From 71e647782764184e3aab4faffe6d99176758979f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 22 Mar 2018 16:48:55 +0200 Subject: [ci skip] 3.1.8 release --- user_guide_src/source/installation/upgrade_300.rst | 891 --------------------- 1 file changed, 891 deletions(-) delete mode 100644 user_guide_src/source/installation/upgrade_300.rst (limited to 'user_guide_src/source/installation/upgrade_300.rst') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst deleted file mode 100644 index 5b2d3947d..000000000 --- a/user_guide_src/source/installation/upgrade_300.rst +++ /dev/null @@ -1,891 +0,0 @@ -############################# -Upgrading from 2.2.x to 3.0.x -############################# - -Before performing an update you should take your site offline by replacing the index.php file with a static one. - -************************************* -Step 1: Update your CodeIgniter files -************************************* - -**Replace** all files and directories in your *system/* directory and -replace your index.php file. If any modifications were made to your -index.php they will need to be made fresh in this new one. - -.. important:: You have to delete the old *system/* directory first and - then put the new one in its place. A simple copy-paste may cause - issues. - -.. note:: If you have any custom developed files in these folders please - make copies of them first. - -************************************** -Step 2: Update your classes file names -************************************** - -Starting with CodeIgniter 3.0, all class filenames (libraries, drivers, controllers -and models) must be named in a Ucfirst-like manner or in other words - they must -start with a capital letter. - -For example, if you have the following library file: - - application/libraries/mylibrary.php - -... then you'll have to rename it to: - - application/libraries/Mylibrary.php - -The same goes for driver libraries and extensions and/or overrides of CodeIgniter's -own libraries and core classes. - - application/libraries/MY_email.php - application/core/MY_log.php - -The above files should respectively be renamed to the following: - - application/libraries/MY_Email.php - application/core/MY_Log.php - -Controllers: - - application/controllers/welcome.php -> application/controllers/Welcome.php - -Models: - - application/models/misc_model.php -> application/models/Misc_model.php - -Please note that this DOES NOT affect directories, configuration files, views, -helpers, hooks and anything else - it is only applied to classes. - -You must now follow just one simple rule - class names in Ucfirst and everything else -in lowercase. - -******************************** -Step 3: Replace config/mimes.php -******************************** - -This config file has been updated to contain more user mime-types, please copy -it to *application/config/mimes.php*. - -************************************************************** -Step 4: Remove $autoload['core'] from your config/autoload.php -************************************************************** - -Use of the ``$autoload['core']`` config array has been deprecated as of CodeIgniter 1.4.1 and is now removed. -Move any entries that you might have listed there to ``$autoload['libraries']`` instead. - -*************************************************** -Step 5: Move your Log class overrides or extensions -*************************************************** - -The Log Class is considered as a "core" class and is now located in the -**system/core/** directory. Therefore, in order for your Log class overrides -or extensions to work, you need to move them to **application/core/**: - - application/libraries/Log.php -> application/core/Log.php - application/libraries/MY_Log.php -> application/core/MY_Log.php - -***************************************** -Step 6: Update your Session library usage -***************************************** - -The :doc:`Session Library ` has been completely -re-written in CodeIgniter 3 and now comes with a bunch of new features, -but that also means that there are changes that you should make ... - -Most notably, the library now uses separate storage drivers instead of -always relying on (encrypted) cookies. -In fact, cookies as storage have now been removed and you must always use -some kind of server-side storage engine, with the file-system being the -default option. - -The Session Class now utilizes PHP's own mechanisms for building custom -session handlers, which also means that your session data is now -accessible via the ``$_SESSION`` superglobal (though, we've kept the -possibility to use it as "userdata", like you've done until now). - -A few configuration options have been removed and a few have been added. -You should really read the whole :doc:`Session library manual -` for the details, but here's a short list of changes -that you should make: - - - Set your ``$config['sess_driver']`` value - - It will default to 'files', unless you've previously used - ``$config['sess_use_database']``, in which case it will be set to - 'database'. - - - Set a ``$config['sess_save_path']`` value - - For the 'database' driver, a fallback to ``$config['sess_table_name']`` - is in place, but otherwise requires you to read the manual for the - specific driver of your choice. - - - Update your ``ci_sessions`` table ('database' driver only) - - The table structure has changed a bit, and more specifically: - - - ``session_id`` field is renamed to ``id`` - - ``user_agent`` field is dropped - - ``user_data`` field is renamed to ``data`` and under MySQL is now of type BLOB - - ``last_activity`` field is renamed to ``timestamp`` - - This is accompanied by a slight change in the table indexes too, so - please read the manual about the `Session Database Driver - <../libraries/sessions.html#database-driver>`_ for more information. - - .. important:: Only MySQL and PostgreSQL are officially supported - now. Other databases may still work, but due to lack of advisory - locking features, they are unsafe for concurrent requests and - you should consider using another driver instead. - - - Remove ``$config['sess_match_useragent']`` - - The user-agent string is input supplied by the user's browser, or in - other words: client side input. As such, it is an ineffective feature - and hence why it has been removed. - - - Remove ``$config['sess_encrypt_cookie']`` - - As already noted, the library no longer uses cookies as a storage - mechanism, which renders this option useless. - - - Remove ``$config['sess_expire_on_close']`` - - This option is still usable, but only for backwards compatibility - purposes and it should be otherwise removed. The same effect is - achieved by setting ``$config['sess_expiration']`` to 0. - - - Check "flashdata" for collisions with "userdata" - - Flashdata is now just regular "userdata", only marked for deletion on - the next request. In other words: you can't have both "userdata" and - "flashdata" with the same name, because it's the same thing. - - - Check usage of session metadata - - Previously, you could access the 'session_id', 'ip_address', - 'user_agent' and 'last_activity' metadata items as userdata. - This is no longer possible, and you should read the notes about - `Session Metadata <../libraries/sessions.html#accessing-session-metadata>`_ - if your application relies on those values. - - - Check ``unset_userdata()`` usage - - Previously, this method used to accept an associative array of - ``'key' => 'dummy value'`` pairs for unsetting multiple keys. That - however makes no sense and you now have to pass *only* the keys, as - the elements of an array. - - :: - - // Old - $this->session->unset_userdata(array('item' => '', 'item2' => '')); - - // New - $this->session->unset_userdata(array('item', 'item2')); - -Finally, if you have written a Session extension, you must now move it to -the *application/libraries/Session/* directory, although chances are that -it will now also have to be re-factored. - -*************************************** -Step 7: Update your config/database.php -*************************************** - -Due to 3.0.0's renaming of Active Record to Query Builder, inside your -**config/database.php**, you will need to rename the ``$active_record`` -variable to ``$query_builder``:: - - $active_group = 'default'; - // $active_record = TRUE; - $query_builder = TRUE; - -************************************ -Step 8: Replace your error templates -************************************ - -In CodeIgniter 3.0, the error templates are now considered as views and have been moved to the -*application/views/errors* directory. - -Furthermore, we've added support for CLI error templates in plain-text format that unlike HTML, -is suitable for the command line. This of course requires another level of separation. - -It is safe to move your old templates from *application/errors* to *application/views/errors/html*, -but you'll have to copy the new *application/views/errors/cli* directory from the CodeIgniter archive. - -****************************************** -Step 9: Update your config/routes.php file -****************************************** - -Routes containing :any -====================== - -Historically, CodeIgniter has always provided the **:any** wildcard in -routing, with the intention of providing a way to match any character -**within** an URI segment. - -However, the **:any** wildcard is actually just an alias for a regular -expression and used to be executed in that manner as **.+**. This is -considered a bug, as it also matches the / (forward slash) character, which -is the URI segment delimiter and that was never the intention. - -In CodeIgniter 3, the **:any** wildcard will now represent **[^/]+**, so -that it will not match a forward slash. - -There are certainly many developers that have utilized this bug as an actual -feature. If you're one of them and want to match a forward slash, please use -the **.+** regular expression:: - - (.