Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:illuusio
codeigniter3
codeigniter3.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File codeigniter3.changes of Package codeigniter3
------------------------------------------------------------------- Fri Mar 04 13:31:10 UTC 2022 - tuukka.pasanen@ilmi.fi - Update to version 3.1.13: * [ci skip] 3.1.13 release * [ci skip] Doc updates for 3.1.13 start and changelog entry for #6107 * [ci skip] Remove epub-related stuff from build-release script * [ci skip] Merge pull request #6107 from ducng99/patch-1 * [ci skip] Misc. maintenance * [ci skip] Update copyright notices * [ci skip] Fix #6103 * [ci skip] SessionUpdateTimestampHandlerInterface * [ci skip] Merge pull request #6102 from maxiwheat/develop * [ci skip] Merge pull request #6100 from svennd/develop ------------------------------------------------------------------- Fri Mar 4 12:52:42 UTC 2022 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi> - Update to Version 3.1.13 Release Date: Mar 3, 2022 - Bug fixes for 3.1.13 * Fixed a bug (#6107) - :doc:`Session Library <libraries/sessions>` broke for PHP 5 due to a misnamed polyfill interface. * Fixed a bug (#5834) - :doc:`Query Builder <database/query_builder>` method count_all_results() triggered an SQL error for queries with a HAVING clause. * Fixed a bug (#5840) - :doc:`Cache Library <libraries/caching>` 'redis' driver triggered an E_DEPRECATED warning about sRemove() with phpRedis 5. * Fixed a bug (#5857) - :doc:`Session <libraries/sessions>` data could be corrupted after a concurrent request write with the 'files' driver due to a filesize cache being incorrect. * Fixed a bug (#5861) - :doc:`Cache Library <libraries/caching>` 'redis' driver would always use phpRedis 5 del() due to an incorrect version check. * Fixed a bug (#5879) - :doc:`Profiler Library <general/profiling>` triggered an E_DEPRECATED warning on PHP 7.4+. * Fixed a bug (#5901) - :doc:`Database Library <database/index>` methods list_fields() and field_data() ignored the configured table schema on PostgreSQL. * Fixed a bug (#5906) - :doc:`Database Library <database/index>` 'postgre' driver couldn't use the failover feature without a $config['dsn']. * Fixed a bug (#5903) - :doc:`common function <general/common_functions>` :php:func:`set_status_header()` didn't recognize 'HTTP/2.0' as a valid $_SERVER['SERVER_PROTOCOL']. * Fixed a bug (#6013) - :doc:`Session <libraries/sessions>` flashdata didn't work on PHP 8. * Fixed a bug (#6006) - is_callable() change in PHP 8 broke :doc:`Migrations <libraries/migration>`, a part of :doc:`XML-RPC <libraries/xmlrpc>` and an edge case in 404 detection logic. * Fixed a bug (#5729) - :doc:`Query Builder <database/query_builder>` possibly not detecting NOT BETWEEN expression. - Security * Fixed a possible session fixation vulnerability where session.use_strict_mode wasn't enforced on PHP 7+. - General Changes * Improved logging of error conditions in :doc:`CAPTCHA Helper <helpers/captcha_helper>` function :php:func:`create_captcha()`. * Added AUTO_INCREMENT support for Oracle 12.1+ to :doc:`Database Forge <database/forge>`. * Added FULL [OUTER] JOIN support to :doc:`Query Builder <database/query_builder>`. * Added support for detecting WebP image type to :doc:`File Uploading Library <libraries/file_uploading>`. * Added method :doc:`Database Library <database/index>` method trans_active() to expose transaction state. * Updated :doc:`Database Library <database/index>` 'pdo' driver to attempt to free resources in order to allow connections to be closed. * Added SameSite=Strict attribute to the CSRF cookie sent by the :doc:`Security Class <libraries/security>`. * Added $config['cookie_samesite'] option and $samesite parameter to :doc:`Input Library <libraries/input>` method set_cookie(). * Added SameSite support through $config['sess_samesite'] option to the :doc:`Session Library <libraries/sessions>`. * Added a wrapper class around :doc:`Session <libraries/sessions>` drivers to deal with compatibility between PHP 8.1 and older versions. * Updated a lot of code for PHP 8.0 and 8.1 compatibility. ------------------------------------------------------------------- Tue Oct 1 11:51:37 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi> - Version 3.1.11 - Release Date: Sep 19, 2019 - General Changes * Changed CI_Log to append PHP_EOL instead of \n at the end of log messages. * Improved performance in Cache Library ‘redis’ driver with non-scalar variables. * Altered the Session Library ‘files’ driver to log error and trigger a session start failure instead of throwing an Exception in case of unusable $config['sess_save_path']. * Updated the Session and Cache libraries’ ‘redis’ driver to work with phpRedis 5. - Bug fixes for 3.1.11 * Fixed a bug (#5681) - Database Forge method modify_column() produced erroneous SQL for DEFAULT attribute changes under PostgreSQL, Firebird. * Fixed a bug (#5692) - Database Forge didn’t handle column nullability with the ‘oci8’, ‘pdo/oci’ drivers. * Fixed a bug (#5701) - Database driver ‘pdo/pgsql’ produced incorrect DSNs when constructing from a configuration array. * Fixed a bug (#5708) - Session Library ‘redis’ driver too often failed with locking-related errors that could’ve been avoided. * Fixed a bug (#5703) - Session Library triggered an E_WARNING message about changing session.save_path during an active session when it fails to obtain a lock. * Fixed a bug where Session Library ‘database’ driver didn’t trigger a failure if it can’t obtain a lock. * Fixed a bug (#5755) - Form Validation Library rule valid_url accepted digit-only domains due to a PHP bug. * Fixed a bug (#5753) - Cache Library ‘redis’ driver methods increment(), decrement() ignored their $offset parameter. * Fixed a bug (#5779) - Session Library ‘redis’ only attempted to validate session IDs in case the connection to Redis failed. * Fixed a bug (#5774) - Database Results method custom_result_object() didn’t properly handle empty result sets, triggering E_WARNING messages on PHP 7.2+. * Fixed a bug (#5788) - Database Results method field_data() triggered an E_NOTICE error with PDO when a field type is not recognized by PHP. * Fixed a bug (#5796) - Query Builder method list_tables() triggered an SQL syntax error under MySQL when the database schema is a numeric string. * Fixed a bug where Security Class would trigger an E_WARrrays instead of strings. ------------------------------------------------------------------- Wed Mar 6 07:24:39 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi> - Version 3.1.10 - Release Date: Jan 16, 2019 - General Changes * Added ‘ssl_verify’ support to the ‘pdo/mysql’ Database driver. * Renamed Inflector Helper function is_countable() to word_is_countable() due to the former colliding with one introduced in PHP 7.3.0. - Bug fixes for 3.1.10 * Fixed a bug (#5526) - Session Library had a syntax error in its ‘memcached’ driver. * Fixed a bug (#5542) - Database Forge method modify_column() always made fields NOT NULL when attempting to modify their nullable property under PostgreSQL. * Fixed a bug (#5561) - Database Library didn’t allow SSL connection configuration with only the ‘ssl_verify’ option when using the ‘mysqli’ driver. * Fixed a bug (#5545) - Session Library crashed due to a caching-related error with the ‘files’ driver. * Fixed a bug (#5571) - XML-RPC Library had a typo that triggered an E_WARNING message on PHP 7.2. * Fixed a bug (#5587) - Database Forge method create_table() generated an E_WARNING message. * Fixed a bug (#5590) - Form Validation Library rule valid_base64 didn’t have a default error message. * Fixed a bug (#5624) - Database Library methods list_fields(), field_exists() returned incorrect results after tables are modified. * Fixed a bug (#5627) - Database driver ‘mysqli’ triggered an E_WARNING message if there’s no 'port' specified in the database configuration. * Fixed a bug (#5651) - Database Caching