From 87c74c885991075cf42e9e78d7843290e2b0c3a7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 21 Aug 2011 16:28:43 +0100 Subject: Updated Security library documentation with details on how to whitelist URIs from CSRF protection --- user_guide/libraries/security.html | 3 +++ 1 file changed, 3 insertions(+) (limited to 'user_guide') diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html index dd62a4386..cbe12d852 100644 --- a/user_guide/libraries/security.html +++ b/user_guide/libraries/security.html @@ -116,6 +116,9 @@ Note: This function should only be used to deal with data upon submission. It's

If you use the form helper the form_open() function will automatically insert a hidden csrf field in your forms.

+

Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:

+$config['csrf_exclude_uris'] = array('api/person/add'); + -- cgit v1.2.3-24-g4f1b From 393377fd247f38d57a7324515b57fed5d84b28ff Mon Sep 17 00:00:00 2001 From: Joe Cianflone Date: Sun, 21 Aug 2011 14:57:58 -0400 Subject: Added documentation to the user guide --- user_guide/installation/index.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/installation/index.html b/user_guide/installation/index.html index 5e8ab3883..84338e2e6 100644 --- a/user_guide/installation/index.html +++ b/user_guide/installation/index.html @@ -72,7 +72,9 @@ variables at the top of the file with the new name you've chosen.

For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn't abide by the .htaccess.

-

After moving them, open your main index.php file and set the $system_folder and $application_folder variables, preferably with a full path, e.g. '/www/MyUser/system'.

+

If you would like to keep your views public it is also possible to move the views folder out of your application folder.

+ +

After moving them, open your main index.php file and set the $system_folder, $application_folder and $view_folder variables, preferably with a full path, e.g. '/www/MyUser/system'.

One additional measure to take in production environments is to disable -- cgit v1.2.3-24-g4f1b From 1e4276da338741e63de4701e5cdba611953fe024 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Sun, 21 Aug 2011 15:46:24 -0400 Subject: Added changelog to last commit. --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 15872c1ac..e2df11b86 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -72,6 +72,7 @@ Change Log

  • Database -- cgit v1.2.3-24-g4f1b From 333f9f98edeb11915c168ea4a05b9b76d64d9576 Mon Sep 17 00:00:00 2001 From: Nithin Date: Sun, 21 Aug 2011 16:52:06 -0400 Subject: added ability to log certain error types, not all under a threshold --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index bb05f99e1..6b73485e1 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -66,6 +66,7 @@ Change Log
  • General Changes
    • Callback validation rules can now accept parameters like any other validation rule.
      • +
    • Ability to log certain error types, not all under a threshold.
  • Helpers -- cgit v1.2.3-24-g4f1b From d9c3a6f20e858b22ababbb2a3f3209eca1e93c13 Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Sun, 21 Aug 2011 23:08:17 -0300 Subject: Added documentation for some other rule someone added but didn't document. --- user_guide/libraries/form_validation.html | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'user_guide') diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html index 7c544b69f..4400bac83 100644 --- a/user_guide/libraries/form_validation.html +++ b/user_guide/libraries/form_validation.html @@ -1037,6 +1037,13 @@ POST array:

      + + is_unique + Yes + Returns FALSE if the form element is not unique in a database table. + is_unique[table.field] + + valid_email No -- cgit v1.2.3-24-g4f1b From 37e5ff65b2bd1601daadac40fdfce80fd8956fd7 Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Sun, 21 Aug 2011 23:21:25 -0300 Subject: Added documentation for the nice_date function in the date_helper. --- user_guide/helpers/date_helper.html | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'user_guide') diff --git a/user_guide/helpers/date_helper.html b/user_guide/helpers/date_helper.html index f930ea3ae..29e242696 100644 --- a/user_guide/helpers/date_helper.html +++ b/user_guide/helpers/date_helper.html @@ -234,6 +234,20 @@ $unix = human_to_unix($human); +

    nice_date()

    + +

    This function can take a number poorly-formed date formats and convert them into something useful. It also accepts well-formed dates.

