Code Igniter 2.2.1
17 February 2015
Code Igniter version 2.2.1 is now available (security release).
Upgrading to Code Igniter 2.2.1
Code Igniter 2.2.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Code Igniter updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Code Igniter install to test the 2.2.1 upgrade prior to applying it live. Get started managing your Code Igniter installations with Installatron
What's New in Code Igniter 2.2.1
This is a security release for the 2.x branch. XSS handling has been improved and timezones were updated.
General Changes
- Improved security in xss_clean().
- Updated timezones in Date Helper.
Bug fixes
- Fixed a bug (#3094) - CI_Input::_clean_input_data() breaks encrypted session cookies.
- Fixed a bug (#2268) - CI_Security::xss_clean() didn't properly match JavaScript events.
- Fixed a bug (#3309) - CI_Security::xss_clean() used an overly-invasive pattern to strip JS event handlers.
- Fixed a bug (#2771) - CI_Security::xss_clean() didn't take into account HTML5 entities.
- Fixed a bug (#73) - CI_Security::sanitize_filename() could be tricked by an XSS attack.
- Fixed a bug (#2681) - CI_Security::entity_decode() used the PREG_REPLACE_EVAL flag, which is deprecated since PHP 5.5.
- Fixed a bug (#3302) - Internal function get_config() triggered an E_NOTICE message on PHP 5.6.
- Fixed a bug (#2508) - Config Library didn't properly detect if the current request is via HTTPS.
- Fixed a bug (#3314) - SQLSRV Database driver's method count_all() didn't escape the supplied table name.
- Fixed a bug (#3404) - MySQLi Database driver's method escape_str() had a wrong fallback to mysql_escape_string() when there was no active connection.
- Fixed a bug in the Session Library where session ID regeneration occurred during AJAX requests.