could try to delete non-existent cache files due to a race condition. * Fixed a bug (#5652) - CAPTCHA Helper function create_captcha() didn’t comply with CSS standards. * Fixed a bug (#5605) - Form Validation Library didn’t nullify array inputs that are expected to be strings. ------------------------------------------------------------------- Wed Sep 12 08:56:15 UTC 2018 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi> - Version 3.1.9 - Release Date: Jun 12, 2018 - Security * Updated URL Helper function auto_link() to add rel="noopener" to generated links in order to prevent tab hijacking. * Fixed a possible session fixation vulnerability where the Session Library enabled session.use_strict_mode but it didn’t actually do anything (thanks to Aamer Shah, Prasanna Kumar). - General Changes * Updated Query Builder method limit() to allow 0 values. * Updated Email Library and Form Validation Library to discard the results of failed idn_to_ascii() calls while validating e-mail addresses. - Bug fixes for 3.1.9 * Fixed a regression (#5448) - Query Builder methods like(), or_like() (and siblings) didn’t apply dbprefix or identifier escaping. * Fixed a regression (#5462) - Query Builder methods like(), or_like() (and siblings) produced incorrect SQL syntax when used with 'before' as the third parameter. * Fixed a bug (#5516) - HTML Helper functions img(), link_tag() would output results with double slashes if a prefix slash was included in their path inputs. ------------------------------------------------------------------- Wed May 9 12:47:05 UTC 2018 - tuukka.pasanen@ilmi.fi - Version 3.1.8 - Release Date: Mar 22, 2018 - Security * Updated URL Helper function auto_link() to add rel="noopener" to generated links in order to prevent tab hijacking. * Updated Security Library method xss_clean() to also filter JavaScript tag functions. * Fixed a bug where Security Library method xss_clean() didn’t check for parentheses around JavaScript’s document. - General Changes * Updated Email Library to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections. * Updated Database Library method version() to exclude suffixes to the main version numbers with the ‘postgre’ driver. - Bug fixes for 3.1.8 * Fixed a bug where Form Validation Library, Email Library tried to use INTL_IDNA_VARIANT_UTS46 when it was undeclared. * Fixed a bug where Query Builder methods where(), having() treated values passed to them as arbitrary SQL. * Fixed a bug (#5423) - Database Library method insert_id() failed due to incorrect server version parsing with the ‘postgre’ driver. * Fixed a bug (#5425) - XML-RPC Library produced an error message related to count() on PHP 7.2. * Fixed a bug (#5434) - Image Manipulation Library attempted to chmod() while rendering images with the dynamic_output option. * Fixed a bug (#5435) - Database Results method field_data() hid info about one field if limit() was previously used with the ‘oci8’ driver. ------------------------------------------------------------------- Tue Mar 13 09:19:15 UTC 2018 - tuukka.pasanen@ilmi.fi - Version 3.1.7 - Release Date: Jan 13, 2018 - General Changes * Updated Form Validation Library rule valid_email to use INTL_IDNA_VARIANT_UTS46 for non-ASCII domain names. * Updated Email Library to use INTL_IDNA_VARIANT_UTS46 for non-ASCII domain names. * Updated Loader Library method model() to log both CI_Model class loading and individual models’ initialization. * Updated Pagination Library to preserve previously set attributes while calling initialize(). * Updated Cache Library to automatically add items to cache on increment(), decrement() calls for missing keys. * Deprecated usage of CAPTCHA Helper function create_captcha() with parameters other than $data. - Bug fixes for 3.1.7 * Fixed a regression (#5276) - Database Utilities method backup() generated incorrect INSERT statements with the ‘mysqli’ driver. * Fixed a regression where Database Results method field_data() returned incorrect