From a92b903c0e6c2faa2a9480e23e2d3e4b6308878f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Dec 2011 19:05:58 +0200 Subject: Improve the Image manipulation library --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8a7109feb..6c80be569 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -76,6 +76,7 @@ Bug fixes for 3.0 - Bug #795 - Fixed form method and accept-charset when passing an empty array. - Bug #797 - timespan was using incorrect seconds for year and month. - Fixed a bug in CI_Cart::contents() where if called without a TRUE (or equal) parameter, it would fail due to a typo. +- Fixed a bug in CI_Image_lib::gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted. Version 2.1.0 ============= -- cgit v1.2.3-24-g4f1b From 41dd4938306b173fdcc57049f610af4c42949268 Mon Sep 17 00:00:00 2001 From: Andrew Bergal Date: Sat, 24 Dec 2011 22:27:21 -0500 Subject: Fix news item href --- user_guide_src/source/tutorial/news_section.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/tutorial/news_section.rst b/user_guide_src/source/tutorial/news_section.rst index fe8e41607..38e4214ca 100644 --- a/user_guide_src/source/tutorial/news_section.rst +++ b/user_guide_src/source/tutorial/news_section.rst @@ -149,7 +149,7 @@ and add the next piece of code.
-

View article

+

View article

-- cgit v1.2.3-24-g4f1b From 7219c07e9e6be839cbf9931a17d587ef4b2895b1 Mon Sep 17 00:00:00 2001 From: WanWizard Date: Wed, 28 Dec 2011 14:09:05 +0100 Subject: added query grouping to Active Record this is a feature that has been lacking for a very long time. lots of people complained about it over the years, but it never got added so you'd have to resort to handcrafted queries when you needed this feature. This is a port of code from DataMapper, in use since CI 1.6. --- user_guide_src/source/database/active_record.rst | 170 +++++++++++++++-------- 1 file changed, 109 insertions(+), 61 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/database/active_record.rst b/user_guide_src/source/database/active_record.rst index 1600f0bd9..c04e67d2a 100644 --- a/user_guide_src/source/database/active_record.rst +++ b/user_guide_src/source/database/active_record.rst @@ -45,7 +45,7 @@ You'll notice that the above function is assigned to a variable named $query, which can be used to show the results:: $query = $this->db->get('mytable'); - + foreach ($query->result() as $row) { echo $row->title; @@ -57,31 +57,31 @@ discussion regarding result generation. $this->db->get_compiled_select() ================================ -Compiles the selection query just like `$this->db->get()`_ but does not *run* +Compiles the selection query just like `$this->db->get()`_ but does not *run* the query. This method simply returns the SQL query as a string. Example:: $sql = $this->db->get_compiled_select('mytable'); echo $sql; - + // Produces string: SELECT * FROM mytable - -The second parameter enables you to set whether or not the active record query + +The second parameter enables you to set whether or not the active record query will be reset (by default it will be—just like `$this->db->get()`):: echo $this->db->limit(10,20)->get_compiled_select('mytable', FALSE); - // Produces string: SELECT * FROM mytable LIMIT 20, 10 + // Produces string: SELECT * FROM mytable LIMIT 20, 10 // (in MySQL. Other databases have slightly different syntax) - + echo $this->db->select('title, content, date')->get_compiled_select(); // Produces string: SELECT title, content, date FROM mytable - -The key thing to notice in the above example is that the second query did not -utilize `$this->db->from()`_ and did not pass a table name into the first -parameter. The reason for this outcome is because the query has not been -executed using `$this->db->get()`_ which resets values or reset directly + +The key thing to notice in the above example is that the second query did not +utilize `$this->db->from()`_ and did not pass a table name into the first +parameter. The reason for this outcome is because the query has not been +executed using `$this->db->get()`_ which resets values or reset directly using `$this->db->reset_query()`_. @@ -116,7 +116,7 @@ with backticks. This is useful if you need a compound select