+) // matches ANYTHING - (:any) // matches any character, except for '/' - -Directories and 'default_controller', '404_override' -==================================================== - -As you should know, the ``$route['default_controller']`` and -``$route['404_override']`` settings accept not only a controller name, but -also *controller/method* pairs. However, a bug in the routing logic has -made it possible for some users to use that as *directory/controller* -instead. - -As already said, this behavior was incidental and was never intended, nor -documented. If you've relied on it, your application will break with -CodeIgniter 3.0. - -Another notable change in version 3 is that 'default_controller' and -'404_override' are now applied *per directory*. To explain what this means, -let's take the following example:: - - $route['default_controller'] = 'main'; - -Now, assuming that your website is located at *example.com*, you already -know that if a user visits ``http://example.com/``, the above setting will -cause your 'Main' controller to be loaded. - -However, what happens if you have an *application/controllers/admin/* -directory and the user visits ``http://example.com/admin/``? -In CodeIgniter 3, the router will look for a 'Main' controller under the -admin/ directory as well. If not found, a Not Found (404) will be triggered. - -The same rule applies to the '404_override' setting. - -************************************************************************* -Step 10: Many functions now return NULL instead of FALSE on missing items -************************************************************************* - -Many methods and functions now return NULL instead of FALSE when the required items don't exist: - - - :doc:`Common functions <../general/common_functions>` - - - config_item() - - - :doc:`Config Class <../libraries/config>` - - - config->item() - - config->slash_item() - - - :doc:`Input Class <../libraries/input>` - - - input->get() - - input->post() - - input->get_post() - - input->cookie() - - input->server() - - input->input_stream() - - input->get_request_header() - - - :doc:`Session Class <../libraries/sessions>` - - - session->userdata() - - session->flashdata() - - - :doc:`URI Class <../libraries/uri>` - - - uri->segment() - - uri->rsegment() - - - :doc:`Array Helper <../helpers/array_helper>` - - - element() - - elements() - -******************************* -Step 11: Usage of XSS filtering -******************************* - -Many functions in CodeIgniter allow you to use its XSS filtering feature -on demand by passing a boolean parameter. The default value of that -parameter used to be boolean FALSE, but it is now changed to NULL and it -will be dynamically determined by your ``$config['global_xss_filtering']`` -value. - -If you used to manually pass a boolean value for the ``$xss_filter`` -parameter or if you've always had ``$config['global_xss_filtering']`` set -to FALSE, then this change doesn't concern you. - -Otherwise however, please review your usage of the following functions: - - - :doc:`Input Library <../libraries/input>` - - - input->get() - - input->post() - - input->get_post() - - input->cookie() - - input->server() - - input->input_stream() - - - :doc:`Cookie Helper <../helpers/cookie_helper>` :php:func:`get_cookie()` - -.. important:: Another related change is that the ``$_GET``, ``$_POST``, - ``$_COOKIE`` and ``$_SERVER`` superglobals are no longer - automatically overwritten when global XSS filtering is turned on. - -************************************************* -Step 12: Check for potential XSS issues with URIs -************************************************* - -The :doc:`URI Library <../libraries/uri>` used to automatically convert -a certain set of "programmatic characters" to HTML entities when they -are encountered in a URI segment. - -This was aimed at providing some automatic XSS protection, in addition -to the ``$config['permitted_uri_chars']`` setting, but has proven to be -problematic and is now removed in CodeIgniter 3.0. - -If your application has relied on this feature, you should update it to -filter URI segments through ``$this->security->xss_clean()`` whenever you -output them. - -**************************************************************** -Step 13: Check for usage of the 'xss_clean' Form validation rule -**************************************************************** - -A largely unknown rule about XSS cleaning is that it should *only be -applied to output*, as opposed to input data. - -We've made that mistake ourselves with our automatic and global XSS cleaning -feature (see previous step about XSS above), so now in an effort to discourage that -practice, we're also removing 'xss_clean' from the officially supported -list of :doc:`form validation <../libraries/form_validation>` rules. - -Because the :doc:`Form Validation library <../libraries/form_validation>` -generally validates *input* data, the 'xss_clean' rule simply doesn't -belong in it. - -If you really, really need to apply that rule, you should now also load the -:doc:`Security Helper <../helpers/security_helper>`, which contains -``xss_clean()`` as a regular function and therefore can be also used as -a validation rule. - -******************************************************** -Step 14: Update