type names. * Fixed a bug (#5278) - URL Helper function auto_link() didn’t detect trailing slashes in URLs. * Fixed a regression (#5282) - Query Builder method count_all_results() breaks ORDER BY clauses for subsequent queries. * Fixed a bug (#5279) - Query Builder didn’t account for already escaped identifiers while applying database name prefixes. * Fixed a bug (#5331) - URL Helper function auto_link() converted e-mail addresses starting with ‘www.’ to both “url” and “email” links. * Fixed a bug where $config['allow_get_array'] defaulted to FALSE if it didn’t exist in the config file. * Fixed a bug (#5379) - Session Library would incorrectly fail to obtain a lock that it already has on PHP 7 with the ‘memcached’ driver. ------------------------------------------------------------------- Tue Oct 24 07:25:40 UTC 2017 - tuukka.pasanen@ilmi.fi - Version 3.1.6 - Release Date: Sep 25, 2017 - Security * Fixed a potential object injection in Cache Library ‘apc’ driver when save() is used with $raw = TRUE (thanks to Tomas Bortoli). - General Changes * Deprecated Cache Library Library driver ‘apc’. * Updated the Session Library ‘redis’, ‘memcached’ drivers to reduce the potential of a locking race conditions. - Bug fixes for 3.1.6 * Fixed a bug (#5164) - Loader Library method library() ignored requests to load libraries previously assigned to super-object properties named differently than the library name. * Fixed a bug (#5168) - Query Builder method count_all_results() produced erroneous queries on Microsoft SQL Server when ORDER BY clauses are cached. * Fixed a bug (#5128) - Profiler didn’t wrap $_SESSION and configuration arrays in <pre> tags. * Fixed a bug (#5183) - Database Library method is_write_type() didn’t return TRUE for MERGE statements. * Fixed a bug where Image Manipulation Library didn’t escape image source paths passed to NetPBM as shell arguments. * Fixed a bug (#5236) - Query Builder methods limit(), offset() break SQL Server 2005, 2008 queries with "<tablename>".* in the SELECT clause. * Fixed a bug (#5243) - Database Library method version() didn’t work with the ‘pdo/dblib’ driver. * Fixed a bug (#5246) - Database transactions status wasn’t reset unless trans_complete() was called. * Fixed a bug (#5260) - Database Utilities method backup() generated incorrect INSERT statements with the ‘mysqli’ driver. * Fixed a bug where Database Results method field_data() didn’t parse field types with the ‘mysqli’ driver. ------------------------------------------------------------------- Sat Jul 22 12:14:19 UTC 2017 - tuukka.pasanen@ilmi.fi - Relese 3.1.5 - Release Date: Jun 19, 2017 - Security * Form Validation Library rule valid_email could be bypassed if idn_to_ascii() is available. - General Changes * Updated Form Helper function form_label() to accept HTML attributes as a string. - Bug fixes for 3.1.5 * Fixed a bug (#5070) - Email Library didn’t properly detect 7-bit encoding. * Fixed a bug (#5084) - XML-RPC Library errored because of a variable name typo. * Fixed a bug (#5108) - Inflector Helper function singular() didn’t properly handle ‘quizzes’. * Fixed a regression (#5131) - private controller methods triggered PHP errors instead of a 404 response. * Fixed a bug (#5150) - Database Forge method modify_column() triggered an error while renaming columns with the ‘oci8’, ‘pdo/oci’ drivers. * Fixed a bug (#5155) - Query Builder method count_all_results() returned incorrect result for queries using LIMIT, OFFSET. ------------------------------------------------------------------- Wed May 10 08:53:44 UTC 2017 - tuukka.pasanen@ilmi.fi - Release 3.1.4 - Release Date: March 23, 2017 - Security * Fixed a header injection vulnerability in common function set_status_header() under Apache (thanks to Guillermo Caminer from Flowgate). * Fixed byte-safety issues in Encrypt Library (DEPRECATED) when mbstring.func_overload is enabled. * Fixed byte-safety issues in Encryption Library when mbstring.func_overload is