From 87c74c885991075cf42e9e78d7843290e2b0c3a7 Mon Sep 17 00:00:00 2001
From: Alex Bilbie If you use the form helper the form_open() function will automatically insert a hidden csrf field in your forms. Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:$config['csrf_exclude_uris'] = array('api/person/add');
+
--
cgit v1.2.3-24-g4f1b
From 393377fd247f38d57a7324515b57fed5d84b28ff Mon Sep 17 00:00:00 2001
From: Joe Cianflone
For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn't abide by the .htaccess.
-After moving them, open your main
If you would like to keep your views public it is also possible to move the views folder out of your application folder.
+ +After moving them, open your main
One additional measure to take in production environments is to disable
--
cgit v1.2.3-24-g4f1b
From 1e4276da338741e63de4701e5cdba611953fe024 Mon Sep 17 00:00:00 2001
From: Phil Sturgeon
This function can take a number poorly-formed date formats and convert them into something useful. It also accepts well-formed dates.
+The fuction will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:
+ +$bad_time = 199605
+
+// Should Produce: 1996-05-01
+$better_time = nice_date($bad_time,'Y-m-d');
+
+$bad_time = 9-11-2001
+// Should Produce: 2001-09-11
+$better_time = nice_date($human,'Y-m-d');
+
This function can take a number poorly-formed date formats and convert them into something useful. It also accepts well-formed dates.
-The fuction will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:
+The function will return a Unix timestamp by default. You can, optionally, pass a format string (the same type as the PHP date function accepts) as the second parameter. Example:
$bad_time = 199605
--
cgit v1.2.3-24-g4f1b
From ab57a3520eafacaf2f130b3f4778a57a632fac1c Mon Sep 17 00:00:00 2001
From: Shane Pearson
Date: Mon, 22 Aug 2011 16:11:20 -0500
Subject: Fix #8 - Load core classes from the application folder first.
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 9d8fd2b54..e5501abbc 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -105,6 +105,7 @@ Change Log
Fixed a bug (#181) where a mis-spelling was in the form validation language file.
Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
Fixed a bug (#150) - field_data() now correctly returns column length.
+ Fixed a bug (#8) - Look for core classes in APPPATH first.
Version 2.0.3
--
cgit v1.2.3-24-g4f1b
From 48705c3345cf115910dbaa798f60288ea7b9ca36 Mon Sep 17 00:00:00 2001
From: Shane Pearson
Date: Mon, 22 Aug 2011 16:17:32 -0500
Subject: updated changelog message
---
user_guide/changelog.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index e5501abbc..4c207d6bc 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -105,7 +105,7 @@ Change Log
Fixed a bug (#181) where a mis-spelling was in the form validation language file.
Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
Fixed a bug (#150) - field_data() now correctly returns column length.
- Fixed a bug (#8) - Look for core classes in APPPATH first.
+ Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.
Version 2.0.3
--
cgit v1.2.3-24-g4f1b
From e77c6117e473900ca35ec7993f4159179d5b5f9c Mon Sep 17 00:00:00 2001
From: Shane Pearson
Date: Mon, 22 Aug 2011 19:01:28 -0500
Subject: add a note to the changelog about _ci_autloader()
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 9d8fd2b54..ac936a68c 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -91,6 +91,7 @@ Change Log
Added a Migration Library to assist with applying incremental updates to your database schema.
Driver children can be located in any package path.
Added max_filename_increment config setting for Upload library.
+ CI_Loader::_ci_autoloader() is now a protected method.
