user_guide_src/source/changelog.rst
########## Change Log ##########
Release Date: Not Released
General Changes
DIRECTORY_SEPARATOR automatically.common function <general/common_functions> :php:func:set_status_header().Core
Added a $config['log_file'] option.
Removed $config['log_file_extension'].
Removed $config['rewrite_short_tags'] (irrelevant on PHP 5.4+).
Removed previously deprecated $config['global_xss_filtering'].
Removed previously deprecated :doc:Routing Class <general/routing> methods fetch_directory(), fetch_class() and fetch_method() (use the respective class properties instead).
Removed previously deprecated :doc:Config Library <libraries/config> method system_url() (encourages insecure practices).
Changed :doc:URI Library <libraries/uri> to ignore the $config['url_suffix'], $config['permitted_uri_chars'] configuration settings for CLI requests.
Changed :doc:Loader <libraries/loader> method model() to always check if the loaded class extends CI_Model.
Changed :doc:Output Library <libraries/output> method _display() default parameter value to NULL instead of empty string.
:doc:Input Library <libraries/input> changes include:
$config['allow_get_array'].$config['standardize_newlines'].is_cli_request() (use :php:func:is_cli() instead).set_cookie() method's default expiry time to 0 (expires when browser is closed).set_cookie() method to delete the cookie if a negative expiry time is passed to it.get_post(), post_get() methods.Libraries
Removed previously deprecated Encrypt Library.
Removed previously deprecated Cart Library.
Removed previously deprecated Javascript Library (it was always experimental in the first place).
Removed previously deprecated anchor_class option from :doc:Pagination Library <libraries/pagination>.
Added TLS and UNIX socket connection support to :doc:Session Library <libraries/sessions> 'redis' driver.
Updated :doc:ZIP Library <libraries/zip> method read_dir() to include hidden (dot-prefixed) files.
:doc:Cache Library <libraries/caching> changes include:
get_loaded_driver() to return the currently used driver.:doc:Form Validation Library <libraries/form_validation> changes include:
prep_for_form() / rule prep_for_form.'form_validation_' prefix.set_rules() to throw a BadMethodCallException when its first parameter is not an array and the $rules one is unused.filter_var() with FILTER_VALIDATE_MAC.is_array is within the list of rules.run().:doc:HTML Table Library <libraries/table> changes include:
clear() to also reset captions.:doc:Email Library <libraries/email> changes include:
TRUE.send() method to always return TRUE when sending multiple batches of emails.:doc:Image Manipulation Library <libraries/image_lib> changes include:
new_name option when rendering images with dynamic_output.dynamic_output, if possible.:doc:Database <database/index> changes include:
Removed the option to disable the :doc:Query Builder <database/query_builder>.
Removed driver-specific $curs_id property and get_cursor(), stored_procedure() methods from OCI8 driver.
Removed previously deprecated 'sqlite' driver (used for SQLite version 2; no longer shipped with PHP 5.4+).
Removed method db_set_charset() and the ability to change a connection character set at runtime.
Changed method initialize() to return void and instead throw a RuntimeException in case of failure.
Changed method db_connect() to always set the connection character set (if supported by the driver) and to fail if it can't.
:doc:Database Forge <database/forge>:
CURRENT_TIMESTAMP and similar.$_after parameter for add_column().:doc:Query Builder <database/query_builder>:
having_in(), or_having_in(), not_having_in(), or_not_having_in().where_in(), or_where_in(), not_where_in(), or_not_where_in() to reject non-array inputs for the second parameter.join() to allow accepting NATURAL clauses in its third parameter.Helpers
Removed previously deprecated Email Helper (had only two functions, aliases for PHP's native filter_var() and mail()).
Removed previously deprecated Smiley Helper.
Removed previously deprecated :doc:Date Helper <helpers/date_helper> function standard_date() (use PHP's native date() instead).
Removed previously deprecated :doc:Date Helper <helpers/date_helper> function nice_date() (use PHP's native DateTime::format() instead).
Removed previously deprecated :doc:Security Helper <helpers/security_helper> function do_hash() (use PHP's native hash() instead).
Removed previously deprecated :doc:File Helper <helpers/file_helper> function read_file() (use PHP's native file_get_contents() instead).
Removed previously deprecated options 'dash' and 'underscore' from :doc:URL Helper <helpers/url_helper> function :php:func:url_title().
Added new function :php:func:ordinal_format() to :doc:Inflector Helper <helpers/inflector_helper>.
:doc:Download Helper <helpers/download_helper> changes include:
force_download() to allow existing files to be renamed for download.force_download() to better utilize available server memory.force_download() to serve multibyte filenames when possible, via the filename* attribute specified by IETF RFC 6266 <https://tools.ietf.org/html/rfc6266>_.:doc:String Helper <helpers/string_helper> changes include:
trim_slashes() (use PHP's native trim() with '/' instead).repeater() (use PHP's native str_repeat() instead).'unique' and 'encrypt' options from random_string().:doc:HTML Helper <helpers/html_helper> changes include:
br() (use PHP's native str_repeat() with ' ' instead).nbs() (use PHP's native str_repeat() with ' ' instead).meta() with support for "charset" and "property" properties.doctype() default document type to HTML 5.:doc:Form Helper <helpers/form_helper> changes include:
form_prep() (use :php:func:html_escape() instead).form_upload() function (it was never used).:doc:CAPTCHA Helper <helpers/captcha_helper> changes include:
data:image/png;base64 URIs instead of writing image files to disk.$img_path, $img_url, $font_path as extra parameters instead of array options.Cache Library <libraries/caching> 'redis' driver would pointlessly attempt to perform its functions if a connection to the Redis server failed.File Helper <helpers/file_helper> function :php:func:get_dir_file_info() output could have colliding array keys.Release Date: Mar 3, 2022
Session Library <libraries/sessions> broke for PHP 5 due to a misnamed polyfill interface.Release Date: Mar 3, 2022
Security
session.use_strict_mode wasn't enforced on PHP 7+.General Changes
CAPTCHA Helper <helpers/captcha_helper> function :php:func:create_captcha().AUTO_INCREMENT support for Oracle 12.1+ to :doc:Database Forge <database/forge>.FULL [OUTER] JOIN support to :doc:Query Builder <database/query_builder>.File Uploading Library <libraries/file_uploading>.Database Library <database/index> method trans_active() to expose transaction state.Database Library <database/index> 'pdo' driver to attempt to free resources in order to allow connections to be closed.SameSite=Strict attribute to the CSRF cookie sent by the :doc:Security Class <libraries/security>.$config['cookie_samesite'] option and $samesite parameter to :doc:Input Library <libraries/input> method set_cookie().SameSite support through $config['sess_samesite'] option to the :doc:Session Library <libraries/sessions>.Session <libraries/sessions> drivers to deal with compatibility between PHP 8.1 and older versions.Query Builder <database/query_builder> method count_all_results() triggered an SQL error for queries with a HAVING clause.Cache Library <libraries/caching> 'redis' driver triggered an E_DEPRECATED warning about sRemove() with phpRedis 5.Session <libraries/sessions> data could be corrupted after a concurrent request write with the 'files' driver due to a filesize cache being incorrect.Cache Library <libraries/caching> 'redis' driver would always use phpRedis 5 del() due to an incorrect version check.Profiler Library <general/profiling> triggered an E_DEPRECATED warning on PHP 7.4+.Database Library <database/index> methods list_fields() and field_data() ignored the configured table schema on PostgreSQL.Database Library <database/index> 'postgre' driver couldn't use the failover feature without a $config['dsn'].common function <general/common_functions> :php:func:set_status_header() didn't recognize 'HTTP/2.0' as a valid $_SERVER['SERVER_PROTOCOL'].Session <libraries/sessions> flashdata didn't work on PHP 8.is_callable() change in PHP 8 broke :doc:Migrations <libraries/migration>, a part of :doc:XML-RPC <libraries/xmlrpc> and an edge case in 404 detection logic.Query Builder <database/query_builder> possibly not detecting NOT BETWEEN expression.Release Date: Sep 19, 2019
General Changes
CI_Log to append PHP_EOL instead of \n at the end of log messages.Cache Library <libraries/caching> 'redis' driver with non-scalar variables.Session Library <libraries/sessions> 'files' driver to log error and trigger a session start failure instead of throwing an Exception in case of unusable $config['sess_save_path'].Session <libraries/sessions> and :doc:Cache <libraries/caching> libraries' 'redis' driver to work with phpRedis 5.Database Forge <database/forge> method modify_column() produced erroneous SQL for DEFAULT attribute changes under PostgreSQL, Firebird.Database Forge <database/forge> didn't handle column nullability with the 'oci8', 'pdo/oci' drivers.Database <database/index> driver 'pdo/pgsql' produced incorrect DSNs when constructing from a configuration array.Session Library <libraries/sessions> 'redis' driver too often failed with locking-related errors that could've been avoided.Session Library <libraries/sessions> triggered an E_WARNING message about changing session.save_path during an active session when it fails to obtain a lock.Session Library <libraries/sessions> 'database' driver didn't trigger a failure if it can't obtain a lock.Form Validation Library <libraries/form_validation> rule valid_url accepted digit-only domains due to a PHP bug.Cache Library <libraries/caching> 'redis' driver methods increment(), decrement() ignored their $offset parameter.Session Library <libraries/sessions> 'redis' only attempted to validate session IDs in case the connection to Redis failed.Database Results <database/results> method custom_result_object() didn't properly handle empty result sets, triggering E_WARNING messages on PHP 7.2+.Database Results <database/results> method field_data() triggered an E_NOTICE error with PDO when a field type is not recognized by PHP.Query Builder <database/query_builder> method list_tables() triggered an SQL syntax error under MySQL when the database schema is a numeric string.Security Class <libraries/security> would trigger an E_WARNING if CSRF inputs are arrays instead of strings.Release Date: Jan 16, 2019
General Changes
Database <database/index> driver.Inflector Helper <helpers/inflector_helper> function is_countable() to :php:func:word_is_countable() due to the former colliding with one introduced in PHP 7.3.0.Session Library <libraries/sessions> had a syntax error in its 'memcached' driver.Database Forge <database/forge> method modify_column() always made fields NOT NULL when attempting to modify their nullable property under PostgreSQL.Database Library <database/index> didn't allow SSL connection configuration with only the 'ssl_verify' option when using the 'mysqli' driver.Session Library <libraries/sessions> crashed due to a caching-related error with the 'files' driver.XML-RPC Library <libraries/xmlrpc> had a typo that triggered an E_WARNING message on PHP 7.2.Database Forge <database/forge> method create_table() generated an E_WARNING message.Form Validation Library <libraries/form_validation> rule valid_base64 didn't have a default error message.Database Library <database/index> methods list_fields(), field_exists() returned incorrect results after tables are modified.Database <database/index> driver 'mysqli' triggered an E_WARNING message if there's no 'port' specified in the database configuration.Database Caching <database/caching> could try to delete non-existent cache files due to a race condition.CAPTCHA Helper <helpers/captcha_helper> function :php:func:create_captcha() didn't comply with CSS standards.Form Validation Library <libraries/form_validation> didn't nullify array inputs that are expected to be strings.Release Date: Jun 12, 2018
Security
URL Helper <helpers/url_helper> function :php:func:auto_link() to add rel="noopener" to generated links in order to prevent tab hijacking.Session Library <libraries/sessions> enabled session.use_strict_mode but it didn't actually do anything (thanks to Aamer Shah, Prasanna Kumar).General Changes
Query Builder <database/query_builder> method limit() to allow 0 values.Email Library <libraries/email> and :doc:Form Validation Library <libraries/form_validation> to discard the results of failed idn_to_ascii() calls while validating e-mail addresses.Query Builder <database/query_builder> methods like(), or_like() (and siblings) didn't apply dbprefix or identifier escaping.Query Builder <database/query_builder> methods like(), or_like() (and siblings) produced incorrect SQL syntax when used with 'before' as the third parameter.HTML Helper <helpers/html_helper> functions :php:func:img(), :php:func:link_tag() would output results with double slashes if a prefix slash was included in their path inputs.Release Date: Mar 22, 2018
Security
Security Library <libraries/security> method xss_clean() to also filter JavaScript tag functions.Security Library <libraries/security> method xss_clean() didn't check for parentheses around JavaScript's document.General Changes