statement. :: - $this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4') AS amount_paid', FALSE); + $this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4') AS amount_paid', FALSE); $query = $this->db->get('mytable'); @@ -130,7 +130,7 @@ include a second parameter to rename the resulting field. $this->db->select_max('age'); $query = $this->db->get('members'); // Produces: SELECT MAX(age) as age FROM members - + $this->db->select_max('age', 'member_age'); $query = $this->db->get('members'); // Produces: SELECT MAX(age) as member_age FROM members @@ -195,7 +195,7 @@ Permits you to write the JOIN portion of your query:: $this->db->from('blogs'); $this->db->join('comments', 'comments.id = blogs.id'); $query = $this->db->get(); - + // Produces: // SELECT * FROM blogs JOIN comments ON comments.id = blogs.id @@ -224,7 +224,7 @@ methods: :: - $this->db->where('name', $name); // Produces: WHERE name = 'Joe' + $this->db->where('name', $name); // Produces: WHERE name = 'Joe' Notice that the equal sign is added for you. @@ -236,7 +236,7 @@ methods: $this->db->where('name', $name); $this->db->where('title', $title); $this->db->where('status', $status); - // WHERE name = 'Joe' AND title = 'boss' AND status = 'active' + // WHERE name = 'Joe' AND title = 'boss' AND status = 'active' #. **Custom key/value method:** You can include an operator in the first parameter in order to @@ -245,7 +245,7 @@ methods: :: $this->db->where('name !=', $name); - $this->db->where('id <', $id); // Produces: WHERE name != 'Joe' AND id < 45 + $this->db->where('id <', $id); // Produces: WHERE name != 'Joe' AND id < 45 #. **Associative array method:** @@ -253,7 +253,7 @@ methods: $array = array('name' => $name, 'title' => $title, 'status' => $status); $this->db->where($array); - // Produces: WHERE name = 'Joe' AND title = 'boss' AND status = 'active' + // Produces: WHERE name = 'Joe' AND title = 'boss' AND status = 'active' You can include your own operators using this method as well: @@ -354,7 +354,7 @@ searches. :: - $this->db->like('title', 'match'); // Produces: WHERE title LIKE '%match%' + $this->db->like('title', 'match'); // Produces: WHERE title LIKE '%match%' If you use multiple function calls they will be chained together with AND between them:: @@ -371,7 +371,7 @@ searches. $this->db->like('title', 'match', 'before'); // Produces: WHERE title LIKE '%match' $this->db->like('title', 'match', 'after'); // Produces: WHERE title LIKE 'match%' - $this->db->like('title', 'match', 'both'); // Produces: WHERE title LIKE '%match%' + $this->db->like('title', 'match', 'both'); // Produces: WHERE title LIKE '%match%' #. **Associative array method:** @@ -443,7 +443,7 @@ Permits you to write the HAVING portion of your query. There are 2 possible syntaxes, 1 argument or 2:: $this->db->having('user_id = 45'); // Produces: HAVING user_id = 45 - $this->db->having('user_id', 45); // Produces: HAVING user_id = 45 + $this->db->having('user_id', 45); // Produces: HAVING user_id = 45 You can also pass an array of multiple values as well:: @@ -486,7 +486,7 @@ Or multiple function calls can be made if you need multiple fields. :: $this->db->order_by("title", "desc"); - $this->db->order_by("name", "asc"); // Produces: ORDER BY title DESC, name ASC + $this->db->order_by("name", "asc"); // Produces: ORDER BY title DESC, name ASC .. note:: order_by() was formerly known as orderby(), which has been @@ -518,7 +518,7 @@ where(), or_where(), like(), or_like(), etc. Example:: echo $this->db->count_all_results('my_table'); // Produces an integer, like 25 $this->db->like('title', 'match'); $this->db->from('my_table'); - echo $this->db->count_all_results(); // Produces an integer, like 17 + echo $this->db->count_all_results(); // Produces an integer, like 17 $this->db->count_all() ====================== @@ -528,6 +528,54 @@ Submit the table name in the first parameter. Example:: echo $this->db->count_all('my_table'); // Produces an integer, like 25 +************** +Query grouping +************** + +Query grouping allows you to create groups of WHERE clauses by enclosing them in parentheses. This will allow +you to create queries with complex WHERE clauses. Nested groups are supported. Example: + + $this->db->select('*')->from('my_table') + ->group_start() + ->where('a', 'a') + ->or_group_start() + ->where('b', 'b') + ->where('c', 'c') + ->group_end() + ->group_end() + ->where('d', 'd') + ->get(); + + // Generates: + // SELECT * FROM (`my_table`) WHERE ( `a` = 'a' OR ( `b` = 'b' AND `c` = 'c' ) ) AND `d` = 'd' + +.. note:: groups need to be balanced, make sure every group_start() is matched by a group_end(). + +$this->db->group_start() +======================== + +Starts a new group by adding an opening parenthesis to the WHERE clause of the query. + +$this->db->or_group_start() +=========================== + +Starts a new group by adding an opening parenthesis to the WHERE clause of the query, prefixing it with 'OR'. + +$this->db->not_group_start() +============================ + +Starts a new group by adding an opening parenthesis to the WHERE clause of the query, prefixing it with 'NOT'. + +$this->db->or_not_group_start() +=============================== + +Starts a new group by adding an opening parenthesis to the WHERE clause of the query, prefixing it with 'OR NOT'. + +$this->db->group_end() +====================== + +Ends the current group by adding an closing parenthesis to the WHERE clause of the query. + ************** Inserting Data ************** @@ -544,7 +592,7 @@ function. Here is an example using an array:: 'name' => 'My Name', 'date' => 'My date' ); - + $this->db->insert('mytable', $data); // Produces: INSERT INTO mytable (title, name, date) VALUES ('My title', 'My name', 'My date') @@ -560,7 +608,7 @@ Here is an example using an object:: var $date = 'My Date'; } */ - + $object = new Myclass; $this->db->insert('mytable', $object); // Produces: INSERT INTO mytable (title, content, date) VALUES ('My Title', 'My Content', 'My Date') @@ -572,7 +620,7 @@ object. $this->db->get_compiled_insert() ================================ -Compiles the insertion query just like `$this->db->insert()`_ but does not +Compiles the insertion query just like `$this->db->insert()`_ but does not *run* the query. This method simply returns the SQL query as a string. Example:: @@ -582,27 +630,27 @@ Example:: 'name' => 'My Name', 'date' => 'My date' ); - + $sql = $this->db->set($data)->get_compiled_insert('mytable'); echo $sql; - + // Produces string: INSERT INTO mytable (title, name, date) VALUES ('My title', 'My name', 'My date') -The second parameter enables you to set whether or not the active record query +The second parameter enables you to set whether or not the active record query will be reset (by default it will be--just like `$this->db->insert()`_):: - + echo $this->db->set('title', 'My Title')->get_compiled_insert('mytable', FALSE); - + // Produces string: INSERT INTO mytable (title) VALUES ('My Title') - + echo $this->db->set('content', 'My Content')->get_compiled_insert(); // Produces string: INSERT INTO mytable (title, content) VALUES ('My Title', 'My Content') - -The key thing to notice in the above example is that the second query did not -utlize `$this->db->from()`_ nor did it pass a table name into the first -parameter. The reason this worked is because the query has not been executed -using `$this->db->insert()`_ which resets values or reset directly using + +The key thing to notice in the above example is that the second query did not +utlize `$this->db->from()`_ nor did it pass a table name into the first +parameter. The reason this worked is because the query has not been executed +using `$this->db->insert()`_ which resets values or reset directly using `$this->db->reset_query()`_. $this->db->insert_batch() @@ -624,7 +672,7 @@ function. Here is an example using an array:: 'date' => 'Another date' ) ); - + $this->db->insert_batch('mytable', $data); // Produces: INSERT INTO mytable (title, name, date) VALUES ('My title', 'My name', 'My date'), ('Another title', 'Another name', 'Another date') @@ -652,7 +700,7 @@ based on whether you are doing an insert or an update:: $this->db->set('name', $name); $this->db->set('title', $title); $this->db->set('status', $status); - $this->db->insert('mytable'); + $this->db->insert('mytable'); **set()** will also accept an optional third parameter ($escape), that will prevent data from being escaped if set to FALSE. To