--
cgit v1.2.3-24-g4f1b
From c51a435968eda164dc5d055ff9ec15918a6f56ab Mon Sep 17 00:00:00 2001
From: Bo-Yi Wu
Date: Tue, 23 Aug 2011 10:40:39 +0800
Subject: Update: User Guide error on upgrade_203.html file
---
user_guide/installation/upgrade_203.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/installation/upgrade_203.html b/user_guide/installation/upgrade_203.html
index 1d37a055d..04899832d 100644
--- a/user_guide/installation/upgrade_203.html
+++ b/user_guide/installation/upgrade_203.html
@@ -81,7 +81,7 @@ Upgrading from 2.0.2 to 2.0.3
Step 5: Remove APPPATH.'third_party' from autoload.php
-Open application/autoload.php, and look for the following:
+Open application/config/autoload.php, and look for the following:
$autoload['packages'] = array(APPPATH.'third_party');
--
cgit v1.2.3-24-g4f1b
From 17e7b44e4b67e8d36ef6a0f8f08c2751fce3b55b Mon Sep 17 00:00:00 2001
From: Kevin Hoogheem
Date: Tue, 23 Aug 2011 22:48:48 -0500
Subject: MIME Type Adds/Changes
Updated MIME Types with certs and new audio/video files as well as added
extra types for some existing files.
---
user_guide/changelog.html | 5 +++++
1 file changed, 5 insertions(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 9d8fd2b54..2c6cb5ab5 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -125,6 +125,11 @@ Change Log
Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
Added "application/x-csv" to mimes.php.
Fixed a bug where Email library attachments with a "." in the name would using invalid MIME-types.
+ Added support for pem,p10,p12,p7a,p7c,p7m,p7r,p7s,crt,crl,der,kdb,rsa,cer,sst,csr Certs to mimes.php.
+ Added support pgp,gpg to mimes.php.
+ Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.
+ Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php.
+
Helpers
--
cgit v1.2.3-24-g4f1b
From 6a93995f2a24c0ac8d636ecac5f3eb0d0243e23d Mon Sep 17 00:00:00 2001
From: Alex Bilbie
Date: Wed, 24 Aug 2011 09:20:36 +0100
Subject: Added note in changelog
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index c52a33e5a..5e412ca44 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -75,6 +75,7 @@ Change Log
Visual updates to the welcome_message view file and default error templates. Thanks to danijelb for the pull request.
Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
Added "application/x-csv" to mimes.php.
+ Added CSRF protection URI whitelisting.
Fixed a bug where Email library attachments with a "." in the name would using invalid MIME-types.
--
cgit v1.2.3-24-g4f1b
From 2653e05752d865b921fd4f92d2b9b3eafeae2ac0 Mon Sep 17 00:00:00 2001
From: purandi
Date: Wed, 24 Aug 2011 18:31:39 +0700
Subject: Fix link database driver on changelog
---
user_guide/changelog.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 4c207d6bc..d095c2f5f 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -77,7 +77,7 @@ Change Log
Database
- - Added a CUBRID driver to the Database Driver. Thanks to the CUBRID team for supplying this patch.
+ - Added a CUBRID driver to the Database Driver. Thanks to the CUBRID team for supplying this patch.
- Typecast limit and offset in the Database Driver to integers to avoid possible injection.
-
Added additional option 'none' for the optional third argument for $this->db->like() in the Database Driver.
--
cgit v1.2.3-24-g4f1b
From fbac8b4553942db4be52e872d9fd68717e5006e4 Mon Sep 17 00:00:00 2001
From: kenjis
Date: Thu, 25 Aug 2011 10:51:44 +0900
Subject: add html_escape() function to escape HTML.
---
user_guide/changelog.html | 1 +
user_guide/general/common_functions.html | 2 ++
2 files changed, 3 insertions(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 91312e46b..c22bebda6 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -67,6 +67,7 @@ Change Log
- Callback validation rules can now accept parameters like any other validation rule.
- Ability to log certain error types, not all under a threshold.
+ - Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
- Helpers
diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
index 65457759d..7cff6321c 100644
--- a/user_guide/general/common_functions.html
+++ b/user_guide/general/common_functions.html
@@ -104,6 +104,8 @@ else
This function prevents inserting null characters between ascii characters, like Java\0script.
+html_escape($mixed)
+This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.