usage of Input Class's get_post() method -******************************************************** - -Previously, the :doc:`Input Class <../libraries/input>` method ``get_post()`` -was searching first in POST data, then in GET data. This method has been -modified so that it searches in GET then in POST, as its name suggests. - -A method has been added, ``post_get()``, which searches in POST then in GET, as -``get_post()`` was doing before. - -******************************************************************** -Step 15: Update usage of Directory Helper's directory_map() function -******************************************************************** - -In the resulting array, directories now end with a trailing directory -separator (i.e. a slash, usually). - -************************************************************* -Step 16: Update usage of Database Forge's drop_table() method -************************************************************* - -Up until now, ``drop_table()`` added an IF EXISTS clause by default or it didn't work -at all with some drivers. In CodeIgniter 3.0, the IF EXISTS condition is no longer added -by default and has an optional second parameter that allows that instead and is set to -FALSE by default. - -If your application relies on IF EXISTS, you'll have to change its usage. - -:: - - // Now produces just DROP TABLE `table_name` - $this->dbforge->drop_table('table_name'); - - // Produces DROP TABLE IF EXISTS `table_name` - $this->dbforge->drop_table('table_name', TRUE); - -.. note:: The given example uses MySQL-specific syntax, but it should work across - all drivers with the exception of ODBC. - -*********************************************************** -Step 17: Change usage of Email library with multiple emails -*********************************************************** - -The :doc:`Email Library <../libraries/email>` will automatically clear the -set parameters after successfully sending emails. To override this behaviour, -pass FALSE as the first parameter in the ``send()`` method: - -:: - - if ($this->email->send(FALSE)) - { - // Parameters won't be cleared - } - -*************************************************** -Step 18: Update your Form_validation language lines -*************************************************** - -Two improvements have been made to the :doc:`Form Validation Library -<../libraries/form_validation>`'s :doc:`language <../libraries/language>` -files and error messages format: - - - :doc:`Language Library <../libraries/language>` line keys now must be - prefixed with **form_validation_** in order to avoid collisions:: - - // Old - $lang['rule'] = ... - - // New - $lang['form_validation_rule'] = ... - - - The error messages format has been changed to use named parameters, to - allow more flexibility than what `sprintf()` offers:: - - // Old - 'The %s field does not match the %s field.' - - // New - 'The {field} field does not match the {param} field.' - -.. note:: The old formatting still works, but the non-prefixed line keys - are DEPRECATED and scheduled for removal in CodeIgniter 3.1+. - Therefore you're encouraged to update its usage sooner rather than - later. - -************************************************************ -Step 19: Make sure your 'base_url' config value is not empty -************************************************************ - -When ``$config['base_url']`` is not set, CodeIgniter tries to automatically -detect what your website's base URL is. This is done purely for convenience -when you are starting development of a new application. - -Auto-detection is never reliable and also has security implications, which -is why you should **always** have it manually configured! - -One of the changes in CodeIgniter 3.0.3 is how this auto-detection works, -and more specifically it now falls back to the server's IP address instead -of the hostname requested by the client. Therefore, if you've ever relied -on auto-detection, it will change how your website works now. - -In case you need to allow e.g. multiple domains, or both http:// and -https:// prefixes to be dynamically used depending on the request, -remember that *application/config/config.php* is still a PHP script, in -which you can create this logic with a few lines of code. For example:: - - $allowed_domains = array('domain1.tld', 'domain2.tld'); - $default_domain = 'domain1.tld'; - - if (in_array($_SERVER['HTTP_HOST'], $allowed_domains, TRUE)) - { - $domain = $_SERVER['HTTP_HOST']; - } - else - { - $domain = $default_domain; - } - - if ( ! empty($_SERVER['HTTPS'])) - { - $config['base_url'] = 'https://'.$domain; - } - else - { - $config['base_url'] = 'http://'.