From cd99fb66967892900a1d2291c643058b1f9166c5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 Feb 2015 15:50:48 +0200 Subject: [ci skip] Tiny detail in 3.0.0 upgrade path --- user_guide_src/source/installation/upgrade_300.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source/installation/upgrade_300.rst') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 73ed0f4c3..7cb94518d 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -1,5 +1,5 @@ ############################# -Upgrading from 2.2.1 to 3.0.0 +Upgrading from 2.2.x to 3.0.0 ############################# .. note:: These upgrade notes are for a version that is yet to be released. -- cgit v1.2.3-24-g4f1b From ba213cd6f6be272d8e51b9eaf7d4039671458868 Mon Sep 17 00:00:00 2001 From: Fu Xu Date: Thu, 26 Feb 2015 20:01:31 +0800 Subject: fix wrong step count --- user_guide_src/source/installation/upgrade_300.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source/installation/upgrade_300.rst') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 7cb94518d..90d56c25c 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -795,7 +795,7 @@ It is now deprecated and scheduled for removal in CodeIgniter 3.1+. sooner rather than later. *********************************************************** -Step 18: Check your usage of Text helper highlight_phrase() +Step 20: Check your usage of Text helper highlight_phrase() *********************************************************** The default HTML tag used by :doc:`Text Helper <../helpers/text_helper>` function -- cgit v1.2.3-24-g4f1b From 9187ed3516ba403d09fc88ebcf6ead7364f75c4d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 28 Feb 2015 19:54:17 +0200 Subject: [ci skip] Formally deprecate 'global_xss_filtering' --- user_guide_src/source/installation/upgrade_300.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'user_guide_src/source/installation/upgrade_300.rst') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 90d56c25c..2f806cccf 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -551,6 +551,22 @@ PHP's native ``hash()`` function. It is deprecated and scheduled for removal in .. note:: This function is still available, but you're strongly encouraged to remove its usage sooner rather than later. +The $config['global_xss_filtering'] setting +=========================================== + +As already explained above, XSS filtering should not be done on input data, +but on output instead. Therefore, the ``$config['global_xss_filtering']``, +which automatically filters *input* data, is considered a bad practice and +is now deprecated. + +Instead, you should manually escape any user-provided data via the +:php:func:`xss_clean()` function when you need to output it, or use a +library like `HTML Purifier `_ that does that +for you. + +.. note:: The setting is still available, but you're strongly encouraged to + remove its usage sooner rather than later. + File helper read_file() ======================= -- cgit v1.2.3-24-g4f1b