    +

    The fuction will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:

    + +$bad_time = 199605
    +
    +// Should Produce: 1996-05-01
    +$better_time = nice_date($bad_time,'Y-m-d');
    +
    +$bad_time = 9-11-2001
    +// Should Produce: 2001-09-11
    +$better_time = nice_date($human,'Y-m-d');     +

    timespan()

    -- cgit v1.2.3-24-g4f1b From ee7363bb48e613d17566e82c6025ad71d39aa104 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 21 Aug 2011 16:35:19 -0500 Subject: Fixing a spelling error. --- user_guide/helpers/date_helper.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/helpers/date_helper.html b/user_guide/helpers/date_helper.html index 29e242696..5b00e25e0 100644 --- a/user_guide/helpers/date_helper.html +++ b/user_guide/helpers/date_helper.html @@ -237,7 +237,7 @@ $unix = human_to_unix($human);

    nice_date()

    This function can take a number poorly-formed date formats and convert them into something useful. It also accepts well-formed dates.

    -

    The fuction will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:

    +

    The function will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:

    $bad_time = 199605

    -- cgit v1.2.3-24-g4f1b From ab57a3520eafacaf2f130b3f4778a57a632fac1c Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Mon, 22 Aug 2011 16:11:20 -0500 Subject: Fix #8 - Load core classes from the application folder first. --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 9d8fd2b54..e5501abbc 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -105,6 +105,7 @@ Change Log
  • Fixed a bug (#181) where a mis-spelling was in the form validation language file.
  • Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
  • Fixed a bug (#150) - field_data() now correctly returns column length.
    • +
  • Fixed a bug (#8) - Look for core classes in APPPATH first.

    • Version 2.0.3

    -- cgit v1.2.3-24-g4f1b From 48705c3345cf115910dbaa798f60288ea7b9ca36 Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Mon, 22 Aug 2011 16:17:32 -0500 Subject: updated changelog message --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index e5501abbc..4c207d6bc 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -105,7 +105,7 @@ Change Log
  • Fixed a bug (#181) where a mis-spelling was in the form validation language file.
  • Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
  • Fixed a bug (#150) - field_data() now correctly returns column length.
    • -
  • Fixed a bug (#8) - Look for core classes in APPPATH first.
    • +
  • Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.

    • Version 2.0.3

    -- cgit v1.2.3-24-g4f1b From e77c6117e473900ca35ec7993f4159179d5b5f9c Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Mon, 22 Aug 2011 19:01:28 -0500 Subject: add a note to the changelog about _ci_autloader() --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 9d8fd2b54..ac936a68c 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -91,6 +91,7 @@ Change Log
  • Added a Migration Library to assist with applying incremental updates to your database schema.
  • Driver children can be located in any package path.
  • Added max_filename_increment config setting for Upload library.
    • +
  • CI_Loader::_ci_autoloader() is now a protected method.
    • -- cgit v1.2.3-24-g4f1b From c51a435968eda164dc5d055ff9ec15918a6f56ab Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 23 Aug 2011 10:40:39 +0800 Subject: Update: User Guide error on upgrade_203.html file --- user_guide/installation/upgrade_203.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/installation/upgrade_203.html b/user_guide/installation/upgrade_203.html index 1d37a055d..04899832d 100644 --- a/user_guide/installation/upgrade_203.html +++ b/user_guide/installation/upgrade_203.html @@ -81,7 +81,7 @@ Upgrading from 2.0.2 to 2.0.3

    Step 5: Remove APPPATH.'third_party' from autoload.php

    -

    Open application/autoload.php, and look for the following:

    +

    Open application/config/autoload.php, and look for the following:

    $autoload['packages'] = array(APPPATH.'third_party'); -- cgit v1.2.3-24-g4f1b From 17e7b44e4b67e8d36ef6a0f8f08c2751fce3b55b Mon Sep 17 00:00:00 2001 From: Kevin Hoogheem Date: Tue, 23 Aug 2011 22:48:48 -0500 Subject: MIME Type Adds/Changes Updated MIME Types with certs and new audio/video files as well as added extra types for some existing files. --- user_guide/changelog.html | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 9d8fd2b54..2c6cb5ab5 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -125,6 +125,11 @@ Change Log
  • Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
  • Added "application/x-csv" to mimes.php.
  • Fixed a bug where Email library attachments with a "." in the name would using invalid MIME-types.
    • +
  • Added support for pem,p10,p12,p7a,p7c,p7m,p7r,p7s,crt,crl,der,kdb,rsa,cer,sst,csr Certs to mimes.php.
    • +
  • Added support pgp,gpg to mimes.php.
    • +
  • Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.
    • +
  • Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php.
    • +
  • Helpers -- cgit v1.2.3-24-g4f1b From 6a93995f2a24c0ac8d636ecac5f3eb0d0243e23d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 24 Aug 2011 09:20:36 +0100 Subject: Added note in changelog --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index c52a33e5a..5e412ca44 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -75,6 +75,7 @@ Change Log
  • Visual updates to the welcome_message view file and default error templates. Thanks to danijelb for the pull request.
  • Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
  • Added "application/x-csv" to mimes.php.
    • +
  • Added CSRF protection URI whitelisting.
  • Fixed a bug where Email library attachments with a "." in the name would using invalid MIME-types.
    • -- cgit v1.2.3-24-g4f1b From 2653e05752d865b921fd4f92d2b9b3eafeae2ac0 Mon Sep 17 00:00:00 2001 From: purandi Date: Wed, 24 Aug 2011 18:31:39 +0700 Subject: Fix link database driver on changelog --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 4c207d6bc..d095c2f5f 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -77,7 +77,7 @@ Change Log
  • Database

    Version 2.0.3

    -- cgit v1.2.3-24-g4f1b From 84d76ea2559ddd72b5d1ddbe6fa38e88d9b20c16 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Thu, 25 Aug 2011 21:25:12 +0200 Subject: odbc called incorrect parent in construct --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 865bdd8ac..62f6b4f33 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -108,6 +108,7 @@ Change Log
  • Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
  • Fixed a bug (#150) - field_data() now correctly returns column length.
  • Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.
    • +
  • Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().

    • Version 2.0.3

    -- cgit v1.2.3-24-g4f1b From 6935931e0165aed0ef2d5bc9c0f51bf845969c35 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Thu, 25 Aug 2011 18:20:02 -0300 Subject: Fixed spelling mistake. --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index d7a6c7e05..865bdd8ac 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -67,7 +67,7 @@ Change Log
    • Callback validation rules can now accept parameters like any other validation rule.
    • Ability to log certain error types, not all under a threshold.
      • -
    • Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
      • +
    • Added html_escape() to Common functions to escape HTML output for preventing XSS.
  • Helpers -- cgit v1.2.3-24-g4f1b From eb630f32810c5d3eaa5e5c4df7183034f181e07c Mon Sep 17 00:00:00 2001 From: Paul Date: Sat, 27 Aug 2011 10:22:41 +1200 Subject: added core heading and note about protected functions in URI --- user_guide/changelog.html | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 865bdd8ac..f82dac9fa 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -95,6 +95,12 @@ Change Log
  • CI_Loader::_ci_autoloader() is now a protected method.
    • +
  • Core +
      + +
    • Changed private functions in CI_URI to protected so MY_URI can override them.
      • +
    +

