From 8bd46fa3229814c6ffa629f2e764b3ff302c6fff Mon Sep 17 00:00:00 2001 From: kakysha Date: Mon, 9 Feb 2015 14:28:57 +0300 Subject: no more xss filtering on input --- user_guide_src/source/libraries/security.rst | 3 --- 1 file changed, 3 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 27e6e561b..ac56fc589 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -41,9 +41,6 @@ application/config/config.php file and setting this:: $config['global_xss_filtering'] = TRUE; -.. note:: If you use the form validation class, it gives you the option of - XSS filtering as well. - An optional second parameter, *is_image*, allows this function to be used to test images for potential XSS attacks, useful for file upload security. When this second parameter is set to TRUE, instead of -- cgit v1.2.3-24-g4f1b From 8f0a8d601d822cfb5bf69aea0e1bc65439a64d79 Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Mon, 9 Feb 2015 17:34:02 +0200 Subject: some missed explanation on set_value() ...sorry about that... --- user_guide_src/source/helpers/form_helper.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst index 4706ee706..af266ff5a 100644 --- a/user_guide_src/source/helpers/form_helper.rst +++ b/user_guide_src/source/helpers/form_helper.rst @@ -571,10 +571,11 @@ The following functions are available: // Would produce: -.. php:function:: set_value($field[, $default = '']) +.. php:function:: set_value($field[, $default = ''[,$html_escape = TRUE]]) :param string $field: Field name :param string $default: Default value + :param bool $html_escape: Whether to turn off HTML escaping of the value :returns: Field value :rtype: string -- cgit v1.2.3-24-g4f1b From 6732fae6a8e6a18ca840f708ee8a8f14c45b6b01 Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Mon, 9 Feb 2015 19:48:23 +0200 Subject: Update form_helper.rst --- user_guide_src/source/helpers/form_helper.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst index af266ff5a..9ddca89bc 100644 --- a/user_guide_src/source/helpers/form_helper.rst +++ b/user_guide_src/source/helpers/form_helper.rst @@ -571,7 +571,7 @@ The following functions are available: // Would produce: -.. php:function:: set_value($field[, $default = ''[,$html_escape = TRUE]]) +.. php:function:: set_value($field[, $default = ''[, $html_escape = TRUE]]) :param string $field: Field name :param string $default: Default value -- cgit v1.2.3-24-g4f1b From f1fde17a638154e285b8daba10c5a9301396033e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 10 Feb 2015 12:50:35 +0200 Subject: [ci skip] Add a upgrade notes about default_controller, 404_override --- user_guide_src/source/installation/upgrade_300.rst | 63 +++++++++++++++++----- 1 file changed, 50 insertions(+), 13 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 8983f3d18..73ed0f4c3 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -212,26 +212,63 @@ is suitable for the command line. This of course requires another level of separ It is safe to move your old templates from _application/errors* to _application/views/errors/html*, but you'll have to copy the new _application/views/errors/cli* directory from the CodeIgniter archive. -******************************************************* -Step 9: Update your config/routes.php containing (:any) -******************************************************* +****************************************** +Step 9: Update your config/routes.php file +****************************************** -Historically, CodeIgniter has always provided the **:any** wildcard in routing, -with the intention of providing a way to match any character **within** an URI segment. +Routes containing :any +====================== + +Historically, CodeIgniter has always provided the **:any** wildcard in +routing, with the intention of providing a way to match any character +**within** an URI segment. + +However, the **:any** wildcard is actually just an alias for a regular +expression and used to be executed in that manner as **.+**. This is +considered a bug, as it also matches the / (forward slash) character, which +is the URI segment delimiter and that was never the intention. -However, the **:any** wildcard is actually just an alias for a regular expression -and used to be executed in that manner as **.+**. This is considered a bug, as it -also matches the / (forward slash) character, which is the URI segment delimiter -and that was never the intention. In CodeIgniter 3, the **:any** wildcard will now -represent **[^/]+**, so that it will not match a forward slash. +In CodeIgniter 3, the **:any** wildcard will now represent **[^/]+**, so +that it will not match a forward slash. -There are certainly many developers that have utilized this bug as an actual feature. -If you're one of them and want to match a forward slash, please use the **.+** -regular expression:: +There are certainly many developers that have utilized this bug as an actual +feature. If you're one of them and want to match a forward slash, please use +the **.+** regular expression:: (.+) // matches ANYTHING (:any) // matches any character, except for '/' +Directories and 'default_controller', '404_override' +==================================================== + +As you should know, the ``$route['default_controller']`` and +``$route['404_override']`` settings accept not only a controller name, but +also *controller/method* pairs. However, a bug in the routing logic has +made it possible for some users to use that as *directory/controller* +instead. + +As already said, this behavior was incidental and was never intended, nor +documented. If you've relied on it, your application will break with +CodeIgniter 3.0. + +Another notable change in version 3 is that 'default_controller' and +'404_override' are now applied *per directory*. To explain what this means, +let's take the following example:: + + $route['default_controller'] = 'main'; + +Now, assuming that your website is located at *example.com*, you already +know that if a user visits ``http://example.com/``, the above setting will +cause your 'Main' controller to be loaded. + +However, what happens if you have an *application/controllers/admin/* +directory and the user visits ``http://example.com/admin/``? +In CodeIgniter 3, the router will look for a 'Main' controller under the +admin/ directory as well. If not found, it will fallback to the parent +(*application/controllers/*) directory, like in version 2.x. + +The same rule applies to the '404_override' setting. + ************************************************************************* Step 10: Many functions now return NULL instead of FALSE on missing items ************************************************************************* -- cgit v1.2.3-24-g4f1b From e263efa0631bde3e00427554571e243e3546fc22 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 12 Feb 2015 15:32:29 +0200 Subject: [ci skip] Correct db config docs about 'autoinit' --- user_guide_src/source/database/configuration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index 074725664..521eb6010 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -182,7 +182,7 @@ Explanation of Values: applications where you might run manually written queries, and need the prefix to still be customizable by the end user. **autoinit** Whether or not to automatically connect to the database when the library loads. If set to false, - the connection will take place prior to executing the first query. + you will have to manually connect via the ``$this->db->db_connect()`` method. **schema** The database schema, defaults to 'public'. Used by PostgreSQL and ODBC drivers. **encrypt** Whether or not to use an encrypted connection. **compress** Whether or not to use client compression (MySQL only). -- cgit v1.2.3-24-g4f1b From ed99086f04cb592d6ff44b3d40b5e0631cf3ddf5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Feb 2015 12:31:36 +0200 Subject: [ci skip] Fix a typo in the docs Close #3589 --- user_guide_src/source/tutorial/create_news_items.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/tutorial/create_news_items.rst b/user_guide_src/source/tutorial/create_news_items.rst index 1f4a96dd3..461584723 100644 --- a/user_guide_src/source/tutorial/create_news_items.rst +++ b/user_guide_src/source/tutorial/create_news_items.rst @@ -88,7 +88,7 @@ Continuing down, you can see a condition that checks whether the form validation ran successfully. If it did not, the form is displayed, if it was submitted **and** passed all the rules, the model is called. After this, a view is loaded to display a success message. Create a view at -application/view/news/success.php and write a success message. +application/views/news/success.php and write a success message. Model ----- -- cgit v1.2.3-24-g4f1b From b7cea9cab71352516ec290b09495d456c8db3e64 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 14 Feb 2015 21:16:48 +0200 Subject: [ci skip] Add notes about session locks for Redis, Memcached --- user_guide_src/source/libraries/sessions.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index c8a1f1925..57c258519 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -630,6 +630,11 @@ also do the following, after creating the table:: Redis Driver ------------ +.. note:: Since Redis doesn't have a locking mechanism exposed, locks for + this driver are emulated by a separate value that is kept for up + to 5 seconds. You may experience issues if your page loads take + longer than that! + Redis is a storage engine typically used for caching and popular because of its high performance, which is also probably your reason to use the 'redis' session driver. @@ -663,6 +668,11 @@ sufficient:: Memcached Driver ---------------- +.. note:: Since Memcache doesn't have a locking mechanism exposed, locks + for this driver are emulated by a separate value that is kept for + up to 5 seconds. You may experience issues if your page loads take + longer than that! + The 'memcached' driver is very similar to the 'redis' one in all of its properties, except perhaps for availability, because PHP's `Memcached `_ extension is distributed via PECL and some -- cgit v1.2.3-24-g4f1b From aadd8bdbf248293a854b4e0361bd09155c815acd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 16 Feb 2015 11:07:45 +0200 Subject: [ci skip] Fix a doc typo Close #3595 --- user_guide_src/source/tutorial/static_pages.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 36bcd2df9..8ba0486c1 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -74,7 +74,7 @@ includes the following code: © 2014 - + Adding logic to the controller ------------------------------ -- cgit v1.2.3-24-g4f1b From 48e79c7a71efc44000c62a57adb60505941586b2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 17 Feb 2015 16:16:24 +0200 Subject: [ci skip] Add missing changelog entry from last commit --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index bc3ea34f6..aacd2ef94 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -768,6 +768,7 @@ Bug fixes for 3.0 - Fixed a bug (#3161) - :doc:`Cache Library ` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. - Fixed a bug (#3189) - :doc:`Parser Library ` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. - Fixed a bug (#3573) - :doc:`Email Library ` violated `RFC5321 `_ by sending 'localhost.localdomain' as a hostname. +- Fixed a bug (#3572) - :doc:`CI_Security::_remove_evil_attributes()` failed for large-sized inputs due to *pcre.backtrack_limit* and didn't properly match HTML tags. Version 2.2.1 ============= -- cgit v1.2.3-24-g4f1b From 0ae4e6c0bd95b7264bee735fb635f317c882bbef Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 18 Feb 2015 21:14:55 +0200 Subject: Fix #3593 Revert "fixes" for #167, #388, #705 (also #1326) as it turns out URL-decoding isn't compliant with the CGI/1.1 specification. RFC 3875: http://www.faqs.org/rfcs/rfc3875.html --- user_guide_src/source/changelog.rst | 4 +--- user_guide_src/source/installation/troubleshooting.rst | 5 ++--- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index aacd2ef94..3145e831a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -459,7 +459,7 @@ Release Date: Not Released - Renamed internal method ``_detect_uri()`` to ``_parse_request_uri()``. - Changed ``_parse_request_uri()`` to accept absolute URIs for compatibility with HTTP/1.1 as per `RFC2616 `. - Added protected method ``_parse_query_string()`` to URI paths in the the **QUERY_STRING** value, like ``_parse_request_uri()`` does. - - Changed URI string detection logic to try the **PATH_INFO** variable first when auto-detecting. + - Changed URI string detection logic to always default to **REQUEST_URI** unless configured otherwise or under CLI. - Removed methods ``_remove_url_suffix()``, ``_explode_segments()`` and moved their logic into ``_set_uri_string()``. - Removed method ``_fetch_uri_string()`` and moved its logic into the class constructor. - Removed method ``_reindex_segments()``. @@ -660,7 +660,6 @@ Bug fixes for 3.0 - Fixed a bug (#10) - :doc:`URI Library ` internal method ``_detect_uri()`` failed with paths containing a colon. - Fixed a bug (#1387) - :doc:`Query Builder ` method ``from()`` didn't escape table aliases. - Fixed a bug (#520) - :doc:`Date Helper ` function :php:func:``nice_date()`` failed when the optional second parameter is not passed. -- Fixed a bug (#167) - ``$config['permitted_uri_chars']`` didn't affect URL-encoded characters. - Fixed a bug (#318) - :doc:`Profiling Library ` setting *query_toggle_count* was