From 7dd6f14073c109a3227d78e30780ab79117bda42 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 30 Jan 2018 15:08:21 +0200 Subject: Fix a QB bug where where(), having() treated values passed to them as arbitrary SQL --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index f6e24e519..9b7f0149c 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -15,6 +15,7 @@ Bug fixes for 3.1.8 ------------------- - Fixed a bug where :doc:`Form Validation Library `, :doc:`Email Library ` tried to use ``INTL_IDNA_VARIANT_UTS46`` when it was undeclared. +- Fixed a bug where :doc:`Query Builder ` methods ``where()``, ``having()`` treated values passed to them as arbitrary SQL. Version 3.1.7 ============= -- cgit v1.2.3-24-g4f1b From a911daa2775ee9d09404c91c8954c6a216568cb5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 31 Jan 2018 23:58:39 +0200 Subject: [ci skip] Add changelog entry for PR #5391 --- user_guide_src/source/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 9b7f0149c..63de806f6 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -7,6 +7,10 @@ Version 3.1.8 Release Date: Not Released +- **Security** + + - Updated :doc:`URL Helper ` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. + - General Changes - Updated :doc:`Email Library ` to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections. -- cgit v1.2.3-24-g4f1b From 84760562d5bb875af0a33b0d0f636dc3081db7c0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 12 Feb 2018 15:15:47 +0200 Subject: [ci skip] Fix rendering of literal 'http://' strings in the manual --- user_guide_src/source/changelog.rst | 4 ++-- user_guide_src/source/helpers/string_helper.rst | 4 ++-- user_guide_src/source/helpers/url_helper.rst | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 63de806f6..2b82d7b36 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -1938,7 +1938,7 @@ Hg Tag: v2.0.0 precision. - Added alpha, and sha1 string types to random_string() in the :doc:`String Helper `. - - Modified prep_url() so as to not prepend http:// if the supplied + - Modified prep_url() so as to not prepend \http:// if the supplied string already has a scheme. - Modified get_file_info in the file helper, changing filectime() to filemtime() for dates. @@ -2678,7 +2678,7 @@ Bugfixes for 1.6.2 instantiating new Language and Exception objects, and not using the error heading. - Fixed a bug (#4413) where a URI containing slashes only e.g. - 'http://example.com/index.php?//' would result in PHP errors + '\http://example.com/index.php?//' would result in PHP errors - Fixed an array to string conversion error in the Validation library (#4425) - Fixed bug (#4451, #4299, #4339) where failed transactions will not diff --git a/user_guide_src/source/helpers/string_helper.rst b/user_guide_src/source/helpers/string_helper.rst index a1fd7ee15..6dabc60d3 100644 --- a/user_guide_src/source/helpers/string_helper.rst +++ b/user_guide_src/source/helpers/string_helper.rst @@ -127,7 +127,7 @@ The following functions are available: :rtype: string Converts double slashes in a string to a single slash, except those - found in URL protocol prefixes (e.g. http://). + found in URL protocol prefixes (e.g. \http://). Example:: @@ -220,4 +220,4 @@ The following functions are available: Removes single and double quotes from a string. Example:: $string = "Joe's \"dinner\""; - $string = strip_quotes($string); //results in "Joes dinner" \ No newline at end of file + $string = strip_quotes($string); //results in "Joes dinner" diff --git a/user_guide_src/source/helpers/url_helper.rst b/user_guide_src/source/helpers/url_helper.rst index 435a21df4..e117d37c0 100644 --- a/user_guide_src/source/helpers/url_helper.rst +++ b/user_guide_src/source/helpers/url_helper.rst @@ -144,7 +144,7 @@ The following functions are available: be a string or an array. .. note:: If you are building links that are internal to your application - do not include the base URL (http://...). This will be added + do not include the base URL (\http://...). This will be added automatically from the information specified in your config file. Include only the URI segments you wish appended to the URL. @@ -317,7 +317,7 @@ The following functions are available: :returns: Protocol-prefixed URL string :rtype: string - This function will add http:// in the event that a protocol prefix + This function will add \http:// in the event that a protocol prefix is missing from a URL. Pass the URL string to the function like this:: -- cgit v1.2.3-24-g4f1b From 2f1fc71c61ee9c781949d525f27fa1d5f11b9a95 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 28 Feb 2018 22:33:36 +0200 Subject: [ci skip] Fix 5423 --- user_guide_src/source/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 