--
cgit v1.2.3-24-g4f1b
From e716f585d5ffb5ef65279734672a39c1ecddac1e Mon Sep 17 00:00:00 2001
From: purandi
Date: Thu, 25 Aug 2011 22:32:01 +0700
Subject: Fix hiperlink Added html_escape() on changelog
---
user_guide/changelog.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index e1a134def..d7a6c7e05 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -67,7 +67,7 @@ Change Log
- Callback validation rules can now accept parameters like any other validation rule.
- Ability to log certain error types, not all under a threshold.
- - Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
+ - Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
- Helpers
--
cgit v1.2.3-24-g4f1b
From eaa5541deb9409d936f77d24d696cf977ef505df Mon Sep 17 00:00:00 2001
From: Michiel Vugteveen
Date: Thu, 25 Aug 2011 21:22:49 +0200
Subject: oci8 driver escape string quotes fix
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 865bdd8ac..3ada17e07 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -108,6 +108,7 @@ Change Log
- Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
- Fixed a bug (#150) - field_data() now correctly returns column length.
- Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.
+ - Fixed a bug (#85) - OCI8 (Oracle) database escape_str() function did not escape correct.
Version 2.0.3
--
cgit v1.2.3-24-g4f1b
From 84d76ea2559ddd72b5d1ddbe6fa38e88d9b20c16 Mon Sep 17 00:00:00 2001
From: Michiel Vugteveen
Date: Thu, 25 Aug 2011 21:25:12 +0200
Subject: odbc called incorrect parent in construct
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 865bdd8ac..62f6b4f33 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -108,6 +108,7 @@ Change Log
Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
Fixed a bug (#150) - field_data() now correctly returns column length.
Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.
+ Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().
Version 2.0.3
--
cgit v1.2.3-24-g4f1b
From 6935931e0165aed0ef2d5bc9c0f51bf845969c35 Mon Sep 17 00:00:00 2001
From: Eric Barnes
Date: Thu, 25 Aug 2011 18:20:02 -0300
Subject: Fixed spelling mistake.
---
user_guide/changelog.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index d7a6c7e05..865bdd8ac 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -67,7 +67,7 @@ Change Log
- Callback validation rules can now accept parameters like any other validation rule.
- Ability to log certain error types, not all under a threshold.
- - Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
+ - Added html_escape() to Common functions to escape HTML output for preventing XSS.
Helpers
--
cgit v1.2.3-24-g4f1b
From eb630f32810c5d3eaa5e5c4df7183034f181e07c Mon Sep 17 00:00:00 2001
From: Paul
Date: Sat, 27 Aug 2011 10:22:41 +1200
Subject: added core heading and note about protected functions in URI
---
user_guide/changelog.html | 6 ++++++
1 file changed, 6 insertions(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 865bdd8ac..f82dac9fa 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -95,6 +95,12 @@ Change Log
CI_Loader::_ci_autoloader() is now a protected method.
+ Core
+
+
+ - Changed private functions in CI_URI to protected so MY_URI can override them.
+
+
Bug fixes for 2.1.0
--
cgit v1.2.3-24-g4f1b
From 1c342ebc83b2d303ba68415ce2ec6b5b173a1b66 Mon Sep 17 00:00:00 2001
From: Paul
Date: Sat, 27 Aug 2011 10:23:38 +1200
Subject: spacing removed
---
user_guide/changelog.html | 1 -
1 file changed, 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index f82dac9fa..bb80ab8b8 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -97,7 +97,6 @@ Change Log
Core
-
- Changed private functions in CI_URI to protected so MY_URI can override them.
--
cgit v1.2.3-24-g4f1b
From ddae533eee59e356ed6f40a4f4976162c592965e Mon Sep 17 00:00:00 2001
From: Phil Sturgeon
Date: Fri, 26 Aug 2011 10:12:10 +0100
Subject: Moved the "is_unique" change log to 2.1.0-dev where it should have
been first time. Sorry about that one, had to manually separate 2.0.3 changes
from 2.1.0 based mainly on memory.