not settable as described in the manual. - Fixed a bug (#938) - :doc:`Config Library ` method ``site_url()`` added a question mark to the URL string when query strings are enabled even if it already existed. - Fixed a bug (#999) - :doc:`Config Library ` method ``site_url()`` always appended ``$config['url_suffix']`` to the end of the URL string, regardless of whether a query string exists in it. @@ -705,7 +704,6 @@ Bug fixes for 3.0 - Fixed a bug (#50) - :doc:`Session Library ` unnecessarily stripped slashed from serialized data, making it impossible to read objects in a namespace. - Fixed a bug (#658) - :doc:`Routing ` wildcard **:any** didn't work as advertised and matched multiple URI segments instead of all characters within a single segment. - Fixed a bug (#1938) - :doc:`Email Library ` removed multiple spaces inside a pre-formatted plain text message. -- Fixed a bug (#388, #705) - :doc:`URI Library ` didn't apply URL-decoding to URI segments that it got from **REQUEST_URI** and/or **QUERY_STRING**. - Fixed a bug (#122) - :doc:`URI Library ` method ``ruri_string()`` didn't include a directory if one is used. - Fixed a bug - :doc:`Routing Library ` didn't properly handle *default_controller* in a subdirectory when a method is also specified. - Fixed a bug (#953) - :doc:`post_controller_constructor hook ` wasn't called with a *404_override*. diff --git a/user_guide_src/source/installation/troubleshooting.rst b/user_guide_src/source/installation/troubleshooting.rst index 0dfd4083f..e874bb0ec 100644 --- a/user_guide_src/source/installation/troubleshooting.rst +++ b/user_guide_src/source/installation/troubleshooting.rst @@ -4,16 +4,15 @@ Troubleshooting If you find that no matter what you put in your URL only your default page is loading, it might be that your server does not support the -PATH_INFO variable needed to serve search-engine friendly URLs. As a +REQUEST_URI variable needed to serve search-engine friendly URLs. As a first step, open your application/config/config.php file and look for the URI Protocol information. It will recommend that you try a couple alternate settings. If it still doesn't work after you've tried this you'll need to force CodeIgniter to add a question mark to your URLs. To -do this open your application/config/config.php file and change this:: +do this open your **application/config/config.php** file and change this:: $config['index_page'] = "index.php"; To this:: $config['index_page'] = "index.php?"; - -- cgit v1.2.3-24-g4f1b From ff7563e3ffa522f35ec18c99273a9ce14a48e6db Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 18 Feb 2015 21:38:01 +0200 Subject: Fix #3603 --- user_guide_src/source/libraries/sessions.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 57c258519..9fc33247b 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -596,7 +596,7 @@ For MySQL:: `id` varchar(40) NOT NULL, `ip_address` varchar(45) NOT NULL, `timestamp` int(10) unsigned DEFAULT 0 NOT NULL, - `data` blob DEFAULT '' NOT NULL, + `data` blob NOT NULL, PRIMARY KEY (id), KEY `ci_sessions_timestamp` (`timestamp`) ); -- cgit v1.2.3-24-g4f1b From c545c0147636d8592fdcb7e8ec2c6df09399d485 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Feb 2015 11:36:10 +0200 Subject: Make set_status_header() a dummy under CLI Close #3605 --- user_guide_src/source/changelog.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 3145e831a..a904c827f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -507,7 +507,8 @@ Release Date: Not Released - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :php:func:`is_php()`. - Added a second argument ``$double_encode`` to :php:func:`html_escape()`. - - Changed function ``config_item()`` to return NULL instead of FALSE when no value is found. + - Changed function :php:func:`config_item()` to return NULL instead of FALSE when no value is found. + - Changed function :php:func:`set_status_header()` to return immediately when run under CLI. - :doc:`Output Library ` changes include: -- cgit v1.2.3-24-g4f1b From 6c7c8917d853bcd4acdce930b9afa537b2fb8b95 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Feb 2015 14:44:18 +0200 Subject: Remove 'autoinit' DB setting It doesn't make sense to do a load->database() call but not connect to the database. IIRC there was more stuff in CI_DB_driver::initialize() at some point, so that was probably the reason why the setting existed in the first place. However, now it only results in users making invalid bug reports because they don't understand the feature ... Examples during just the past 2 weeks: #3571 #3601 #3607 --- user_guide_src/source/changelog.rst | 3 ++- user_guide_src/source/database/configuration.rst | 6 ------ 2 files changed, 2 insertions(+), 7 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a904c827f..8f77f368f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -155,6 +155,8 @@ Release Date: Not Released - DEPRECATED the 'mysql', 'sqlite', 'mssql' and 'pdo/dblib' (also known as 'pdo/mssql' or 'pdo/sybase') drivers. - Added **dsn** configuration setting for drivers that support DSN strings (PDO, PostgreSQL, Oracle, ODBC, CUBRID). - Added **schema** configuration setting (defaults to *public*) for drivers that might need it (currently used by PostgreSQL and ODBC). + - Added **save_queries** configuration setting to *application/config/database.php* (defaults to ``TRUE``). + - Removed **autoinit** configuration setting as it doesn't make sense to instantiate the database class but not connect to the database. - Added subdrivers support (currently only used by PDO). - Added an optional database name parameter to ``db_select()``. - Removed ``protect_identifiers()`` and renamed internal method ``_protect_identifiers()`` to it instead - it was just an alias. @@ -173,7 +175,6 @@ Release Date: Not Released - Added support for SQLite3 database driver. - Added Interbase/Firebird database support via the *ibase* driver. - Added ODBC support for ``create_database()``, ``drop_database()`` and ``drop_table()`` in :doc:`Database Forge `. - - Added **save_queries** configuration setting to *application/config/database.php* (defaults to ``TRUE``). - Added support to binding arrays as ``IN()`` sets in ``query()``. - :doc:`Query Builder ` changes include: diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index 521eb6010..d21c79e44 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -27,7 +27,6 @@ prototype:: 'char_set' => 'utf8', 'dbcollat' => 'utf8_general_ci', 'swap_pre' => '', - 'autoinit' => TRUE, 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, @@ -70,7 +69,6 @@ These failovers can be specified by setting the failover for a connection like t 'char_set' => 'utf8', 'dbcollat' => 'utf8_general_ci', 'swap_pre' => '', - 'autoinit' => TRUE, 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE @@ -89,7 +87,6 @@ These failovers can be specified by setting the failover for a connection like t 'char_set' => 'utf8', 'dbcollat' => 'utf8_general_ci', 'swap_pre' => '', - 'autoinit' => TRUE, 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE @@ -120,7 +117,6 @@ example, to set up a "test" environment you would do this:: 'char_set' => 'utf8', 'dbcollat' => 'utf8_general_ci', 'swap_pre' => '', - 'autoinit' => TRUE, 'compress' => FALSE, 'encrypt' => FALSE, 'stricton' => FALSE, @@ -181,8 +177,6 @@ Explanation of Values: **swap_pre** A default table prefix that should be swapped with dbprefix. This is useful for distributed applications where you might run manually written queries, and need the prefix to still be customizable by the end user. -**autoinit** Whether or not to automatically connect to the database when the library loads. If set to false, - you will have to manually connect via the ``$this->db->db_connect()`` method. **schema** The database schema, defaults to 'public'. Used by PostgreSQL and ODBC drivers. **encrypt** Whether or not to use an encrypted connection. **compress** Whether or not to use client compression (MySQL only). -- cgit v1.2.3-24-g4f1b From c749bfbca99291fe64ca98d45a20d0735cb4e461 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 Feb 2015 15:14:14 +0200 Subject: [ci skip] Fix where_in() docs --- user_guide_src/source/database/query_builder.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index fa1e90353..9b4694710 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -1221,7 +1221,7 @@ Class Reference :param string $key: The field to search :param array $values: The values searched on - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object @@ -1232,7 +1232,7 @@ Class Reference :param string $key: The field to search :param array $values: The values searched on - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object @@ -1243,7 +1243,7 @@ Class Reference :param string $key: Name of field to examine :param array $values: Array of target values - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object @@ -1254,7 +1254,7 @@ Class Reference :param string $key: Name of field to examine :param array $values: Array of target values - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object -- cgit v1.2.3-24-g4f1b From cd99fb66967892900a1d2291c643058b1f9166c5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 Feb 2015 15:50:48 +0200 Subject: [ci skip] Tiny detail in 3.0.0 upgrade path --- user_guide_src/source/installation/upgrade_300.rst | 2 +- user_guide_src/source/installation/upgrading.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 73ed0f4c3..7cb94518d 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -1,5 +1,5 @@ ############################# -Upgrading from 2.2.1 to 3.0.0 +Upgrading from 2.2.x to 3.0.0 ############################# .. note:: These upgrade notes are for a version that is yet to be released. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index ab36e9bfd..89e90e714 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -8,7 +8,7 @@ upgrading from. .. toctree:: :titlesonly: - Upgrading from 2.2.1 to 3.0.0 + Upgrading from 2.2.x to 3.0.0 Upgrading from 2.2.0 to 2.2.1 Upgrading from 2.1.4 to 2.2.0 Upgrading from 2.1.3 to 2.1.4 -- cgit v1.2.3-24-g4f1b From 0b5569f11b9eab01e3b1571eb6012308a3868f01 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Fri, 20 Feb 2015 17:56:55 +0100 Subject: Added support for raw_input_stream property. --- user_guide_src/source/changelog.rst | 2 ++ user_guide_src/source/libraries/input.rst | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 5c5cd5e54..311aec20b 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -492,6 +492,8 @@ Release Date: Not Released - Added an option for ``_clean_input_keys()`` to return FALSE instead of terminating the whole script. - Deprecated the ``is_cli_request()`` method, it is now an alias for the new :php:func:`is_cli()` common function. - Added an ``$xss_clean`` parameter to method ``user_agent()`` and removed the ``$user_agent`` property. + - Added gettable property ``raw_input_stream`` to access the **php://input** data. + - Changed method ``input_stream()`` to obtain the data from ``raw_input_stream`` property. - :doc:`Common functions ` changes include: diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 967f69d13..2b71b348a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -91,8 +91,14 @@ the ``$_POST`` array, because it will always exist and you can try and access multiple variables without caring that you might only have one shot at all of the POST data. -CodeIgniter will take care of that for you, and you can access data -from the **php://input** stream at any time, just by calling the +CodeIgniter will take care of that for you, and you can read the data +from the **php://input** stream at any time, just by using the +``raw_input_stream`` property:: + + $this->input->raw_input_stream; + +Additionally if the input stream is formated in a query string fashion +you can access it's values, just by calling the ``input_stream()`` method:: $this->input->input_stream('key'); -- cgit v1.2.3-24-g4f1b From 18c33eedd7b3cfb31f4bea728bc0fa43e15f4dbc Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 19:43:40 +0200 Subject: [ci skip] Update static pages tutorial --- user_guide_src/source/tutorial/static_pages.rst | 105 ++++++++++++------------ 1 file changed, 52 insertions(+), 53 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 8ba0486c1..53f286473 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -11,12 +11,16 @@ static pages. A controller is simply a class that helps delegate work. It is the glue of your web application. For example, when a call is made to: -``http://example.com/news/latest/10`` We might imagine that there is a -controller named "news". The method being called on news would be -"latest". The news method's job could be to grab 10 news items, and -render them on the page. Very often in MVC, you'll see URL patterns that -match: -``http://example.com/[controller-class]/[controller-method]/[arguments]`` + + http://example.com/news/latest/10 + +We might imagine that there is a controller named "news". The method +being called on news would be "latest". The news method's job could be to +grab 10 news items, and render them on the page. Very often in MVC, +you'll see URL patterns that match: + + http://example.com/[controller-class]/[controller-method]/[arguments] + As URL schemes become more complex, this may change. But for now, this is all we will need to know. @@ -25,15 +29,13 @@ code. :: - - - CodeIgniter Tutorial - - + + + CodeIgniter Tutorial + + -

