From e3a6e9b085f95fe97deb21e103dc0fd381b8122f Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Tue, 8 Feb 2011 19:43:36 +0000 Subject: MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors. --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index cd728226b..1201df8b2 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -74,6 +74,7 @@ Hg Tag: n/a

Bug fixes for 2.0.1

Version 2.0.0

-- cgit v1.2.3-24-g4f1b From db60d240226468b19d656c4ba026bc992e4c3034 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 15 Apr 2011 11:31:30 +0900 Subject: add "Using CodeIgniter Drivers" and "Creating Your Own Driver" in TOC --- user_guide/nav/nav.js | 2 ++ user_guide/toc.html | 2 ++ 2 files changed, 4 insertions(+) (limited to 'user_guide') diff --git a/user_guide/nav/nav.js b/user_guide/nav/nav.js index ce783fc27..b44994d4d 100644 --- a/user_guide/nav/nav.js +++ b/user_guide/nav/nav.js @@ -50,6 +50,8 @@ function create_menu(basepath) '
  • Helpers
    • ' + '
  • Using CodeIgniter Libraries
    • ' + '
  • Creating Your Own Libraries
    • ' + + '
  • Using CodeIgniter Drivers
    • ' + + '
  • Creating Your Own Drivers
    • ' + '
  • Creating Core Classes
    • ' + '
  • Hooks - Extending the Core
    • ' + '
  • Auto-loading Resources
    • ' + diff --git a/user_guide/toc.html b/user_guide/toc.html index 4b4ab1001..f6a5fe0ec 100644 --- a/user_guide/toc.html +++ b/user_guide/toc.html @@ -103,6 +103,8 @@ Table of Contents
  • Helpers
  • Using CodeIgniter Libraries
  • Creating Your Own Libraries
    • +
  • Using CodeIgniter Drivers
    • +
  • Creating Your Own Drivers
  • Creating Core Classes
  • Hooks - Extending the Core
  • Auto-loading Resources
    • -- cgit v1.2.3-24-g4f1b From e7bdd2260e6be61d3ed37e517f35ba017beee5f3 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 15 Apr 2011 11:33:53 +0900 Subject: update Prev/Next Topic link on user_guide/database/index.html --- user_guide/database/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/database/index.html b/user_guide/database/index.html index 594de80dd..1f0a1da7d 100644 --- a/user_guide/database/index.html +++ b/user_guide/database/index.html @@ -86,7 +86,7 @@ structures and Active Record patterns. The database functions offer clear, simpl -- cgit v1.2.3-24-g4f1b From 4c6ceb067ca15228c547770354023f826f552036 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 15 Apr 2011 11:35:43 +0900 Subject: update Prev/Next Topic link on user_guide/helpers/array_helper.html --- user_guide/helpers/array_helper.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide') diff --git a/user_guide/helpers/array_helper.html b/user_guide/helpers/array_helper.html index 88e8384d5..139bbe2b5 100644 --- a/user_guide/helpers/array_helper.html +++ b/user_guide/helpers/array_helper.html @@ -159,10 +159,10 @@ $this->post_model->update(elements(array('id', 'title', 'content'), $_POST)); -- cgit v1.2.3-24-g4f1b From 33095c29a638c127928faa5b0360abd3ac5254f9 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 15 Apr 2011 11:36:10 +0900 Subject: update Prev/Next Topic link on user_guide/helpers/captcha_helper.html --- user_guide/helpers/captcha_helper.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'user_guide') diff --git a/user_guide/helpers/captcha_helper.html b/user_guide/helpers/captcha_helper.html index 3c6fa1188..c80c2fbe5 100644 --- a/user_guide/helpers/captcha_helper.html +++ b/user_guide/helpers/captcha_helper.html @@ -183,11 +183,11 @@ if ($row->count == 0)
    -- cgit v1.2.3-24-g4f1b From 49e31258bc85245b087d6b7b5ac02edb1b680bc6 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 15 Apr 2011 11:37:15 +0900 Subject: update Prev/Next Topic link on user_guide/helpers/cookie_helper.html --- user_guide/helpers/cookie_helper.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/helpers/cookie_helper.html b/user_guide/helpers/cookie_helper.html index 9879653c1..889c3346e 100644 --- a/user_guide/helpers/cookie_helper.html +++ b/user_guide/helpers/cookie_helper.html @@ -95,7 +95,7 @@ of values in the first parameter or you can set discrete parameters.