$domain; - } - - -**************************************************************** -Step 20: Remove usage of (previously) deprecated functionalities -**************************************************************** - -In addition to the ``$autoload['core']`` configuration setting, there's a -number of other functionalities that have been removed in CodeIgniter 3.0.0: - -The SHA1 library -================ - -The previously deprecated SHA1 library has been removed, alter your code to use PHP's native -``sha1()`` function to generate a SHA1 hash. - -Additionally, the ``sha1()`` method in the :doc:`Encrypt Library <../libraries/encrypt>` has been removed. - -The EXT constant -================ - -Usage of the ``EXT`` constant has been deprecated since dropping support for PHP 4. There's no -longer a need to maintain different filename extensions and in this new CodeIgniter version, -the ``EXT`` constant has been removed. Use just '.php' instead. - -Smiley helper -============= - -The :doc:`Smiley Helper <../helpers/smiley_helper>` is a legacy feature from EllisLab's -ExpressionEngine product. However, it is too specific for a general purpose framework like -CodeIgniter and as such it is now deprecated. - -Also, the previously deprecated ``js_insert_smiley()`` (since version 1.7.2) is now removed. - -The Encrypt library -=================== - -Following numerous vulnerability reports, the :doc:`Encrypt Library <../libraries/encrypt>` has -been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take -its place. - -The new library requires either the `MCrypt extension `_ (and /dev/urandom -availability) or PHP 5.3.3 and the `OpenSSL extension `_. -While this might be rather inconvenient, it is a requirement that allows us to have properly -implemented cryptographic functions. - -.. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose - of keeping backwards compatibility. - -.. important:: You are strongly encouraged to switch to the new :doc:`Encryption Library - <../libraries/encryption>` as soon as possible! - -The Cart library -================ - -The :doc:`Cart Library <../libraries/cart>`, similarly to the :doc:`Smiley Helper -<../helpers/smiley_helper>` is too specific for CodeIgniter. It is now deprecated -and scheduled for removal in CodeIgniter 3.1+. - -.. note:: The library is still available, but you're strongly encouraged to remove its usage sooner - rather than later. - -Database drivers 'mysql', 'sqlite', 'mssql', 'pdo/dblib' -======================================================== - -The **mysql** driver utilizes the old 'mysql' PHP extension, known for its aging code base and -many low-level problems. The extension is deprecated as of PHP 5.5 and CodeIgniter deprecates -it in version 3.0, switching the default configured MySQL driver to **mysqli**. - -Please use either the 'mysqli' or 'pdo/mysql' drivers for MySQL. The old 'mysql' driver will be -removed at some point in the future. - -The **sqlite**, **mssql** and **pdo/dblib** (also known as pdo/mssql or pdo/sybase) drivers -all depend on PHP extensions that for different reasons no longer exist since PHP 5.3. - -Therefore we are now deprecating these drivers as we will have to remove them in one of the next -CodeIgniter versions. You should use the more advanced, **sqlite3**, **sqlsrv** or **pdo/sqlsrv** -drivers respectively. - -.. note:: These drivers are still available, but you're strongly encouraged to switch to other ones - sooner rather than later. - -Security helper do_hash() -========================= - -:doc:`Security Helper <../helpers/security_helper>` function ``do_hash()`` is now just an alias for -PHP's native ``hash()`` function. It is deprecated and scheduled for removal in CodeIgniter 3.1+. - -.. note:: This function is still available, but you're strongly encouraged to remove its usage sooner - rather than later. - -The $config['global_xss_filtering'] setting -=========================================== - -As already explained above, XSS filtering should not be done on input data, -but on output instead. Therefore, the ``$config['global_xss_filtering']``, -which automatically filters *input* data, is considered a bad practice and -is now deprecated. - -Instead, you should manually escape any user-provided data via the -:php:func:`xss_clean()` function when you need to output it, or use a -library like `HTML Purifier `_ that does that -for you. - -.. note:: The setting is still available, but you're strongly encouraged to - remove its usage sooner rather than later. - -File helper read_file() -======================= - -:doc:`File Helper <../helpers/file_helper>` function ``read_file()`` is now just an alias for -PHP's native ``file_get_contents()`` function. It is deprecated and scheduled for removal in -CodeIgniter 3.1+. - -.. note:: This function is still available, but you're strongly encouraged to remove its usage sooner - rather than later. - -String helper repeater() -======================== - -:doc:`String Helper <../helpers/string_helper>` function :php:func:`repeater()` is now just an alias for -PHP's native ``str_repeat()`` function. It is deprecated and scheduled for removal in CodeIgniter 3.1+. - -.. note:: This function is still available, but you're strongly encouraged to remove its usage sooner - rather than later. - -String helper trim_slashes() -============================ - -:doc:`String Helper <../helpers/string_helper>` function :php:func:`trim_slashes()` is now just an alias -for PHP's native ``trim()`` function (with a slash