Code Igniter 3.0.5
15 March 2016
Code Igniter version 3.0.5 is now available.
What's New in Code Igniter 3.0.5
Core
- Changed Loader Library to allow $autoload['drivers'] assigning with custom property names.
- Changed Loader Library to ignore variables prefixed with ‘_ci_’ when loading views.
General Changes
- Updated the Session Library to produce friendlier error messages on failures with drivers other than ‘files’.
Query Builder
- Added a $batch_size parameter to the insert_batch() method (defaults to 100).
- Added a $batch_size parameter to the update_batch() method (defaults to 100).
Bug fixes for 3.0.5
- Fixed a bug (#4391) - Email Library method reply_to() didn’t apply Q-encoding.
- Fixed a bug (#4384) - Pagination Library ignored (possible) cur_page configuration value.
- Fixed a bug (#4395) - Query Builder method count_all_results() still fails if an ORDER BY condition is used.
- Fixed a bug (#4399) - Query Builder methods insert_batch(), update_batch() produced confusing error messages when called with no data and db_debug is enabled.
- Fixed a bug (#4401) - Query Builder breaks WHERE and HAVING conditions that use IN() with strings containing a closing parenthesis.
- Fixed a regression in Form Helper functions set_checkbox(), set_radio() where “checked” inputs aren’t recognized after a form submit.
- Fixed a bug (#4407) - Text Helper function word_censor() doesn’t work under PHP 7 if there’s no custom replacement provided.
- Fixed a bug (#4415) - Form Validation Library rule valid_url didn’t accept URLs with IPv6 addresses enclosed in square brackets under PHP 5 (upstream bug).
- Fixed a bug (#4427) - CAPTCHA Helper triggers an error if the provided character pool is too small.
- Fixed a bug (#4430) - File Uploading Library option file_ext_tolower didn’t work.
- Fixed a bug (#4431) - Query Builder method join() discarded opening parentheses.
- Fixed a bug (#4424) - Session Library triggered a PHP warning when writing a newly created session with the ‘redis’ driver.
- Fixed a bug (#4437) - Inflector Helper function humanize() didn’t escape its $separator parameter while using it in a regular expression.
- Fixed a bug where Session Library didn’t properly handle its locks’ statuses with the ‘memcached’ driver.
- Fixed a bug where Session Library triggered a PHP warning when writing a newly created session with the ‘memcached’ driver.
- Fixed a bug (#4449) - Query Builder method join() breaks conditions containing IS NULL, IS NOT NULL.
- Fixed a bug (#4491) - Session Library didn’t clean-up internal variables for emulated locks with the ‘redis’ driver.
- Fixed a bug where Session Library didn’t clean-up internal variables for emulated locks with the ‘memcached’ driver.
- Fixed a bug where Database transactions didn’t work with the ‘ibase’ driver.
- Fixed a bug (#4475) - Security Library method strip_image_tags() preserves only the first URL character from non-quoted src attributes.
- Fixed a bug where Profiler Library didn’t apply htmlspecialchars() to all displayed inputs.
- Fixed a bug (#4277) - Cache Library triggered fatal errors if accessing the Memcache(d) and/or Redis driver and they are not available on the system.
- Fixed a bug where Cache Library method is_supported() logged an error message on when it returns FALSE for the APC and Wincache drivers.
General Changes
- Updated Security Library method get_random_bytes() to use PHP 7’s random_bytes() function when possible.
- Updated Encryption Library method create_key() to use PHP 7’s random_bytes() function when possible.
Database
- Added support for OFFSET-FETCH with Oracle 12c for the ‘oci8’ and ‘pdo/oci’ drivers.
- Added support for the new MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT constant from PHP 5.6.16 for the ‘mysqli’ driver.
Bug fixes for 3.0.4
- Fixed a bug (#4212) - Query Builder method count_all_results() could fail if an ORDER BY condition is used.
- Fixed a bug where Form Helper functions set_checkbox(), set_radio() didn’t “uncheck” inputs on a submitted form if the default state is “checked”.
- Fixed a bug (#4217) - Config Library method base_url() didn’t use proper formatting for IPv6 when it falls back to $_SERVER['SERVER_ADDR'].