enabled. * Fixed byte-safety issues in compatibility functions password_hash(), hash_pbkdf2() when mbstring.func_overload is enabled. * Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv() with MCRYPT_DEV_URANDOM. - General Changes * Updated the Image Manipulation Library to work-around an issue with some JPEGs when using GD. - Bug fixes for 3.1.4 * Fixed a regression (#4975) - Loader Library couldn’t handle objects passed as view variables. * Fixed a bug (#4977) - Loader Library method helper() could accept any character as a filename extension separator. * Fixed a regression where the Session Library would fail on a session_regenerate_id(TRUE) call with the ‘database’ driver. * Fixed a bug (#4987) - Query Builder caching didn’t keep track of table aliases. * Fixed a bug where Text Helper function ascii_to_entities() wasn’t byte-safe when mbstring.func_overload is enabled. * Fixed a bug where CI_Log, CI_Output, CI_Email and CI_Zip didn’t handle strings in a byte-safe manner when mbstring.func_overload is enabled. * Fixed a bug where Session Library didn’t read session data in a byte-safe manner when mbstring.func_overload is enabled. * Fixed a bug (#4990) - Profiler didn’t close <pre> tags it generated. * Fixed a bug (#4990) - Profiler didn’t HTML-escape quotes for $_SESSION variables. * Fixed a bug where Input Library method set_cookie() didn’t allow its httponly and secure parameters to be overriden to FALSE. * Fixed a bug (#5006) - common function get_mimes() didn’t load application/config/mimes.php if an environment specific config exists. * Fixed a bug (#5006) - common function remove_invisible_characters() didn’t remove URL-encoded 0x7F. * Fixed a bug (#4815) - Database Library stripped URL-encoded sequences while escaping strings with the ‘mssql’ driver. * Fixed a bug (#5044) - HTML Helper function img() didn’t accept data: URI schemes for the image source. * Fixed a bug (#5050) - Database Library tried to access an undefined property in a number of error handling cases. * Fixed a bug (#5057) - Database driver ‘postgre’ didn’t actually apply extra options (such as ‘connect_timeout’) to its DSN. ------------------------------------------------------------------- Wed Jan 11 13:16:05 UTC 2017 - tuukka.pasanen@ilmi.fi - Release 3.1.3 - Release Date: Jan 09, 2017 - Security * Fixed an XSS vulnerability in Security Library method xss_clean(). * Fixed a possible file inclusion vulnerability in Loader Library method vars(). * Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane from NamePros). * Added protection against timing side-channel attacks in Security Library method csrf_verify(). * Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open(). - General Changes * Deprecated $config['allow_get_array']. * Deprecated $config['standardize_newlines']. * Deprecated Date Helper function nice_date(). - Bug fixes for 3.1.3 * Fixed a bug (#4886) - Database Library didn’t differentiate bind markers inside double-quoted strings in queries. * Fixed a bug (#4890) - XML-RPC Library didn’t work on PHP 7. * Fixed a regression (#4887) - File Uploading Library triggered fatal errors due to numerous PHP distribution channels (XAMPP and cPanel confirmed) explicitly disabling ext/fileinfo by default. * Fixed a bug (#4679) - Input Library method ip_address() didn’t properly resolve $config['proxy_ips'] IPv6 addresses. * Fixed a bug (#4902) - Image Manipulation Library processing via ImageMagick didn’t work. * Fixed a bug (#4905) - Loader Library didn’t take into account possible user-provided directory paths when loading helpers. * Fixed a bug (#4916) - Session Library with sess_match_ip enabled was unusable for IPv6 clients when using the ‘database’ driver on MySQL 5.7.5+. * Fixed a bug (#4917) - Date Helper function nice_date() didn’t handle YYYYMMDD inputs properly. * Fixed a bug (#4923) - Session Library could execute an erroneous SQL query with the ‘database’ driver, if the lock attempt times out. * Fixed a bug (#4927) - Output Library method get_header() returned the first matching header, regardless of whether it would be replaced by a second set_header() call. * Fixed a bug (#4844) - Email Library didn’t apply escapeshellarg() to the while passing the Sendmail -f parameter through popen(). * Fixed a bug (#4928) - the bootstrap file didn’t check if config/constants.php exists before trying to load it. * Fixed a bug (#4937) - Image Manipulation Library method initialize() didn’t translate new_image inputs to absolute paths. * Fixed a bug (#4941) - Query Builder method order_by() didn’t work with ‘RANDOM’ under the ‘pdo/sqlite’ driver. * Fixed a regression (#4892) - Query Builder method update_batch() didn’t properly handle identifier escaping. * Fixed a bug (#4953) - Database Forge method create_table() didn’t update an internal tables list cache if it exists but is empty. * Fixed a bug (#4958) - Query Builder method count_all_results() didn’t take into account cached ORDER BY clauses. * Fixed a bug (#4804) - Query Builder method insert_batch() could fail if the input array pointer was modified. * Fixed a bug (#4962) - Database Force method alter_table() would fail with the ‘oci8’ driver. * Fixed a bug (#4457) - Image Manipulation Library method get_image_properties() didn’t detect invalid images. * Fixed a bug (#4765) - Email Library didn’t send the User-Agent header without a prior call to clear(). - Version 3.1.2 - Release Date: Oct 28, 2016 - Security * Fixed a number of new vulnerabilities in Security Library method xss_clean(). - General Changes * Allowed PHP 4-style constructors (Matching_name::Matching_name() methods) to be used as routes, if there’s a __construct() to override them. - Bug fixes for 3.1.2 * Fixed a regression (#4874) - Session Library didn’t take into account session.hash_bits_per_character when validating session IDs. * Fixed a bug (#4871) - Query Builder method update_batch() didn’t properly handle identifier escaping. * Fixed a bug (#4884) - Query Builder didn’t properly parse field names ending in ‘is’ when used inside WHERE and HAVING statements. * Fixed a bug where CI_Log, CI_Output, CI_Email and CI_Zip didn’t handle strings in a byte-safe manner when mbstring.func_override is enabled. ------------------------------------------------------------------- Tue Oct 25 12:00:35 UTC 2016 - tuukka.pasanen@ilmi.fi - Version 3.1.1 - Release Date: Oct 22, 2016 - Security * Fixed a flaw in Security Library method entity_decode() (used by xss_clean()) that affects HTML 5 entities when using PHP 5.3. -General Changes * Added E_PARSE to the list of error levels detected by the shutdown handler. * Updated Inflector Helper is_countable() with more words. * Updated common function set_status_header() with new status codes from IETF RFCs 2817 (426) and 6585 (428, 429, 431, 511). - Bug fixes for 3.1.1 * Fixed a bug (#4732) - Session Library triggered errors while writing data for a newly-created sessions with the ‘memcached’ driver. * Fixed a regression (#4736) - Image Manipulation Library processing via ImageMagick didn’t work. * Fixed a bug (#4737) - Query Builder didn’t add an OFFSET when LIMIT is zero or unused. * Fixed a regression (#4739) - Email Library doesn’t properly separate attachment bodies from headers. * Fixed a bug (#4754) - Unit Testing Library method result() didn’t translate res_datatype. * Fixed a bug (#4759) - Form Validation, Trackback and XML-RPC <libraries/xmlrpc> libraries treated URI schemes in a case-sensitive manner. * Fixed a bug (#4762) - Cache Library ‘file’ driver method get_metadata() checked TTL time against mtime instead of the cache item’s creation time. * Fixed a bug where File Uploading Library generated error messages on PHP 7.1. * Fixed a bug (#4780) - compatibility function hex2bin() didn’t reject inputs of type “resource”. * Fixed a bug (#4787) - Form Validation Library method valid_email() triggered E_WARNING when input emails have empty domain names. * Fixed