CodeIgniter Tutorial

+

CodeIgniter Tutorial

The header contains the basic HTML code that you'll want to display before loading the main view, together with a heading. It will also @@ -72,16 +74,16 @@ includes the following code: :: - © 2014 - - + © 2014 + + Adding logic to the controller ------------------------------ -Earlier you set up a controller with a view() method. The method accepts -one parameter, which is the name of the page to be loaded. The static -page templates will be located in the application/views/pages/ +Earlier you set up a controller with a ``view()`` method. The method +accepts one parameter, which is the name of the page to be loaded. The +static page templates will be located in the application/views/pages/ directory. In that directory, create two files named home.php and about.php. Within @@ -93,43 +95,40 @@ page actually exists: :: - load->view('templates/header', $data); - $this->load->view('pages/'.$page, $data); - $this->load->view('templates/footer', $data); - - } + public function view($page = 'home') + { + if ( ! file_exists(APPPATH.'/views/pages/'.$page.'.php')) + { + // Whoops, we don't have a page for that! + show_404(); + } + + $data['title'] = ucfirst($page); // Capitalize the first letter + + $this->load->view('templates/header', $data); + $this->load->view('pages/'.$page, $data); + $this->load->view('templates/footer', $data); + } Now, when the page does exist, it is loaded, including the header and footer, and displayed to the user. If the page doesn't exist, a "404 Page not found" error is shown. The first line in this method checks whether the page actually exists. -PHP's native file\_exists() function is used to check whether the file -is where it's expected to be. show\_404() is a built-in CodeIgniter +PHP's native ``file_exists()`` function is used to check whether the file +is where it's expected to be. ``show_404()`` is a built-in CodeIgniter function that renders the default error page. -In the header template, the $title variable was used to customize the +In the header template, the ``$title`` variable was used to customize the page title. The value of title is defined in this method, but instead of assigning the value to a variable, it is assigned to the title element in the $data array. The last thing that has to be done is loading the views in the order -they should be displayed. The second parameter in the view() method is -used to pass values to the view. Each value in the $data array is +they should be displayed. The second parameter in the ``view()`` method is +used to pass values to the view. Each value in the ``$data`` array is assigned to a variable with the name of its key. So the value of -$data['title'] in the controller is equivalent to $title in the view. +``$data['title']`` in the controller is equivalent to $title in the view. Routing ------- @@ -149,8 +148,8 @@ all other code that sets any element in the $route array. :: - $route['default_controller'] = 'pages/view'; - $route['(:any)'] = 'pages/view/$1'; + $route['default_controller'] = 'pages/view'; + $route['(:any)'] = 'pages/view/$1'; CodeIgniter reads its routing rules from top to bottom and routes the request to the first matching rule. Each rule is a regular expression @@ -163,8 +162,8 @@ More information about routing can be found in the URI Routing `documentation <../general/routing.html>`_. Here, the second rule in the $routes array matches **any** request using -the wildcard string (:any). and passes the parameter to the view() +the wildcard string (:any). and passes the parameter to the ``view()`` method of the pages class. -Now visit index.php/about. Did it get routed correctly to the view() +Now visit index.php/about. Did it get routed correctly to the ``view()`` method in the pages controller? Awesome! -- cgit v1.2.3-24-g4f1b From 42c01bdff6beb40c291eb236c891ab5ae13b4ba5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 19:44:05 +0200 Subject: [ci skip] Fix a changelog entry --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8f77f368f..b1c506715 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -768,7 +768,7 @@ Bug fixes for 3.0 - Fixed a bug (#3161) - :doc:`Cache Library ` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. - Fixed a bug (#3189) - :doc:`Parser Library ` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. - Fixed a bug (#3573) - :doc:`Email Library ` violated `RFC5321 `_ by sending 'localhost.localdomain' as a hostname. -- Fixed a bug (#3572) - :doc:`CI_Security::_remove_evil_attributes()` failed for large-sized inputs due to *pcre.backtrack_limit* and didn't properly match HTML tags. +- Fixed a bug (#3572) - ``CI_Security::_remove_evil_attributes()`` failed for large-sized inputs due to *pcre.backtrack_limit* and didn't properly match HTML tags. Version 2.2.1 ============= -- cgit v1.2.3-24-g4f1b From 1701ad24e7b52df9e0dd51ef7a9a4bb9a99f28bf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 23:28:23 +0200 Subject: [ci skip] Fix wrong example link in news tutorial The current URI being 'news/' itself, combined with relative links ... --- user_guide_src/source/tutorial/news_section.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/tutorial/news_section.rst b/user_guide_src/source/tutorial/news_section.rst index 80938de32..f436b2510 100644 --- a/user_guide_src/source/tutorial/news_section.rst +++ b/user_guide_src/source/tutorial/news_section.rst @@ -151,7 +151,7 @@ and add the next piece of code.
-