Email Library <libraries/email> to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections.Database Library <database/index> method version() to exclude suffixes to the main version numbers with the 'postgre' driver.Form Validation Library <libraries/form_validation>, :doc:Email Library <libraries/email> tried to use INTL_IDNA_VARIANT_UTS46 when it was undeclared.Query Builder <database/query_builder> methods where(), having() treated values passed to them as arbitrary SQL.Database Library <database/index> method insert_id() failed due to incorrect server version parsing with the 'postgre' driver.XML-RPC Library <libraries/xmlrpc> produced an error message related to count() on PHP 7.2.Image Manipulation Library <libraries/image_lib> attempted to chmod() while rendering images with the dynamic_output option.Database Results <database/results> method field_data() hid info about one field if limit() was previously used with the 'oci8' driver.Release Date: Jan 13, 2018
General Changes
Form Validation Library <libraries/form_validation> rule valid_email to use INTL_IDNA_VARIANT_UTS46 for non-ASCII domain names.Email Library <libraries/email> to use INTL_IDNA_VARIANT_UTS46 for non-ASCII domain names.Loader Library <libraries/loader> method model() to log both CI_Model class loading and individual models' initialization.Pagination Library <libraries/pagination> to preserve previously set attributes while calling initialize().Cache Library <libraries/caching> to automatically add items to cache on increment(), decrement() calls for missing keys.CAPTCHA Helper <helpers/captcha_helper> function :php:func:create_captcha() with parameters other than $data.Database Utilities <database/utilities> method backup() generated incorrect INSERT statements with the 'mysqli' driver.Database Results <database/results> method field_data() returned incorrect type names.URL Helper <helpers/url_helper> function :php:func:auto_link() didn't detect trailing slashes in URLs.Query Builder <database/query_builder> method count_all_results() breaks ORDER BY clauses for subsequent queries.Query Builder <database/query_builder> didn't account for already escaped identifiers while applying database name prefixes.URL Helper <helpers/url_helper> function :php:func:auto_link() converted e-mail addresses starting with 'www.' to both "url" and "email" links.$config['allow_get_array'] defaulted to FALSE if it didn't exist in the config file.Session Library <libraries/sessions> would incorrectly fail to obtain a lock that it already has on PHP 7 with the 'memcached' driver.Release Date: Sep 25, 2017
Security
Cache Library <libraries/caching> 'apc' driver when save() is used with $raw = TRUE (thanks to Tomas Bortoli).General Changes
Cache Library Library <libraries/caching> driver 'apc'.Session Library <libraries/sessions> 'redis', 'memcached' drivers to reduce the potential of a locking race conditions.Loader Library <libraries/loader> method library() ignored requests to load libraries previously assigned to super-object properties named differently than the library name.Query Builder <database/query_builder> method count_all_results() produced erroneous queries on Microsoft SQL Server when ORDER BY clauses are cached.Profiler <general/profiling> didn't wrap $_SESSION and configuration arrays in <pre> tags.Database Library <database/index> method is_write_type() didn't return TRUE for MERGE statements.Image Manipulation Library <libraries/image_lib> didn't escape image source paths passed to NetPBM as shell arguments.Query Builder <database/query_builder> methods limit(), offset() break SQL Server 2005, 2008 queries with "<tablename>".* in the SELECT clause.Database Library <database/index> method version() didn't work with the 'pdo/dblib' driver.Database transactions <database/transactions> status wasn't reset unless trans_complete() was called.Database Utilities <database/utilities> method backup() generated incorrect INSERT statements with the 'mysqli' driver.Database Results <database/results> method field_data() didn't parse field types with the 'mysqli' driver.Release Date: Jun 19, 2017
Security
Form Validation Library <libraries/form_validation> rule valid_email could be bypassed if idn_to_ascii() is available.General Changes
Form Helper <helpers/form_helper> function :php:func:form_label() to accept HTML attributes as a string.Email Library <libraries/email> didn't properly detect 7-bit encoding.XML-RPC Library <libraries/xmlrpc> errored because of a variable name typo.Inflector Helper <helpers/inflector_helper> function :php:func:singular() didn't properly handle 'quizzes'.Database Forge <database/forge> method modify_column() triggered an error while renaming columns with the 'oci8', 'pdo/oci' drivers.Query Builder <database/query_builder> method count_all_results() returned incorrect result for queries using LIMIT, OFFSET.Release Date: Mar 20, 2017
Security
common function <general/common_functions> :php:func:set_status_header() under Apache (thanks to Guillermo Caminer from Flowgate <https://flowgate.net/>_).mbstring.func_overload is enabled.Encryption Library <libraries/encryption> when mbstring.func_overload is enabled.compatibility functions <general/compatibility_functions> password_hash(), hash_pbkdf2() when mbstring.func_overload is enabled.mcrypt_create_iv() with MCRYPT_DEV_URANDOM.General Changes
Image Manipulation Library <libraries/image_lib> to work-around an issue with some JPEGs when using GD.Loader Library <libraries/loader> couldn't handle objects passed as view variables.Loader Library <libraries/loader> method helper() could accept any character as a filename extension separator.Session Library <libraries/sessions> would fail on a session_regenerate_id(TRUE) call with the 'database' driver.Query Builder <database/query_builder> caching didn't keep track of table aliases.Text Helper <helpers/text_helper> function ascii_to_entities() wasn't byte-safe when mbstring.func_overload is enabled.CI_Log, CI_Output, CI_Email and CI_Zip didn't handle strings in a byte-safe manner when mbstring.func_overload is enabled.Session Library <libraries/sessions> didn't read session data in a byte-safe manner when mbstring.func_overload is enabled.Profiler <general/profiling> didn't close <pre> tags it generated.Profiler <general/profiling> didn't HTML-escape quotes for $_SESSION variables.Input Library <libraries/input> method set_cookie() didn't allow its httponly and secure parameters to be overriden to FALSE.common function <general/common_functions> :php:func:get_mimes() didn't load application/config/mimes.php if an environment specific config exists.common function <general/common_functions> :php:func:remove_invisible_characters() didn't remove URL-encoded 0x7F.Database Library <database/index> stripped URL-encoded sequences while escaping strings with the 'mssql' driver.HTML Helper <helpers/html_helper> function :php:func:img() didn't accept data: URI schemes for the image source.Database Library <database/index> tried to access an undefined property in a number of error handling cases.Database <database/index> driver 'postgre' didn't actually apply extra options (such as 'connect_timeout') to its DSN.Release Date: Jan 09, 2017
Security
Security Library <libraries/security> method xss_clean().Loader Library <libraries/loader> method vars().Email Library <libraries/email> when 'mail' or 'sendmail' are used (thanks to Paul Buonopane from NamePros <https://www.namepros.com/>_).Security Library <libraries/security> method csrf_verify().Form Helper <helpers/form_helper> function :php:func:form_open().General Changes
$config['allow_get_array'].$config['standardize_newlines'].Date Helper <helpers/date_helper> function nice_date().Database Library <database/index> didn't differentiate bind markers inside double-quoted strings in queries.XML-RPC Library <libraries/xmlrpc> didn't work on PHP 7.File Uploading Library <libraries/file_uploading> triggered fatal errors due to numerous PHP distribution channels (XAMPP and cPanel confirmed) explicitly disabling ext/fileinfo by default.Input Library <libraries/input> method ip_address() didn't properly resolve $config['proxy_ips'] IPv6 addresses.Image Manipulation Library <libraries/image_lib> processing via ImageMagick didn't work.Loader Library <libraries/loader> didn't take into account possible user-provided directory paths when loading helpers.Session Library <libraries/sessions> with sess_match_ip enabled was unusable for IPv6 clients when using the 'database' driver on MySQL 5.7.5+.Date Helper <helpers/date_helper> function nice_date() didn't handle YYYYMMDD inputs properly.Session Library <libraries/sessions> could execute an erroneous SQL query with the 'database' driver, if the lock attempt times out.Output Library <libraries/output> method get_header() returned the first matching header, regardless of whether it would be replaced by a second set_header() call.Email Library <libraries/email> didn't apply escapeshellarg() to the while passing the Sendmail -f parameter through popen().Image Manipulation Library <libraries/image_lib> method initialize() didn't translate new_image inputs to absolute paths.Query Builder <database/query_builder> method order_by() didn't work with 'RANDOM' under the 'pdo/sqlite' driver.Query Builder <database/query_builder> method update_batch() didn't properly handle identifier escaping.Database Forge <database/forge> method create_table() didn't update an internal tables list cache if it exists but is empty.Query Builder <database/query_builder> method count_all_results() didn't take into account cached ORDER BY clauses.Query Builder <database/query_builder> method insert_batch() could fail if the input array pointer was modified.Database Force <database/forge> method alter_table() would fail with the 'oci8' driver.Image Manipulation Library <libraries/image_lib> method get_image_properties() didn't detect invalid images.Email Library <libraries/email> didn't send the User-Agent header without a prior call to clear().Release Date: Oct 28, 2016
Security
Security Library <libraries/security> method xss_clean().General Changes
Matching_name::Matching_name() methods) to be used as routes, if there's a __construct() to override them.Session Library <libraries/sessions> didn't take into account session.hash_bits_per_character when validating session IDs.Query Builder <database/query_builder> method update_batch() didn't properly handle identifier escaping.Query Builder <database/query_builder> didn't properly parse field names ending in 'is' when used inside WHERE and HAVING statements.CI_Log, CI_Output, CI_Email and CI_Zip didn't handle strings in a byte-safe manner when mbstring.func_overload is enabled.Release Date: Oct 22, 2016
Security
Security Library <libraries/security> method entity_decode() (used by xss_clean()) that affects HTML 5 entities when using PHP 5.3.General Changes
E_PARSE to the list of error levels detected by the shutdown handler.Inflector Helper <helpers/inflector_helper> is_countable() with more words.common function <general/common_functions> :php:func:set_status_header() with new status codes from IETF RFCs
2817 <https://tools.ietf.org/html/rfc2817>_ (426)
and 6585 <https://tools.ietf.org/html/rfc6585>_ (428, 429, 431, 511).Session Library <libraries/sessions> triggered errors while writing data for a newly-created sessions with the 'memcached' driver.Image Manipulation Library <libraries/image_lib> processing via ImageMagick didn't work.Query Builder <database/query_builder> didn't add an OFFSET when LIMIT is zero or unused.Email Library <libraries/email> doesn't properly separate attachment bodies from headers.Unit Testing Library <libraries/unit_testing> method result() didn't translate res_datatype.Form Validation <libraries/form_validation>, :doc:Trackback <libraries/trackback> and :doc:XML-RPC <libraries/xmlrpc> libraries treated URI schemes in a case-sensitive manner.Cache Library <libraries/caching> 'file' driver method get_metadata() checked TTL time against mtime instead of the cache item's creation time.File Uploading Library <libraries/file_uploading> generated error messages on PHP 7.1.compatibility function <general/compatibility_functions> hex2bin() didn't reject inputs of type "resource".Form Validation Library <libraries/form_validation> method valid_email() triggered E_WARNING when input emails have empty domain names.Database <database/index> driver 'mysqli' didn't use the MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag properly.Database <database/index> method is_write_type() only looked at the first line of a queries using RETURNING with the 'postgre', 'pdo/pgsql', 'odbc' and 'pdo/odbc' drivers.Query Builder <database/query_builder> method insert_batch() tried to execute an unsupported SQL query with the 'ibase' and 'pdo/firebird' drivers.Database <database/index> driver 'pdo/mysql' didn't turn off AUTOCOMMIT when starting a transaction.CAPTCHA Helper <helpers/captcha_helper> didn't clear expired PNG images.Session Library <libraries/sessions> 'files' driver could enter an infinite loop if mbstring.func_overload is enabled.Database Forge <database/forge> didn't quote schema names passed to its create_database() method.HTML Table Library <libraries/table> method set_caption() was missing method chaining support.XML-RPC Library <libraries/xmlrpc> client class didn't set a read/write socket timeout.display_errors was turned On.Session Library <libraries/sessions> didn't take into account the new session INI settings in PHP 7.1.Release Date: July 26, 2016
Security
set_realpath() :doc:Path Helper <helpers/path_helper> function to filter-out php:// wrapper inputs.General Changes
Updated :doc:Image Manipulation Library <libraries/image_lib> to validate width and height configuration values.
Updated :doc:Encryption Library <libraries/encryption> to always prefer random_bytes() when it is available.
Updated :doc:Session Library <libraries/sessions> to log 'debug' messages when using fallbacks to session.save_path (php.ini) or 'sess_use_database', 'sess_table_name' settings.
Added a 'LONGTEXT' to 'STRING' alias to :doc:Database Forge <database/forge> for the 'cubrid', 'pdo/cubrid' drivers.
Added 'TINYINT', 'MEDIUMINT', 'INT' and 'BIGINT' aliases to 'NUMBER' to :doc:Database Forge <database/forge> for the 'oci8', 'pdo/oci' drivers.