a bug (#4805) - Database driver ‘mysqli’ didn’t use the MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag properly. * Fixed a bug (#4808) - Database method is_write_type() only looked at the first line of a queries using RETURNING with the ‘postgre’, ‘pdo/pgsql’, ‘odbc’ and ‘pdo/odbc’ drivers. * Fixed a bug where Query Builder method insert_batch() tried to execute an unsupported SQL query with the ‘ibase’ and ‘pdo/firebird’ drivers. * Fixed a bug (#4809) - Database driver ‘pdo/mysql’ didn’t turn off AUTOCOMMIT when starting a transaction. * Fixed a bug (#4822) - CAPTCHA Helper didn’t clear expired PNG images. * Fixed a bug (#4823) - Session Library ‘files’ driver could enter an infinite loop if mbstring.func_override is enabled. * Fixed a bug (#4851) - Database Forge didn’t quote schema names passed to its create_database() method. * Fixed a bug (#4863) - HTML Table Library method set_caption() was missing method chaining support. * Fixed a bug (#4843) - XML-RPC Library client class didn’t set a read/write socket timeout. * Fixed a bug (#4865) - uncaught exceptions didn’t set the HTTP Response status code to 500 unless display_errors was turned On. * Fixed a bug (#4830) - Session Library didn’t take into account the new session INI settings in PHP 7.1. - Version 3.1.0 - Release Date: July 26, 2016 - Security * Fixed an SQL injection in the ‘odbc’ database driver. * Updated set_realpath() Path Helper function to filter-out php:// wrapper inputs. * Officially dropped any kind of support for PHP 5.2.x and anything under 5.3.7. - General Changes * Updated Image Manipulation Library to validate width and height configuration values. * Updated Encryption Library to always prefer random_bytes() when it is available. * Updated Session Library to log ‘debug’ messages when using fallbacks to session.save_path (php.ini) or ‘sess_use_database’, ‘sess_table_name’ settings. * Added a ‘LONGTEXT’ to ‘STRING’ alias to Database Forge for the ‘cubrid’, ‘pdo/cubrid’ drivers. * Added ‘TINYINT’, ‘MEDIUMINT’, ‘INT’ and ‘BIGINT’ aliases to ‘NUMBER’ to Database Forge for the ‘oci8’, ‘pdo/oci’ drivers. * password_hash() compatibility function changes: - Changed salt-generation logic to prefer random_bytes() when it is available. - Changed salt-generation logic to prefer direct access to /dev/urandom over openssl_random_pseudo_bytes(). - Changed salt-generation logic to error if openssl_random_pseudo_bytes() sets its $crypto_strong flag to FALSE. - Bug fixes for 3.1.0 * Fixed a bug where Image Manipulation Library didn’t escape image source paths passed to ImageMagick as shell arguments. * Fixed a bug (#861) - Database Forge method create_table() incorrectly accepts field width constraints for MSSQL/SQLSRV integer-type columns. * Fixed a bug (#4562) - Cache Library didn’t check if Memcached::quit() is available before calling it. * Fixed a bug (#4563) - Input Library method request_headers() ignores $xss_clean parameter value after first call. * Fixed a bug (#4605) - Config Library method site_url() stripped trailing slashes from relative URIs passed to it. * Fixed a bug (#4613) - Email Library failed to send multiple emails via SMTP due to “already authenticated” errors when keep-alive is enabled. * Fixed a bug (#4633) - Form Validation Library ignored multiple “callback” rules for empty, non-required fields. * Fixed a bug (#4637) - Database method error() returned FALSE with the ‘oci8’ driver if there was no error. * Fixed a bug (#4647) - Query Builder method count_all_results() doesn’t take into account GROUP BY clauses while deciding whether to do a subquery or not. * Fixed a bug where Session Library ‘redis’ driver didn’t properly detect if a connection is properly closed on PHP 5.x. * Fixed a bug (#4583) - Email Library didn’t properly handle inline attachments in HTML emails. * Fixed a bug where Database method db_select() didn’t clear metadata cached for the previously used database. * Fixed a bug (#4675) - File Helper