ b/system/libraries/Security.php @@ -680,11 +680,10 @@ class CI_Security { * @param string * @return string */ - function sanitize_filename($str) + function sanitize_filename($str, $relative_path = FALSE) { $bad = array( "../", - "./", "", "<", @@ -701,7 +700,6 @@ class CI_Security { '=', ';', '?', - '/', "%20", "%22", "%3c", // < @@ -717,6 +715,12 @@ class CI_Security { "%3b", // ; "%3d" // = ); + + if ( ! $relative_path) + { + $bad[] = './'; + $bad[] = '/'; + } return stripslashes(str_replace($bad, '', $str)); } diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html index a50d94846..6d6216d95 100644 --- a/user_guide/libraries/security.html +++ b/user_guide/libraries/security.html @@ -102,6 +102,11 @@ Note: This function should only be used to deal with data upon submission. It's $filename = $this->security->sanitize_filename($this->input->post('filename')); +

    If it is acceptable for the user input to include relative paths, e.g. file/in/some/approved/folder.txt, you can set the second optional parameter, + $relative_path to TRUE.

    + +$filename = $this->security->sanitize_filename($this->input->post('filename'), TRUE); + -- cgit v1.2.3-24-g4f1b From 3a082fd3d6cb2e72612d51b9d8e54e93effb93eb Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 7 Oct 2010 09:38:55 -0500 Subject: added elements() to the Array Helper to return elements from an array with specified keys only. Differs from array_intersect_assoc() in that a default value can be provided for keys that do not exist in the supplied array --- system/helpers/array_helper.php | 40 ++++++++++++++++++++++++++++ user_guide/changelog.html | 1 + user_guide/helpers/array_helper.html | 51 ++++++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+) diff --git a/system/helpers/array_helper.php b/system/helpers/array_helper.php index bd30b7c16..447ee1aa4 100644 --- a/system/helpers/array_helper.php +++ b/system/helpers/array_helper.php @@ -73,6 +73,46 @@ if ( ! function_exists('random_element')) } } +// -------------------------------------------------------------------- + +/** + * Elements + * + * Returns only the array items specified. Will return a default value if + * it is not set. + * + * @access public + * @param array + * @param array + * @param mixed + * @return mixed depends on what the array contains + */ +if ( ! function_exists('elements')) +{ + function elements($items, $array, $default = FALSE) + { + $return = array(); + + if ( ! is_array($items)) + { + $items = array($items); + } + + foreach ($items as $item) + { + if (isset($array[$item])) + { + $return[$item] = $array[$item]; + } + else + { + $return[$item] = $default; + } + } + + return $return; + } +} /* End of file array_helper.php */ /* Location: ./system/helpers/array_helper.php */ \ No newline at end of file diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 8a275dda2..8c052572a 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -139,6 +139,7 @@ Hg Tag:

  • If CSRF is enabled in the application config file, form_open() will automatically insert it as a hidden field.
  • Added sanitize_filename() into the Security helper.
  • Added ellipsize() to the Text Helper
    • +
  • Added elements() to the Array Helper
  • Other Changes diff --git a/user_guide/helpers/array_helper.html b/user_guide/helpers/array_helper.html index c0bdd78e3..6d95c4a5f 100644 --- a/user_guide/helpers/array_helper.html +++ b/user_guide/helpers/array_helper.html @@ -100,7 +100,58 @@ echo element('size', $array, NULL); echo random_element($quotes); +

    elements()

    +

    Lets you fetch a number of items from an array. The function tests whether each of the array indices is set. If an index does not exist +it is set to FALSE, or whatever you've specified as the default value via the third parameter. Example:

    + + +$array = array(
    +    'color' => 'red',
    +    'shape' => 'round',
    +    'radius' => '10',
    +    'diameter' => '20'
    +);
    +
    +$my_shape = elements(array('color', 'shape', 'height'), $array);
    +     + +

    The above will return the following array:

    + + +array(
    +    'color' => 'red',
    +    'shape' => 'round',
    +    'height' => FALSE
    +); +     + +

    You can set the third parameter to any default value you like:

    + + +$my_shape = elements(array('color', 'shape', 'height'), $array, NULL);
    +     + +

    The above will return the following array:

    + + +array(
    +    'color' => 'red',
    +    'shape' => 'round',
    +    'height' => NULL
    +); +     + +

    This is useful when sending the $_POST array to one of your Models. This prevents users from +sending additional POST data to be entered into your tables:

    + + +$this->load->model('post_model');
    +
    +$this->post_model->update(elements(array('id', 'title', 'content'), $_POST)); +     + +

    This ensures that only the id, title and content fields are sent to be updated.