:php:func:password_hash() :doc:compatibility function <general/compatibility_functions> changes:
random_bytes() when it is available.openssl_random_pseudo_bytes().openssl_random_pseudo_bytes() sets its $crypto_strong flag to FALSE.Image Manipulation Library <libraries/image_lib> didn't escape image source paths passed to ImageMagick as shell arguments.Database Forge <database/forge> method create_table() incorrectly accepts field width constraints for MSSQL/SQLSRV integer-type columns.Cache Library <libraries/caching> didn't check if Memcached::quit() is available before calling it.Input Library <libraries/input> method request_headers() ignores $xss_clean parameter value after first call.Config Library <libraries/config> method site_url() stripped trailing slashes from relative URIs passed to it.Email Library <libraries/email> failed to send multiple emails via SMTP due to "already authenticated" errors when keep-alive is enabled.Form Validation Library <libraries/form_validation> ignored multiple "callback" rules for empty, non-required fields.Database <database/index> method error() returned FALSE with the 'oci8' driver if there was no error.Query Builder <database/query_builder> method count_all_results() doesn't take into account GROUP BY clauses while deciding whether to do a subquery or not.Session Library <libraries/sessions> 'redis' driver didn't properly detect if a connection is properly closed on PHP 5.x.Email Library <libraries/email> didn't properly handle inline attachments in HTML emails.Database <database/index> method db_select() didn't clear metadata cached for the previously used database.File Helper <helpers/file_helper> function :php:func:delete_files() treated symbolic links as regular directories.Database <database/index> driver 'dblib' triggered E_WARNING messages while connecting.Database Forge <database/forge> tried to use unsupported IF NOT EXISTS clause when creating tables on Oracle.File Uploading Library <libraries/file_uploading> method data() returns wrong 'raw_name' when the filename extension is also contained in the raw filename.Input Library <libraries/input> method ip_address() errors with a matching $config['proxy_ips'] IPv6 address.User Agent Library <libraries/user_agent> didn't load the config/user_agents.php file when there's no User-Agent HTTP request header.Query Builder <database/query_builder> methods insert_batch(), update_batch() could return wrong affected rows count.Email Library <libraries/email> doesn't sent RSET to SMTP servers after a failure and while using keep-alive.Common function <general/common_functions> :php:func:is_https() compared the X-Forwarded-Proto HTTP header case-sensitively.Common function <general/common_functions> :php:func:remove_invisible_characters() searched case-sensitively for URL-encoded characters.Release Date: March 21, 2016
General Changes
Cache Library <libraries/caching> 'memcached' driver to ensure that Memcache(d) connections are properly closed.Form Validation Library <libraries/form_validation> method prep_for_form().Form Validation Library <libraries/form_validation> always accepted empty array inputs.Session Library <libraries/sessions> allowed accessing $_SESSION values as class properties but isset() didn't work on them.Form Validation Library <libraries/form_validation> modified the $_POST array when the data being validated was actually provided via set_data().Migration Library <libraries/migration> applied migrations before validating that all migrations within the requested version range are valid.Migration Library <libraries/migration> triggered failures for migrations that are out of the requested version range.Release Date: March 11, 2016
Core
Loader Library <libraries/loader> to allow $autoload['drivers'] assigning with custom property names.Loader Library <libraries/loader> to ignore variables prefixed with 'ci' when loading views.General Changes
Session Library <libraries/sessions> to produce friendlier error messages on failures with drivers other than 'files'.:doc:Query Builder <database/query_builder>
$batch_size parameter to the insert_batch() method (defaults to 100).$batch_size parameter to the update_batch() method (defaults to 100).Email Library <libraries/email> method reply_to() didn't apply Q-encoding.Pagination Library <libraries/pagination> ignored (possible) cur_page configuration value.Query Builder <database/query_builder> method count_all_results() still fails if an ORDER BY condition is used.Query Builder <database/query_builder> methods insert_batch(), update_batch() produced confusing error messages when called with no data and db_debug is enabled.Query Builder <database/query_builder> breaks WHERE and HAVING conditions that use IN() with strings containing a closing parenthesis.Form Helper <helpers/form_helper> functions :php:func:set_checkbox(), :php:func:set_radio() where "checked" inputs aren't recognized after a form submit.Text Helper <helpers/text_helper> function :php:func:word_censor() doesn't work under PHP 7 if there's no custom replacement provided.Form Validation Library <libraries/form_validation> rule valid_url didn't accept URLs with IPv6 addresses enclosed in square brackets under PHP 5 (upstream bug).CAPTCHA Helper <helpers/captcha_helper> triggers an error if the provided character pool is too small.File Uploading Library <libraries/file_uploading> option file_ext_tolower didn't work.Query Builder <database/query_builder> method join() discarded opening parentheses.Session Library <libraries/sessions> triggered a PHP warning when writing a newly created session with the 'redis' driver.Inflector Helper <helpers/inflector_helper> function :php:func:humanize() didn't escape its $separator parameter while using it in a regular expression.Session Library <libraries/sessions> didn't properly handle its locks' statuses with the 'memcached' driver.Session Library <libraries/sessions> triggered a PHP warning when writing a newly created session with the 'memcached' driver.Query Builder <database/query_builder> method join() breaks conditions containing IS NULL, IS NOT NULL.Session Library <libraries/sessions> didn't clean-up internal variables for emulated locks with the 'redis' driver.Session Library <libraries/sessions> didn't clean-up internal variables for emulated locks with the 'memcached' driver.Database <database/index> transactions didn't work with the 'ibase' driver.Security Library <libraries/security> method strip_image_tags() preserves only the first URL character from non-quoted src attributes.Profiler Library <general/profiling> didn't apply htmlspecialchars() to all displayed inputs.Cache Library <libraries/caching> triggered fatal errors if accessing the Memcache(d) and/or Redis driver and they are not available on the system.Cache Library <libraries/caching> method is_supported() logged an error message when it returns FALSE for the APC and Wincache drivers.Release Date: January 13, 2016
General Changes
Security Library <libraries/security> method get_random_bytes() to use PHP 7's random_bytes() function when possible.Encryption Library <libraries/security> method create_key() to use PHP 7's random_bytes() function when possible.:doc:Database <database/index>
OFFSET-FETCH with Oracle 12c for the 'oci8' and 'pdo/oci' drivers.MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT constant from PHP 5.6.16 <https://secure.php.net/ChangeLog-5.php#5.6.16>_ for the 'mysqli' driver.Query Builder <database/query_builder> method count_all_results() could fail if an ORDER BY condition is used.Form Helper <helpers/form_helper> functions :php:func:set_checkbox(), :php:func:set_radio() didn't "uncheck" inputs on a submitted form if the default state is "checked".Config Library <libraries/config> method base_url() didn't use proper formatting for IPv6 when it falls back to $_SERVER['SERVER_ADDR'].CAPTCHA Helper <helpers/captcha_helper> entered an infinite loop while generating a random string.Database <database/index> method simple_query() blindly executes queries without checking if the connection was initialized properly.Email Library <libraries/email> could improperly use "unsafe" US-ASCII characters during Quoted-printable encoding.Database Forge <database/forge> couldn't properly handle SET and ENUM type fields with string values.String Helper <helpers/string_helper> function :php:func:alternator() couldn't be called without arguments.Database <database/index> method version() didn't work properly with the 'mssql' driver.Session Library <libraries/sessions> could generate multiple (redundant) warnings in case of a read failure with the 'files' driver, due to a bug in PHP.Session Library <libraries/sessions> didn't have proper error handling on PHP 5 (due to a PHP bug).Form Validation Library <libraries/form_validation> didn't provide error feedback for failed validation on empty requests.Database <database/index> method version() returned banner text instead of only the version number with the 'oci8' and 'pdo/oci' drivers.Database <database/index> method error() didn't really work for connection errors with the 'mysqli' driver.Email Library <libraries/email> failing with a "More than one 'from' person" message when using sendmail.Loader Library <libraries/loader> method model() logic directly instantiated the CI_Model or MY_Model classes.Database <database/index> method query() didn't return a result set for queries with the RETURNING statement on PostgreSQL.Session Library <libraries/sessions> doesn't properly maintain its state after ID regeneration with the 'redis' and 'memcached' drivers on PHP 7.Database <database/index> drivers 'mysql', 'mysqli', 'pdo/mysql' discard other sql_mode flags when "stricton" is enabled.Database <database/index> drivers 'mysql', 'mysqli', 'pdo/mysql' don't turn off STRICT_TRANS_TABLES on MySQL 5.7+ when "stricton" is disabled.Session Library <libraries/sessions> with the 'database' driver could be affected by userspace :doc:Query Builder <database/query_builder> conditions.Release Date: October 31, 2015
Security
Security Library <libraries/security> method xss_clean().Config Library <libraries/config> method base_url() to fallback to $_SERVER['SERVER_ADDR'] when $config['base_url'] is empty in order to avoid Host header injections.CAPTCHA Helper <helpers/captcha_helper> to use the operating system's PRNG when possible.:doc:Database <database/index>
Database Utility <database/utilities> method csv_from_result() for speed with larger result sets.Database Transactions <database/transactions> method trans_start().Database <database/index> method insert_id() could return an identity from the wrong scope with the 'sqlsrv' driver.Session Library <libraries/sessions> doesn't properly maintain its state after ID regeneration with the 'database' driver on PHP 7.Database Forge <database/forge> method add_key() didn't allow creation of non-PRIMARY composite keys after the "bugfix" for #3968.Database Transactions <database/transactions> didn't work with nesting in methods trans_begin(), trans_commit(), trans_rollback().Database Transaction <database/transactions> methods trans_begin(), trans_commit(), trans_rollback() ignored failures.Database Transaction <database/transactions> methods returned TRUE while transactions are actually disabled.common function <general/common_functions> :php:func:html_escape() modified keys of its array inputs.Email Library <libraries/email> wouldn't always have proper Quoted-printable encoding due to a bug in PHP's own mb_mime_encodeheader() function.Release Date: October 8, 2015
Security
Security Library <libraries/security> method xss_clean() (thanks to Frans Rosén from Detectify <https://detectify.com/>_).General Changes
Loader Library <libraries/loader> method model() to only apply ucfirst() and not strtolower() to the requested class name.Config Library <libraries/config> methods base_url(), site_url() to allow protocol-relative URLs by passing an empty string as the protocol.Database <database/index> method protect_identifiers() breaks when :doc:Query Builder <database/query_builder> isn't enabled.Routing <general/routing> with anonymous functions didn't work for routes that don't use regular expressions.Input Library <libraries/input> method get_request_header() could not return a value unless request_headers() was called beforehand.Database Class <database/index> entered an endless loop if it fails to connect with the 'sqlsrv' driver.Database <database/index> method protect_identifiers() treats a traling space as an alias separator if the input doesn't contain ' AS '.Cache Library <libraries/caching> couldn't fallback to a backup driver if the primary one is Memcache(d) or Redis.Email Library <libraries/email> method send() could return TRUE in case of an actual failure when an SMTP command fails.Query Builder <database/query_builder> didn't apply dbprefix to LIKE conditions if the pattern included spaces.Cache Library <libraries/caching> 'file' driver could be tricked into accepting empty cache item IDs.Query Builder <database/query_builder> modified string values containing 'AND', 'OR' while compiling WHERE conditions.Query Builder <database/query_builder> didn't apply dbprefix when compiling BETWEEN conditions.Form Validation Library <libraries/form_validation> didn't allow pipe characters inside "bracket parameters" when using a string ruleset.Routing <general/routing> to default_controller didn't work when enable_query_strings is set to TRUE.Cache Library <libraries/caching> 'redis' driver didn't catch RedisException that could be thrown during authentication.Database <database/index> method error() didn't return error info when called after query() with the 'mssql' driver.Pagination Library <libraries/pagination> set the wrong page number on the "data-ci-pagination-page" attribute in generated links.Pagination Library <libraries/pagination> added the 'rel="start"' attribute to the first displayed link even if it's not actually linking the first page.Error Handling <general/errors> breaks for the new Error exceptions under PHP 7.Form Validation Library <libraries/form_validation> method reset_validation() discarded validation rules from config files.Release Date: August 7, 2015
Core
hash_pbkdf2() :doc:compatibility function <general/compatibility_functions>.Database
list_fields() support for SQLite ('sqlite3' and 'pdo_sqlite' drivers).Libraries
:doc:File Uploading Library <libraries/file_uploading> changes:
set_error() to accept a custom log level (defaults to 'error').Added 'is_resource' to the available expectations in :doc:Unit Testing Library <libraries/unit_testing>.