- Fixed a bug where CAPTCHA Helper entered an infinite loop while generating a random string.
- Fixed a bug (#4223) - Database method simple_query() blindly executes queries without checking if the connection was initialized properly.
- Fixed a bug (#4244) - Email Library could improperly use “unsafe” US-ASCII characters during Quoted-printable encoding.
- Fixed a bug (#4245) - Database Forge couldn’t properly handle SET and ENUM type fields with string values.
- Fixed a bug (#4283) - String Helper function alternator() couldn’t be called without arguments.
- Fixed a bug (#4306) - Database method version() didn’t work properly with the ‘mssql’ driver.
- Fixed a bug (#4039) - Session Library could generate multiple (redundant) warnings in case of a read failure with the ‘files’ driver, due to a bug in PHP.
- Fixed a bug where Session Library didn’t have proper error handling on PHP 5 (due to a PHP bug).
- Fixed a bug (#4312) - Form Validation Library didn’t provide error feedback for failed validation on empty requests.
- Fixed a bug where Database method version() returned banner text instead of only the version number with the ‘oci8’ and ‘pdo/oci’ drivers.
- Fixed a bug (#4331) - Database method error() didn’t really work for connection errors with the ‘mysqli’ driver.
- Fixed a bug (#4343) - Email Library failing with a “More than one ‘from’ person” message when using sendmail.
- Fixed a bug (#4350) - Loader Library method model() logic directly instantiated the CI_Model or MY_Model classes.
- Fixed a bug (#4337) - Database method query() didn’t return a result set for queries with the RETURNING statement on PostgreSQL.
- Fixed a bug (#4362) - Session Library doesn’t properly maintain its state after ID regeneration with the ‘redis’ and ‘memcached’ drivers on PHP 7.
- Fixed a bug (#4349) - Database drivers ‘mysql’, ‘mysqli’, ‘pdo/mysql’ discard other sql_mode flags when “stricton” is enabled.
- Fixed a bug (#4349) - Database drivers ‘mysql’, ‘mysqli’, ‘pdo/mysql’ don’t turn off STRICT_TRANS_TABLES on MySQL 5.7+ when “stricton” is disabled.
- Fixed a bug (#4374) - Session Library with the ‘database’ driver could be affected by userspace Query Builder conditions.
Security
- Fixed an XSS attack vector in Security Library method xss_clean().
- Changed Config Library method base_url() to fallback to $_SERVER['SERVER_ADDR'] when $config['base_url'] is empty in order to avoid Host header injections.
- Changed CAPTCHA Helper to use the operating system’s PRNG when possible.
Database
- Optimized Database Utility method csv_from_result() for speed with larger result sets.
- Added proper return values to Database Transactions method trans_start().
Bug fixes for 3.0.3
- Fixed a bug (#4170) - Database method insert_id() could return an identity from the wrong scope with the ‘sqlsrv’ driver.
- Fixed a bug (#4179) - Session Library doesn’t properly maintain its state after ID regeneration with the ‘database’ driver on PHP 7.
- Fixed a bug (#4173) - Database Forge method add_key() didn’t allow creation of non-PRIMARY composite keys after the “bugfix” for #3968.
- Fixed a bug (#4171) - Database Transactions didn’t work with nesting in methods trans_begin(), trans_commit(), trans_rollback().
- Fixed a bug where Database Transaction methods trans_begin(), trans_commit(), trans_rollback() ignored failures.
- Fixed a bug where all Database Transaction methods returned TRUE while transactions are actually disabled.
- Fixed a bug where common function html_escape() modified keys of its array inputs.
- Fixed a bug (#4192) - Email Library wouldn’t always have proper Quoted-printable encoding due to a bug in PHP’s own mb_mime_encodeheader() function.
Security
- Fixed a number of XSS attack vectors in Security Library method xss_clean() (thanks to Frans Rosén from Detectify).
General Changes
- Updated the application/config/constants.php file to check if constants aren’t already defined before doing that.
- Changed Loader Library method model() to only apply ucfirst() and not strtolower() to the requested class name.