View article

+

View article

-- cgit v1.2.3-24-g4f1b From f1ca865e0a7aea02061be5d59a49b2a222a27085 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 24 Feb 2015 20:25:16 +0200 Subject: [ci skip] Add a note about pbkdf2 in security guide --- user_guide_src/source/general/security.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index 0c58f96b4..efc821f2b 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -133,6 +133,10 @@ with that. Please read below. provides them for you as long as you're running at least PHP version 5.3.7 (and if you don't meet that requirement - please, upgrade). + If you're one of the really unlucky people who can't even upgrade to a + more recent PHP version, use `hash_pbkdf() `, + which we also provide in our compatibility layer. + - DO NOT ever display or send a password in plain-text format! Even to the password's owner, if you need a "Forgotten password" -- cgit v1.2.3-24-g4f1b From 7325fce4f6ea6454c948539598d10eb319244939 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 02:49:39 +0100 Subject: Update changelog.rst --- user_guide_src/source/changelog.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 311aec20b..9ed55809e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -492,8 +492,7 @@ Release Date: Not Released - Added an option for ``_clean_input_keys()`` to return FALSE instead of terminating the whole script. - Deprecated the ``is_cli_request()`` method, it is now an alias for the new :php:func:`is_cli()` common function. - Added an ``$xss_clean`` parameter to method ``user_agent()`` and removed the ``$user_agent`` property. - - Added gettable property ``raw_input_stream`` to access the **php://input** data. - - Changed method ``input_stream()`` to obtain the data from ``raw_input_stream`` property. + - Added property ``$raw_input_stream`` to access **php://input** data. - :doc:`Common functions ` changes include: -- cgit v1.2.3-24-g4f1b From 54b42d6c00f25152b6502be4cf64f2fe342b5fb7 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 03:16:12 +0100 Subject: Update input.rst --- user_guide_src/source/libraries/input.rst | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 2b71b348a..274e49af4 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -93,12 +93,12 @@ one shot at all of the POST data. CodeIgniter will take care of that for you, and you can read the data from the **php://input** stream at any time, just by using the -``raw_input_stream`` property:: +``$raw_input_stream`` property:: $this->input->raw_input_stream; -Additionally if the input stream is formated in a query string fashion -you can access it's values, just by calling the +Additionally if the input stream is form-encoded like $_POST you can +access its values by calling the ``input_stream()`` method:: $this->input->input_stream('key'); @@ -120,6 +120,12 @@ Class Reference .. php:class:: CI_Input + .. attribute:: $raw_input_stream + + Read only property that will return php://input data as is. + + The property can be read multiple times. + .. php:method:: post([$index = NULL[, $xss_clean = NULL]]) :param mixed $index: POST parameter name -- cgit v1.2.3-24-g4f1b From ba213cd6f6be272d8e51b9eaf7d4039671458868 Mon Sep 17 00:00:00 2001 From: Fu Xu Date: Thu, 26 Feb 2015 20:01:31 +0800 Subject: fix wrong step count --- user_guide_src/source/installation/upgrade_300.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 7cb94518d..90d56c25c 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -795,7 +795,7 @@ It is now deprecated and scheduled for removal in CodeIgniter 3.1+. sooner rather than later. *********************************************************** -Step 18: Check your usage of Text helper highlight_phrase() +Step 20: Check your usage of Text helper highlight_phrase() *********************************************************** The default HTML tag used by :doc:`Text Helper <../helpers/text_helper>` function -- cgit v1.2.3-24-g4f1b From 9187ed3516ba403d09fc88ebcf6ead7364f75c4d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 28 Feb 2015 19:54:17 +0200 Subject: [ci skip] Formally deprecate 'global_xss_filtering' --- user_guide_src/source/changelog.rst | 1 + user_guide_src/source/installation/upgrade_300.rst | 16 ++++++++++++++++ user_guide_src/source/libraries/input.rst | 4 ++++ 3 files changed, 21 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 42eed8034..ef3d2af39 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -480,6 +480,7 @@ Release Date: Not Released - :doc:`Input Library ` changes include: + - Deprecated the ``$config['global_xss_filtering']`` setting. - Added ``method()`` to retrieve ``$_SERVER['REQUEST_METHOD']``. - Added support for arrays and network addresses (e.g. 192.168.1.1/24) for use with the *proxy_ips* setting. - Added method ``input_stream()`` to aid in using **php://input** stream data such as one passed via PUT, DELETE and PATCH requests. diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 90d56c25c..2f806cccf 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -551,6 +551,22 @@ PHP's native ``hash()`` function. It is deprecated and scheduled for removal in .. note:: This function is still available, but you're strongly encouraged to remove its usage sooner rather than later. +The $config['global_xss_filtering'] setting +=========================================== + +As already explained above, XSS filtering should not be done on input data, +but on output instead. Therefore, the ``$config['global_xss_filtering']``, +which automatically filters *input* data, is considered a bad practice and +is now deprecated. + +Instead, you should manually escape any user-provided data via the +:php:func:`xss_clean()` function when you need to output it, or use a +library like `HTML Purifier `_ that does that +for you. + +.. note:: The setting is still available, but you're strongly encouraged to + remove its usage sooner rather than later. + File helper read_file() ======================= diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 274e49af4..d9c6c2dd1 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -53,6 +53,10 @@ this:: Please refer to the :doc:`Security class ` documentation for information on using XSS Filtering in your application. +.. important:: The 'global_xss_filtering' setting is DEPRECATED and kept + solely for backwards-compatibility purposes. XSS escaping should + be performed on *output*, not *input*! + ******************* Accessing form data ******************* -- cgit v1.2.3-24-g4f1b From d829a5fe5cd8116f22d757e0aaa8b88d71576aa0 Mon Sep 17 00:00:00 2001 From: sv3tli0 Date: Mon, 2 Mar 2015 17:22:01 +0200 Subject: Small typo Missed variable.. --- user_guide_src/source/database/results.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/database/results.rst b/user_guide_src/source/database/results.rst index a22c2e8c3..ac44566d3 100644 --- a/user_guide_src/source/database/results.rst +++ b/user_guide_src/source/database/results.rst @@ -102,7 +102,7 @@ You can also add a second String parameter, which is the name of a class to instantiate the row with:: $query = $this->db->query("SELECT * FROM users LIMIT 1;"); - $query->row(0, 'User'); + $row = $query->row(0, 'User'); echo $row->name; // access attributes echo $row->reverse_name(); // or methods defined on the 'User' class @@ -431,4 +431,4 @@ Class Reference :rtype: array Returns an array containing the field names in the - result set. \ No newline at end of file + result set. -- cgit v1.2.3-24-g4f1b From e1a5bb345b1b30ea777348efa9cade21c1f2e2fb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 4 Mar 2015 13:33:39 +0200 Subject: Fix #3627: Keep timed locks for more than 5 seconds Emulated locks for Redis and Memcached now have a TTL of 300 seconds (the default HTTP request timeout value on many environments) and 30 attemps, each separated by sleep(1), are made by the blocked request to try and obtain a lock if it has been freed. Additionaly, the blocking time for MySQL's locks, which are also timed, is also set to 300 seconds. --- user_guide_src/source/libraries/sessions.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 9fc33247b..104adb631 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -632,8 +632,7 @@ Redis Driver .. note:: Since Redis doesn't have a locking mechanism exposed, locks for this driver are emulated by a separate value that is kept for up - to 5 seconds. You may experience issues if your page loads take - longer than that! + to 300 seconds. Redis is a storage engine typically used for caching and popular because of its high performance, which is also probably your reason to use the @@ -670,8 +669,7 @@ Memcached Driver .. note:: Since Memcache doesn't have a locking mechanism exposed, locks for this driver are emulated by a separate value that is kept for - up to 5 seconds. You may experience issues if your page loads take - longer than that! + up to 300 seconds. The 'memcached' driver is very similar to the 'redis' one in all of its properties, except perhaps for availability, because PHP's `Memcached -- cgit v1.2.3-24-g4f1b From 7762c59b50b39f00660c820171a647ea6935a93e Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Fri, 6 Mar 2015 16:08:59 -0800 Subject: Housekeeping. Corrected typo in user guide for sessions, corrected misepelled key in calendar language file, added two links & updated wording on the repo readme. Signed-off-by:Master Yoda --- user_guide_src/source/libraries/sessions.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 9fc33247b..5a1b90537 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -363,7 +363,7 @@ To read a tempdata variable, again you can just access it through the .. important:: The ``userdata()`` method will NOT return tempdata items. -Or if you want to be sure that you're reading "flashdata" (and not any +Or if you want to be sure that you're reading "tempdata" (and not any other kind), you can also use the ``tempdata()`` method:: $this->session->tempdata('item'); -- cgit v1.2.3-24-g4f1b From ec7372da8462f4e37936da94f97240ee476c667e Mon Sep 17 00:00:00 2001 From: Mattias Hedman Date: Fri, 6 Mar 2015 17:18:13 -0800 Subject: removed ending S from csv_from_results and xml_from_results DButil Class reference section in userguide Signed-off-by: Mattias Hedman --- user_guide_src/source/database/utilities.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/database/utilities.rst b/user_guide_src/source/database/utilities.rst index bafa08ed5..cc4aeb018 100644 --- a/user_guide_src/source/database/utilities.rst +++ b/user_guide_src/source/database/utilities.rst @@ -295,7 +295,7 @@ Class Reference Repairs a database table. - .. php:method:: csv_from_results($query[, $delim = ','[, $newline = "\n"[, $enclosure = '"']]]) + .. php:method:: csv_from_result($query[, $delim = ','[, $newline = "\n"[, $enclosure = '"']]]) :param object $query: A database result object :param string $delim: The CSV field delimiter to use @@ -306,11 +306,11 @@ Class Reference Translates a database result object into a CSV document. - .. php:method:: xml_from_results($query[, $params = array()]) + .. php:method:: xml_from_result($query[, $params = array()]) :param object $query: A database result object :param array $params: An associative array of preferences :returns: The generated XML document as a string :rtype: string - Translates a database result object into an XML document. \ No newline at end of file + Translates a database result object into an XML document. -- cgit v1.2.3-24-g4f1b From e7a3096b9cbd7c95bf4240c5233c7d14eb112305 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Mar 2015 22:15:57 +0200 Subject: [ci skip] Update CI_Encryption docs Close #3647 --- user_guide_src/source/libraries/encryption.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index d445bf42f..5f0979da7 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -106,6 +106,18 @@ and set:: $config['encryption_key'] = 'YOUR KEY'; +You'll notice that the ``create_key()`` method outputs binary data, which +is hard to deal with (i.e. a copy-paste may damage it), so you may use +``bin2hex()``, ``hex2bin()`` or Base64-encoding to work with the key in +a more friendly manner. For example:: + + // Get a hex-encoded representation of the key: + $key = bin2hex($this->encryption->create_key(16)); + + // Put the same value in your config with hex2bin(), + // so that it is still passed as binary to the library: + $config['encryption_key'] = hex2bin(); + .. _ciphers-and-modes: Supported encryption ciphers and modes @@ -525,6 +537,15 @@ Class Reference Please refer to the :ref:`custom-parameters` secrion for information on the optional parameters. + .. php:method:: create_key($length) + + :param int $length: Output length + :returns: A pseudo-random cryptographic key with the specified length, or FALSE on failure + :rtype: string + + Creates a cryptographic key by fetching random data from + the operating system's sources (i.e. /dev/urandom). + .. php:method:: hkdf($key[, $digest = 'sha512'[, $salt = NULL[, $length = NULL[, $info = '']]]]) :param string $key: Input key material -- cgit v1.2.3-24-g4f1b From 4fa5c4d30057525c9d16cf583aabbb5e6f8bb8bb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 11 Mar 2015 18:57:00 +0200 Subject: [ci skip] Add a note about password storage in CI_Encryption docs I saw at least 2 occurrences of encryption instead of hashing being used for password storage during the past week ... --- user_guide_src/source/libraries/encryption.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 5f0979da7..0c347604c 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -2,6 +2,11 @@ Encryption Library ################## +.. important:: DO NOT use this or any other *encryption* library for + user password storage! Passwords must be *hashed* instead, and you + should do that via PHP's own `Password Hashing extension + `_. + The Encryption Library provides two-way data encryption. To do so in a cryptographically secure way, it utilizes PHP extensions that are unfortunately not always available on all systems. -- cgit v1.2.3-24-g4f1b From 875d5a1ca843b8169f0b4e8adf8d6f0eb7b4ee3c Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Thu, 12 Mar 2015 16:42:50 +0200 Subject: additional info on heading() function ...worth mentioning... --- user_guide_src/source/helpers/html_helper.rst | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/helpers/html_helper.rst b/user_guide_src/source/helpers/html_helper.rst index d35be396a..1989c88ae 100644 --- a/user_guide_src/source/helpers/html_helper.rst +++ b/user_guide_src/source/helpers/html_helper.rst @@ -27,11 +27,11 @@ The following functions are available: .. php:function:: heading([$data = ''[, $h = '1'[, $attributes = '']]]) - :param string $data: Content - :param string $h: Heading level - :param array $attributes: HTML attributes - :returns: HTML heading tag - :rtype: string + :param string $data: Content + :param string $h: Heading level + :param array|string $attributes: HTML attributes + :returns: HTML heading tag + :rtype: string Lets you create HTML heading tags. The first parameter will contain the data, the second the size of the heading. Example:: @@ -41,15 +41,18 @@ The following functions are available: The above would produce:

Welcome!

Additionally, in order to add attributes to the heading tag such as HTML - classes, ids or inline styles, a third parameter is available:: + classes, ids or inline styles, a third parameter is available either + as a string or as an array:: - echo heading('Welcome!', 3, 'class="pink"') + echo heading('Welcome!', 3, 'class="pink"'); + echo heading('How are you?', 4, array('id'=>'question', 'class'=>'green'); The above code produces: .. code-block:: html

Welcome!

+

How are you?

.. php:function:: img([$src = ''[, $index_page = FALSE[, $attributes = '']]]) @@ -401,4 +404,4 @@ The following functions are available:     .. note:: This function is DEPRECATED. Use the native ``str_repeat()`` - in combination with `` `` instead. \ No newline at end of file + in combination with `` `` instead. -- cgit v1.2.3-24-g4f1b From 8e2f83d7b775d87827a58fbb55a35938eeb66173 Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Thu, 12 Mar 2015 17:13:47 +0200 Subject: Update html_helper.rst --- user_guide_src/source/helpers/html_helper.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/helpers/html_helper.rst b/user_guide_src/source/helpers/html_helper.rst index 1989c88ae..d5069cec4 100644 --- a/user_guide_src/source/helpers/html_helper.rst +++ b/user_guide_src/source/helpers/html_helper.rst @@ -52,7 +52,7 @@ The following functions are available: .. code-block:: html

Welcome!

-

How are you?

+

How are you?

.. php:function:: img([$src = ''[, $index_page = FALSE[, $attributes = '']]]) -- cgit v1.2.3-24-g4f1b From 0cfe1c3f389ff11a65cf014ea41672834d8719ac Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Thu, 12 Mar 2015 22:11:06 +0200 Subject: Update html_helper.rst --- user_guide_src/source/helpers/html_helper.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/helpers/html_helper.rst b/user_guide_src/source/helpers/html_helper.rst index d5069cec4..955ffefc5 100644 --- a/user_guide_src/source/helpers/html_helper.rst +++ b/user_guide_src/source/helpers/html_helper.rst @@ -27,11 +27,11 @@ The following functions are available: .. php:function:: heading([$data = ''[, $h = '1'[, $attributes = '']]]) - :param string $data: Content - :param string $h: Heading level - :param array|string $attributes: HTML attributes - :returns: HTML heading tag - :rtype: string + :param string $data: Content + :param string $h: Heading level + :param mixed $attributes: HTML attributes + :returns: HTML heading tag + :rtype: string Lets you create HTML heading tags. The first parameter will contain the data, the second the size of the heading. Example:: @@ -45,7 +45,7 @@ The following functions are available: as a string or as an array:: echo heading('Welcome!', 3, 'class="pink"'); - echo heading('How are you?', 4, array('id'=>'question', 'class'=>'green'); + echo heading('How are you?', 4, array('id' => 'question', 'class' => 'green')); The above code produces: -- cgit v1.2.3-24-g4f1b From f67b6fd02fb3a683fa93ad59d8587beda3c9bb6a Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Thu, 12 Mar 2015 22:13:08 +0200 Subject: Update html_helper.rst --- user_guide_src/source/helpers/html_helper.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/helpers/html_helper.rst b/user_guide_src/source/helpers/html_helper.rst index 955ffefc5..88611011c 100644 --- a/user_guide_src/source/helpers/html_helper.rst +++ b/user_guide_src/source/helpers/html_helper.rst @@ -31,7 +31,7 @@ The following functions are available: :param string $h: Heading level :param mixed $attributes: HTML attributes :returns: HTML heading tag - :rtype: string + :rtype: string Lets you create HTML heading tags. The first parameter will contain the data, the second the size of the heading. Example:: @@ -41,8 +41,8 @@ The following functions are available: The above would produce:

Welcome!