Helpers
URL Helper <helpers/url_helper> function :php:func:url_title().Form Helper <helpers/form_helper> functions that use it.Core
$config['cache_query_string'] for the :doc:Output Library <libraries/output>.CI_Loader::model() in order to ease debugging in case of name collisions.Caching <libraries/caching> driver didn't handle authentication failures properly.URL Helper <helpers/url_helper> function :php:func:anchor() didn't work with array inputs.db_select() didn't work for MySQL with the PDO :doc:Database <database/index> driver.Form Validation Library <libraries/form_validation> was looking for a 'form_validation_' prefix when trying to translate field name labels.FTP Library <libraries/ftp> method delete_dir() failed when the target has subdirectories.Output Library <libraries/output> method _display_cache() incorrectly looked for the last modified time of a directory instead of the cache file.Form Validation Library <libraries/form_validation> treated empty string values as non-existing ones.Session Library <libraries/sessions> drivers Redis and Memcached didn't properly handle locks that are blocking the request for more than 30 seconds.Image Manipulation Library <libraries/image_lib> method image_mirror_gd() didn't properly initialize its variables.field_data() didn't work properly with the Oracle (OCI8) database driver.Database Utility Class <database/utilities> method csv_from_result() didn't work with a whitespace CSV delimiter.Input Library <libraries/input> method get_request_header() treated header names as case-sensitive.Form Validation Library <libraries/form_validation> ignored "unnamed" closure validation rules.Form Validation Library <libraries/form_validation> ignored "named" callback rules when the field is empty and there's no 'required' rule.Email <libraries/email> and :doc:XML-RPC <libraries/xmlrpc> libraries could enter an infinite loop due to PHP bug #39598 <https://bugs.php.net/bug.php?id=39598>_.Cache Library <libraries/caching> didn't work with the direct $this->cache->$driver_name->method() syntax with Redis and Memcache(d).Query Builder <database/query_builder> didn't properly compile WHERE and HAVING conditions for field names that end with "and", "or".Query Builder <database/query_builder> where delete() didn't properly work on multiple tables with a WHERE condition previously set via where().Database <database/index> method list_fields() didn't work with SQLite3.Cache Library <libraries/caching> methods increment() and decrement() ignored the 'key_prefix' setting.Unit Testing Library <libraries/unit_testing> wrongly tried to translate filenames, line numbers and notes values in test results.File Uploading Library <libraries/file_uploading> ignored the "encrypt_name" setting when "overwrite" is enabled.Database Forge <database/forge> method add_key() didn't treat array inputs as composite keys unless it's a PRIMARY KEY.Pagination Library <libraries/pagination> could generate broken link when a protocol-relative base URL is used.Output Library <libraries/output> method delete_cache() couldn't delete index page caches.Database <database/index> method stored_procedure() in the 'oci8' driver didn't properly bind parameters.Download Helper <helpers/download_helper> function :php:func:force_download() incorrectly sent a Pragma response header.$routing['directory'] overrides were not properly handled and always resulted in a 404 "Not Found" error.Query Builder <database/query_builder> methods update() and get_compiled_update() did double escaping on the table name if it was provided via from().$config['rewrite_short_tags'] never worked due to function_exists('eval') always returning FALSE.File Uploading Library <libraries/file_uploading> library will not properly configure its maximum file size unless the input value is of type integer.Pagination Library <libraries/pagination> didn't enable "rel" attributes by default if no attributes-related config options were used.URI Class <libraries/uri> didn't properly parse the request URI if it contains a colon followed by a digit.Query Builder <database/query_builder> where the $escape parameter for some methods only affected field names.Query Builder <database/query_builder> methods where_in(), or_where_in(), where_not_in(), or_where_not_in() didn't take into account previously cached WHERE conditions when query cache is in use.Email Library <libraries/email> method set_header() didn't support method chaining, although it was advertised.Routing <general/routing> with HTTP verbs only worked if the route request method was declared in all-lowercase letters.Database Transactions <database/transactions> always rollback if any previous query() call fails.String Helper <helpers/string_helper> function increment_string() didn't escape its $separator parameter.Release Date: March 30, 2015
License
MIT License <https://opensource.org/licenses/MIT>_, eliminating its old proprietary licensing.General Changes
$_SERVER['CI_ENV'] can now be set to control the ENVIRONMENT constant.$autoload['core'] in application/config/autoload.php.
Only entries in $autoload['libraries'] are auto-loaded now.var usage for properties.$config['error_views_path'].$view_folder so that if it's not found in the current path, it will now also be searched for under the application folder.filter_var() instead of PCRE.Trackback Library <libraries/trackback> and :doc:Captcha Helper <helpers/captcha_helper>.eval() and exec() is required.$config['log_file_extension'].$config['standardize_newlines'] and set it to FALSE by default.$config['composer_autoload'] to enable loading of a Composer <https://getcomposer.org>_ auto-loader.URI Library <libraries/uri>.$config['log_threshold'] is set to 2 (debug).Helpers
:doc:Date Helper <helpers/date_helper> changes include:
timespan() that constrains the number of time units displayed.timezone_menu() that allows more attributes to be added to the generated select tag.date_range() that generates a list of dates between a specified period.standard_date(), which now just uses the native date() with DateTime constants <https://secure.php.net/manual/en/class.datetime.php#datetime.constants.types>_.now() to work with all timezone strings supported by PHP.days_in_month() to use the native cal_days_in_month() PHP function, if available.:doc:URL Helper <helpers/url_helper> changes include:
url_title() (they are only aliases for '-' and '_' respectively).url_title() will now trim extra dashes from beginning and end.anchor_popup() will now fill the href attribute with the URL and its JS code will return FALSE instead.anchor_popup() function.anchor_popup().redirect().redirect() to choose the refresh method only on IIS servers, instead of all servers on Windows (when auto is used).anchor(), :php:func:anchor_popup(), and :php:func:redirect() to support protocol-relative URLs (e.g. //ellislab.com/codeigniter).:doc:HTML Helper <helpers/html_helper> changes include:
doctype() to cache and only load once the doctypes array.nbs() and br(), which are just aliases for the native str_repeat() with and respectively.:doc:Inflector Helper <helpers/inflector_helper> changes include:
humanize() to allow passing an input separator as its second parameter.humanize() and :php:func:underscore() to utilize mbstring <https://secure.php.net/mbstring>_, if available.plural() and :php:func:singular() to avoid double pluralization and support more words.:doc:Download Helper <helpers/download_helper> changes include:
force_download() that enables/disables sending the actual file MIME type in the Content-Type header (disabled by default).force_download() for a bug Android <= 2.1, where the filename extension needs to be in uppercase.force_download() (useful for large files and/or safely transmitting binary data).:doc:Form Helper <helpers/form_helper> changes include:
form_dropdown() will now also take an array for unity with other form helpers.form_prep() is now DEPRECATED and only acts as an alias for :doc:common function <general/common_functions> :php:func:html_escape().set_value() will now also accept a third argument, allowing to turn off HTML escaping of the value.:doc:Security Helper <helpers/security_helper> changes include:
do_hash() now uses PHP's native hash() function (supporting more algorithms) and is deprecated.strip_image_tags() is now an alias for the same method in the :doc:Security Library <libraries/security>.Smiley Helper changes include:
js_insert_smiley().:doc:File Helper <helpers/file_helper> changes include:
set_realpath() can now also handle file paths as opposed to just directories.delete_files() to enable it to skip deleting files such as .htaccess and index.html.read_file() - it's just an alias for PHP's native file_get_contents().:doc:String Helper <helpers/string_helper> changes include:
repeater() - it's just an alias for PHP's native str_repeat().trim_slashes() - it's just an alias for PHP's native trim() (with a slash as its second argument).random_string() (they are only aliases for md5 and sha1 respectively).:doc:CAPTCHA Helper <helpers/captcha_helper> changes include:
imagepng() in case that imagejpeg() isn't available.:doc:Text Helper <helpers/text_helper> changes include:
highlight_phrase() to <mark> (formerly <strong>).character_limiter(), :php:func:word_wrap() and :php:func:ellipsize() to utilize mbstring <https://secure.php.net/mbstring>_ or iconv <https://secure.php.net/iconv>_, if available.:doc:Directory Helper <helpers/directory_helper> :php:func:directory_map() will now append DIRECTORY_SEPARATOR to directory names in the returned array.
:doc:Array Helper <helpers/array_helper> :php:func:element() and :php:func:elements() now return NULL instead of FALSE when the required elements don't exist.
:doc:Language Helper <helpers/language_helper> :php:func:lang() now accepts an optional list of additional HTML attributes.
Deprecated the Email Helper as its valid_email(), send_email() functions are now only aliases for PHP native functions filter_var() and mail() respectively.
Database
DEPRECATED the 'mysql', 'sqlite', 'mssql' and 'pdo/dblib' (also known as 'pdo/mssql' or 'pdo/sybase') drivers.
Added dsn configuration setting for drivers that support DSN strings (PDO, PostgreSQL, Oracle, ODBC, CUBRID).
Added schema configuration setting (defaults to public) for drivers that might need it (currently used by PostgreSQL and ODBC).
Added save_queries configuration setting to application/config/database.php (defaults to TRUE).
Removed autoinit configuration setting as it doesn't make sense to instantiate the database class but not connect to the database.
Added subdrivers support (currently only used by PDO).
Added an optional database name parameter to db_select().
Removed protect_identifiers() and renamed internal method _protect_identifiers() to it instead - it was just an alias.
Renamed internal method _escape_identifiers() to escape_identifiers().
Updated escape_identifiers() to accept an array of fields as well as strings.
MySQL and MySQLi drivers now require at least MySQL version 5.1.
Added a $persistent parameter to db_connect() and changed db_pconnect() to be an alias for db_connect(TRUE).
db_set_charset() now only requires one parameter (collation was only needed due to legacy support for MySQL versions prior to 5.1).
db_select() will now always (if required by the driver) be called by db_connect() instead of only when initializing.
Replaced the _error_message() and _error_number() methods with error(), which returns an array containing the last database error code and message.
Improved version() implementation so that drivers that have a native function to get the version number don't have to be defined in the core DB_driver class.
Added capability for packages to hold config/database.php config files.
Added MySQL client compression support.
Added encrypted connections support (for mysql, sqlsrv and PDO with sqlsrv).
Removed :doc:Loader Class <libraries/loader> from Database error tracing to better find the likely culprit.
Added support for SQLite3 database driver.
Added Interbase/Firebird database support via the ibase driver.
Added ODBC support for create_database(), drop_database() and drop_table() in :doc:Database Forge <database/forge>.
Added support to binding arrays as IN() sets in query().
:doc:Query Builder <database/query_builder> changes include:
insert_batch().get_compiled_select(), get_compiled_insert(), get_compiled_update(), get_compiled_delete().join(), order_by(), where_in(), or_where_in(), where_not_in(), or_where_not_in(), insert(), insert_batch().join() with multiple conditions.join().where().order_by(seed, 'RANDOM').limit() to ignore NULL values instead of always casting to integer.offset() to ignore empty values instead of always casting to integer.insert_batch() and update_batch() now return an integer representing the number of rows affected by them.where(), or_where(), having() and or_having() now convert trailing = and <>, != SQL operators to IS NULL and IS NOT NULL respectively when the supplied comparison value is NULL.reset_query(), start_cache(), stop_cache() and flush_cache().count_all_results() to disable resetting of QB values.:doc:Database Results <database/results> changes include:
DB_result class and moved all driver-specific properties and logic out of the base DB_driver class to allow better abstraction.unbuffered_row() for fetching a row without prefetching the whole result (consume less memory)._data_seek() to data_seek() and made it public.Improved support for the MySQLi driver, including:
mysqli::$server_info instead of running an SQL query.backup() in :doc:Database Utilities <database/utilities>.trans_begin(), trans_commit() and trans_rollback() to use the PHP API instead of sending queries.Improved support of the PDO driver, including:
create_database(), drop_database() and drop_table() in :doc:Database Forge <database/forge>.list_fields() in :doc:Database Results <database/results>.Improved support of the PostgreSQL driver, including:
pg_version() is now used to get the database version number, when possible.db_set_charset() support.optimize_table() in :doc:Database Utilities <database/utilities> (rebuilds table indexes).escape().update_batch() support.limit() and order_by() support for UPDATE and DELETE queries as PostgreSQL does not support those features.db_connect() to include the (new) schema value into Postgre's search_path session variable.pg_escape_literal() is now used for escaping strings, if available.Improved support of the CUBRID driver, including:
list_databases() in :doc:Database Utility <database/utilities> (until now only the currently used database was returned).Improved support of the MSSQL and SQLSRV drivers, including:
optimize_table() in :doc:Database Utility <database/utilities>.db_set_charset() support (MSSQL driver).SQLSRV_CURSOR_CLIENT_BUFFERED scrollable cursor flag (SQLSRV driver).SQLSRV_CURSOR_STATIC due to performance issues (SQLSRV driver).Improved support of the Oracle (OCI8) driver, including:
drop_table() in :doc:Database Forge <database/forge>.list_databases() in :doc:Database Utilities <database/utilities>.num_rows() is now only called explicitly by the developer and no longer re-executes statements.Improved support of the SQLite driver, including:
replace() in :doc:Query Builder <database/query_builder>.drop_table() in :doc:Database Forge <database/forge>.:doc:Database Forge <database/forge> changes include:
drop_table() that allows adding the IF EXISTS condition, which is no longer the default.ENGINE for MySQL) to create_table().add_column() for MySQL and CUBRID.add_column()'s third method. AFTER clause should now be added to the field definition array instead.:doc:Database Utility <database/utilities> changes include:
Database Forge <database/forge>, which has been a deprecated behavior for awhile.Libraries
Added a new :doc:Encryption Library <libraries/encryption> to replace the old, largely insecure Encrypt Library.