illustrate the @@ -674,7 +722,7 @@ You can also pass an associative array to this function:: 'title' => $title, 'status' => $status ); - + $this->db->set($array); $this->db->insert('mytable'); @@ -687,7 +735,7 @@ Or an object:: var $date = 'My Date'; } */ - + $object = new Myclass; $this->db->set($object); $this->db->insert('mytable'); @@ -709,7 +757,7 @@ is an example using an array:: 'name' => $name, 'date' => $date ); - + $this->db->where('id', $id); $this->db->update('mytable', $data); // Produces: // UPDATE mytable // SET title = '{$title}', name = '{$name}', date = '{$date}' // WHERE id = $id @@ -723,7 +771,7 @@ Or you can supply an object:: var $date = 'My Date'; } */ - + $object = new Myclass; $this->db->where('id', $id); $this->db->update('mytable', $object); @@ -764,14 +812,14 @@ Here is an example using an array:: ) ); - $this->db->update_batch('mytable', $data, 'title'); + $this->db->update_batch('mytable', $data, 'title'); - // Produces: + // Produces: // UPDATE `mytable` SET `name` = CASE // WHEN `title` = 'My title' THEN 'My Name 2' // WHEN `title` = 'Another title' THEN 'Another Name 2' // ELSE `name` END, - // `date` = CASE + // `date` = CASE // WHEN `title` = 'My title' THEN 'My date 2' // WHEN `title` = 'Another title' THEN 'Another date 2' // ELSE `date` END @@ -810,7 +858,7 @@ the data to the second parameter of the function:: $this->db->where('id', $id); $this->db->delete('mytable'); - + // Produces: // DELETE FROM mytable // WHERE id = $id @@ -847,17 +895,17 @@ Generates a truncate SQL string and runs the query. $this->db->from('mytable'); $this->db->truncate(); - - // or - + + // or + $this->db->truncate('mytable'); - + // Produce: - // TRUNCATE mytable + // TRUNCATE mytable .. note:: If the TRUNCATE command isn't available, truncate() will execute as "DELETE FROM table". - + $this->db->get_compiled_delete() ================================ This works exactly the same way as ``$this->db->get_compiled_insert()`` except @@ -917,11 +965,11 @@ Here's a usage example:: $this->db->stop_cache(); $this->db->get('tablename'); //Generates: SELECT `field1` FROM (`tablename`) - + $this->db->select('field2'); $this->db->get('tablename'); //Generates: SELECT `field1`, `field2` FROM (`tablename`) - + $this->db->flush_cache(); $this->db->select('field2'); $this->db->get('tablename'); @@ -935,13 +983,13 @@ Here's a usage example:: $this->db->reset_query() ======================== -Resetting Active Record allows you to start fresh with your query without -executing it first using a method like $this->db->get() or $this->db->insert(). -Just like the methods that execute a query, this will *not* reset items you've +Resetting Active Record allows you to start fresh with your query without +executing it first using a method like $this->db->get() or $this->db->insert(). +Just like the methods that execute a query, this will *not* reset items you've cached using `Active Record Caching`_. -This is useful in situations where you are using Active Record to generate SQL -(ex. ``$this->db->get_compiled_select()``) but then choose to, for instance, +This is useful in situations where you are using Active Record to generate SQL +(ex. ``$this->db->get_compiled_select()``) but then choose to, for instance, run the query:: // Note that the second parameter of the get_compiled_select method is FALSE -- cgit v1.2.3-24-g4f1b From 64dbdfb60e0556177061db2eecdf899111ae4ac9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 30 Dec 2011 14:14:07 +0200 Subject: Added support for 3-length hex color values format and a number of validation improvements --- user_guide_src/source/changelog.rst | 5 +++++ user_guide_src/source/libraries/image_lib.rst | 10 ++++------ 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a9673de88..927705b63 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -53,6 +53,11 @@ Release Date: Not Released - It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites. - Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe" - Added function remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatability + - Image manipulation library changes include: + - The initialize() method now only sets existing class