Additionally, in order to add attributes to the heading tag such as HTML - classes, ids or inline styles, a third parameter is available either - as a string or as an array:: + classes, ids or inline styles, a third parameter accepts either a string + or an array:: echo heading('Welcome!', 3, 'class="pink"'); echo heading('How are you?', 4, array('id' => 'question', 'class' => 'green')); -- cgit v1.2.3-24-g4f1b From cc778886ef9cc0b03c8a622163f1e80eaac340d3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Mar 2015 11:24:30 +0200 Subject: Close #3663 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index ef3d2af39..99e4de53a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -362,6 +362,7 @@ Release Date: Not Released - Added support for custom error messages per field rule. - Added support for callable rules when they are passed as an array. - Added support for non-ASCII domains in **valid_email** rule, depending on the Intl extension. + - Changed the debug message about an error message not being set to include the rule name it is about. - :doc:`Caching Library ` changes include: -- cgit v1.2.3-24-g4f1b From 19c2847a7c24daa0c2999b77ce82ae199afadda9 Mon Sep 17 00:00:00 2001 From: yaoshanliang <1329517386@qq.com> Date: Sun, 15 Mar 2015 10:42:18 +0800 Subject: add changelog and documentation for adding an optional parameter to ``count_all_results()`` --- user_guide_src/source/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 99e4de53a..6faa1d752 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -176,6 +176,7 @@ Release Date: Not Released - Added Interbase/Firebird database support via the *ibase* driver. - Added ODBC support for ``create_database()``, ``drop_database()`` and ``drop_table()`` in :doc:`Database Forge `. - Added support to binding arrays as ``IN()`` sets in ``query()``. + - Added an optional second parameter to ``count_all_results()``. - :doc:`Query Builder ` changes include: @@ -192,6 +193,7 @@ Release Date: Not Released - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``. - Added method chaining support to ``reset_query()``, ``start_cache()``, ``stop_cache()`` and ``flush_cache()``. + - Added an optional second parameter to ``count_all_results`` that allows leaving QB values alone. - :doc:`Database Results ` changes include: -- cgit v1.2.3-24-g4f1b From 2f164058e3ffa429747e27b284f67f2e71809f52 Mon Sep 17 00:00:00 2001 From: yaoshanliang <1329517386@qq.com> Date: Mon, 16 Mar 2015 16:48:15 +0800 Subject: update documentation in database/query_builder.rst, change 2 tabs + 4 spaces to 3 tabs. --- user_guide_src/source/changelog.rst | 3 +-- user_guide_src/source/database/query_builder.rst | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6faa1d752..7f6cafa95 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -176,7 +176,6 @@ Release Date: Not Released - Added Interbase/Firebird database support via the *ibase* driver. - Added ODBC support for ``create_database()``, ``drop_database()`` and ``drop_table()`` in :doc:`Database Forge `. - Added support to binding arrays as ``IN()`` sets in ``query()``. - - Added an optional second parameter to ``count_all_results()``. - :doc:`Query Builder ` changes include: @@ -193,7 +192,7 @@ Release Date: Not Released - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``. - Added method chaining support to ``reset_query()``, ``start_cache()``, ``stop_cache()`` and ``flush_cache()``. - - Added an optional second parameter to ``count_all_results`` that allows leaving QB values alone. + - Added an optional second to ``count_all_results()`` to disable resetting of QB values. - :doc:`Database Results ` changes include: diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index 9b4694710..68ddca717 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -527,6 +527,12 @@ where(), or_where(), like(), or_like(), etc. Example:: $this->db->from('my_table'); echo $this->db->count_all_results(); // Produces an integer, like 17 +The second paramater is to disable resetting of QB values. Example:: + + echo $this->db->count_all_results('my_table'); // Produces an integer, like 25 + $this->db->like('title', 'match'); + echo $this->db->count_all_results(); // Produces an integer, like 17 + **$this->db->count_all()** Permits you to determine the number of rows in a particular table. -- cgit v1.2.3-24-g4f1b From ff806f9157a4a9b32fb40d38ca2cab8130cf66d2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 16 Mar 2015 17:05:25 +0200 Subject: [ci skip] Polish changes from PR #3669 --- user_guide_src/source/changelog.rst | 2 +- user_guide_src/source/database/query_builder.rst | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 7f6cafa95..44a58915b 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -192,7 +192,7 @@ Release Date: Not Released - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``. - Added method chaining support to ``reset_query()``, ``start_cache()``, ``stop_cache()`` and ``flush_cache()``. - - Added an optional second to ``count_all_results()`` to disable resetting of QB values. + - Added an optional second parameter to ``count_all_results()`` to disable resetting of QB values. - :doc:`Database Results ` changes include: diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index 68ddca717..0a6d98744 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -520,18 +520,18 @@ The second parameter lets you set a result offset. Permits you to determine the number of rows in a particular Active Record query. Queries will accept Query Builder restrictors such as -where(), or_where(), like(), or_like(), etc. Example:: +``where()``, ``or_where()``, ``like()``, ``or_like()``, etc. Example:: echo $this->db->count_all_results('my_table'); // Produces an integer, like 25 $this->db->like('title', 'match'); $this->db->from('my_table'); echo $this->db->count_all_results(); // Produces an integer, like 17 -The second paramater is to disable resetting of QB values. Example:: +However, this method also resets any field values that you may have passed +to ``select()``. If you need to keep them, you can pass ``FALSE`` as the +second parameter:: - echo $this->db->count_all_results('my_table'); // Produces an integer, like 25 - $this->db->like('title', 'match'); - echo $this->db->count_all_results(); // Produces an integer, like 17 + echo $this->db->count_all_results('my_table', FALSE); **$this->db->count_all()** @@ -1097,9 +1097,10 @@ Class Reference Prepends a database prefix, if one exists in configuration. - .. php:method:: count_all_results([$table = '']) + .. php:method:: count_all_results([$table = '', [$reset = TRUE]]) :param string $table: Table name + :param bool $reset: Whether to reset values for SELECTs :returns: Number of rows in the query result :rtype: int -- cgit v1.2.3-24-g4f1b From 8158bc3172a916cd5cb1089f4f0146bea0510c2f Mon Sep 17 00:00:00 2001 From: Rafael Schwemmer Date: Wed, 18 Mar 2015 15:41:32 +0100 Subject: Fixed a typo in uri.rst documentation --- user_guide_src/source/libraries/uri.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/uri.rst b/user_guide_src/source/libraries/uri.rst index ae56184cc..4d38c1d22 100644 --- a/user_guide_src/source/libraries/uri.rst +++ b/user_guide_src/source/libraries/uri.rst @@ -110,7 +110,7 @@ Class Reference :returns: Associative URI segments array :rtype: array - This method lets you turn URI segments into and associative array of + This method lets you turn URI segments into an associative array of key/value pairs. Consider this URI:: index.php/user/search/name/joe/location/UK/gender/male @@ -230,4 +230,4 @@ Class Reference This method is identical to ``segment_array()``, except that it returns the array of segments in your re-routed URI in the event you are using - CodeIgniter's :doc:`URI Routing <../general/routing>` feature. \ No newline at end of file + CodeIgniter's :doc:`URI Routing <../general/routing>` feature. -- cgit v1.2.3-24-g4f1b From f4cb8f9590c9d02d228b0ab67be6ac0ca51e0087 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Mar 2015 11:54:47 +0200 Subject: [ci skip] Fix a typo in session docs --- user_guide_src/source/libraries/sessions.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 51ecc03bd..2317f8560 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -836,7 +836,7 @@ Class Reference .. note:: This method is DEPRECATED. Use ``userdata()`` with no parameters instead. - .. php:method:: &get_usedata() + .. php:method:: &get_userdata() :returns: A reference to ``$_SESSION`` :rtype: array @@ -1053,4 +1053,4 @@ Class Reference $this->session->foo = 'bar'; // Results in: - // $_SESSION['foo'] = 'bar'; \ No newline at end of file + // $_SESSION['foo'] = 'bar'; -- cgit v1.2.3-24-g4f1b From b011716ecce4ac8f28aad08fa4ed824102ff2cd2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Mar 2015 12:18:10 +0200 Subject: [ci skip] Remove an obsolete note about references Close #3686 --- user_guide_src/source/general/ancillary_classes.rst | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst index 6a64742ce..f1285d931 100644 --- a/user_guide_src/source/general/ancillary_classes.rst +++ b/user_guide_src/source/general/ancillary_classes.rst @@ -11,7 +11,8 @@ get_instance() .. php:function:: get_instance() - :returns: object of class CI_Controller + :returns: Reference to your controller's instance + :rtype: CI_Controller **Any class that you instantiate within your controller methods can access CodeIgniter's native resources** simply by using the @@ -44,17 +45,9 @@ Once you've assigned the object to a variable, you'll use that variable $CI->config->item('base_url'); // etc. -.. note:: You'll notice that the above get_instance() ``function`` is being - passed by reference:: - - $CI =& get_instance(); - - This is very important. Assigning by reference allows you to use the - original CodeIgniter object rather than creating a copy of it. - -Furthermore, if you'll be using ``get_instance()`` inside another class, -then it would be better if you assign it to a property. This way, you -won't need to call ``get_instance()`` in every single method. +If you'll be using ``get_instance()`` inside another class, then it would +be better if you assign it to a property. This way, you won't need to call +``get_instance()`` in every single method. Example:: @@ -80,9 +73,8 @@ Example:: { $this->CI->config->item('base_url'); } - } In the above example, both methods ``foo()`` and ``bar()`` will work after you instantiate the Example class, without the need to call -``get_instance()`` in each of them. \ No newline at end of file +``get_instance()`` in each of them. -- cgit v1.2.3-24-g4f1b From 737a5660c09e844d44969d1b7e8165b5f0296e37 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Mar 2015 12:41:38 +0200 Subject: [ci skip] Forbid DB session usage with cache_on enabled --- user_guide_src/source/libraries/sessions.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 2317f8560..54655ff79 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -569,9 +569,10 @@ However, there are some conditions that must be met: - Only your **default** database connection (or the one that you access as ``$this->db`` from your controllers) can be used. - - You can NOT use a persistent connection. - You must have the :doc:`Query Builder ` enabled. + - You can NOT use a persistent connection. + - You can NOT use a connection with the *cache_on* setting enabled. In order to use the 'database' session driver, you must also create this table that we already mentioned and then set it as your -- cgit v1.2.3-24-g4f1b From bd2a7e4062fd97017c5b16beddc15b0c7fc38210 Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Wed, 25 Mar 2015 02:36:31 -0700 Subject: Fixed user guide internal & external links to resolve problems reported by sphinx "make linkcheck" Signed-off-by:Master Yoda --- user_guide_src/source/changelog.rst | 22 ++++++++-------------- user_guide_src/source/contributing/index.rst | 7 +++---- user_guide_src/source/general/credits.rst | 8 ++++---- user_guide_src/source/general/environments.rst | 4 ++-- user_guide_src/source/general/requirements.rst | 2 +- user_guide_src/source/helpers/date_helper.rst | 4 ++-- user_guide_src/source/helpers/email_helper.rst | 2 +- user_guide_src/source/helpers/file_helper.rst | 2 +- user_guide_src/source/helpers/smiley_helper.rst | 2 +- user_guide_src/source/helpers/string_helper.rst | 2 +- user_guide_src/source/helpers/url_helper.rst | 4 ++-- user_guide_src/source/installation/downloads.rst | 16 ++++++++-------- user_guide_src/source/installation/upgrade_200.rst | 4 ++-- user_guide_src/source/installation/upgrade_300.rst | 2 +- user_guide_src/source/libraries/caching.rst | 3 +-- user_guide_src/source/libraries/encryption.rst | 2 +- user_guide_src/source/libraries/javascript.rst | 8 ++++---- user_guide_src/source/libraries/language.rst | 2 +- user_guide_src/source/libraries/loader.rst | 4 ++-- user_guide_src/source/libraries/sessions.rst | 2 +- user_guide_src/source/overview/features.rst | 2 +- .../source/tutorial/create_news_items.rst | 22 +++++++++++----------- user_guide_src/source/tutorial/index.rst | 8 ++++---- user_guide_src/source/tutorial/news_section.rst | 14 +++++++------- user_guide_src/source/tutorial/static_pages.rst | 8 ++++---- 25 files changed, 74 insertions(+), 82 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 44a58915b..a1b15105f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -56,7 +56,7 @@ Release Date: Not Released - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required. - Added support for changing the file extension of log files using ``$config['log_file_extension']``. - Added support for turning newline standardization on/off via ``$config['standardize_newlines']`` and set it to FALSE by default. - - Added configuration setting ``$config['composer_autoload']`` to enable loading of a `Composer `_ auto-loader. + - Added configuration setting ``$config['composer_autoload']`` to enable loading of a `Composer `_ auto-loader. - Removed the automatic conversion of 'programmatic characters' to HTML entities from the :doc:`URI Library `. - Changed log messages that say a class or file was loaded to "info" level instead of "debug", so that they don't pollute log files when ``$config['log_threshold']`` is set to 2 (debug). @@ -67,7 +67,7 @@ Release Date: Not Released - Added an optional third parameter to :php:func:`timespan()` that constrains the number of time units displayed. - Added an optional parameter to :php:func:`timezone_menu()` that allows more attributes to be added to the generated select tag. - Added function :php:func:`date_range()` that generates a list of dates between a specified period. - - Deprecated ``standard_date()``, which now just uses the native ``date()`` with `DateTime constants `_. + - Deprecated ``standard_date()``, which now just uses the native ``date()`` with `DateTime constants `_. - Changed :php:func:`now()` to work with all timezone strings supported by PHP. - Changed :php:func:`days_in_month()` to use the native ``cal_days_in_month()`` PHP function, if available. @@ -1137,12 +1137,8 @@ Bug fixes for 2.0.2 class `. - Added form_validation_lang entries for decimal, less_than and greater_than. -- `Fixed issue - #153 `_ - Escape Str Bug in MSSQL driver. -- `Fixed issue - #172 `_ - Google Chrome 11 posts incorrectly when action is empty. +- Fixed issue #153 Escape Str Bug in MSSQL driver. +- Fixed issue #172 Google Chrome 11 posts incorrectly when action is empty. Version 2.0.1 ============= @@ -1235,8 +1231,7 @@ Hg Tag: v2.0.0 libraries, models, config files, etc. in a single "package" directory. See the :doc:`Loader class ` documentation for more details. - - In-development code is now hosted at - `BitBucket `_. + - In-development code is now hosted at BitBucket . - Removed the deprecated Validation Class. - Added CI\_ Prefix to all core classes. - Package paths can now be set in application/config/autoload.php. @@ -1378,7 +1373,7 @@ Hg Tag: v2.0.0 precision. - Added alpha, and sha1 string types to random_string() in the :doc:`String Helper `. - - Modified prep_url() so as to not prepend http:// if the supplied + - Modified prep_url() so as to not prepend http:// if the supplied string already has a scheme. - Modified get_file_info in the file helper, changing filectime() to filemtime() for dates. @@ -2118,7 +2113,7 @@ Bugfixes for 1.6.2 instantiating new Language and Exception objects, and not using the error heading. - Fixed a bug (#4413) where a URI containing slashes only e.g. - 'http://example.com/index.php?//' would result in PHP errors + 'http://example.com/index.php?//' would result in PHP errors - Fixed an array to string conversion error in the Validation library (#4425) - Fixed bug (#4451, #4299, #4339) where failed transactions will not @@ -2770,8 +2765,7 @@ Release Date: September 17, 2006 the core files. - Added the ability to organize controller files :doc:`into sub-folders `. Kudos to Marco for - `suggesting `_ this - (and the next two) feature. + suggesting this (and the next two) feature. - Added regular expressions support for :doc:`routing rules <./general/routing>`. - Added the ability to :doc:`remap function diff --git a/user_guide_src/source/contributing/index.rst b/user_guide_src/source/contributing/index.rst index e88147753..0112ca065 100644 --- a/user_guide_src/source/contributing/index.rst +++ b/user_guide_src/source/contributing/index.rst @@ -10,9 +10,8 @@ Contributing to CodeIgniter CodeIgniter is a community driven project and accepts contributions of code and documentation from the community. These contributions are made in the form -of Issues or `Pull Requests `_ on -the `CodeIgniter repository -`_ on GitHub. +of Issues or `Pull Requests `_ +on the `CodeIgniter repository `_ on GitHub. Issues are a quick way to point out a bug. If you find a bug or documentation error in CodeIgniter then please check a few things first: @@ -75,7 +74,7 @@ PHP Style ========= All code must meet the `Style Guide -`_, which is +`_, which is essentially the `Allman indent style `_, underscores and readable operators. This makes certain that all code is the same format as the diff --git a/user_guide_src/source/general/credits.rst b/user_guide_src/source/general/credits.rst index d22e3a9bc..d0f14b3bd 100644 --- a/user_guide_src/source/general/credits.rst +++ b/user_guide_src/source/general/credits.rst @@ -2,17 +2,17 @@ Credits ####### -CodeIgniter was originally developed by `Rick Ellis `_ -(CEO of `EllisLab, Inc. `_). The framework was written for +CodeIgniter was originally developed by `Rick Ellis `_ +(CEO of `EllisLab, Inc. `_). The framework was written for performance in the real world, with many of the class libraries, helpers, and sub-systems borrowed from the code-base of `ExpressionEngine -`_. +`_. It was, for years, developed and maintained by EllisLab, the ExpressionEngine Development Team and a group of community members called the Reactor Team. In 2014, CodeIgniter was acquired by the `British Columbia Institute of Technology -`_ and was then officially announced as a community-maintained +`_ and was then officially announced as a community-maintained project. Bleeding edge development is spearheaded by the handpicked contributors diff --git a/user_guide_src/source/general/environments.rst b/user_guide_src/source/general/environments.rst index 1ce4fde3a..f5a4f617e 100644 --- a/user_guide_src/source/general/environments.rst +++ b/user_guide_src/source/general/environments.rst @@ -48,5 +48,5 @@ Configuration Files Optionally, you can have CodeIgniter load environment-specific configuration files. This may be useful for managing things like differing API keys across multiple environments. This is described in -more detail in the environment section of the `Config -Class <../libraries/config.html#environments>`_ documentation. \ No newline at end of file +more detail in the environment section of the :doc:`Config +Class <../libraries/config#environments>`_ documentation. \ No newline at end of file diff --git a/user_guide_src/source/general/requirements.rst b/user_guide_src/source/general/requirements.rst index e3f73dba8..f90cdd30d 100644 --- a/user_guide_src/source/general/requirements.rst +++ b/user_guide_src/source/general/requirements.rst @@ -2,7 +2,7 @@ Server Requirements ################### -`PHP `_ version 5.4 or newer is recommended. +`PHP `_ version 5.4 or newer is recommended. It should work on 5.2.4 as well, but we strongly advise you NOT to run such old versions of PHP, because of potential security and performance diff --git a/user_guide_src/source/helpers/date_helper.rst b/user_guide_src/source/helpers/date_helper.rst index bed3b32a2..e0f9f0033 100644 --- a/user_guide_src/source/helpers/date_helper.rst +++ b/user_guide_src/source/helpers/date_helper.rst @@ -50,7 +50,7 @@ The following functions are available: :returns: MySQL-formatted date :rtype: string - This function is identical to PHP's `date() `_ + This function is identical to PHP's `date() `_ function, except that it lets you use MySQL style date codes, where each code letter is preceded with a percent sign, e.g. `%Y %m %d` @@ -84,7 +84,7 @@ The following functions are available: .. note:: This function is DEPRECATED. Use the native ``date()`` combined with `DateTime's format constants - `_ + `_ instead:: echo date(DATE_RFC822, time()); diff --git a/user_guide_src/source/helpers/email_helper.rst b/user_guide_src/source/helpers/email_helper.rst index 685226951..1ee97d902 100644 --- a/user_guide_src/source/helpers/email_helper.rst +++ b/user_guide_src/source/helpers/email_helper.rst @@ -62,7 +62,7 @@ The following functions are available: :returns: TRUE if the mail was successfully sent, FALSE in case of an error :rtype: bool - Sends an email using PHP's native `mail() `_ + Sends an email using PHP's native `mail() `_ function. .. note:: All that this function does is to use PHP's native ``mail`` diff --git a/user_guide_src/source/helpers/file_helper.rst b/user_guide_src/source/helpers/file_helper.rst index 92cb31a82..833cddea4 100644 --- a/user_guide_src/source/helpers/file_helper.rst +++ b/user_guide_src/source/helpers/file_helper.rst @@ -76,7 +76,7 @@ The following functions are available: write_file('./path/to/file.php', $data, 'r+'); - The default mode is 'wb'. Please see the `PHP user guide `_ + The default mode is 'wb'. Please see the `PHP user guide `_ for mode options. .. note: In order for this function to write data to a file, its permissions must diff --git a/user_guide_src/source/helpers/smiley_helper.rst b/user_guide_src/source/helpers/smiley_helper.rst index 978d11e5f..3e7669942 100644 --- a/user_guide_src/source/helpers/smiley_helper.rst +++ b/user_guide_src/source/helpers/smiley_helper.rst @@ -43,7 +43,7 @@ download and install the smiley images, then create a controller and the View as described. .. important:: Before you begin, please `download the smiley images - `_ + `_ and put them in a publicly accessible place on your server. This helper also assumes you have the smiley replacement array located at `application/config/smileys.php` diff --git a/user_guide_src/source/helpers/string_helper.rst b/user_guide_src/source/helpers/string_helper.rst index 9d0d890b3..a1acb215c 100644 --- a/user_guide_src/source/helpers/string_helper.rst +++ b/user_guide_src/source/helpers/string_helper.rst @@ -124,7 +124,7 @@ The following functions are available: :rtype: string Converts double slashes in a string to a single slash, except those - found in URL protocol prefixes (e.g. http://). + found in URL protocol prefixes (e.g. http://). Example:: diff --git a/user_guide_src/source/helpers/url_helper.rst b/user_guide_src/source/helpers/url_helper.rst index 83864d9d3..64deae240 100644 --- a/user_guide_src/source/helpers/url_helper.rst +++ b/user_guide_src/source/helpers/url_helper.rst @@ -144,7 +144,7 @@ Available Functions be a string or an array. .. note:: If you are building links that are internal to your application - do not include the base URL (http://...). This will be added + do not include the base URL (http://...). This will be added automatically from the information specified in your config file. Include only the URI segments you wish appended to the URL. @@ -317,7 +317,7 @@ Available Functions :returns: Protocol-prefixed URL string :rtype: string - This function will add http:// in the event that a protocol prefix + This function will add http:// in the event that a protocol prefix is missing from a URL. Pass the URL string to the function like this:: diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index 3b4ebe64b..e2b6a9c18 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,14 +2,14 @@ Downloading CodeIgniter ####################### -- `CodeIgniter v3.0.0 (Current version) `_ -- `CodeIgniter v2.2.1 `_ -- `CodeIgniter v2.2.0 `_ -- `CodeIgniter v2.1.4 `_ -- `CodeIgniter v2.1.3 `_ -- `CodeIgniter v2.1.2 `_ -- `CodeIgniter v2.1.1 `_ -- `CodeIgniter v2.1.0 `_ +- `CodeIgniter v3.0.0 (Current version) `_ +- `CodeIgniter v2.2.1 `_ +- `CodeIgniter v2.2.0 `_ +- `CodeIgniter v2.1.4 `_ +- `CodeIgniter v2.1.3 `_ +- `CodeIgniter v2.1.2 `_ +- `CodeIgniter v2.1.1 `_ +- `CodeIgniter v2.1.0 `_ ****** GitHub diff --git a/user_guide_src/source/installation/upgrade_200.rst b/user_guide_src/source/installation/upgrade_200.rst index ca2c6c1e0..03b8ff4ac 100644 --- a/user_guide_src/source/installation/upgrade_200.rst +++ b/user_guide_src/source/installation/upgrade_200.rst @@ -64,8 +64,8 @@ string using the improved methods. This will enable you to easily replace stale encrypted data with fresh in your applications, either on the fly or en masse. -Please read `how to use this -method <../libraries/encrypt.html#legacy>`_ in the Encrypt library +Please read :doc:`how to use this +method <../libraries/encrypt>` in the Encrypt library documentation. Step 5: Remove loading calls for the compatibility helper. diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 2f806cccf..7e3479740 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -627,7 +627,7 @@ Date helper standard_date() =========================== :doc:`Date Helper <../helpers/date_helper>` function ``standard_date()`` is being deprecated due -to the availability of native PHP `constants `_, +to the availability of native PHP `constants `_, which when combined with ``date()`` provide the same functionality. Furthermore, they have the exact same names as the ones supported by ``standard_date()``. Here are examples of how to replace its usage: diff --git a/user_guide_src/source/libraries/caching.rst b/user_guide_src/source/libraries/caching.rst index 86439b4ee..f54de5faf 100644 --- a/user_guide_src/source/libraries/caching.rst +++ b/user_guide_src/source/libraries/caching.rst @@ -250,8 +250,7 @@ Redis Caching ============= Redis is an in-memory key-value store which can operate in LRU cache mode. -To use it, you need Redis server and phpredis PHP extension -`https://github.com/nicolasff/phpredis `_. +To use it, you need `Redis server and phpredis PHP extension `_. Config options to connect to redis server must be stored in the application/config/redis.php file. Available options are:: diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 0c347604c..599be4df0 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -482,7 +482,7 @@ The reason for not including other popular algorithms, such as MD5 or SHA1 is that they are no longer considered secure enough and as such, we don't want to encourage their usage. If you absolutely need to use them, it is easy to do so via PHP's -native `hash_hmac() `_ function. +native `hash_hmac() `_ function. Stronger algorithms of course will be added in the future as they appear and become widely available. diff --git a/user_guide_src/source/libraries/javascript.rst b/user_guide_src/source/libraries/javascript.rst index 7f83b2f70..e91b9ad78 100644 --- a/user_guide_src/source/libraries/javascript.rst +++ b/user_guide_src/source/libraries/javascript.rst @@ -135,7 +135,7 @@ In the above example: keydown, keyup, load, mousedown, mouseup, mouseover, mouseup, resize, scroll, or unload. - "element_path" is any valid `jQuery selector - `_. Due to jQuery's unique + `_. Due to jQuery's unique selector syntax, this is usually an element id, or CSS selector. For example "#notice_area" would effect ``
