From 60f8c395f24ba6db80d510892bcc53ce5bf9f4eb Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Wed, 25 Aug 2010 18:03:28 +0200 Subject: Modified the database driver's display_error() method to show the filename and line number of the failed query. --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 48d4309a5..38f84112d 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -110,6 +110,7 @@ Hg Tag:

  • Semantic change to db->version() function to allow a list of exceptions for databases with functions to return version string instead of specially formed SQL queries. Currently this list only includes Oracle and SQLite.
  • Fixed a bug where driver specific table identifier protection could lead to malformed queries in the field_data() functions.
  • Fixed a bug where an undefined class variable was referenced in database drivers.
    • +
  • Modified the database errors to show the filename and line number of the problematic query.
  • Removed the following deprecated functions: orwhere, orlike, groupby, orhaving, orderby, getwhere.
  • Removed deprecated _drop_database() and _create_database() functions from the db utility drivers.
    • -- cgit v1.2.3-24-g4f1b From 5485db50775d4e2f76a593ef8b3425f6a1b90666 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:31:08 -0500 Subject: Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented --- user_guide/libraries/sessions.html | 3 +++ 1 file changed, 3 insertions(+) (limited to 'user_guide') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 9a2ca939c..7dc386fd4 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel

    Note: The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers.

    +

    Note: Even if you are not using encrypted sessions, you must set +an encryption key in your config file which is used to aid in preventing session data manipulation.

    +

    Initializing a Session

    Sessions will typically run globally with each page load, so the session class must either be -- cgit v1.2.3-24-g4f1b From 52ace4322b6ff02b8d0212197355ac9ee25e63f2 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:33:38 -0500 Subject: added link for encryption key in Session class to the explanation in the Encryption lib --- user_guide/libraries/sessions.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 7dc386fd4..a8e3b3496 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -69,7 +69,7 @@ use the database option you'll need to create the session table as indicated bel generates its own session data, offering more flexibility for developers.

    Note: Even if you are not using encrypted sessions, you must set -an encryption key in your config file which is used to aid in preventing session data manipulation.

    +an encryption key in your config file which is used to aid in preventing session data manipulation.

    Initializing a Session

    -- cgit v1.2.3-24-g4f1b From ac01acc5d786226f6372c2dc2bab81c7d8f3bd06 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:45:06 -0500 Subject: changelog note for Session class change in rev f2660eeaab8d --- user_guide/changelog.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 38f84112d..18e4df7ad 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -98,7 +98,8 @@ Hg Tag:

  • Changed do_xss_clean() to return FALSE if the uploaded file fails XSS checks.
  • Added stripslashes() and trim()ing of double quotes from $_FILES type value to standardize input in Upload library.
  • Added a second parameter (boolean) to $this->zip->read_dir('/path/to/directory', FALSE) to remove the preceding trail of empty folders when creating a Zip archive. This example would contain a zip with "directory" and all of its contents.
    • -
  • Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.

    +
  • Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.
    • +
  • Modified the Session class to prevent use if no encryption key is set in the config file.
  • Database -- cgit v1.2.3-24-g4f1b From 7284f06585a689702ea86684893c999065621460 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Tue, 31 Aug 2010 00:30:21 -0500 Subject: changed key comparison to be loosely typed, so an error would be triggered when an empty string is attempted to be used as an encryption key --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 18e4df7ad..d9c17ab76 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -177,6 +177,7 @@ Hg Tag:

  • Fixed a bug where extending the Controller class would result in a fatal PHP error.
  • Fixed a PHP Strict Standards Error in the index.php file.
  • Fixed a bug where getimagesize() was being needlessly checked on non-image files in is_allowed_type().
    • +
  • Fixed a bug in the Encryption library where an empty key was not triggering an error.

    • Version 1.7.2

    -- cgit v1.2.3-24-g4f1b