passed as its second argument). It is deprecated and -scheduled for removal in CodeIgniter 3.1+. - -.. note:: This function is still available, but you're strongly encouraged to remove its usage sooner - rather than later. - -Form helper form_prep() -======================= - -:doc:`Form Helper <../helpers/form_helper>` function :php:func:`form_prep()` -is now just an alias for :doc:`common function ` -:func:`html_escape()`. It is deprecated and will be removed in the future. - -Please use :php:func:`html_escape()` instead. - -.. note:: This function is still available, but you're strongly encouraged - to remove its usage sooner rather than later. - -Email helper functions -====================== - -:doc:`Email Helper <../helpers/email_helper>` only has two functions - - - :php:func:`valid_email()` - - :php:func:`send_email()` - -Both of them are now aliases for PHP's native ``filter_var()`` and ``mail()`` functions, respectively. -Therefore the :doc:`Email Helper <../helpers/email_helper>` altogether is being deprecated and -is scheduled for removal in CodeIgniter 3.1+. - -.. note:: These functions are still available, but you're strongly encouraged to remove their usage - sooner rather than later. - -Date helper standard_date() -=========================== - -:doc:`Date Helper <../helpers/date_helper>` function ``standard_date()`` is being deprecated due -to the availability of native PHP `constants `_, -which when combined with ``date()`` provide the same functionality. Furthermore, they have the -exact same names as the ones supported by ``standard_date()``. Here are examples of how to replace -its usage: - -:: - - // Old way - standard_date(); // defaults to standard_date('DATE_RFC822', now()); - - // Replacement - date(DATE_RFC822, now()); - - // Old way - standard_date('DATE_ATOM', $time); - - // Replacement - date(DATE_ATOM, $time); - -.. note:: This function is still available, but you're strongly encouraged to remove its usage sooner - rather than later as it is scheduled for removal in CodeIgniter 3.1+. - -HTML helpers nbs(), br() -======================== - -:doc:`HTML Helper <../helpers/html_helper>` functions ``nbs()`` and ``br()`` are just aliases -for the native ``str_repeat()`` function used with `` `` and ``
`` respectively. - -Because there's no point in just aliasing native PHP functions, they are now deprecated and -scheduled for removal in CodeIgniter 3.1+. - -.. note:: These functions are still available, but you're strongly encouraged to remove their usage - sooner rather than later. - -Pagination library 'anchor_class' setting -========================================= - -The :doc:`Pagination Library <../libraries/pagination>` now supports adding pretty much any HTML -attribute to your anchors via the 'attributes' configuration setting. This includes passing the -'class' attribute and using the separate 'anchor_class' setting no longer makes sense. -As a result of that, the 'anchor_class' setting is now deprecated and scheduled for removal in -CodeIgniter 3.1+. - -.. note:: This setting is still available, but you're strongly encouraged to remove its usage sooner - rather than later. - -String helper random_string() types 'unique' and 'encrypt' -========================================================== - -When using the :doc:`String Helper <../helpers/string_helper>` function :php:func:`random_string()`, -you should no longer pass the **unique** and **encrypt** randomization types. They are only -aliases for **md5** and **sha1** respectively and are now deprecated and scheduled for removal -in CodeIgniter 3.1+. - -.. note:: These options are still available, but you're strongly encouraged to remove their usage - sooner rather than later. - -URL helper url_title() separators 'dash' and 'underscore' -========================================================= - -When using the :doc:`URL Helper <../helpers/url_helper>` function :php:func:`url_title()`, you -should no longer pass **dash** or **underscore** as the word separator. This function will -now accept any character and you should just pass the chosen character directly, so you -should write '-' instead of 'dash' and '_' instead of 'underscore'. - -**dash** and **underscore** now act as aliases and are deprecated and scheduled for removal -in CodeIgniter 3.1+. - -.. note:: These options are still available, but you're strongly encouraged to remove their usage - sooner rather than later. - -Session Library method all_userdata() -===================================== - -As seen in the :doc:`Change Log <../changelog>`, :doc:`Session Library <../libraries/sessions>` -method ``userdata()`` now allows you to fetch all userdata by simply omitting its parameter:: - - $this->session->userdata(); - -This makes the ``all_userdata()`` method redudant and therefore it is now just an alias for -``userdata()`` with the above shown usage and is being deprecated and scheduled for removal -in CodeIgniter 3.1+. - -.. note:: This method is still available, but you're strongly encouraged to remove its usage - sooner rather than later. - -Database Forge