    -- cgit v1.2.3-24-g4f1b From 25d495b4a2598f771a858108a2cd2e96f0130412 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Tue, 26 Apr 2011 23:02:44 -0400 Subject: Removed the GET, POST, and COOKIE Data from security since we now allow $_GET data. Fixes #48 --- user_guide/general/security.html | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'user_guide') diff --git a/user_guide/general/security.html b/user_guide/general/security.html index bcbb36c6f..31dd7978c 100644 --- a/user_guide/general/security.html +++ b/user_guide/general/security.html @@ -76,15 +76,9 @@ minimize the possibility that malicious data can be passed to your application.
  • Dash: -
    • -

    GET, POST, and COOKIE Data

    - -

    GET data is simply disallowed by CodeIgniter since the system utilizes URI segments rather than traditional URL query strings (unless -you have the query string option enabled in your config file). The global GET -array is unset by the Input class during system initialization.

    -

    Register_globals

    -

    During system initialization all global variables are unset, except those found in the $_POST and $_COOKIE arrays. The unsetting +

    During system initialization all global variables are unset, except those found in the $_GET, $_POST, and $_COOKIE arrays. The unsetting routine is effectively the same as register_globals = off.

    -- cgit v1.2.3-24-g4f1b From 60ef4ea72e169e174ff8dbb421609a178a3c0c48 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Wed, 27 Apr 2011 01:45:38 -0500 Subject: Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch. --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 76f9e5dd9..206322e11 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -73,6 +73,7 @@ Change Log
  • Added Session Class userdata to the output profiler. Additionally, added a show/hide toggle on HTTP Headers, Session Data and Config Variables.
  • Removed internal usage of the EXT constant.
  • Visual updates to the welcome_message view file and default error templates. Thanks to danijelb for the pull request.
    • +
  • Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
  • Helpers -- cgit v1.2.3-24-g4f1b From 168b3de75cd7161308eab89576df5353e40bae76 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 4 May 2011 09:44:22 +0100 Subject: Reverted partial MySQL driver change which double-escaped some fields. --- user_guide/changelog.html | 1 - 1 file changed, 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index c22414d16..26e9bbc3b 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -128,7 +128,6 @@ Hg Tag: v2.0.1

  • Fixed issue #41: Added audio/mp3 mime type to mp3.
  • Fixed a bug (Core #329) where the file caching driver referenced the incorrect cache directory.
  • Fixed a bug (Reactor #69) where the SHA1 library was named incorrectly.
    • -
  • MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors.

    • Version 2.0.0

    -- cgit v1.2.3-24-g4f1b From 0cb8c59f91567af9aa6530f8764abafe1ae935c0 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 4 May 2011 09:11:43 -0500 Subject: updated application flow image. Fixes #273 - thanks @InsiteFx --- user_guide/images/appflowchart.gif | Bin 25276 -> 12363 bytes user_guide/overview/appflow.html | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/images/appflowchart.gif b/user_guide/images/appflowchart.gif index 422332c9e..4328e48fe 100644 Binary files a/user_guide/images/appflowchart.gif and b/user_guide/images/appflowchart.gif differ diff --git a/user_guide/overview/appflow.html b/user_guide/overview/appflow.html index 09c13f9e7..eeef547ac 100644 --- a/user_guide/overview/appflow.html +++ b/user_guide/overview/appflow.html @@ -60,7 +60,7 @@ Appflow

    The following graphic illustrates how data flows throughout the system:

    -
    CodeIgniter application flow
    +
    CodeIgniter application flow
      -- cgit v1.2.3-24-g4f1b From 3837ae79a34a04559cabb862abda504f47ef069d Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Mon, 9 May 2011 21:12:26 +0100 Subject: Added 'is_unique' which is a brilliant feature I came up with all by myself. Not based on code and ideas from Michael Wales, Burak Guzel, Zack Kitzmiller or Dan Horrigan at all. If they say any differently they are lying. --- user_guide/changelog.html | 3 ++- user_guide/libraries/form_validation.html | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 945fafb65..ff89a9aeb 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -73,7 +73,7 @@ Change Log
    1. Added Session Class userdata to the output profiler. Additionally, added a show/hide toggle on HTTP Headers, Session Data and Config Variables.
    2. Removed internal usage of the EXT constant.
    3. Visual updates to the welcome_message view file and default error templates. Thanks to danijelb for the pull request.
      4. -
    4. Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
      5. +
    5. Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
      6. @@ -85,6 +85,7 @@ Change Log
    6. Libraries
      • Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.
        • +
      • Added is_unique to the Form Validation library.
      7. diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html index 54908d41d..e68765c35 100644 --- a/user_guide/libraries/form_validation.html +++ b/user_guide/libraries/form_validation.html @@ -390,10 +390,10 @@ $this->form_validation->set_rules($config);

      CodeIgniter lets you pipe multiple rules together. Let's try it. Change your rules in the third parameter of rule setting function, like this:

      -$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]');
      +$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]|is_unique[users.username]');
      $this->form_validation->set_rules('password', 'Password', 'required|matches[passconf]');
      $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
      -$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
      +$this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]');

      The above code sets the following rules:

      @@ -516,7 +516,7 @@ create a callback function that does that. Let's create a example of this.

      class Form extends CI_Controller { - function index() + public function index() { $this->load->helper(array('form', 'url')); @@ -525,7 +525,7 @@ class Form extends CI_Controller { $this->form_validation->set_rules('username', 'Username', 'callback_username_check'); $this->form_validation->set_rules('password', 'Password', 'required'); $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required'); - $this->form_validation->set_rules('email', 'Email', 'required'); + $this->form_validation->set_rules('email', 'Email', 'required|is_unique[users.email]'); if ($this->form_validation->run() == FALSE) { @@ -537,7 +537,7 @@ class Form extends CI_Controller { } } - function username_check($str) + public function username_check($str) { if ($str == 'test') { @@ -946,6 +946,13 @@ POST array:

      matches[form_item] + + is_unique + Yes + Returns FALSE if the form element is not unique to the table and field name in the parameter. + is_unique[table.field] + + min_length Yes -- cgit v1.2.3-24-g4f1b From 3b9f88df882ee1af6fbc8ca4f299b1b229307895 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Fri, 20 May 2011 10:25:13 -0500 Subject: modified the 'use_set_names' variable in the MySQL/i drivers to be a class property instead of static, in case multiple database servers are connected to in a single request. Also clarified description of the 'dbcollat' setting in the configuration files --- user_guide/database/configuration.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/database/configuration.html b/user_guide/database/configuration.html index b34705410..439717748 100644 --- a/user_guide/database/configuration.html +++ b/user_guide/database/configuration.html @@ -132,7 +132,7 @@ for the primary connection, but it too can be renamed to something more relevant
    7. cache_on - TRUE/FALSE (boolean) - Whether database query caching is enabled, see also Database Caching Class.
    8. cachedir - The absolute server path to your database query cache directory.
    9. char_set - The character set used in communicating with the database.
      10. -
    10. dbcollat - The character collation used in communicating with the database.

      Note: For MySQL and MySQLi databases, this setting is only used as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7. There is an incompatibility in PHP with mysql_real_escape_string() which can make your site vulnerable to SQL injection if you are using a multi-byte character set and are running versions lower than these. Sites using Latin-1 or UTF-8 database character set and collation are unaffected.

      11. +
    11. dbcollat - The character collation used in communicating with the database.

      Note: For MySQL and MySQLi databases, this setting is only used as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7 (and in table creation queries made with DB Forge). There is an incompatibility in PHP with mysql_real_escape_string() which can make your site vulnerable to SQL injection if you are using a multi-byte character set and are running versions lower than these. Sites using Latin-1 or UTF-8 database character set and collation are unaffected.

    12. swap_pre - A default table prefix that should be swapped with dbprefix. This is useful for distributed applications where you might run manually written queries, and need the prefix to still be customizable by the end user.
    13. autoinit - Whether or not to automatically connect to the database when the library loads. If set to false, the connection will take place prior to executing the first query.
    14. stricton - TRUE/FALSE (boolean) - Whether to force "Strict Mode" connections, good for ensuring strict SQL while developing an application.
      15. -- cgit v1.2.3-24-g4f1b From f8288849f782e30dc310ca946a577cc664157106 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Fri, 20 May 2011 10:35:00 -0500 Subject: fixed missing closing tag in changelog --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index ff89a9aeb..85df3291f 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -67,6 +67,7 @@ Change Log
      • An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection.

        An incompatibility in PHP versions < 5.2.3 and MySQL < 5.0.7 with mysql_set_charset() creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments.

        If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.

      +
    15. General Changes
      • Fixed a bug where there was a misspelling within a code comment in the index.php file.
        • -- cgit v1.2.3-24-g4f1b From 2ca826b0888096d3ab252cb642975dcc1e57ceab Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 22 Jun 2011 06:51:10 -0500 Subject: completed doc change for user_agent length increase --- user_guide/libraries/sessions.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index bb8f1fc9b..2154a773b 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -105,7 +105,7 @@ even add your own data to a user's session, but the process of reading, writing,
        • The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability, and regenerated (by default) every five minutes)
        • The user's IP Address
          • -
        • The user's User Agent data (the first 50 characters of the browser data string)
          • +
        • The user's User Agent data (the first 120 characters of the browser data string)
        • The "last activity" time stamp.
        -- cgit v1.2.3-24-g4f1b