From 4db3793b34f24320d26cf7c6fb7396edf5f43791 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 14 Aug 2015 13:51:49 +0300 Subject: [ci skip] Encryption doc fix Close #4051 --- user_guide_src/source/libraries/encryption.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 599be4df0..7afefa596 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -75,7 +75,7 @@ process that allows you to be the only one who is able to decrypt data that you've decided to hide from the eyes of the public. After one key is used to encrypt data, that same key provides the **only** means to decrypt it, so not only must you chose one carefully, but you -must not lose it or you will also use the encrypted data. +must not lose it or you will also lose access the data. It must be noted that to ensure maximum security, such key *should* not only be as strong as possible, but also often changed. Such behavior -- cgit v1.2.3-24-g4f1b From ec6a4034799d881b8b8d4c9134f487237719654c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 15 Aug 2015 08:58:46 +0300 Subject: [ci skip] Fix a doc typo --- user_guide_src/source/libraries/encryption.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 7afefa596..cac4b7921 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -75,7 +75,7 @@ process that allows you to be the only one who is able to decrypt data that you've decided to hide from the eyes of the public. After one key is used to encrypt data, that same key provides the **only** means to decrypt it, so not only must you chose one carefully, but you -must not lose it or you will also lose access the data. +must not lose it or you will also lose access to the data. It must be noted that to ensure maximum security, such key *should* not only be as strong as possible, but also often changed. Such behavior -- cgit v1.2.3-24-g4f1b From 52a2defaff4717e359e5c0ac56704b3e64187b7b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Sep 2015 12:03:16 +0300 Subject: [ci skip] Remove a bad advice from the Security lib docs --- user_guide_src/source/libraries/security.rst | 4 ---- 1 file changed, 4 deletions(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 305a8e57c..2cbe46f4d 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -27,10 +27,6 @@ or other types of code that attempt to hijack cookies or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities. -Note: This function should only be used to deal with data upon -submission. It's not something that should be used for general runtime -processing since it requires a fair amount of processing overhead. - To filter data through the XSS filter use the ``xss_clean()`` method:: $data = $this->security->xss_clean($data); -- cgit v1.2.3-24-g4f1b From 61ac7bdd8291251f5709a3212b234ea5030340ef Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Sep 2015 12:07:25 +0300 Subject: [ci skip] Reduce/improve wording of xss_clean() description --- user_guide_src/source/libraries/security.rst | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 2cbe46f4d..f7604ef00 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -16,16 +16,11 @@ application, processing input data for security. XSS Filtering ************* -CodeIgniter comes with a Cross Site Scripting Hack prevention filter -which can either run automatically to filter all POST and COOKIE data -that is encountered, or you can run it on a per item basis. By default -it does **not** run globally since it requires a bit of processing -overhead, and since you may not need it in all cases. - -The XSS filter looks for commonly used techniques to trigger Javascript -or other types of code that attempt to hijack cookies or do other -malicious things. If anything disallowed is encountered it is rendered -safe by converting the data to character entities. +CodeIgniter comes with a Cross Site Scripting prevention filter, which +looks for commonly used techniques to trigger JavaScript or other types +of code that attempt to hijack cookies or do other malicious things. +If anything disallowed is encountered it is rendered safe by converting +the data to character entities. To filter data through the XSS filter use the ``xss_clean()`` method:: -- cgit v1.2.3-24-g4f1b From 20573bd472bdeaa831074e563f239585554ffaf5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Sep 2015 12:46:06 +0300 Subject: [ci skip] Correct session database setup docs --- user_guide_src/source/libraries/sessions.rst | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 2034ed2b0..9c9761bbf 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -598,7 +598,6 @@ For MySQL:: `ip_address` varchar(45) NOT NULL, `timestamp` int(10) unsigned DEFAULT 0 NOT NULL, `data` blob NOT NULL, - PRIMARY KEY (id), KEY `ci_sessions_timestamp` (`timestamp`) ); @@ -608,17 +607,23 @@ For PostgreSQL:: "id" varchar(40) NOT NULL, "ip_address" varchar(45) NOT NULL, "timestamp" bigint DEFAULT 0 NOT NULL, - "data" text DEFAULT '' NOT NULL, - PRIMARY KEY ("id") + "data" text DEFAULT '' NOT NULL ); CREATE INDEX "ci_sessions_timestamp" ON "ci_sessions" ("timestamp"); -However, if you want to turn on the *sess_match_ip* setting, you should -also do the following, after creating the table:: +You will also need to add a PRIMARY KEY **depending on your 'sess_match_ip' +setting**. The examples below work both on MySQL and PostgreSQL:: + + // When sess_match_ip = TRUE + ALTER TABLE ci_sessions ADD PRIMARY KEY (id, ip_address); + + // When sess_match_ip = FALSE + ALTER TABLE ci_sessions ADD PRIMARY KEY (id); + + // To drop a previously created primary key (use when changing the setting) + ALTER TABLE ci_sessions DROP PRIMARY KEY; - // Works both on MySQL and PostgreSQL - ALTER TABLE ci_sessions ADD CONSTRAINT ci_sessions_id_ip UNIQUE (id, ip_address); .. important:: Only MySQL and PostgreSQL databases are officially supported, due to lack of advisory locking mechanisms on other -- cgit v1.2.3-24-g4f1b From c283443ad0c839a02485e071171ced644f017a1f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 2 Sep 2015 14:30:04 +0300 Subject: [ci skip] Improve FV language string instructions As suggested in #4095 --- user_guide_src/source/libraries/form_validation.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index be6d1f233..1fde68d73 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -547,7 +547,10 @@ All of the native error messages are located in the following language file: **system/language/english/form_validation_lang.php** To set your own global custom message for a rule, you can either -edit that file, or use the following method:: +extend/override the language file by creating your own in +**application/language/english/form_validation_lang.php** (read more +about this in the :doc:`Language Class ` documentation), +or use the following method:: $this->form_validation->set_message('rule', 'Error Message'); -- cgit v1.2.3-24-g4f1b From 2845decb8a1867ae15eff941ae828c210fa64d7e Mon Sep 17 00:00:00 2001 From: Дмитрий Date: Sun, 27 Sep 2015 07:34:11 +0800 Subject: cal_cel_other forget to close a tag cal_cel_other --- user_guide_src/source/libraries/calendar.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/calendar.rst b/user_guide_src/source/libraries/calendar.rst index 52883d297..ea0f4d108 100644 --- a/user_guide_src/source/libraries/calendar.rst +++ b/user_guide_src/source/libraries/calendar.rst @@ -179,7 +179,7 @@ will be placed within a pair of pseudo-variables as shown here:: {cal_cell_blank} {/cal_cell_blank} - {cal_cell_other}{day}{cal_cel_other} + {cal_cell_other}{day}{/cal_cel_other} {cal_cell_end}{/cal_cell_end} {cal_cell_end_today}{/cal_cell_end_today} @@ -304,4 +304,4 @@ Class Reference :rtype: CI_Calendar Harvests the data within the template ``{pseudo-variables}`` used to - display the calendar. \ No newline at end of file + display the calendar. -- cgit v1.2.3-24-g4f1b From e837851d3626617ff9f8311c45d26449167d5fa8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 29 Sep 2015 12:30:55 +0300 Subject: Merge pull request #4126 from zoaked/patch-1 Persist config file rules when using FV reset_validation() --- user_guide_src/source/libraries/form_validation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source/libraries') diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 1fde68d73..c288cc8c0 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -1140,4 +1140,4 @@ the following functions: - :php:func:`set_radio()` Note that these are procedural functions, so they **do not** require you -to prepend them with ``$this->form_validation``. \ No newline at end of file +to prepend them with ``$this->form_validation``. -- cgit v1.2.3-24-g4f1b