``, and "#content a.notice" would effect all anchors with a class of "notice" @@ -147,7 +147,7 @@ Effects ======= The query library supports a powerful -`Effects `_ repertoire. Before an effect +`Effects `_ repertoire. Before an effect can be used, it must be loaded:: $this->jquery->effect([optional path] plugin name); // for example $this->jquery->effect('bounce'); @@ -201,7 +201,7 @@ animate() other additional information. For a full summary, see -`http://docs.jquery.com/Effects/animate `_ +`http://api.jquery.com/animate/ `_ Here is an example of an animate() called on a div with an id of "note", and triggered by a click using the jQuery library's click() event. @@ -288,7 +288,7 @@ corner() -------- Used to add distinct corners to page elements. For full details see -`http://www.malsup.com/jquery/corner/ `_ +`http://malsup.com/jquery/corner/ `_ :: diff --git a/user_guide_src/source/libraries/language.rst b/user_guide_src/source/libraries/language.rst index ee1cefcd0..de17c8288 100644 --- a/user_guide_src/source/libraries/language.rst +++ b/user_guide_src/source/libraries/language.rst @@ -19,7 +19,7 @@ your **application/language/** directory, with separate sub-directories for each The CodeIgniter framework comes with a set of language files for the "english" idiom. Additional approved translations for different idioms may be found in the -`CodeIgniter 3 Translations repositories `_. +`CodeIgniter 3 Translations repositories `_. Each repository deals with a single idiom. When CodeIgniter loads language files, it will load the one in **system/language/** diff --git a/user_guide_src/source/libraries/loader.rst b/user_guide_src/source/libraries/loader.rst index efa9d519b..228d5e478 100644 --- a/user_guide_src/source/libraries/loader.rst +++ b/user_guide_src/source/libraries/loader.rst @@ -238,7 +238,7 @@ Class Reference The second **optional** parameter can take an associative array or an object as input, which it runs through the PHP - `extract() `_ function to convert to variables + `extract() `_ function to convert to variables that can be used in your view files. Again, read the :doc:`Views <../general/views>` page to learn how this might be useful. @@ -259,7 +259,7 @@ Class Reference :rtype: CI_Loader This method takes an associative array as input and generates - variables using the PHP `extract() `_ + variables using the PHP `extract() `_ function. This method produces the same result as using the second parameter of the ``$this->load->view()`` method above. The reason you might want to use this method independently is if you would like to diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 54655ff79..2034ed2b0 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -640,7 +640,7 @@ of its high performance, which is also probably your reason to use the 'redis' session driver. The downside is that it is not as ubiquitous as relational databases and -requires the `phpredis `_ PHP +requires the `phpredis `_ PHP extension to be installed on your system, and that one doesn't come bundled with PHP. Chances are, you're only be using the 'redis' driver only if you're already diff --git a/user_guide_src/source/overview/features.rst b/user_guide_src/source/overview/features.rst index 8c27b1436..b230be9a3 100644 --- a/user_guide_src/source/overview/features.rst +++ b/user_guide_src/source/overview/features.rst @@ -8,7 +8,7 @@ how intuitively or intelligently it is designed. Features don't reveal anything about the quality of the code, or the performance, or the attention to detail, or security practices. The only way to really judge an app is to try it and get to know the code. -`Installing <../installation/>`_ CodeIgniter is child's play so we +:doc:`Installing <../installation/>`_ CodeIgniter is child's play so we encourage you to do just that. In the mean time here's a list of CodeIgniter's main features. diff --git a/user_guide_src/source/tutorial/create_news_items.rst b/user_guide_src/source/tutorial/create_news_items.rst index 461584723..71d2080af 100644 --- a/user_guide_src/source/tutorial/create_news_items.rst +++ b/user_guide_src/source/tutorial/create_news_items.rst @@ -37,16 +37,16 @@ application/views/news/create.php. There are only two things here that probably look unfamiliar to you: the form_open() function and the validation_errors() function. -The first function is provided by the `form -helper <../helpers/form_helper.html>`_ and renders the form element and -adds extra functionality, like adding a hidden `CSRF prevention -field <../libraries/security.html>`_. The latter is used to report +The first function is provided by the :doc:`form +helper <../helpers/form_helper>` and renders the form element and +adds extra functionality, like adding a hidden :doc:`CSRF prevention +field <../libraries/security>`. The latter is used to report errors related to form validation. Go back to your news controller. You're going to do two things here, check whether the form was submitted and whether the submitted data -passed the validation rules. You'll use the `form -validation <../libraries/form_validation.html>`_ library to do this. +passed the validation rules. You'll use the :doc:`form +validation <../libraries/form_validation>` library to do this. :: @@ -81,8 +81,8 @@ the name of the input field, the name to be used in error messages, and the rule. In this case the title and text fields are required. CodeIgniter has a powerful form validation library as demonstrated -above. You can read `more about this library -here <../libraries/form_validation.html>`_. +above. You can read :doc:`more about this library +here <../libraries/form_validation>`. Continuing down, you can see a condition that checks whether the form validation ran successfully. If it did not, the form is displayed, if it @@ -117,7 +117,7 @@ the model created earlier and add the following: This new method takes care of inserting the news item into the database. The third line contains a new function, url\_title(). This function - -provided by the `URL helper <../helpers/url_helper.html>`_ - strips down +provided by the :doc:`URL helper <../helpers/url_helper>` - strips down the string you pass it, replacing all spaces by dashes (-) and makes sure everything is in lowercase characters. This leaves you with a nice slug, perfect for creating URIs. @@ -125,8 +125,8 @@ slug, perfect for creating URIs. Let's continue with preparing the record that is going to be inserted later, inside the $data array. Each element corresponds with a column in the database table created earlier. You might notice a new method here, -namely the post() method from the `input -library <../libraries/input.html>`_. This method makes sure the data is +namely the post() method from the :doc:`input +library <../libraries/input>`. This method makes sure the data is sanitized, protecting you from nasty attacks from others. The input library is loaded by default. At last, you insert our $data array into our database. diff --git a/user_guide_src/source/tutorial/index.rst b/user_guide_src/source/tutorial/index.rst index b1ab331d1..91f99c7cd 100644 --- a/user_guide_src/source/tutorial/index.rst +++ b/user_guide_src/source/tutorial/index.rst @@ -24,13 +24,13 @@ through the following pages: - Introduction, this page, which gives you an overview of what to expect. -- `Static pages `_, which will teach you the basics +- :doc:`Static pages `, which will teach you the basics of controllers, views and routing. -- `News section `_, where you'll start using models +- :doc:`News section `, where you'll start using models and will be doing some basic database operations. -- `Create news items `_, which will introduce +- :doc:`Create news items `, which will introduce more advanced database operations and form validation. -- `Conclusion `_, which will give you some pointers on +- :doc:`Conclusion `, which will give you some pointers on further reading and other resources. Enjoy your exploration of the CodeIgniter framework. diff --git a/user_guide_src/source/tutorial/news_section.rst b/user_guide_src/source/tutorial/news_section.rst index f436b2510..d8ebac4a3 100644 --- a/user_guide_src/source/tutorial/news_section.rst +++ b/user_guide_src/source/tutorial/news_section.rst @@ -18,7 +18,7 @@ database or other data stores. They represent your data. Open up the application/models directory and create a new file called News_model.php and add the following code. Make sure you've configured your database properly as described -`here <../database/configuration.html>`_. +:doc:`here <../database/configuration>`. :: @@ -53,10 +53,10 @@ seed records. Now that the database and a model have been set up, you'll need a method to get all of our posts from our database. To do this, the database -abstraction layer that is included with CodeIgniter — `Active -Record <../database/query_builder.html>`_ — is used. This makes it -possible to write your 'queries' once and make them work on `all -supported database systems <../general/requirements.html>`_. Add the +abstraction layer that is included with CodeIgniter — +:doc:`Query Builder <../database/query_builder>` — is used. This makes it +possible to write your 'queries' once and make them work on :doc:`all +supported database systems <../general/requirements>`. Add the following code to your model. :: @@ -157,8 +157,8 @@ and add the next piece of code. Here, each news item is looped and displayed to the user. You can see we wrote our template in PHP mixed with HTML. If you prefer to use a -template language, you can use CodeIgniter's `Template -Parser <../libraries/parser>`_ class or a third party parser. +template language, you can use CodeIgniter's :doc:`Template +Parser <../libraries/parser>` class or a third party parser. The news overview page is now done, but a page to display individual news items is still absent. The model created earlier is made in such diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 53f286473..210d9f8d6 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -3,7 +3,7 @@ Static pages ############ **Note:** This tutorial assumes you've downloaded CodeIgniter and -`installed the framework <../installation/index.html>`_ in your +:doc:`installed the framework <../installation/index>` in your development environment. The first thing you're going to do is set up a **controller** to handle @@ -12,14 +12,14 @@ It is the glue of your web application. For example, when a call is made to: - http://example.com/news/latest/10 + http://example.com/news/latest/10 We might imagine that there is a controller named "news". The method being called on news would be "latest". The news method's job could be to grab 10 news items, and render them on the page. Very often in MVC, you'll see URL patterns that match: - http://example.com/[controller-class]/[controller-method]/[arguments] + http://example.com/[controller-class]/[controller-method]/[arguments] As URL schemes become more complex, this may change. But for now, this is all we will need to know. @@ -159,7 +159,7 @@ match, and calls the appropriate controller and method, possibly with arguments. More information about routing can be found in the URI Routing -`documentation <../general/routing.html>`_. +:doc:`documentation <../general/routing>`. Here, the second rule in the $routes array matches **any** request using the wildcard string (:any). and passes the parameter to the ``view()`` -- cgit v1.2.3-24-g4f1b From 6f30b1ad3f51470cd2ffe95447806dbf527f6938 Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Fri, 27 Mar 2015 09:38:23 -0700 Subject: Fix an example in the tutorial. Signed-off-by:Master Yoda --- user_guide_src/source/tutorial/static_pages.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 210d9f8d6..0c75d5a34 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -64,7 +64,7 @@ following code. -