properties. + - Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them. + - Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking the text_watermark() method + if they are set manually after initialization. - Minor speed optimizations and method & property visibility declarations in the Calendar Library. - Core diff --git a/user_guide_src/source/libraries/image_lib.rst b/user_guide_src/source/libraries/image_lib.rst index 14bd128a6..ed6575c62 100644 --- a/user_guide_src/source/libraries/image_lib.rst +++ b/user_guide_src/source/libraries/image_lib.rst @@ -390,13 +390,11 @@ Preference Default Value Options Description **wm_font_size** 16 None The size of the text. Note: If you are not using the True Type option above, the number is set using a range of 1 - 5. Otherwise, you can use any valid pixel size for the font you're using. -**wm_font_color** ffffff None The font color, specified in hex. Note, you must use the full 6 - character hex value (ie, 993300), rather than the three character - abbreviated version (ie fff). +**wm_font_color** ffffff None The font color, specified in hex. Both the full 6-length (ie, 993300) and + the short three character abbreviated version (ie, fff) are supported. **wm_shadow_color** None None The color of the drop shadow, specified in hex. If you leave this blank - a drop shadow will not be used. Note, you must use the full 6 character - hex value (ie, 993300), rather than the three character abbreviated - version (ie fff). + a drop shadow will not be used. Both the full 6-length (ie, 993300) and + the short three character abbreviated version (ie, fff) are supported. **wm_shadow_distance** 3 None The distance (in pixels) from the font that the drop shadow should appear. ======================= =================== =================== ========================================================================== -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- user_guide_src/source/_themes/eldocs/static/asset/css/common.css | 2 +- user_guide_src/source/conf.py | 4 ++-- user_guide_src/source/tutorial/static_pages.rst | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/_themes/eldocs/static/asset/css/common.css b/user_guide_src/source/_themes/eldocs/static/asset/css/common.css index 45b1fe724..b9e28aec0 100644 --- a/user_guide_src/source/_themes/eldocs/static/asset/css/common.css +++ b/user_guide_src/source/_themes/eldocs/static/asset/css/common.css @@ -16,7 +16,7 @@ If you did not receive a copy of the license and are unable to obtain it through the world wide web, please send an email to licensing@ellislab.com so we can send you a copy immediately. -Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) +Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) */ diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index bb10d06e4..593ceaf1c 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -41,7 +41,7 @@ master_doc = 'index' # General information about the project. project = u'CodeIgniter' -copyright = u'2011, EllisLab, Inc.' +copyright = u'2012, EllisLab, Inc.' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the @@ -223,7 +223,7 @@ man_pages = [ epub_title = u'CodeIgniter' epub_author = u'EllisLab, Inc.' epub_publisher = u'EllisLab, Inc.' -epub_copyright = u'2011, EllisLab, Inc.' +epub_copyright = u'2012, EllisLab, Inc.' # The language of the text. It defaults to the language option # or en if the language is not set. diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 82de2a8cb..c7f737951 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -72,7 +72,7 @@ includes the following code: :: - © 2011 + © 2012 -- cgit v1.2.3-24-g4f1b From 7c9766a67948613b7fcb141728fb41fcd3ea1844 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 3 Jan 2012 10:18:41 +0200 Subject: Some additions to mimes.php --- user_guide_src/source/changelog.