What's new in CodeIgniter 2.1.3
Oct 10, 2012
- Bug fixes:
- Fixed a bug (#1543) - File-based Caching method get_metadata() used a non-existent array key to look for the TTL value.
- Fixed a bug (#1314) - Session Library method sess_destroy() didn't destroy the userdata array.
- Fixed a bug where the Profiler Library issued an E_WARNING error if Session userdata contains objects.
- Fixed a bug (#1699) - Migration Library ignored the $config['migration_path'] setting.
- Fixed a bug (#227) - Input Library allowed unconditional spoofing of HTTP clients' IP addresses through the HTTP_CLIENT_IP header.
- Fixed a bug (#907) - Input Library ignored HTTP_X_CLUSTER_CLIENT_IP and HTTP_X_CLIENT_IP headers when checking for proxies.
- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.
- Fixed a bug in the Security Library where a CSRF cookie was created even if $config['csrf_protection'] is set tot FALSE.
- Fixed a bug (#1715) - Input Library triggered csrf_verify() on CLI requests.
New in CodeIgniter 2.1.0 (Nov 23, 2011)
- General Changes:
- Fixed a potential parameter injection flaw in the Security Library and strengthened the XSS filter for HTML5 vulnerabilites.
- Callback validation rules can now accept parameters like any other validation rule.
- Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
- Helpers:
- Added increment_string() to String Helper to turn "foo" into "foo-1" or "foo-1" into "foo-2".
- Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)
- url_title() will now trim extra dashes from beginning and end.
- Improved speed of String Helper's random_string() method
- Database:
- Added a CUBRID driver to the Database driver. Thanks to the CUBRID team for supplying this patch.
- Added a PDO driver to the Database driver.
- Typecast limit and offset in the Database driver to integers to avoid possible injection.
- Added additional option 'none' for the optional third argument for $this->db->like() in the Database driver.
- Added $this->db->insert_batch() support to the OCI8 (Oracle) driver.
- Libraries:
- Changed $this->cart->insert() in the Cart library to return the Row ID if a single item was inserted successfully.
- Added support to set an optional parameter in your callback rules of validation using the Form Validation library.
- Added a Migration library to assist with applying incremental updates to your database schema.
- Driver children can be located in any package path.
- Added is_unique to the Form Validation library.
- Added $config['use_page_numbers'] to the Pagination library, which enables real page numbers in the URI.
- Added TLS and SSL Encryption for SMTP.
- Core:
- Changed private functions in URI library to protected so MY_URI can override them.
- Removed CI_CORE boolean constant from CodeIgniter.php (there are no longer different Reactor and Core versions).
- Bug fixes:
- Fixed #378 Robots identified as regular browsers by the User Agent class.
- If a config class was loaded first then a library with the same name is loaded, the config would be ignored.
- Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.
- Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.
- Fixed a bug (#200) where MySQL queries would be malformed after calling $this->db->count_all() then $this->db->get()
- Fixed bug #105 that stopped query errors from being logged unless database debugging was enabled
- Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
- Fixed a bug (#150) - field_data() now correctly returns column length.
- Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.
- Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().
- Fixed a bug (#85) - OCI8 (Oracle) database escape_str() function did not escape correct.
- Fixed a bug (#344) - Using schema found in Saving Session Data to a Database, system would throw error "user_data does not have a default value" when deleting then creating a session.
- Fixed a bug (#112) - OCI8 (Oracle) driver didn't pass the configured database character set when connecting.
- Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.
- Fixed a bug (#82) - WHERE clause field names in the DB update_string() method were not escaped, resulting in failed queries in some cases.
- Fixed a bug (#89) - Fix a variable type mismatch in DB display_error() where an array is expected, but a string could be set instead.
- Fixed a bug (#467) - Suppress warnings generated from get_magic_quotes_gpc() (deprecated in PHP 5.4)
- Fixed a bug (#484) - First time _csrf_set_hash() is called, hash is never set to the cookie (in Security.php).
- Fixed a bug (#60) - Added _file_mime_type() method to the File Uploading Library in order to fix a possible MIME-type injection (also fixes bug #394).
- Fixed a bug (#537) - Support for all wav type in browser.
- Fixed a bug (#576) - Using ini_get() function to detect if apc is enabled or not.
- Fixed invalid date time format in Date helper and XMLRPC library.
New in CodeIgniter 2.0.2 (May 11, 2011)
- General changes:
- The Security library was moved to the core and is now loaded automatically. Please remove your loading calls.
- The CI_SHA class is now deprecated. All supported versions of PHP provide a sha1() function.
- constants.php will now be loaded from the environment folder if available.
- Added language key error logging
- Made Environment Support optional. Comment out or delete the constant to stop environment checks.
- Added Environment Support for Hooks.
- Added CI_ Prefix to the Cache driver.
- Helpers:
- Removed the previously deprecated dohash() from the Security helper; use do_hash() instead.
- Changed the 'plural' function so that it doesn't ruin the captalization of your string. It also take into consideration acronyms which are all caps.
- Database:
- $this->db->count_all_results() will now return an integer instead of a string.
New in CodeIgniter 1.7.3 (Jan 10, 2011)
- Version 1.7.3 is a security maintenance release, including a previously patched file Upload class, and a new security fix to prevent possible directory traversal in certain circumstances. There are no other significant changes.
New in CodeIgniter 1.7.2 (Oct 13, 2009)
- Libraries
- Added a new Cart Class.
- Added the ability to pass $config['file_name'] for the File Uploading Class and rename the uploaded file.
- Changed order of listed user-agents so Safari would more accurately report itself. (#6844)
- Database
- Switched from using gettype() in escape() to is_* methods, since future PHP versions might change its output.