    • Bug fixes for 2.1.0

    -- cgit v1.2.3-24-g4f1b From 1c342ebc83b2d303ba68415ce2ec6b5b173a1b66 Mon Sep 17 00:00:00 2001 From: Paul Date: Sat, 27 Aug 2011 10:23:38 +1200 Subject: spacing removed --- user_guide/changelog.html | 1 - 1 file changed, 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index f82dac9fa..bb80ab8b8 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -97,7 +97,6 @@ Change Log
  • Core
      -
    • Changed private functions in CI_URI to protected so MY_URI can override them.
    • -- cgit v1.2.3-24-g4f1b From ddae533eee59e356ed6f40a4f4976162c592965e Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 26 Aug 2011 10:12:10 +0100 Subject: Moved the "is_unique" change log to 2.1.0-dev where it should have been first time. Sorry about that one, had to manually separate 2.0.3 changes from 2.1.0 based mainly on memory. --- user_guide/changelog.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index ff04787cf..c030ce77c 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -94,11 +94,12 @@ Change Log
  • Driver children can be located in any package path.
  • Added max_filename_increment config setting for Upload library.
  • CI_Loader::_ci_autoloader() is now a protected method.
    • +
  • Added is_unique to the Form Validation library.
  • Core
      -
    • Changed private functions in CI_URI to protected so MY_URI can override them.
      • +
    • Changed private functions in CI_URI to protected so MY_URI can override them.
    • @@ -153,7 +154,6 @@ Change Log
  • Libraries
    • Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.
      • -
    • Added is_unique to the Form Validation library.
    • Added $this->db->set_dbprefix() to the Database Driver.
    • Changed $this->cart->insert() in the Cart Library to return the Row ID if a single item was inserted successfully.
    • Added $this->load->get_var() to the Loader library to retrieve global vars set with $this->load->view() and $this->load->vars().
      • -- cgit v1.2.3-24-g4f1b From 44cdece942c310f5520497dbde4febc26e96c27e Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 26 Aug 2011 12:23:18 +0100 Subject: Bumped URL Helper version number. --- user_guide/helpers/url_helper.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/helpers/url_helper.html b/user_guide/helpers/url_helper.html index de28a6f56..e60e96bf0 100644 --- a/user_guide/helpers/url_helper.html +++ b/user_guide/helpers/url_helper.html @@ -27,7 +27,7 @@
      - +

      CodeIgniter User Guide Version 2.0.0

      CodeIgniter User Guide Version 2.0.3
      -- cgit v1.2.3-24-g4f1b From d8f002c6c92ed8395331b69ea77c4e5a83bfd83c Mon Sep 17 00:00:00 2001 From: Iban Eguia Date: Fri, 26 Aug 2011 14:34:38 +0200 Subject: Removed some documentation for PHP 4 users in the active record documentation. --- user_guide/database/active_record.html | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'user_guide') diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html index 92d9614d5..0f09e78c3 100644 --- a/user_guide/database/active_record.html +++ b/user_guide/database/active_record.html @@ -79,9 +79,6 @@ is generated by each database adapter. It also allows for safer queries, since

      The following functions allow you to build SQL SELECT statements.

      -

      Note: If you are using PHP 5 you can use method chaining for more compact syntax. This is described at the end of the page.

      - -

      $this->db->get();

      Runs the selection query and returns the result. Can be used by itself to retrieve all records from a table:

      @@ -532,7 +529,7 @@ $this->db->insert('mytable', $object);

      Generates an insert string based on the data you supply, and runs the query. You can either pass an array or an object to the function. Here is an example using an array:

      - + $data = array(
         array(
            'title' => 'My title' ,
      @@ -544,7 +541,7 @@ $data = array(
            'name' => 'Another Name' ,
            'date' => 'Another date'
         )
      -);
      +);

      $this->db->update_batch('mytable', $data);

      -- cgit v1.2.3-24-g4f1b From 95b7994a298a7c57118c59e03a1aa43bd804bce4 Mon Sep 17 00:00:00 2001 From: Bruno Bierbaumer Date: Sat, 27 Aug 2011 16:52:24 +0200 Subject: add Android user agent --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 33e0a62c1..978b710be 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -65,6 +65,7 @@ Change Log
      • General Changes
          +
        • Added Android to the list of user agents.
        • Callback validation rules can now accept parameters like any other validation rule.
        • Ability to log certain error types, not all under a threshold.
        • Added html_escape() to Common functions to escape HTML output for preventing XSS.
          • -- cgit v1.2.3-24-g4f1b