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 59d2ea88d..f611be5c3 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -24,9 +24,11 @@ Release Date: Not Released - Added Windows 7 to the list of user platforms. - Ability to log certain error types, not all under a threshold. - Added support for pem, p10, p12, p7a, p7c, p7m, p7r, p7s, crt, crl, der, kdb, rsa, cer, sst, csr Certs to mimes.php. - - Added support pgp and gpg to mimes.php. - - Added support 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php. - - Added support m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php. + - Added support for pgp and gpg to mimes.php. + - Added support for 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php. + - Added support for m4a, aac, m4u, xspf, au, ac3, flac, ogg Audio files to mimes.php. + - Added support for kmz and kml (Google Earth) files to mimes.php. + - Added application/xml for xml and application/xml, text/xsl for xsl in mimes.php. - Changed logger to only chmod when file is first created. - Removed previously deprecated SHA1 Library. -- cgit v1.2.3-24-g4f1b From d81150feddf5605d6afe70d4f641f013e42df586 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 3 Jan 2012 11:06:32 +0200 Subject: Update the changelog --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 59d2ea88d..1fa374334 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -89,6 +89,7 @@ Bug fixes for 3.0 - Fixed a bug (#696) - make oci_execute calls inside num_rows non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed. - Fixed a bug (#406) - sqlsrv DB driver not reuturning resource on db_pconnect(). - Fixed a bug in CI_Image_lib::gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted. +- Fixed a bug (#561) - Errors in :doc:`XML-RPC Library ` were not properly escaped. Version 2.1.0 ============= -- cgit v1.2.3-24-g4f1b From 23ea93bf58bb3ad47bad08c17efa4067abbb5253 Mon Sep 17 00:00:00 2001 From: RS71 Date: Tue, 3 Jan 2012 12:43:16 -0200 Subject: Update user_guide_src/source/libraries/security.rst --- user_guide_src/source/libraries/security.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 8ee0c6e77..e7d25555f 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -85,6 +85,10 @@ If you use the :doc:`form helper <../helpers/form_helper>` the form_open() function will automatically insert a hidden csrf field in your forms. +Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter:: + + $config['csrf_regeneration'] = TRUE; + Select URIs can be whitelisted from csrf protection (for example API endpoints expecting externally POSTed content). You can add these URIs by editing the 'csrf_exclude_uris' config parameter:: -- cgit v1.2.3-24-g4f1b From 0fc6409cae13c6be6749e1f160a144fc90713f8b Mon Sep 17 00:00:00 2001 From: RS71 Date: Tue, 3 Jan 2012 12:50:55 -0200 Subject: Update user_guide_src/source/changelog.rst --- user_guide_src/source/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 59d2ea88d..b2f247589 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -61,6 +61,8 @@ Release Date: Not Released if they are set manually after initialization. - Minor speed optimizations and method & property visibility declarations in the Calendar Library. - Removed SHA1 function in the :doc:`Encryption Library `. + - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library `, which makes token regeneration optional. + - Core -- cgit v1.2.3-24-g4f1b From 43fcdbcac05a0cdc5c2a77c79c641849c41caa9e Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Wed, 4 Jan 2012 21:27:47 -0500 Subject: Added pagination change log item back. --- user_guide_src/source/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index f611be5c3..668f073df 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -91,6 +91,9 @@ Bug fixes for 3.0 - Fixed a bug (#696) - make oci_execute calls inside num_rows non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed. - Fixed a bug (#406) - sqlsrv DB driver not reuturning resource on db_pconnect(). - Fixed a bug in CI_Image_lib::gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted. +- In Pagination library, when use_page_numbers=TRUE previous link and page 1 link do not have the same url + + Version 2.1.0 ============= -- cgit v1.2.3-24-g4f1b From 75f7c12815c62782163a54e84707f50459b6ef5d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 03:49:25 +0200 Subject: Remove loading of ['core'] elements --- user_guide_src/source/changelog.rst | 7 ++++--- user_guide_src/source/installation/upgrade_300.rst | 9 +++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 763f58b8f..7e7be0689 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -31,6 +31,8 @@ Release Date: Not Released - Added application/xml for xml and application/xml, text/xsl for xsl in mimes.php. - Changed logger to only chmod when file is first created. - Removed previously deprecated SHA1 Library. + - Removed previously deprecated use of ``$autoload['core']`` in application/config/autoload.php. + Only entries in ``$autoload['libraries']`` are auto-loaded now. - Helpers @@ -66,10 +68,9 @@ Release Date: Not Released - Core - - Changed private functions in CI_URI to protected so MY_URI can - override them. + - Changed private functions in CI_URI to protected so MY_URI can override them. - Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions). - - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars() + - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). Bug fixes for 3.0 ------------------ diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 960485ae3..4c594ab17 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -15,6 +15,9 @@ Replace all files and directories in your "system" folder and replace your index.php file. If any modifications were made to your index.php they will need to be made fresh in this new one. +.. note:: If you have any custom developed files in these folders please + make copies of them first. + Step 2: Change References to the SHA Library ============================================ @@ -23,6 +26,8 @@ Alter your code to use the native `sha1()` PHP function to generate a sha1 hash. Additionally, the `sha1()` method in the :doc:`Encryption Library <../libraries/encryption>` has been removed. +Step 3: Remove $autoload['core'] from your config/autoload.php +============================================================== -.. note:: If you have any custom developed files in these folders please - make copies of them first. +Use of the `$autoload['core']` config array has been deprecated as of CodeIgniter 1.4.1 and is now removed. +Move any entries that you might have listed there to `$autoload['libraries']` instead. -- cgit v1.2.3-24-g4f1b From d47baab1bd4d655a68981834d11727ae8c2a3a45 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 9 Jan 2012 16:56:46 +0200 Subject: Fix issue #904 --- user_guide_src/source/changelog.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d9eca7fef..48011f208 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -67,12 +67,12 @@ Release Date: Not Released - Removed SHA1 function in the :doc:`Encryption Library `. - Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library `, which makes token regeneration optional. - - Core - Changed private functions in CI_URI to protected so MY_URI can override them. - Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions). - Added method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars(). + - is_loaded() function from system/core/Commons.php now returns a reference. Bug fixes for 3.0 ------------------ @@ -96,7 +96,7 @@ Bug fixes for 3.0 - Fixed a bug in CI_Image_lib::gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted. - In Pagination library, when use_page_numbers=TRUE previous link and page 1 link do not have the same url - Fixed a bug (#561) - Errors in :doc:`XML-RPC Library ` were not properly escaped. - +- Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used. Version 2.1.0 ============= -- cgit v1.2.3-24-g4f1b From 5287f6643f5ca55c360a6372c526c8c06c0c4912 Mon Sep 17 00:00:00 2001 From: insign Date: Mon, 9 Jan 2012 18:07:34 -0200 Subject: Removed the first slash of the line 51. With this, the goal of the code don't work. I tried it in many Apache servers. Sorry if I am wrong. --- user_guide_src/source/general/urls.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/general/urls.rst b/user_guide_src/source/general/urls.rst index 3126fcf36..857078b1c 100644 --- a/user_guide_src/source/general/urls.rst +++ b/user_guide_src/source/general/urls.rst @@ -48,7 +48,7 @@ method in which everything is redirected except the specified items: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ /index.php/$1 [L] + RewriteRule ^(.*)$ index.php/$1 [L] In the above example, any HTTP request other than those for existing directories and existing files is treated as a request for your index.php file. -- cgit v1.2.3-24-g4f1b