- Changed Config Library methods base_url(), site_url() to allow protocol-relative URLs by passing an empty string as the protocol.
Bug fixes for 3.0.2
- Fixed a bug (#2284) - Database method protect_identifiers() breaks when Query Builder isn’t enabled.
- Fixed a bug (#4052) - Routing with anonymous functions didn’t work for routes that don’t use regular expressions.
- Fixed a bug (#4056) - Input Library method get_request_header() could not return a value unless request_headers() was called beforehand.
- Fixed a bug where the Database Class entered an endless loop if it fails to connect with the ‘sqlsrv’ driver.
- Fixed a bug (#4065) - Database method protect_identifiers() treats a traling space as an alias separator if the input doesn’t contain ‘ AS ‘.
- Fixed a bug (#4066) - Cache Library couldn’t fallback to a backup driver if the primary one is Memcache(d) or Redis.
- Fixed a bug (#4073) - Email Library method send() could return TRUE in case of an actual failure when an SMTP command fails.
- Fixed a bug (#4086) - Query Builder didn’t apply dbprefix to LIKE conditions if the pattern included spaces.
- Fixed a bug (#4091) - Cache Library ‘file’ driver could be tricked into accepting empty cache item IDs.
- Fixed a bug (#4093) - Query Builder modified string values containing ‘AND’, ‘OR’ while compiling WHERE conditions.
- Fixed a bug (#4096) - Query Builder didn’t apply dbprefix when compiling BETWEEN conditions.
- Fixed a bug (#4105) - Form Validation Library didn’t allow pipe characters inside “bracket parameters” when using a string ruleset.
- Fixed a bug (#4109) - Routing to default_controller didn’t work when enable_query_strings is set to TRUE.
- Fixed a bug (#4044) - Cache Library ‘redis’ driver didn’t catch RedisException that could be thrown during authentication.
- Fixed a bug (#4120) - Database method error() didn’t return error info when called after query() with the ‘mssql’ driver.
- Fixed a bug (#4116) - Pagination Library set the wrong page number on the “data-ci-pagination-page” attribute in generated links.
- Fixed a bug where Pagination Library added the ‘rel=”start”’ attribute to the first displayed link even if it’s not actually linking the first page.
- Fixed a bug (#4137) - Error Handling breaks for the new Error exceptions under PHP 7.
- Fixed a bug (#4126) - Form Validation Library method reset_validation() discarded validation rules from config files.
Core
- Added DoS mitigation to hash_pbkdf2() compatibility function.
Database
- Added list_fields() support for SQLite (‘sqlite3’ and ‘pdo_sqlite’ drivers).
- Added SSL connection support for the ‘mysqli’ and ‘pdo_mysql’ drivers.
Libraries
- File Uploading Library changes:
- Changed method set_error() to accept a custom log level (defaults to ‘error’).
- Errors “no_file_selected”, “file_partial”, “stopped_by_extension”, “no_file_types”, “invalid_filetype”, “bad_filename” are now logged at the ‘debug’ level.
- Errors “file_exceeds_limit”, “file_exceeds_form_limit”, “invalid_filesize”, “invalid_dimensions” are now logged at the ‘info’ level.
- Added ‘is_resource’ to the available expectations in Unit Testing Library.
Helpers
- Added Unicode support to URL Helper function url_title().
- Added support for passing the “extra” parameter as an array to all Form Helper functions that use it.
Core
- Added support for defining a list of specific query parameters in $config['cache_query_string'] for the Output Library.
- Added class existence and inheritance checks to CI_Loader::model() in order to ease debugging in case of name collisions.
Bug fixes for 3.0.1
- Fixed a bug (#3733) - Autoloading of libraries with aliases didn’t work, although it was advertised to.
- Fixed a bug (#3744) - Redis Caching driver didn’t handle authentication failures properly.
- Fixed a bug (#3761) - URL Helper function anchor() didn’t work with array inputs.
- Fixed a bug (#3773) - db_select() didn’t work for MySQL with the PDO Database driver.
- Fixed a bug (#3771) - Form Validation Library was looking for a ‘form_validation_’ prefix when trying to translate field name labels.