Encrypt Library changes include:
Encryption Library <libraries/encryption>.sha1() method.:doc:Session Library <libraries/sessions> changes include:
$config['sess_driver'].$config['sess_save_path'] setting to specify where the session data is stored, depending on the driver.$config['sess_encrypt_cookie'] useless and is therefore also removed).mark_as_temp(), tempdata(), set_tempdata(), unset_tempdata()).keep_flashdata() to also accept an array of keys.userdata(), flashdata() to return an array of all userdata/flashdata when no parameter is passed.all_userdata() - it is now just an alias for userdata() with no parameters.has_userdata() that verifies the existence of a userdata item.:doc:File Uploading Library <libraries/file_uploading> changes include:
$index parameter to the method data().$reset parameter to method initialize().clean_file_name() and its usage in favor of :doc:Security Library <libraries/security>'s sanitize_filename().mimes_types().CI_Upload::_prep_filename() to simply replace all (but the last) dots in the filename with underscores, instead of suffixing them.:doc:Calendar Library <libraries/calendar> changes include:
get_total_days() to be an alias for :doc:Date Helper <helpers/date_helper> :php:func:days_in_month().Cart Library changes include:
remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility.get_item() to enable retrieving data for a single cart item.$product_name_safe property.insert() method to auto-increment quantity for an item when inserted twice instead of resetting it.update() method to support updating all properties attached to an item and not to require 'qty'.:doc:Image Manipulation Library <libraries/image_lib> changes include:
initialize() method now only sets existing class properties.text_watermark() method if they are set manually after initialization.image_reproportion() now doesn't need both width and height to be specified.:doc:Form Validation Library <libraries/form_validation> changes include:
error_array() to return all error messages as an array.set_data() to set an alternative data array to be validated instead of the default $_POST.reset_validation() which resets internal validation variables in case of multiple validation routines.$config['error_prefix'] and $config['error_suffix']._execute() now considers input data to be invalid if a specified rule is not found.is_numeric() as it exists as a native PHP function and _execute() will find and use that (the is_numeric rule itself is deprecated since 1.6.1).set_rules() to accept an array of rules as well as a string.Language <libraries/language> line keys must now be prefixed with form_validation_.:doc:Caching Library <libraries/caching> changes include:
is_supported() methods to log at the "debug" level.increment(), decrement().:doc:E-mail Library <libraries/email> changes include:
attach() as $this->email->attach($filename, $disposition, $newname).attach() as $this->email->attach($buffer, $disposition, $newname, $mime).attachment_cid() to enable embedding inline attachments into HTML._set_header() to set_header() and made it public to enable adding custom headers.from() method._prep_quoted_printable() as it is never used._prep_quoted_printable() will now utilize the native quoted_printable_encode(), imap_8bit() functions (if available) when CRLF is set to "\r\n".$config['charset'] setting._get_ip() (:doc:Input Library <libraries/input>'s ip_address() should be used anyway)._prep_q_encoding() now utilizes PHP's mbstring and iconv extensions (when available) and no longer has a second ($from) argument.print_debugger() to allow specifying which parts of the message should be printed ('headers', 'subject', 'body').send() call. Accessible as $smtp_keepalive.set_header() now filters the input by removing all "\r" and "\n" characters.valid_email(), depending on the Intl extension.:doc:Pagination Library <libraries/pagination> changes include:
initialize() method.$config['num_links'] = 0 configuration.$config['reuse_query_string'] to allow automatic repopulation of query string arguments, combined with normal URI segments.$config['use_global_url_suffix'] to allow overriding the library 'suffix' value with that of the global $config['url_suffix'] setting. from a number of the configuration variables.:doc:Profiler Library <general/profiling> changes include:
$_FILES.:doc:Migration Library <libraries/migration> changes include:
$config['migration_type'] to allow switching between sequential and timestamp migrations.:doc:XML-RPC Library <libraries/xmlrpc> changes include:
:doc:User Agent Library <libraries/user_agent> changes include:
parse() to allow parsing a custom user-agent string, different from the current visitor's.:doc:HTML Table Library <libraries/table> changes include:
:doc:Zip Library <libraries/zip> changes include:
read_file() can now also alter the original file path/name while adding files to an archive.:doc:Trackback Library <libraries/trackback> method receive() will now utilize iconv() if it is available but mb_convert_encoding() is not.
Core
:doc:Routing <general/routing> changes include:
fetch_directory(), fetch_class() and fetch_method() in favor of their respective public properties._set_overrides() and moved its logic to the class constructor.:doc:URI Library <libraries/uri> changes include:
preg_quote() call from it to allow more flexibility._filter_uri() to filter_uri().filter_uri() to accept by reference and removed its return value._parse_cli_args() to _parse_argv()._detect_uri() to _parse_request_uri()._parse_request_uri() to accept absolute URIs for compatibility with HTTP/1.1 as per RFC2616 <https://www.ietf.org/rfc/rfc2616.txt>._parse_query_string() to URI paths in the the QUERY_STRING value, like _parse_request_uri() does._remove_url_suffix(), _explode_segments() and moved their logic into _set_uri_string()._fetch_uri_string() and moved its logic into the class constructor._reindex_segments().:doc:Loader Library <libraries/loader> changes include:
get_vars() to the Loader to retrieve all variables loaded with $this->load->vars()._ci_autoloader() is now a protected method.$autoload['drivers'].$config['rewrite_short_tags'] now has no effect when using PHP 5.4 as <?= will always be available.config() to return whatever CI_Config::load() returns instead of always being void.is_loaded() to ask for the (case sensitive) library name instead of its instance name.$_base_classes property and unified all class data in $_ci_classes instead.clear_vars() to allow clearing the cached variables for views.:doc:Input Library <libraries/input> changes include:
$config['global_xss_filtering'] setting.method() to retrieve $_SERVER['REQUEST_METHOD'].input_stream() to aid in using php://input stream data such as one passed via PUT, DELETE and PATCH requests.valid_ip() to use PHP's native filter_var() function._sanitize_globals() to skip enforcing reversal of register_globals in PHP 5.4+, where this functionality no longer exists.get(), post(), get_post(), cookie(), server(), user_agent() to return NULL instead of FALSE when no value is found.$xss_clean parameter to NULL for all methods that utilize it, the default value is now determined by the $config['global_xss_filtering'] setting.post_get() and changed get_post() to search in GET data first. Both methods' names now properly match their GET/POST data search priorities._fetch_from_array() to parse array notation in field name._fetch_from_array() to allow retrieving multiple fields at once._clean_input_keys() to return FALSE instead of terminating the whole script.is_cli_request() method, it is now an alias for the new :php:func:is_cli() common function.$xss_clean parameter to method user_agent() and removed the $user_agent property.$raw_input_stream to access php://input data.:doc:Common functions <general/common_functions> changes include:
get_mimes() to return the application/config/mimes.php array.set_status_header().set_status_header()._exception_handler() to _error_handler() and replaced it with a real exception handler._error_handler() to respect php.ini display_errors setting.is_https() to check if a secure connection is used.is_cli() to replace the CI_Input::is_cli_request() method.function_usable() to work around a bug in Suhosin <http://www.hardened-php.net/suhosin/>.$php_error) argument from function :php:func:log_message().load_class() to accept a constructor parameter instead of (previously unused) class name prefix.is_php().$double_encode to :php:func:html_escape().config_item() to return NULL instead of FALSE when no value is found.set_status_header() to return immediately when run under CLI.:doc:Output Library <libraries/output> changes include:
set_content_type() that allows setting the document charset as well.get_content_type() and get_header().delete_cache().$config['cache_query_string'] to enable taking the query string into account when caching.$config['compress_output'] is enabled.:doc:Config Library <libraries/config> changes include:
site_url() method to accept an array as well._assign_to_config() and moved its implementation to CodeIgniter.php instead.item() now returns NULL instead of FALSE when the required config item doesn't exist.base_url() and site_url() that allows enforcing of a protocol different than the one in the base_url configuration setting.base_url auto-detection is used.:doc:Security Library <libraries/security> changes include:
$config['csrf_regeneration'], which makes CSRF token regeneration optional.$config['csrf_exclude_uris'], allowing for exclusion of URIs from the CSRF protection (regular expressions are supported).strip_image_tags().get_random_bytes() and switched CSRF & XSS token generation to use it.sanitize_filename() to read a public $filename_bad_chars property for getting the invalid characters list.:doc:Language Library <libraries/language> changes include:
load() to filter the language name with ctype_alpha().load() to also accept an array of language files.line() to disable error logging for line keys that were not found.:doc:Hooks Library <general/hooks> changes include:
is_callable() returns TRUE for)._call_hook() to call_hook().UTF-8 Library changes include:
UTF8_ENABLED now requires only one of Multibyte String <https://secure.php.net/mbstring>_ or iconv <https://secure.php.net/iconv>_ to be available instead of both.clean_string() to utilize mb_convert_encoding() if it is available._is_ascii() to is_ascii() and made it public.Log Library changes include:
$config['log_file_permissions'] setting.$config['log_date_format'].Added :doc:compatibility layers <general/compatibility_functions> for:
Multibyte String <https://secure.php.net/mbstring>_ (limited support).Hash <https://secure.php.net/hash>_ (hash_equals(), hash_pbkdf2()).Password Hashing <https://secure.php.net/password>_.array_column(), array_replace(), array_replace_recursive(), hex2bin(), quoted_printable_encode().Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions).
Added support for HTTP-Only cookies with new config option cookie_httponly (default FALSE).
$config['time_reference'] now supports all timezone strings supported by PHP.
Fatal PHP errors are now also passed to _error_handler(), so they can be logged.