2b82d7b36..37291e196 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -14,12 +14,14 @@ Release Date: Not Released - General Changes - Updated :doc:`Email Library ` to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections. + - Updated :doc:`Database Library ` method ``version()`` to exclude suffixes to the main version numbers with the 'postgre' driver. Bug fixes for 3.1.8 ------------------- - Fixed a bug where :doc:`Form Validation Library `, :doc:`Email Library ` tried to use ``INTL_IDNA_VARIANT_UTS46`` when it was undeclared. - Fixed a bug where :doc:`Query Builder ` methods ``where()``, ``having()`` treated values passed to them as arbitrary SQL. +- Fixed a bug (#5423) - :doc:`Database Library ` method ``insert_id()`` failed due to incorrect server version parsing with the 'postgre' driver. Version 3.1.7 ============= -- cgit v1.2.3-24-g4f1b From 8ff2b1055e902ef4c66bbb6e3b1a4554872e6659 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 28 Feb 2018 22:44:09 +0200 Subject: [ci skip] Fix #5425 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 37291e196..95af9c086 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -22,6 +22,7 @@ Bug fixes for 3.1.8 - Fixed a bug where :doc:`Form Validation Library `, :doc:`Email Library ` tried to use ``INTL_IDNA_VARIANT_UTS46`` when it was undeclared. - Fixed a bug where :doc:`Query Builder ` methods ``where()``, ``having()`` treated values passed to them as arbitrary SQL. - Fixed a bug (#5423) - :doc:`Database Library ` method ``insert_id()`` failed due to incorrect server version parsing with the 'postgre' driver. +- Fixed a bug (#5425) - :doc:`XML-RPC Library ` produced an error message related to ``count()`` on PHP 7.2. Version 3.1.7 ============= -- cgit v1.2.3-24-g4f1b From dc1d71cea3ef0dc35fabdcebbaca6e333051aa40 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 10 Mar 2018 02:12:18 +0200 Subject: [ci skip] Add changelog entry for #5434 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 95af9c086..4eaed24ec 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -23,6 +23,7 @@ Bug fixes for 3.1.8 - Fixed a bug where :doc:`Query Builder ` methods ``where()``, ``having()`` treated values passed to them as arbitrary SQL. - Fixed a bug (#5423) - :doc:`Database Library ` method ``insert_id()`` failed due to incorrect server version parsing with the 'postgre' driver. - Fixed a bug (#5425) - :doc:`XML-RPC Library ` produced an error message related to ``count()`` on PHP 7.2. +- Fixed a bug (#5434) - :doc:`Image Manipulation Library ` attempted to ``chmod()`` while rendering images with the ``dynamic_output`` option. Version 3.1.7 ============= -- cgit v1.2.3-24-g4f1b From 3d204b63df199c7fb41d2602867ac3835776f40a Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 10 Mar 2018 02:40:22 +0200 Subject: [ci skip] Fix #5420 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 4eaed24ec..37cd31d72 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -10,6 +10,7 @@ Release Date: Not Released - **Security** - Updated :doc:`URL Helper ` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. + - Updated :doc:`Security Library ` method ``xss_clean()`` to also filter JavaScript tag functions. - General Changes -- cgit v1.2.3-24-g4f1b From 6efd42ebafceda967d1d8def06ee412d3c1f382b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 15 Mar 2018 16:24:42 +0200 Subject: [ci skip] Fix #5435 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 37cd31d72..21f5aae44 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -25,6 +25,7 @@ Bug fixes for 3.1.8 - Fixed a bug (#5423) - :doc:`Database Library ` method ``insert_id()`` failed due to incorrect server version parsing with the 'postgre' driver. - Fixed a bug (#5425) - :doc:`XML-RPC Library ` produced an error message related to ``count()`` on PHP 7.2. - Fixed a bug (#5434) - :doc:`Image Manipulation Library ` attempted to ``chmod()`` while rendering images with the ``dynamic_output`` option. +- Fixed a bug (#5435) - :doc:`Database Results ` method ``field_data()`` hid info about one field if ``limit()`` was previously used with the 'oci8' driver. Version 3.1.7 ============= -- cgit v1.2.3-24-g4f1b From bcce0a17f72c9550491a35e35555294943ff7fc1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 15 Mar 2018 16:48:51 +0200 Subject: [ci skip] Add a changelog entry for PR #5431 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 21f5aae44..647ea93a1 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -11,6 +11,7 @@ Release Date: Not Released - Updated :doc:`URL Helper ` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. - Updated :doc:`Security Library ` method ``xss_clean()`` to also filter JavaScript tag functions. + - Fixed a bug where :doc:`Security Library ` method ``xss_clean()`` didn't check for parentheses around JavaScript's ``document``. - General Changes -- cgit v1.2.3-24-g4f1b From cdf3a9a54fb240bc17fc681b02bd6327ac15d7d0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 15 Mar 2018 16:58:31 +0200 Subject: [ci skip] Merge pull request #5437 from MadGuyyy/develop Docs spelling fix: utlize -> utilize --- user_guide_src/source/database/query_builder.