- Fixed a bug (#3787) - FTP Library method delete_dir() failed when the target has subdirectories.
- Fixed a bug (#3801) - Output Library method _display_cache() incorrectly looked for the last modified time of a directory instead of the cache file.
- Fixed a bug (#3816) - Form Validation Library treated empty string values as non-existing ones.
- Fixed a bug (#3823) - Session Library drivers Redis and Memcached didn’t properly handle locks that are blocking the request for more than 30 seconds.
- Fixed a bug (#3846) - Image Manipulation Library method image_mirror_gd() didn’t properly initialize its variables.
- Fixed a bug (#3854) - field_data() didn’t work properly with the Oracle (OCI8) database driver.
- Fixed a bug in the Database Utility Class method csv_from_result() didn’t work with a whitespace CSV delimiter.
- Fixed a bug (#3890) - Input Library method get_request_header() treated header names as case-sensitive.
- Fixed a bug (#3903) - Form Validation Library ignored “unnamed” closure validation rules.
- Fixed a bug (#3904) - Form Validation Library ignored “named” callback rules when the field is empty and there’s no ‘required’ rule.
- Fixed a bug (#3922) - Email and XML-RPC libraries could enter an infinite loop due to PHP bug #39598.
- Fixed a bug (#3913) - Cache Library didn’t work with the direct $this->cache->$driver_name->method() syntax with Redis and Memcache(d).
- Fixed a bug (#3932) - Query Builder didn’t properly compile WHERE and HAVING conditions for field names that end with “and”, “or”.
- Fixed a bug in Query Builder where delete() didn’t properly work on multiple tables with a WHERE condition previously set via where().
- Fixed a bug (#3952) - Database method list_fields() didn’t work with SQLite3.
- Fixed a bug (#3955) - Cache Library methods increment() and decrement() ignored the ‘key_prefix’ setting.
- Fixed a bug (#3963) - Unit Testing Library wrongly tried to translate filenames, line numbers and notes values in test results.
- Fixed a bug (#3965) - File Uploading Library ignored the “encrypt_name” setting when “overwrite” is enabled.
- Fixed a bug (#3968) - Database Forge method add_key() didn’t treat array inputs as composite keys unless it’s a PRIMARY KEY.
- Fixed a bug (#3715) - Pagination Library could generate broken link when a protocol-relative base URL is used.
- Fixed a bug (#3828) - Output Library method delete_cache() couldn’t delete index page caches.
- Fixed a bug (#3704) - Database method stored_procedure() in the ‘oci8’ driver didn’t properly bind parameters.
- Fixed a bug (#3778) - Download Helper function force_download() incorrectly sent a Pragma response header.
- Fixed a bug (#3752) - $routing['directory'] overrides were not properly handled and always resulted in a 404 “Not Found” error.
- Fixed a bug (#3279) - Query Builder methods update() and get_compiled_update() did double escaping on the table name if it was provided via from().
- Fixed a bug (#3991) - $config['rewrite_short_tags'] never worked due to function_exists('eval') always returning FALSE.
- Fixed a bug where the File Uploading Library library will not properly configure its maximum file size unless the input value is of type integer.
- Fixed a bug (#4000) - Pagination Library didn’t enable “rel” attributes by default if no attributes-related config options were used.
- Fixed a bug (#4004) - URI Class didn’t properly parse the request URI if it contains a colon followed by a digit.
- Fixed a bug in Query Builder where the $escape parameter for some methods only affected field names.
- Fixed a bug (#4012) - Query Builder methods where_in(), or_where_in(), where_not_in(), or_where_not_in() didn’t take into account previously cached WHERE conditions when query cache is in use.
- Fixed a bug (#4015) - Email Library method set_header() didn’t support method chaining, although it was advertised.
- Fixed a bug (#4027) - Routing with HTTP verbs only worked if the route request method was declared in all-lowercase letters.
- Fixed a bug (#4026) - Database Transactions always rollback if any previous query() call fails.
- Fixed a bug (#4023) - String Helper function increment_string() didn’t escape its $separator parameter.