unlink() raised an error if cache file did not exist when you try to delete it.Query Builder <database/query_builder> nested transactions didn't work properly due to $_trans_depth not being incremented.Pagination <libraries/pagination> anchor class was not set properly when using initialize method.URL Helper <helpers/url_helper> :php:func:auto_link() didn't recognize URLs that come after a word boundary.Form Validation Library <libraries/form_validation> rule is_unique didn't check if a database connection exists.Zip Library <libraries/zip> internal method _get_mod_time() didn't suppress possible "stat failed" errors generated by filemtime().Image Manipulation Library <libraries/image_lib> method clear() didn't completely clear properties.Database Forge <database/forge> method create_table() with PostgreSQL database could lead to fetching the whole table.Form Helper <helpers/form_helper> :php:func:form_open() didn't add the default form method and accept-charset when an empty array is passed to it.Date Helper <helpers/date_helper> :php:func:timespan() was using incorrect seconds for year and month.contents() where if called without a TRUE (or equal) parameter, it would fail due to a typo.db_pconnect().Image Manipulation Library <libraries/image_lib> method gd_loaded() where it was possible for the script execution to end or a PHP E_WARNING message to be emitted.Pagination library <libraries/pagination> where when use_page_numbers=TRUE previous link and page 1 link did not have the same url.XML-RPC Library <libraries/xmlrpc> were not properly escaped.Loader Library <libraries/loader> method initialize() caused a PHP Fatal error to be triggered if error level E_STRICT is used.$_SERVER['HTTPS'] variable would evaluate to 'on'.Session Library <libraries/sessions> method sess_update() caused the session to be destroyed on pages where multiple AJAX requests were executed at once.Input Libary <libraries/input> method is_ajax_request() where some clients might not send the X-Requested-With HTTP header value exactly as 'XmlHttpRequest'.Database Utilities <database/utilities> internal method _backup() method failed for the 'mysql' driver due to a table name not being escaped.CI_DB_driver::initialize() didn't set a character set if a database is not selected.Form Validation Library <libraries/form_validation> method set_value() didn't set the default value if POST data is NULL.escape_str() didn't properly escape LIKE wild characters.list_fields() and field_data() methods skipped the first column due to odbc_field_*() functions' index starting at 1 instead of 0.num_rows() method returned -1 in some cases, due to not all subdrivers supporting the odbc_num_rows() function.getimagesize() in the :doc:File Uploading Library <libraries/file_uploading>.is_write_type() method in the :doc:Database Library <database/index> didn't return TRUE for RENAME queries._version() method where it used to return the client version as opposed to the server one.insert_id() method where it could've failed if it's used with Postgre versions prior to 8.1.affected_rows() method where a connection resource was passed to cubrid_affected_rows() instead of a result.db_set_charset() ignored its arguments and always used the configured charset instead.Database Result <database/results> method field_data() for 'mysql', 'mysqli' drivers was implemented as if it was handling a DESCRIBE result instead of the actual result set.Database Forge <database/forge> method _create_table() where it failed with AUTO_INCREMENT as it's not supported.Email Library <libraries/email> method send() was returning TRUE even if the connection/authentication against the server failed.insert_id() method was calling non-existent function odbc_insert_id(), which resulted in a fatal error.Database Result <database/results> implementation where the cursor ID passed to it was always NULL.Session Library <libraries/sessions> where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right.Form Validation Library <libraries/form_validation> method set_rules() depended on count($_POST) instead of actually checking if the request method 'POST' before aborting.escape_str() method didn't properly escape LIKE wild characters.Loader Library <libraries/loader> method library() where some PHP versions wouldn't execute the class constructor.Database Forge <database/forge> method create_database() didn't utilize the configured database character set.Database Caching <database/caching> method delete_all() used to delete .htaccess and index.html files, which is a potential security risk.Trackback Library <libraries/trackback> method validate_url() where it didn't actually do anything, due to input not being passed by reference.Form Validation Library <libraries/form_validation> method _execute() silently continued to the next rule, if a rule method/function is not found.Zip Library <libraries/zip> method read_dir() wasn't compatible with Windows._insert_batch() method, which resulted in fatal error being triggered when insert_batch() is used with it._truncate() where the TABLE keyword was missing.trans_commit() method where it failed due to an erroneous property name.Query Builder <database/query_builder> method update() used to ignore LIKE conditions that were set with like().delete() methods where an erroneous SQL statement was generated when used with limit().delete() method where like() and limit() conditions were ignored.Language Library <libraries/language> did not correctly keep track of loaded language files.File Uploading Library <libraries/file_uploading> method get_extension() returned the original filename when it didn't have an actual extension.Query Builder <database/query_builder> method set_update_batch() generated an E_NOTICE message.File Uploading Library <libraries/file_uploading> method clean_file_name() didn't clear '!' and '#' characters.Database Results <database/results> method row() returned an array when there's no actual result to be returned.affected_rows() method failed due to a scrollable cursor being created for write-type queries.Database <database/index> driver 'postgre' didn't have an _update_batch() method, which resulted in fatal error being triggered when update_batch() is used with it.Database Forge <database/forge> method create_table() failed on SQLSRV/MSSQL when used with 'IF NOT EXISTS'.Driver Library <general/creating_drivers> had a static variable that was causing an error.Email Library <libraries/email> used its own short list of MIMEs instead the one from config/mimes.php.Output Library <libraries/output> method set_content_type() didn't set the document charset.Database Forge <database/forge> method create_table() used to accept constraints for MSSQL/SQLSRV integer-type columns.Database <database/index> drivers didn't escape field names.Query Builder <database/query_builder> method protect_identifiers() didn't properly detect identifiers with spaces in their names.Query Builder <database/query_builder> method protect_identifiers() ignored its extra arguments when the value passed to it is an array.Query Builder <database/query_builder> internal method _has_operator() didn't detect BETWEEN.Query Builder <database/query_builder> method join() failed with identifiers containing dashes.Database Forge <database/forge> and :doc:Database Utilities <database/utilities> didn't update/reset the databases and tables list cache when a table or a database is created, dropped or renamed.Query Builder <database/query_builder> method join() only escaped one set of conditions.CI_Exceptions couldn't find the errors/ directory in some cases.encode_from_legacy() didn't set back the encrypt mode on failure.Database Class <database/index> method compile_binds() failed when the bind marker was present in a literal string within the query.Query Builder <database/query_builder> method protect_identifiers() where if passed along with the field names, operators got escaped as well.URI Library <libraries/uri> internal method _detect_uri() failed with paths containing a colon.Query Builder <database/query_builder> method from() didn't escape table aliases.Date Helper <helpers/date_helper> function nice_date() failed when the optional second parameter is not passed.Profiling Library <general/profiling> setting query_toggle_count was not settable as described in the manual.Config Library <libraries/config> method site_url() added a question mark to the URL string when query strings are enabled even if it already existed.Config Library <libraries/config> method site_url() always appended $config['url_suffix'] to the end of the URL string, regardless of whether a query string exists in it.URL Helper <helpers/url_helper> function :php:func:anchor_popup() ignored the attributes argument if it is not an array.Form Validation Library <libraries/form_validation> didn't properly check the type of the form fields before processing them.Form Validation Library <libraries/form_validation> didn't properly validate array fields that use associative keys or have custom indexes.Form Validation Library <libraries/form_validation> method strip_image_tags() was an alias to a non-existent method.Query Builder <database/query_builder> method limit() wasn't executed properly under Oracle.Date Helper <helpers/date_helper> function standard_date() didn't properly format W3C and ATOM standard dates.Query Builder <database/query_builder> method join() escaped literal values as if they were fields.Form Helper <helpers/form_helper> functions :php:func:form_multiselect(), :php:func:form_dropdown() didn't properly handle empty array option groups.Pagination Library <libraries/pagination> produced incorrect previous and next link values.affected_rows() method where an erroneous function name was used.$view_file to $_ci_view_file to prevent being overwritten by application.Directory Helper <helpers/directory_helper> function :php:func:directory_map() was skipping files and directories named '0'.Database Library <database/index> method escape_str() escaped quote characters in LIKE conditions twice under MySQL.Unit Testing Library <libraries/unit_testing> method result() didn't properly check array result columns when called from report().Database Class <database/index> method display_error() didn't properly trace the possible error source on Windows systems.Database Class <database/index> method is_write_type() didn't return TRUE for LOAD queries.Database Class <database/index> didn't properly detect connection errors for the 'mysqli' driver.Query Builder <database/query_builder> used to (unnecessarily) group FROM clause contents, which breaks certain queries and is invalid for some databases.Email <libraries/email> headers were broken when using long email subjects and \r\n as CRLF.MB_ENABLED constant was only declared if UTF8_ENABLED was set to TRUE.Session Library <libraries/sessions> accepted cookies with last_activity values being in the future.Email Library <libraries/email> triggered PHP E_WARNING errors when mail protocol used and to() is never called.Email Library <libraries/email> didn't properly handle multibyte characters when applying Q-encoding to headers.Email Library <libraries/email> ignored its wordwrap setting while handling alternative messages.Pagination Library <libraries/pagination> didn't take into account actual routing when determining the current page.Query Builder <database/query_builder> didn't always take into account the dbprefix setting.URI Class <libraries/uri> didn't always trim slashes from the uri_string as shown in the documentation.Database Caching <database/caching> method delete_cache() didn't work in some cases due to cachedir not being initialized properly.Loader Library <libraries/loader> ignored attempts for (re)loading databases to get_instance()->db even when the old database connection is dead.User Agent Library <libraries/user_agent> method is_referral() only checked if $_SERVER['HTTP_REFERER'] exists.Download Helper <helpers/download_helper> function :php:func:force_download() incorrectly sent Cache-Control directives pre-check and post-check to Internet Explorer.URI Library <libraries/uri> didn't properly cache segments for uri_to_assoc() and ruri_to_assoc().Form Helpers <helpers/form_helper> set empty name attributes.Query Builder <database/query_builder> method count_all_results() ignored the DISTINCT clause.Form Validation Library <libraries/form_validation> rule matches didn't property handle array field names.Form Helper <helpers/form_helper> function :php:func:set_value() didn't escape HTML entities.Form Helper <helpers/form_helper> function :php:func:form_dropdown() didn't escape HTML entities in option values.Session Library <libraries/sessions> unnecessarily stripped slashed from serialized data, making it impossible to read objects in a namespace.Routing <general/routing> wildcard :any didn't work as advertised and matched multiple URI segments instead of all characters within a single segment.Email Library <libraries/email> removed multiple spaces inside a pre-formatted plain text message.URI Library <libraries/uri> method ruri_string() didn't include a directory if one is used.Routing Library <general/routing> didn't properly handle default_controller in a subdirectory when a method is also specified.post_controller_constructor hook <general/hooks> wasn't called with a 404_override.Profiler Library <general/profiling> didn't display information for database objects that are instantiated inside models.Directory Helper <helpers/directory_helper> function :php:func:directory_map()'s return array didn't make a distinction between directories and file indexes when a directory with a numeric name is present.Loader Library <libraries/loader> didn't look for helper extensions in added package paths.APC Cache <libraries/caching> driver didn't (un)serialize data, resulting in failure to store objects.Unit Testing Library <libraries/unit_testing> filled up logs with error messages for non-existing language keys.Form Validation Library <libraries/form_validation> didn't properly handle empty fields that were specified as an array.Routing Class <general/routing> didn't properly sanitize directory, controller and function triggers with enable_query_strings set to TRUE.escape_like_str() or escaping an array of values.Database Results <database/results> method list_fields() didn't reset its field pointer for the 'mysql', 'mysqli' and 'mssql' drivers.Migration Library <libraries/migration> extensions couldn't execute CI_Migration::__construct().Email Library <libraries/email> didn't apply smtp_timeout to socket reads and writes.Email Library <libraries/email> improperly handled the Subject when used with bcc_batch_mode resulting in E_WARNING messages and an empty Subject.Query Builder <database/query_builder> didn't reset JOIN cache for write-type queries.Database Results <database/results> method next_row() kept returning the last row, allowing for infinite loops.Form Helper <helpers/form_helper> functions :php:func:set_value(), :php:func:set_select(), :php:func:set_radio(), :php:func:set_checkbox() didn't parse array notation for keys if the rule was not present in the :doc:Form Validation Library <libraries/form_validation>.Query Builder <database/query_builder> erroneously prefixed literal strings with dbprefix.Database Class <database/index> didn't properly handle the transaction "test mode" flag.URI Routing <general/routing> method fetch_method() returned 'index' if the requested method name matches its controller name.Email Library <libraries/email> used to ignore attachment errors, resulting in broken emails being sent.Form Validation Library <libraries/form_validation> rule valid_base64 only checked characters instead of actual validity.database <database/index> driver method stored_procedure() didn't log an error unless db_debug was set to TRUE.Database Class <database/queries> method query() returning boolean instead of a result object for PostgreSQL-specific INSERT INTO ... RETURNING statements.Cache Library <libraries/caching> didn't properly handle Memcache(d) configurations with missing options.config_item() didn't take into account run-time configuration changes.Loader Library <libraries/loader> method library() didn't properly check if a class that is being loaded already exists.Form Helper <helpers/form_helper> function :php:func:form_open() set the 'method="post"' attribute only if the passed attributes equaled an empty string.Query Builder <database/query_builder> methods min(), max(), avg(), sum() didn't escape field names.Common function <general/common_functions> :php:func:log_message() didn't actually cache the CI_Log class instance.Common function <general/common_functions> :php:func:get_config() optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items.database <database/index> driver where the connection ID wasn't passed to pg_escape_string().database <database/index> transactions could end in a deadlock when an error is encountered with db_debug set to TRUE._exception_handler() used to send the 200 "OK" HTTP status code and didn't stop script exection even on fatal errors.Caching <libraries/caching> driver didn't handle connection failures properly.Database Class <database/index> executed the MySQL-specific SET SESSION sql_mode query for all drivers when the 'stricton' option is set.Query Builder <database/query_builder> "no escape" functionality didn't work properly with query cache.Parser Library <libraries/parser> failed if the same tag pair is used more than once within a template.Form Validation Library <libraries/form_validation> didn't check for rule groups named in a controller/method manner when trying to load from a config file.Hooks Class <general/hooks> didn't properly check if the called class/function exists.Input Library <libraries/input> internal method _clean_input_data() assumed that it data is URL-encoded, stripping certain character sequences from it.