---
user_guide/changelog.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index ff04787cf..c030ce77c 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -94,11 +94,12 @@ Change Log
Driver children can be located in any package path.
Added max_filename_increment config setting for Upload library.
CI_Loader::_ci_autoloader() is now a protected method.
+ Added is_unique to the Form Validation library.
Core
- - Changed private functions in CI_URI to protected so MY_URI can override them.
+ - Changed private functions in CI_URI to protected so MY_URI can override them.
@@ -153,7 +154,6 @@ Change Log
Libraries
- Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.
- - Added is_unique to the Form Validation library.
- Added $this->db->set_dbprefix() to the Database Driver.
- Changed $this->cart->insert() in the Cart Library to return the Row ID if a single item was inserted successfully.
- Added $this->load->get_var() to the Loader library to retrieve global vars set with $this->load->view() and $this->load->vars().
--
cgit v1.2.3-24-g4f1b
From 44cdece942c310f5520497dbde4febc26e96c27e Mon Sep 17 00:00:00 2001
From: Phil Sturgeon
Date: Fri, 26 Aug 2011 12:23:18 +0100
Subject: Bumped URL Helper version number.
---
user_guide/helpers/url_helper.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide')
diff --git a/user_guide/helpers/url_helper.html b/user_guide/helpers/url_helper.html
index de28a6f56..e60e96bf0 100644
--- a/user_guide/helpers/url_helper.html
+++ b/user_guide/helpers/url_helper.html
@@ -27,7 +27,7 @@
-CodeIgniter User Guide Version 2.0.0
+CodeIgniter User Guide Version 2.0.3
Table of Contents Page
--
cgit v1.2.3-24-g4f1b
From d8f002c6c92ed8395331b69ea77c4e5a83bfd83c Mon Sep 17 00:00:00 2001
From: Iban Eguia
Date: Fri, 26 Aug 2011 14:34:38 +0200
Subject: Removed some documentation for PHP 4 users in the active record
documentation.
---
user_guide/database/active_record.html | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
(limited to 'user_guide')
diff --git a/user_guide/database/active_record.html b/user_guide/database/active_record.html
index 92d9614d5..0f09e78c3 100644
--- a/user_guide/database/active_record.html
+++ b/user_guide/database/active_record.html
@@ -79,9 +79,6 @@ is generated by each database adapter. It also allows for safer queries, since
The following functions allow you to build SQL SELECT statements.
-Note: If you are using PHP 5 you can use method chaining for more compact syntax. This is described at the end of the page.
-
-
$this->db->get();
Runs the selection query and returns the result. Can be used by itself to retrieve all records from a table:
@@ -532,7 +529,7 @@ $this->db->insert('mytable', $object);
Generates an insert string based on the data you supply, and runs the query. You can either pass an
array or an object to the function. Here is an example using an array:
-
+
$data = array(
array(
'title' => 'My title' ,
@@ -544,7 +541,7 @@ $data = array(
'name' => 'Another Name' ,
'date' => 'Another date'
)
-);
+);
$this->db->update_batch('mytable', $data);
--
cgit v1.2.3-24-g4f1b
From 95b7994a298a7c57118c59e03a1aa43bd804bce4 Mon Sep 17 00:00:00 2001
From: Bruno Bierbaumer
Date: Sat, 27 Aug 2011 16:52:24 +0200
Subject: add Android user agent
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
(limited to 'user_guide')
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 33e0a62c1..978b710be 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -65,6 +65,7 @@ Change Log
- General Changes
+ - Added Android to the list of user agents.
- Callback validation rules can now accept parameters like any other validation rule.
- Ability to log certain error types, not all under a threshold.
- Added html_escape() to Common functions to escape HTML output for preventing XSS.
--
cgit v1.2.3-24-g4f1b