method add_column() with an AFTER clause -======================================================= - -If you have used the **third parameter** for :doc:`Database Forge <../database/forge>` method -``add_column()`` to add a field for an AFTER clause, then you should change its usage. - -That third parameter has been deprecated and scheduled for removal in CodeIgniter 3.1+. - -You should now put AFTER clause field names in the field definition array instead:: - - // Old usage: - $field = array( - 'new_field' => array('type' => 'TEXT') - ); - - $this->dbforge->add_column('table_name', $field, 'another_field'); - - // New usage: - $field = array( - 'new_field' => array('type' => 'TEXT', 'after' => 'another_field') - ); - - $this->dbforge->add_column('table_name', $field); - -.. note:: The parameter is still available, but you're strongly encouraged to remove its usage - sooner rather than later. - -.. note:: This is for MySQL and CUBRID databases only! Other drivers don't support this - clause and will silently ignore it. - -URI Routing methods fetch_directory(), fetch_class(), fetch_method() -==================================================================== - -With properties ``CI_Router::$directory``, ``CI_Router::$class`` and ``CI_Router::$method`` -being public and their respective ``fetch_*()`` no longer doing anything else to just return -the properties - it doesn't make sense to keep them. - -Those are all internal, undocumented methods, but we've opted to deprecate them for now -in order to maintain backwards-compatibility just in case. If some of you have utilized them, -then you can now just access the properties instead:: - - $this->router->directory; - $this->router->class; - $this->router->method; - -.. note:: Those methods are still available, but you're strongly encouraged to remove their usage - sooner rather than later. - -Input library method is_cli_request() -===================================== - -Calls to the ``CI_Input::is_cli_request()`` method are necessary at many places -in the CodeIgniter internals and this is often before the :doc:`Input Library -<../libraries/input>` is loaded. Because of that, it is being replaced by a common -function named :php:func:`is_cli()` and this method is now just an alias. - -The new function is both available at all times for you to use and shorter to type. - -:: - - // Old - $this->input->is_cli_request(); - - // New - is_cli(); - -``CI_Input::is_cli_request()`` is now now deprecated and scheduled for removal in -CodeIgniter 3.1+. - -.. note:: This method is still available, but you're strongly encouraged to remove its usage - sooner rather than later. - -Config library method system_url() -================================== - -Usage of ``CI_Config::system_url()`` encourages insecure coding practices. -Namely, your CodeIgniter *system/* directory shouldn't be publicly accessible -from a security point of view. - -Because of this, this method is now deprecated and scheduled for removal in -CodeIgniter 3.1+. - -.. note:: This method is still available, but you're strongly encouraged to remove its usage - sooner rather than later. - -The Javascript library -====================== - -The :doc:`Javascript Library <../libraries/javascript>` has always had an -'experimental' status and was never really useful, nor a proper solution. - -It is now deprecated and scheduled for removal in CodeIgniter 3.1+. - -.. note:: This library is still available, but you're strongly encouraged to remove its usage - sooner rather than later. - -Form Validation method prep_for_form() -====================================== - -The :doc:`Form Validation Library <../libraries/form_validation>` has a -``prep_for_form()`` method, which is/can also be used as a rule in -``set_rules()`` to automatically perform HTML encoding on input data. - -Automatically encoding input (instead of output) data is a bad practice in -the first place, and CodeIgniter and PHP itself offer other alternatives -to this method anyway. -For example, :doc:`Form Helper <../helpers/form_helper>` functions will -automatically perform HTML escaping when necessary. - -Therefore, the *prep_for_form* method/rule is pretty much useless and is now -deprecated and scheduled for removal in 3.1+. - -.. note:: The method is still available, but you're strongly encouraged to - remove its usage sooner rather than later. - -*********************************************************** -Step 21: Check your usage of Text helper highlight_phrase() -*********************************************************** - -The default HTML tag used by :doc:`Text Helper <../helpers/text_helper>` function -:func:`highlight_phrase()` has been changed from ```` to the new HTML5 -tag ````. - -Unless you've used your own highlighting tags, this might cause trouble -for your visitors who use older web browsers such as Internet Explorer 8. -We therefore suggest that you add the following code to your CSS files -in order to avoid backwards compatibility with old browsers:: - - mark { - background: #ff0; - color: #000; - }; -- cgit v1.2.3-24-g4f1b