$config['global_xss_filtering'] turned on, the $_GET, $_POST, $_COOKIE and $_SERVER superglobals were overwritten during initialization time, resulting in XSS filtering being either performed twice or there was no possible way to get the original data, even though options for this do exist.User Agent Library <libraries/user_agent> reported an incorrect version Opera 10+ due to a non-standard user-agent string.Text Helper <helpers/text_helper> :php:func:ascii_to_entities() stripped the last character if it happens to be in the extended ASCII group.fwrite() was used incorrectly throughout the whole framework, allowing incomplete writes when writing to a network stream and possibly a few other edge cases.User Agent Library <libraries/user_agent> methods accept_charset() and accept_lang() didn't properly parse HTTP headers that contain spaces.XML-RPC Library <libraries/xmlrpc> used objects as array keys, which triggered E_NOTICE messages.Security Library <libraries/security> method xss_clean() didn't take into account HTML5 entities.affected_rows() passed an incorrect value to odbc_num_rows().Image Manipulation Library <libraries/image_lib> method text_watermark() didn't properly determine watermark placement.HTML Table Library <libraries/table> ignored its auto_heading setting if headings were not already set.Pagination Library <libraries/pagination> appended the query string (if used) multiple times when there are successive calls to create_links() with no initialize() in between them.clean_string() generating log messages and/or not producing the desired result due to an upstream bug in iconv.CI_Xmlrpcs::parseRequest() could fail if $HTTP_RAW_POST_DATA is not populated.Zip Library <libraries/zip> internal method _get_mod_time() where it was not parsing result returned by filemtime().Cache Library <libraries/caching> methods increment(), decrement() didn't auto-create non-existent items when using redis and/or file storage.Parser Library <libraries/parser> used double replacement on key->value pairs, exposing a potential template injection vulnerability.Email Library <libraries/email> violated RFC5321 <https://tools.ietf.org/rfc/rfc5321.txt>_ by sending 'localhost.localdomain' as a hostname.CI_Security::_remove_evil_attributes() failed for large-sized inputs due to pcre.backtrack_limit and didn't properly match HTML tags.Release Date: July 14, 2015
Security
mysql_escape_string() in the 'mysql' database driver (escape_str() method) when there's no active database connection.Release Date: April 15, 2015
General Changes
CI_Security::xss_clean().CI_Security::entity_decode() triggered warnings under some circumstances.Release Date: January 22, 2015
General Changes
xss_clean().Date Helper <helpers/date_helper>.CI_Input::_clean_input_data() breaks encrypted session cookies.Security Library <libraries/security> method xss_clean() didn't properly match JavaScript events.Security Library <libraries/security> method xss_clean() used an overly-invasive pattern to strip JS event handlers.Security Library <libraries/security> method xss_clean() didn't take into account HTML5 entities.Security Library <libraries/security> method sanitize_filename() could be tricked by an XSS attack.Security Library <libraries/security> method entity_decode() used the PREG_REPLACE_EVAL flag, which is deprecated since PHP 5.5.get_config() triggered an E_NOTICE message on PHP 5.6.Config Library <libraries/config> didn't properly detect if the current request is via HTTPS.Database driver <database/index>'s method count_all() didn't escape the supplied table name.Database driver <database/index>'s method escape_str() had a wrong fallback to mysql_escape_string() when there was no active connection.Session Library <libraries/sessions> where session ID regeneration occurred during AJAX requests.Release Date: June 2, 2014
General Changes
xor_encode() has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.Session Library <libraries/sessions> now uses HMAC authentication instead of a simple MD5 checksum.Email Library <libraries/email> where Suhosin <http://www.hardened-php.net/suhosin/> blocked messages sent via mail() due to trailing newspaces in headers.oci_execute() calls inside num_rows() non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed.Database Force <database/forge> methods create_table(), drop_table() and rename_table() produced broken SQL for tge 'sqlsrv' driver.Database driver <database/index> didn't properly check for query failures.Session Library <libraries/sessions> where authentication was not performed for encrypted cookies.Release Date: July 8, 2013
General Changes
xss_clean().Migration Library <libraries/migration> method latest() had a typo when retrieving language values.Migration Library <libraries/migration> configuration file was mistakenly using Windows style line feeds.E_NOTICE being generated by :doc:Query Builder <database/query_builder>'s set_update_batch() method.Email Library <libraries/email> method print_debugger() didn't apply htmlspecialchars() to headers.Release Date: October 8, 2012
Core
Common function <general/common_functions> is_loaded() now returns a reference.Caching <libraries/caching> method get_metadata() used a non-existent array key to look for the TTL value.Session Library <libraries/sessions> method sess_destroy() didn't destroy the userdata array.Profiler library <general/profiling> was trying to handle objects as strings in some cases, resulting in E_WARNING messages being issued by htmlspecialchars().Migration Library <libraries/migration> ignored the $config['migration_path'] setting.Input Library <libraries/input> allowed unconditional spoofing of HTTP clients' IP addresses through the HTTP_CLIENT_IP header.Input Library <libraries/input> ignored HTTP_X_CLUSTER_CLIENT_IP and HTTP_X_CLIENT_IP headers when checking for proxies.csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.Security Library <libraries/security> where a CSRF cookie was created even if $config['csrf_protection'] is set to FALSE.Input Library <libraries/input> triggered csrf_verify() on CLI requests.Query Builder <database/query_builder> didn't properly handle cached field escaping overrides.Query Builder <database/query_builder> didn't properly merge cached calls with non-cache ones.Release Date: June 29, 2012
General Changes
xss_clean().Release Date: June 12, 2012
General Changes
Libraries
File Uploading Library <libraries/file_uploading>.Input Library <libraries/input>.Form Validation Library <libraries/form_validation>.Helpers
url_title() performance and output improved. You can now use any string as the word delimiter, but 'dash' and 'underscore' are still supported.File Uploading Library <libraries/file_uploading> to check for mime-types.form_open() compared $action against site_url() instead of base_url().CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.Image Manipulation Library <libraries/image_lib> to create a new file.CI_DB_pdo_driver::num_rows() was not returning properly value with SELECT queries, cause it was relying on PDOStatement::rowCount().CI_Image_lib::clear() was not correctly clearing all necessary object properties, namely width and height.Release Date: November 14, 2011
General Changes
Common functions <general/common_functions> to escape HTML output
for preventing XSS.Helpers
String Helper <helpers/string_helper> to turn "foo" into "foo-1"
or "foo-1" into "foo-2".String Helper <helpers/string_helper>'s random_string() methodDatabase
CUBRID <https://www.cubrid.org/>_ driver to the :doc:Database Driver <database/index>. Thanks to the CUBRID team for
supplying this patch.Database Driver <database/index>.Database Driver <database/queries> to integers to avoid possible
injection.Database Driver <database/query_builder>.Libraries
$this->cart->insert() in the Cart Library
to return the Row ID if a single item was inserted successfully.Form Validation Library <libraries/form_validation>.Migration library <libraries/migration> to assist with applying
incremental updates to your database schema.is_unique to the :doc:Form Validation library <libraries/form_validation>.Pagination library <libraries/pagination>, which enables real page numbers in the URI.Core
Saving Session Data to a Database <libraries/sessions>, system would throw error "user_data does not have a default value" when deleting then creating a session.File Uploading Library <libraries/file_uploading> in order to fix a possible MIME-type injection.Date helper <helpers/date_helper> and :doc:XMLRPC library <libraries/xmlrpc>.Release Date: August 20, 2011
Security
An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions < 5.2.3 and MySQL < 5.0.7 with mysql_set_charset() creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments.
If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.
General Changes
danijelb <https://bitbucket.org/danijelb>_
for the pull request.Email library <libraries/email>
attachments with a "." in the name would using invalid MIME-types.Helpers
Inflector helper <helpers/inflector_helper> to support considerably
more words.Libraries
Database Driver <database/queries>.$this->cart->insert() in the Cart Library
to return the Row ID if a single item was inserted successfully.Loader library <libraries/loader> to retrieve global vars set with
$this->load->view() and $this->load->vars().Upgrade Notes <installation/upgrade_203>.$this->cart->total_items() from
Cart Library now returns the sum of the quantity
of all items in the cart instead of your total count.Release Date: April 7, 2011 Hg Tag: v2.0.2
General changes
Security library <./libraries/security> was moved to
the core and is now loaded automatically. Please remove your
loading calls.Cache driver <libraries/caching>.CLI usage <./general/cli> documentation.Helpers
dohash() from the :doc:Security helper <./helpers/security_helper>; use do_hash() instead.Database
Input class <libraries/input>.Release Date: March 15, 2011 Hg Tag: v2.0.1
General changes
Handling Environments <general/environments> page.environment-specific <config-environments>
configuration files.Libraries
Form validation Class <libraries/form_validation>.Input Class <libraries/input> methods post() and get()
will now return a full array if the first argument is not
provided.Input Class <libraries/input> method.Output Class <libraries/output> to set the output Content-Type
HTTP header based on a MIME Type or a config/mimes.php array key.Output Class <libraries/output> will now support method
chaining.Helpers
Form helper <helpers/form_helper>. If no value is passed it will
submit to the current URL... _2.0.0-changelog:
Release Date: January 28, 2011 Hg Tag: v2.0.0
General changes
documented <./helpers/captcha_helper>. The JavaScript
calendar plugin was removed due to the ready availability of great
JavaScript calendars, particularly with jQuery.Drivers <./general/drivers>.Loader class <libraries/loader>
documentation for more details.Upload library <libraries/file_uploading> file_name can
now be set without an extension, the extension will be taken from
the uploaded file instead of the given name.Database Forge <database/forge> the name can be omitted
from $this->dbforge->modify_column()'s 2nd param if you aren't
changing the name.Libraries
Cache driver <libraries/caching> with APC,
memcached, and file-based support.Pagination library <./libraries/pagination>.Pagination library <./libraries/pagination>.Security library <./libraries/security>, which now
contains the xss_clean function, filename_security function and
other security related functions.Security library <./libraries/security>.Profiler <general/profiling>File Uploading Class <./libraries/file_uploading>.Parser Class <libraries/parser>.Profiler <general/profiling> output.User Agent Class <libraries/user_agent>.Unit Test Class <libraries/unit_testing> now has an
optional "notes" field available to it, and allows for discrete
display of test result items using
$this->unit->set_test_items().FTP library <libraries/ftp>upgrade instructions <./installation/upgrade_200> for details.User agent library <libraries/user_agent> so that
is_browser(), is_mobile() and is_robot() can optionally check
for a specific browser or mobile device.Input library <libraries/input> so that post() and
get() will return all POST and GET items (respectively) if there
are no parameters passed in.Database
database configuration <./database/configuration>.database configuration <./database/configuration>.database configuration <./database/configuration>.Database Utilities Class <database/utilities>.Helpers
text helper <./helpers/text_helper>.Form Helper <helpers/form_helper>.dohash() function in favour of do_hash() for
naming consistency.File Helper <helpers/file_helper>. No longer recurses
by default so as to encourage responsible use (this function can
cause server performance issues when used without caution).Directory Helper <helpers/directory_helper> to accept an
integer to specify recursion depth.File Helper <helpers/file_helper> to return FALSE on failure.Number Helper <helpers/number_helper> to allow for decimal
precision.String Helper <helpers/string_helper>.smiley_js() to add optional third parameter to return
only the javascript with no script tags.HTML helper <./helpers/html_helper> will now generate an empty
string as an alt attribute if one is not provided.Security helper <./helpers/security_helper>.Text Helper <./helpers/text_helper>Array Helper <./helpers/array_helper>Other Changes
Reserved Names <general/reserved_names>.Output Class <libraries/output>.Security Library <libraries/security> to :doc:common functions. <general/common_functions>Release Date: September 11, 2009 Hg Tag: v1.7.2
Libraries
File Uploading Class <libraries/file_uploading> and rename the
uploaded file.Database
Helpers
Form helper <helpers/form_helper>.Form helper <helpers/form_helper> to accept multi-dimensional
arrays.form_prep() in the :doc:Form helper <helpers/form_helper> to keep track of prepped
fields to avoid multiple prep/mutation from subsequent calls which
can occur when using Form Validation and form helper functions to
output form fields.Directory helper <helpers/directory_helper> to allow the inclusion of
hidden files, and to return FALSE on failure to read directory.General
show_error() <general/errors> to allow sending
of HTTP server response codes.show_404() <general/errors> to send 404 status
code, removing non-CGI compatible header() statement from
error_404.php template.Common functions <general/common_functions> to allow use when the
Output class is unavailable.Common functions <general/common_functions> to facilitate PHP
version comparisons.form_prep() causing it to not preserve entities in
the user's original input when called back into a form elementRelease Date: February 10, 2009 Hg Tag: 1.7.1
Libraries
Image Manipulation Class <libraries/image_lib>.Database
Helpers
form helper <helpers/form_helper>.HTML helper <helpers/html_helper>.URL helper <helpers/url_helper>.form helper <helpers/form_helper>.Other Changes
Database
Fixed assorted user guide typos or examples (#5998, #6093, #6259, #6339, #6432, #6521).
Fixed a bug in the MySQLi driver when no port is specified
Fixed a bug (#5702), in which the field label was not being fetched properly, when "matching" one field to another.
Fixed a bug in which identifers were not being escaped properly when reserved characters were used.
Fixed a bug with the regular expression used to protect submitted paragraph tags in auto typography.
Fixed a bug where double dashes within tag attributes were being converted to em dash entities.
Fixed a bug where double spaces within tag attributes were being converted to non-breaking space entities.
Fixed some accuracy issues with curly quotes in Typography::format_characters()
Changed a few docblock comments to reflect actual return values.
Fixed a bug with high ascii characters in subject and from email headers.
Fixed a bug in xss_clean() where whitespace following a validated character entity would not be preserved.
Fixed a bug where HTML comments and <pre> tags were being parsed in Typography::auto_typography().
Fixed a bug with non-breaking space cleanup in Typography::auto_typography().
Fixed a bug in database escaping where a compound statement (ie: SUM()) wasn't handled correctly with database prefixes.
Fixed a bug when an opening quote is preceded by a paragraph tag and immediately followed by another tag.
Fixed a bug in the Text Helper affecting some locales where word_censor() would not work on words beginning or ending with an accented character.