CodeIgniter Tutorial

+

The header contains the basic HTML code that you'll want to display before loading the main view, together with a heading. It will also -- cgit v1.2.3-24-g4f1b From 6eb599a2285e2981341b220b72e6f99149f92c3b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 30 Mar 2015 19:53:38 +0300 Subject: [ci skip] Fix a broken link in the changelog --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a1b15105f..45780ddb3 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -565,7 +565,7 @@ Release Date: Not Released - Changed the library constructor to try to create the **log_path** directory if it doesn't exist. - Added support for microseconds ("u" date format character) in ``$config['log_date_format']``. - - Added `compatibility layers ` for: + - Added :doc:`compatibility layers ` for: - `Multibyte String `_ (limited support). - `Hash `_ (``hash_equals()``, ``hash_pbkdf2()``). -- cgit v1.2.3-24-g4f1b From c0b2ae29b8a4c48c6adde72bc3f66ad3780246ec Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 31 Mar 2015 11:50:46 +0300 Subject: [ci skip] Update version number --- user_guide_src/source/conf.py | 4 ++-- user_guide_src/source/installation/upgrade_300.rst | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index d65fe0dfd..93d70b2e4 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2015, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.0' +version = '3.0.0' # The full version, including alpha/beta/rc tags. -release = '3.0-dev' +release = '3.0.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 7e3479740..a3d712482 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -2,8 +2,6 @@ Upgrading from 2.2.x to 3.0.0 ############################# -.. note:: These upgrade notes are for a version that is yet to be released. - Before performing an update you should take your site offline by replacing the index.php file with a static one. ************************************* -- cgit v1.2.3-24-g4f1b From a8c499d0125b2e96f7f3c539f6b46cff7547aa80 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 31 Mar 2015 15:01:36 +0300 Subject: [ci skip] Update security recommendations --- user_guide_src/source/general/security.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index efc821f2b..fcfe4c24b 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -143,11 +143,15 @@ with that. Please read below. feature, just randomly generate a new, one-time (this is also important) password and send that instead. -- DO NOT put artificial limits on your users' passwords. +- DO NOT put unnecessary limits on your users' passwords. - There's no point in forcing a rule that a password can only be up to - a number of characters, or that it can't contain a certain set of - special characters. + If you're using a hashing algorithm other than BCrypt (which has a limit + of 72 characters), you should set a relatively high limit on password + lengths in order to mitigate DoS attacks - say, 1024 characters. + + Other than that however, there's no point in forcing a rule that a + password can only be up to a number of characters, or that it can't + contain a certain set of special characters. Not only does this **reduce** security instead of improving it, but there's literally no reason to do it. No technical limitations and -- cgit v1.2.3-24-g4f1b From 68bad62fc4d88b6423bd15ab94a53c54a919f041 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 1 Apr 2015 14:51:25 +0300 Subject: Mitigate potential DoS attacks against hash_pbkdf2() Related: #3720 --- user_guide_src/source/changelog.rst | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 45780ddb3..e6e3e9d17 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -2,11 +2,21 @@ Change Log ########## -Version 3.0 (planned) -======================= +Version 3.0.1 +============= Release Date: Not Released +- Core + + - Added DoS mitigation to :php:func:`hash_pbkdf2()` :doc:`compatibility function `. + + +Version 3.0.0 +============= + +Release Date: March 30, 2015 + - License - CodeIgniter has been relicensed with the `MIT License `_, eliminating its old proprietary licensing. -- cgit v1.2.3-24-g4f1b From d75847ecf28bdbad7033af33514d042ee86c13c2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 1 Apr 2015 14:51:47 +0300 Subject: [ci skip] Update version numbers --- user_guide_src/source/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index 93d70b2e4..1704654b6 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2015, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.0.0' +version = '3.0.1' # The full version, including alpha/beta/rc tags. -release = '3.0.0' +release = '3.0.0-dev' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. -- cgit v1.2.3-24-g4f1b From 680e52985219a25926a3396677cb8391c8cc9da6 Mon Sep 17 00:00:00 2001 From: Sentabi Date: Thu, 2 Apr 2015 23:52:40 +0700 Subject: fixing typo --- user_guide_src/source/tutorial/static_pages.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 0c75d5a34..62b3469ad 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -12,14 +12,14 @@ It is the glue of your web application. For example, when a call is made to: - http://example.com/news/latest/10 + http://example.com/news/latest/10 We might imagine that there is a controller named "news". The method being called on news would be "latest". The news method's job could be to grab 10 news items, and render them on the page. Very often in MVC, you'll see URL patterns that match: - http://example.com/[controller-class]/[controller-method]/[arguments] + http://example.com/[controller-class]/[controller-method]/[arguments] As URL schemes become more complex, this may change. But for now, this is all we will need to know. -- cgit v1.2.3-24-g4f1b From 1db6da309a66ff202d43a4bbb5fdbd66d70afe13 Mon Sep 17 00:00:00 2001 From: LouisMilotte Date: Sat, 4 Apr 2015 03:22:12 -0700 Subject: Edit dbforge drop_table line 230 At current the documentation does not distinguish between DROP TABLE IF EXISTS table_name and DROP TABLE table_name. As seen by the DB_forge.php class in system/database; the function accepts a Boolean as the second parameter as to whether or not to apply the IF EXISTS mysql condition. --- user_guide_src/source/database/forge.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/database/forge.rst b/user_guide_src/source/database/forge.rst index 89fac023e..a4edada5c 100644 --- a/user_guide_src/source/database/forge.rst +++ b/user_guide_src/source/database/forge.rst @@ -227,7 +227,7 @@ Execute a DROP TABLE statement and optionally add an IF EXISTS clause. $this->dbforge->drop_table('table_name'); // Produces: DROP TABLE IF EXISTS table_name - $this->dbforge->drop_table('table_name'); + $this->dbforge->drop_table('table_name',TRUE); Renaming a table @@ -405,4 +405,4 @@ Class Reference :returns: TRUE on success, FALSE on failure :rtype: bool - Renames a table. Usage: See `Renaming a table`_. \ No newline at end of file + Renames a table. Usage: See `Renaming a table`_. -- cgit v1.2.3-24-g4f1b From e36d048b068418b76551fb9eaa2c32a7b40f3812 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 4 Apr 2015 21:55:09 +0300 Subject: Fix #3733 Close #3734 --- user_guide_src/source/changelog.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index e6e3e9d17..8fa4d1ef1 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -11,6 +11,10 @@ Release Date: Not Released - Added DoS mitigation to :php:func:`hash_pbkdf2()` :doc:`compatibility function `. +Bug fixes for 3.0.1 +------------------- + +- Fixed a bug (#3733) - Autoloading of libraries with aliases didn't work, although it was advertised to. Version 3.0.0 ============= @@ -589,7 +593,7 @@ Release Date: March 30, 2015 Bug fixes for 3.0 ------------------- +----------------- - Fixed a bug where ``unlink()`` raised an error if cache file did not exist when you try to delete it. - Fixed a bug (#181) - a typo in the form validation language file. -- cgit v1.2.3-24-g4f1b