- Updated all database drivers to handle arrays in escape_str()
- Added escape_like_str() method for escaping strings to be used in LIKE conditions
- Updated Active Record to utilize the new LIKE escaping mechanism.
- Added reconnect() method to DB drivers to try to keep alive / reestablish a connection after a long idle.
- Modified MSSQL driver to use mssql_get_last_message() for error messages.
- Helpers
- Added form_multiselect() to the Form helper.
- Modified form_hidden() in the Form helper to accept multi-dimensional arrays.
- Modified form_prep() in the Form helper to keep track of prepped fields to avoid multiple prep/mutation from subsequent calls which can occur when using Form Validation and form helper functions to output form fields.
- Modified directory_map() in the Directory helper to allow the inclusion of hidden files, and to return FALSE on failure to read directory.
- Modified the Smiley helper to work with multiple fields and insert the smiley at the last known cursor position.
- General
- Compatible with PHP 5.3.0
- Modified show_error() to allow sending of HTTP server response codes.
- Modified show_404() to send 404 status code, removing non-CGI compatible header() statement from error_404.php template.
- Added set_status_header() to the Common functions to allow use when the Output class is unavailable.
- Added is_php() to Common functions to facilitate PHP version comparisons.
- Added 2 CodeIgniter "cheatsheets" (thanks to DesignFellow.com for this contribution).
New in CodeIgniter 1.7.1 (May 11, 2009)
- Libraries
- Fixed an arbitrary script execution security flaw (#6068) in the Form Validation library (thanks to hkk)
- Changed default current page indicator in the Pagination library to use instead of
- A "HTTP/1.1 400 Bad Request" header is now sent when disallowed characters are encountered.
- Added , , , and to the Typography parser's inline elements.
- Added more accurate error reporting for the Email library when using sendmail.
- Removed a strict type check from the rotate() function of the Image Manipulation Class.
- Added enhanced error checking in file saving in the Image library when using the GD lib.
- Added an additional newline between multipart email headers and the MIME message text for better compatibility with a variety of MUAs.
- Made modest improvements to efficiency and accuracy of explode_name() in the Image lib.
- Database
- Added where_in to the list of expected arguments received by delete().
- Helpers
- Added the ability to have optgroups in form_dropdown() within the form helper.
- Added a doctype() function to the HTML helper.
- Added ability to force lowercase for url_title() in the URL helper.
- Changed the default "type" of form_button() to "button" from "submit" in the form helper.
- Changed redirect() in the URL helper to allow redirections to URLs outside of the CI site.
- Updated get_cookie() to try to fetch the cookie using the global cookie prefix if the requested cookie name doesn't exist.
- Other Changes
- Improved security in xss_clean() to help prevent attacks targeting Internet Explorer.
- Added 'application/msexcel' to config/mimes.php for .xls files.
- Added 'proxy_ips' config item to whitelist reverse proxy servers from which to trust the HTTP_X_FORWARDED_FOR header to to determine the visitor's IP address.
- Improved accuracy of Upload::is_allowed_filetype() for images (#6715)
- Bug fixes for 1.7.1:
- Database
- Fixed a bug when doing 'random' on order_by() (#5706).
- Fixed a bug where adding a primary key through Forge could fail (#5731).
- Fixed a bug when using DB cache on multiple databases (#5737).
- Fixed a bug where TRUNCATE was not considered a "write" query (#6619).
- Fixed a bug where csv_from_result() was checking for a nonexistent method.
- Fixed a bug _protect_identifiers() where it was improperly removing all pipe symbols from items
- Fixed assorted user guide typos or examples (#5998, #6093, #6259, #6339, #6432, #6521).
- Fixed a bug in the MySQLi driver when no port is specified
- Fixed a bug (#5702), in which the field label was not being fetched properly, when "matching" one field to another.
- Fixed a bug in which identifers were not being escaped properly when reserved characters were used.
- Fixed a bug with the regular expression used to protect submitted paragraph tags in auto typography.
- Fixed a bug where double dashes within tag attributes were being converted to em dash entities.
- Fixed a bug where double spaces within tag attributes were being converted to non-breaking space entities.
- Fixed some accuracy issues with curly quotes in Typography::format_characters()
- Changed a few docblock comments to reflect actual return values.
- Fixed a bug with high ascii characters in subject and from email headers.
- Fixed a bug in xss_clean() where whitespace following a validated character entity would not be preserved.
- Fixed a bug where HTML comments and tags were being parsed in Typography::auto_typography().
- Fixed a bug with non-breaking space cleanup in Typography::auto_typography().
- Fixed a bug in database escaping where a compound statement (ie: SUM()) wasn't handled correctly with database prefixes.
- Fixed a bug when an opening quote is preceded by a paragraph tag and immediately followed by another tag.
- Fixed a bug in the Text Helper affecting some locales where word_censor() would not work on words beginning or ending with an accented character.
- Fixed a bug in the Text Helper character limiter where the provided limit intersects the last word of the string.
- Fixed a bug (#6342) with plural() in the Inflection helper with words ending in "y".
- Fixed bug (#6517) where Routed URI segments returned by URI::rsegment() method were incorrect for the default controller.
- Fixed a bug (#6706) in the Security Helper where xss_clean() was using a deprecated second argument.
- Fixed a bug in the URL helper url_title() function where trailing periods were allowed at the end of a URL.
- Fixed a bug (#6669) in the Email class when CRLF's are used for the newline character with headers when used with the "mail" protocol.
- Fixed a bug (#6500) where URI::A_filter_uri() was exit()ing an error instead of using show_error().
- Fixed a bug (#6592) in the File Helper where get_dir_file_info() where recursion was not occurring properly.
- Tweaked Typography::auto_typography() for some edge-cases.