Fixed a bug in the Text Helper character limiter where the provided limit intersects the last word of the string.
Fixed a bug (#6342) with plural() in the Inflection helper with words ending in "y".
Fixed bug (#6517) where Routed URI segments returned by URI::rsegment() method were incorrect for the default controller.
Fixed a bug (#6706) in the Security Helper where xss_clean() was using a deprecated second argument.
Fixed a bug in the URL helper url_title() function where trailing periods were allowed at the end of a URL.
Fixed a bug (#6669) in the Email class when CRLF's are used for the newline character with headers when used with the "mail" protocol.
Fixed a bug (#6500) where URI::A_filter_uri() was exit()ing an error instead of using show_error().
Fixed a bug (#6592) in the File Helper where get_dir_file_info() where recursion was not occurring properly.
Tweaked Typography::auto_typography() for some edge-cases.
Release Date: October 23, 2008 Hg Tag: 1.7.0
Libraries
Form Validation Class <libraries/form_validation>. It simplifies setting
rules and field names, supports arrays as field names, allows
groups of validation rules to be saved in a config file, and adds
some helper functions for use in view files. Please note that
the old Validation class is now deprecated. We will leave it in
the library folder for some time so that existing applications
that use it will not break, but you are encouraged to migrate to
the new version.Sessions class <libraries/sessions> so that
any custom data being saved gets stored to a database rather than
the session cookie (assuming you are using a database to store
session data), permitting much more data to be saved.Loader class <libraries/loader> for
more info.Loader class <libraries/loader> for more info.Profiler class <general/profiling> and support for multiple database
connections.Typography Class <libraries/typography>.Parser class <./libraries/parser> to allow
multiple calls to the parse() function. The output of each is
appended in the output.File Upload Class <libraries/file_uploading>.Output class <libraries/output>.Pagination <libraries/pagination> class to only
output the "First" link when the link for page one would not be
shown.Form Validation <libraries/form_validation> class so that
multi-byte languages will calculate string lengths properly.Database
Helpers
Form helper <helpers/form_helper> that allow POST data to be
retrieved and set into forms. These are intended to be used on
their own, or with the new :doc:Form Validation Class <libraries/form_validation>.URL helper <helpers/url_helper>.URL helper <helpers/url_helper> so that email addresses with
"+" included will be linked.HTML helper <helpers/html_helper>.Number helper <helpers/number_helper>.Date helper <helpers/date_helper> function human_to_unix(),
and eliminated the POSIX regex.Date helper <helpers/date_helper> to match the
world's current time zones and offsets.URL helper <helpers/url_helper> to remove characters and digits
that are part of character entities, to allow dashes, underscores,
and periods regardless of the $separator, and to allow uppercase
characters.URL helper <helpers/url_helper>.Other Changes
PHP Style Guide <./general/styleguide> to docs.Email library <libraries/email> with
quoted-printable encoding improperly encoding space and tab
characters.Date helper. <helpers/date_helper>Text helper <helpers/text_helper> that would leave a stray </span>
in certain cases.Release Date: June 26, 2008 Hg Tag: v1.6.3
Version 1.6.3 is a security and maintenance release and is recommended for all users.
Database
Forge class <database/forge>DSN connections <database/connecting> via the query string.Libraries
Upload class <libraries/file_uploading> to reference the global
mimes variable.Pagination class <libraries/pagination>, automatically detected or
explicitly declared.Input class <libraries/input>.Input class <libraries/input>.Language class <libraries/language>.Helpers
Language helper <helpers/language_helper>.Number helper <helpers/number_helper>.Form helper <helpers/form_helper> refactored to allow
form_open() and form_fieldset() to accept arrays or strings as
arguments.Other changes
use xss_clean() to test images <libraries/input> for XSS, useful for upload
security.XMLRPC userguide page <libraries/xmlrpc>.form helper <helpers/form_helper>.number helper <helpers/number_helper>.Release Date: May 13, 2008 Hg Tag: 1.6.2
Active Record
DBForge <./database/forge>.Database
Strict Mode <./database/transactions> to database
transactions.Config
Email <libraries/email> class.Libraries
Email <libraries/email> class.Unit Testing <libraries/unit_testing> results are now
colour coded, and a change was made to the default template of
results.Zip class <libraries/zip> now exits within download().Zip class <libraries/zip> has undergone a substantial
re-write for speed and clarity (thanks stanleyxu for the hard work
and code contribution in bug report #3425!)Helpers
Form helper <helpers/form_helper>.URL Helper <helpers/url_helper>.HTML Helper <helpers/html_helper> to
remove an unneeded space (#4208).URL helper <helpers/url_helper>
to no longer add a default title= attribute (#4209).Download helper <helpers/download_helper> now exits
within force_download().File Helper <helpers/file_helper>.File helper <helpers/file_helper>.Plugins
Other Changes
xss_clean() <libraries/input> to accept
arrays.Reserved Names <general/reserved_names> page to
the userguide, and migrated reserved controller names into it.Common Functions <general/common_functions> page
to the userguide for globally available functions.xss_clean() <libraries/input> that would
add semicolons to GET URI variable strings.URL helper <helpers/url_helper> where a key was passed instead of
a value.Release Date: February 12, 2008 Hg Tag: 1.6.1
Active Record
Active Record Caching <ar-caching>.Database drivers
Core Changes
Path Helper <./helpers/path_helper>.Helpers
Release Date: January 30, 2008
DBForge
DBForge <./database/forge> to the database tools.DBForge <./database/forge>.DBForge <./database/forge>.Active Record
Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder>.Active Record <./database/query_builder> that withholds escaping
data.Other Database Related
Core changes
auto-load <./general/autoloader>
:doc:Models <./general/models>.Libraries
Session class. <./libraries/sessions>prep_for_form() in the Validation class to accept
arrays, adding support for POST array validation (via callbacks
only)Image Processing <./libraries/image_lib> library.Helpers & Plugins
HTML helper. <./helpers/html_helper>HTML helper. <./helpers/html_helper>"extend" Helpers <./general/helpers>.string helper <./helpers/string_helper>.string helper <./helpers/string_helper>.string helper <./helpers/string_helper>.form helper <./helpers/form_helper>.Documentation Changes
Zip Encoding Class <libraries/zip>
to the table of contents of the userguide.Active Record <./database/query_builder>.Date Helper <./helpers/date_helper>.Session class <./libraries/sessions>.Database configuration <./database/configuration> page.parser class <./libraries/parser>
where numeric data was ignored.Session library <./libraries/sessions> where user agent matching would
fail on user agents ending with a space.File Helper <helpers/file_helper> where the array wasn't cleared
after each call.User Agent library <./libraries/user_agent> where more than 2 languages
where not reported with languages().Email <./libraries/email> library
where some timezones were calculated incorrectly.upload library <./libraries/file_uploading> when allowed_files
wasn't defined.User Agent Library <./libraries/user_agent>.String Helper <./helpers/string_helper>
(uniquid changed to uniqid).Release Date: July 12, 2007
custom Language files <./libraries/language> to the
:doc:autoload <./general/autoloader> options.Input class <./libraries/input> when magic quotes is on so
that data will always be un-slashed within the framework.profiler <general/profiling>.Input library <./libraries/input>.Inflection helper <./helpers/inflector_helper> singular() to compensate
for words ending in "s". Also added a force parameter to pluralize().Calendar library <./libraries/calendar>Zip library <./libraries/zip>, providing
PC Zip file compatibility with Mac OS XProfiler <./general/profiling> outputProfiler <./general/profiling>
outputString helper <./helpers/string_helper> that were missing from the
user guide: trim_slashes() and reduce_double_slashes().URL Helper <./helpers/url_helper> to type cast
the $title as a string in case a numeric value is suppliedRelease Date: April 15, 2007
repeater() function of :doc:string helper <./helpers/string_helper>.url helper <./helpers/url_helper>.Release Date: February 13, 2007
downloads <installation/downloads> page.Table Library <./libraries/table>download_helper <helpers/download_helper> that was causing
Internet Explorer to load rather than downloadform helper <helpers/form_helper> that
gave textarea a value attributeImage Library <libraries/image_lib> that
was ignoring resizing the same size imageRelease Date: November 23, 2006
Release Date: October 31, 2006
Release Date: October 30, 2006
DB utility class <./database/utilities>, permitting DB
backups, CVS or XML files from DB results, and various other
functions.Database Caching Class <./database/caching>.transaction support <./database/transactions> to the
database classes.Profiler Class <./general/profiling> which generates a
report of Benchmark execution times, queries, and POST data at the
bottom of your pages.User Agent Library <./libraries/user_agent> which
allows browsers, robots, and mobile devises to be identified.HTML Table Class <./libraries/table> , enabling tables
to be generated from arrays or database results.Zip Encoding Library <./libraries/zip>.FTP Library <./libraries/ftp>.extend libraries <./general/creating_libraries> and :doc:extend core classes <./general/core_classes>, in addition to being able to
replace them.models within sub-folders <./general/models>.Download Helper <./helpers/download_helper>.simple_query() <./database/queries> function to the
database classesstandard_date() function function to the :doc:Date Helper <helpers/date_helper>.$query->free_result() <./database/results> to database
class.$query->list_fields() <./database/metadata> function to
database class$this->db->platform() <./database/helpers> functionFile Helper <./helpers/file_helper>:
get_filenames()HTML Helper <./helpers/html_helper>short tags <./general/alternative_php> on-the-fly, converting them
to standard PHP statements, for those servers that do not support
short tags. This allows the cleaner syntax to be used regardless of
whether it's supported by the server.rename or relocate the "application" folder <./general/managing_apps>.Input Class <./libraries/input> to permit arrays contained cookies
that are arrays to be run through the XSS filter.form_prep() function that was double encoding
entities.Please see documentation <./general/creating_libraries>.Release Date: September 21, 2006
Controllers <general/controllers> page for more info.Controllers <general/controllers>
page.URI Class <./libraries/uri> to let you retrieve and manipulate URI
segments that have been re-routed using the :doc:URI Routing <general/routing> feature. Previously, the URI class did not
permit you to access any re-routed URI segments, but now it does.$this->output->set_header() <./libraries/output>
function, which allows you to set server headers.Inflector helper <./helpers/inflector_helper>.array helper <./helpers/array_helper>.Cookie helper <./helpers/cookie_helper>, even though the input class
has a cookie fetching function.libraries <./general/libraries> or
:doc:models <./general/models> instead. It was originally added
before CI had user libraries or models, but it's not needed anymore.Release Date: September 17, 2006
Hooks <./general/hooks> feature, enabling you to tap
into and modify the inner workings of the framework without hacking
the core files.into sub-folders <general/controllers>. Kudos to Marco for
suggesting this (and the next two) feature.routing rules <./general/routing>.remap function calls <./general/controllers> within your controllers.replace core system classes <./general/core_classes> with your own classes.anchor() <./helpers/url_helper> helper function.file_write() <./helpers/file_helper>
helper.Postgres driver <./database/configuration>.do_upload() <./libraries/file_uploading>.Config Library <./libraries/config> to be able to
load config files silently, and to be able to assign config files to
their own index (to avoid collisions if you use multiple config
files).Release Date: June 1, 2006
More info here <./general/models>.Release Date: April 17, 2006
Release Date: April 11, 2006
Unit Testing Library <./libraries/unit_testing>.Model class <./general/models>
variables to run queries with. See the Models page for details.view loading function <./general/views>: $this->load->view('my_view',
$object);Active Record class <./database/query_builder>.Active Record class <./database/query_builder>.$this->db->last_query() <./database/queries>, which
allows you to view your last query that was run.Release Date: April 3, 2006
Models <general/models>.Active Record class <./database/query_builder>
to enable more varied types of queries with simpler syntax, and
advanced features like JOINs.custom function calls <./database/call_function>.private functions <general/controllers> in your
controllers. Any controller function name that starts with an
underscore will not be served by a URI request.custom core libraries <general/creating_libraries> when using
$this->load->library()query string URLs <general/urls>.
These can be optionally enabled in your config file.specify a "suffix" <general/urls>, which will be
appended to your URLs. For example, you could add .html to your URLs,
making them appear static. This feature is enabled in your config
file.string helpers <./helpers/string_helper>.found here <general/controllers>.Active Record <./database/query_builder> page for
information.Release Date: March 21, 2006
get_instance() <general/ancillary_classes> allowing the main
CodeIgniter object to be accessible throughout your own classes.File Helper <./helpers/file_helper>:
delete_files()URL Helpers <./helpers/url_helper>: base_url(),
index_page()core libraries <general/creating_libraries> and store them in your local
application directory.Upload class <./libraries/file_uploading>, enabling files to be
overwritten rather than having the file name appended.Release Date: March 10, 2006
Calendaring class <./libraries/calendar>.multiple applications <general/managing_apps> that share a common CodeIgniter
backend.br() function in the HTML helperRelease Date: February 28, 2006
First publicly released version.