    -- cgit v1.2.3-24-g4f1b From bce1348820118ea750224c17d81846229dff4852 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Mon, 11 Oct 2010 15:37:16 -0500 Subject: Fixed a bug where CI_Model is always loaded in core/Loader.php, regardless of if the class is instantiated or not. --- system/core/Loader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Loader.php b/system/core/Loader.php index 292fdc955..316985609 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -177,7 +177,7 @@ class CI_Loader { $CI->load->database($db_conn, FALSE, TRUE); } - if ( ! class_exists('Model')) + if ( ! class_exists('CI_Model')) { load_class('Model', 'core'); } -- cgit v1.2.3-24-g4f1b From c288ea957dd5b01abba96c9644f309a2714482e7 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Mon, 11 Oct 2010 15:41:19 -0500 Subject: Fix #120 -- Wording of Cross Site Request Forgery in config.php --- application/config/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/config.php b/application/config/config.php index 3f2be480f..6422b6437 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -274,7 +274,7 @@ $config['global_xss_filtering'] = FALSE; /* |-------------------------------------------------------------------------- -| Cross Site Forgery Request +| Cross Site Request Forgery |-------------------------------------------------------------------------- | Enables a CSFR cookie token to be set. When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly -- cgit v1.2.3-24-g4f1b From ce43396cb7beb49558cd78cf7ef51956a74b8185 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Tue, 12 Oct 2010 09:29:35 -0500 Subject: Fix #83 where multiple libraries could not be loaded at once by passing an array to the load->library() function. --- system/core/Loader.php | 10 ++++++++++ user_guide/changelog.html | 1 + user_guide/general/libraries.html | 4 ++++ 3 files changed, 15 insertions(+) diff --git a/system/core/Loader.php b/system/core/Loader.php index 316985609..e64006e93 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -78,6 +78,16 @@ class CI_Loader { */ function library($library = '', $params = NULL, $object_name = NULL) { + if (is_array($library)) + { + foreach($library as $read) + { + $this->library($read); + } + + return; + } + if ($library == '' OR isset($this->_base_classes[$library])) { return FALSE; diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 58fd78008..df2820789 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -187,6 +187,7 @@ Hg Tag:

  • Fixed a bug in the Email library where CC and BCC recipients were not reset when using the clear() method (#109).
  • Fixed a bug in the URL Helper where prep_url() could cause a PHP error on PHP versions < 5.1.2.
  • Added a log message in core/output if the cache directory config value was not found.
    • +
  • Fixed a bug where multiple libraries could not be loaded by passing an array to load->library()

    • Version 1.7.2

    diff --git a/user_guide/general/libraries.html b/user_guide/general/libraries.html index cd83da741..4d6064fa9 100644 --- a/user_guide/general/libraries.html +++ b/user_guide/general/libraries.html @@ -69,6 +69,10 @@ In most cases, to use one of these classes involves initializing it within a Once initialized you can use it as indicated in the user guide page corresponding to that class.

    +

    Additionally, multiple libraries can be loaded at the same time by passing an array of libraries to the load function.

    + +$this->load->library(array('email', 'table')); +

    Creating Your Own Libraries

    Please read the section of the user guide that discusses how to create your own libraries

    -- cgit v1.2.3-24-g4f1b From e1f6e9ddff788f6a154f5f35dc117d14aeb0c484 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Mon, 1 Nov 2010 12:24:00 -0500 Subject: Fix #220 -- Missing semi-colon in captcha helper userguide on SQL command. --- user_guide/helpers/captcha_helper.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide/helpers/captcha_helper.html b/user_guide/helpers/captcha_helper.html index bd7482266..d6eb0652c 100644 --- a/user_guide/helpers/captcha_helper.html +++ b/user_guide/helpers/captcha_helper.html @@ -135,7 +135,7 @@ echo $cap['image'];      word varchar(20) NOT NULL,
     PRIMARY KEY `captcha_id` (`captcha_id`),
     KEY `word` (`word`)
    -) +);

    Here is an example of usage with a database. On the page where the CAPTCHA will be shown you'll have something like this:

    @@ -192,4 +192,4 @@ Previous Topic:  URL Helper - \ No newline at end of file + -- cgit v1.2.3-24-g4f1b