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index 1b79c893a..38bc7fcff 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -654,7 +654,7 @@ will be reset (by default it will be--just like $this->db->insert()):: // Produces string: INSERT INTO mytable (`title`, `content`) VALUES ('My Title', 'My Content') The key thing to notice in the above example is that the second query did not -utlize `$this->db->from()` nor did it pass a table name into the first +utilize `$this->db->from()` nor did it pass a table name into the first parameter. The reason this worked is because the query has not been executed using `$this->db->insert()` which resets values or reset directly using `$this->db->reset_query()`. -- cgit v1.2.3-24-g4f1b From b12fbad77bd69ca0c7624a9094c29b7691ea6107 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 22 Mar 2018 16:44:41 +0200 Subject: [ci skip] Prepare 3.1.8 release --- user_guide_src/source/changelog.rst | 2 +- user_guide_src/source/conf.py | 4 ++-- user_guide_src/source/installation/downloads.rst | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 647ea93a1..371b49529 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -5,7 +5,7 @@ Change Log Version 3.1.8 ============= -Release Date: Not Released +Release Date: Mar 22, 2018 - **Security** diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index e03c3168f..553669996 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2018, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.1.8-dev' +version = '3.1.8' # The full version, including alpha/beta/rc tags. -release = '3.1.8-dev' +release = '3.1.8' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index 03913159b..27675a13c 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,7 +2,7 @@ Downloading CodeIgniter ####################### -- `CodeIgniter v3.1.8-dev (Current version) `_ +- `CodeIgniter v3.1.8 (Current version) `_ - `CodeIgniter v3.1.7 `_ - `CodeIgniter v3.1.6 `_ - `CodeIgniter v3.1.5 `_ -- cgit v1.2.3-24-g4f1b From 3d2073e877cb1fddbea8fcec5bc5d38b545cdcfa Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 22 Mar 2018 16:52:42 +0200 Subject: [ci skip] Mark the start of 3.1.9 development --- user_guide_src/source/changelog.rst | 6 ++++++ user_guide_src/source/conf.py | 4 ++-- user_guide_src/source/installation/downloads.rst | 3 ++- user_guide_src/source/installation/upgrade_319.rst | 14 ++++++++++++++ user_guide_src/source/installation/upgrading.rst | 1 + 5 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 user_guide_src/source/installation/upgrade_319.rst (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 371b49529..d0989da48 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -2,6 +2,12 @@ Change Log ########## +Version 3.1.9 +============= + +Release Date: Not Released + + Version 3.1.8 ============= diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index 553669996..7e1e52035 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2018, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.1.8' +version = '3.1.9-dev' # The full version, including alpha/beta/rc tags. -release = '3.1.8' +release = '3.1.9-dev' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index 27675a13c..6147f4dfd 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,7 +2,8 @@ Downloading CodeIgniter ####################### -- `CodeIgniter v3.1.8 (Current version) `_ +- `CodeIgniter v3.1.9-dev (Current version) `_ +- `CodeIgniter v3.1.8 `_ - `CodeIgniter v3.1.7 `_ - `CodeIgniter v3.1.6 `_ - `CodeIgniter v3.1.5 `_ diff --git a/user_guide_src/source/installation/upgrade_319.rst b/user_guide_src/source/installation/upgrade_319.rst new file mode 100644 index 000000000..99a7347a0 --- /dev/null +++ b/user_guide_src/source/installation/upgrade_319.rst @@ -0,0 +1,14 @@ +############################# +Upgrading from 3.1.8 to 3.1.9 +############################# + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index a51b128ec..95525a7c6 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -8,6 +8,7 @@ upgrading from. .. toctree:: :titlesonly: + Upgrading from 3.1.8 to 3.1.9 Upgrading from 3.1.7 to 3.1.8 Upgrading from 3.1.6 to 3.1.7 Upgrading from 3.1.5 to 3.1.6 -- cgit v1.2.3-24-g4f1b