function delete_files() treated symbolic links as regular directories. * Fixed a bug (#4674) - Database driver ‘dblib’ triggered E_WARNING messages while connecting. * Fixed a bug (#4678) - Database Forge tried to use unsupported IF NOT EXISTS clause when creating tables on Oracle. * Fixed a bug (#4691) - File Uploading Library method data() returns wrong ‘raw_name’ when the filename extension is also contained in the raw filename. * Fixed a bug (#4679) - Input Library method ip_address() errors with a matching $config['proxy_ips'] IPv6 address. * Fixed a bug (#4695) - User Agent Library didn’t load the config/user_agents.php file when there’s no User-Agent HTTP request header. * Fixed a bug (#4713) - Query Builder methods insert_batch(), update_batch() could return wrong affected rows count. * Fixed a bug (#4712) - Email Library doesn’t sent RSET to SMTP servers after a failure and while using keep-alive. * Fixed a bug (#4724) - Common function is_https() compared the X-Forwarded-Proto HTTP header case-sensitively. * Fixed a bug (#4725) - Common function remove_invisible_characters() searched case-sensitively for URL-encoded characters. ------------------------------------------------------------------- Thu Apr 28 11:14:36 UTC 2016 - tuukka.pasanen@ilmi.fi - New version 3.0.6 ------------------------------------------------------------------- Thu Dec 17 06:26:06 UTC 2015 - tuukka.pasanen@ilmi.fi - New version 3.0.3 * FIXES: - Core - Added DoS mitigation to hash_pbkdf2() compatibility function. - Added support for defining a list of specific query parameters in $config['cache_query_string'] for the Output Library. - Added class existence and inheritance checks to CI_Loader::model() in order to ease debugging in case of name collisions. - Security - Fixed an XSS attack vector in Security Library method xss_clean(). - Changed Config Library method base_url() to fallback to $_SERVER['SERVER_ADDR'] when $config['base_url'] is empty in order to avoid Host header injections. - Changed CAPTCHA Helper to use the operating system’s PRNG when possible. - Fixed a number of XSS attack vectors in Security Library method xss_clean() (thanks to Frans Rosén from Detectify). - Database - Optimized Database Utility method csv_from_result() for speed with larger result sets. - Added proper return values to Database Transactions method trans_start(). - Added list_fields() support for SQLite (‘sqlite3’ and ‘pdo_sqlite’ drivers). - Added SSL connection support for the ‘mysqli’ and ‘pdo_mysql’ drivers. - General Changes - Updated the application/config/constants.php file to check if constants aren’t already defined before doing that. - Changed Loader Library method model() to only apply ucfirst() and not strtolower() to the requested class name. - Changed Config Library methods base_url(), site_url() to allow protocol-relative URLs by passing an empty string as the protocol. - Libraries - File Uploading Library changes: - Changed method set_error() to accept a custom log level (defaults to ‘error’). * Errors “no_file_selected”, “file_partial”, “stopped_by_extension”, “no_file_types”, “invalid_filetype”, “bad_filename” are now logged at the ‘debug’ level. * Errors “file_exceeds_limit”, “file_exceeds_form_limit”, “invalid_filesize”, “invalid_dimensions” are now logged at the ‘info’ level. - Added ‘is_resource’ to the available expectations in Unit Testing Library. - Helpers - Added Unicode support to URL Helper function url_title(). - Added support for passing the “extra” parameter as an array to all Form Helper functions that use it. ------------------------------------------------------------------- Tue Jun 16 10:24:32 UTC 2015 - tuukka.pasanen@ilmi.fi - New version 3.0.0 and final release- ------------------------------------------------------------------- Thu Feb 19 08:36:30 UTC 2015 - tuukka.pasanen@ilmi.fi - New version 3.0rc2 for getting sure that codeingiter is latest
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
