Hosting Code Igniter

3.1.11

21 September 2019 - 20MBChanges

Changed CI_Log to append PHP_EOL instead of \n at the end of log messages.

Improved performance in Cache Library ‘redis’ driver with non-scalar variables.

Altered the Session Library ‘files’ driver to log error and trigger a session start failure instead of throwing an Exception in case of unusable $config['sess_save_path'].

Updated the Session and Cache libraries’ ‘redis’ driver to work with phpRedis 5.



Bug Fixes

Database Forge method modify_column() produced erroneous SQL for DEFAULT attribute changes under PostgreSQL, Firebird.

Database Forge didn’t handle column nullability with the ‘oci8’, ‘pdo/oci’ drivers.

Database driver ‘pdo/pgsql’ produced incorrect DSNs when constructing from a configuration array.

Session Library ‘redis’ driver too often failed with locking-related errors that could’ve been avoided.

Session Library triggered an E_WARNING message about changing session.save_path during an active session when it fails to obtain a lock.

Fixed a bug where Session Library ‘database’ driver didn’t trigger a failure if it can’t obtain a lock.

Form Validation Library rule valid_url accepted digit-only domains due to a PHP bug.

Cache Library ‘redis’ driver methods increment(), decrement() ignored their $offset parameter.

Session Library ‘redis’ only attempted to validate session IDs in case the connection to Redis failed.

Database Results method custom_result_object() didn’t properly handle empty result sets, triggering E_WARNING messages on PHP 7.2+.

Database Results method field_data() triggered an E_NOTICE error with PDO when a field type is not recognized by PHP.

Query Builder method list_tables() triggered an SQL syntax error under MySQL when the database schema is a numeric string.

Fixed a bug where Security Class would trigger an E_WARNING if CSRF inputs are arrays instead of strings.

Read more: https://codeigniter.com/user_guide/changelog.html






3.1.10

18 January 2019 - 10MB
added 'ssl_verify' support to the 'pdo/mysql' Database driver

renamed Inflector Helper function 'is_countable()' to 'word_is_countable()' due to the former colliding with one introduced in PHP 7.3.0

Read more: https://forum.codeigniter.com/thread-72626.html






3.1.9
 (security release)
12 June 2018 - 10MB3.1.9



Highlights

Updated the Email, Form Validation and Query builder libraries.



Security

Session library and URL helper



3.1.8



Highlights

Updated the Security, Email, and Database libraries; and the URL helper.



Bugfixes

Database, email, form validation, image manipulation, query builder, and xml-rpc libraries.

Read more: https://forum.codeigniter.com/thread-70877.html






3.1.7

5 March 2018 - 10MBHighlights

Updated the Cache

EmailForm Validation

Loader and Pagination libraries

Deprecated the CAPTCHA helper's create_captcha() function



Bug Fixes

Database 

Utilities

Query Builder and Session libraries

URL helper

$config['allow_get_array'] handling

Read more: https://forum.codeigniter.com/thread-69755.html



display more versions




3.1.6
 (security release)
22 February 2018 - 10MB3.1.6



Highlights

Updated the 'redis' and 'memcached' session drivers to reduce the potential for locking race conditions

Deprecated the cache_apc driver



Bug Fixes

Database 

Image

Loader

Profiler

Query Builder libraries



3.1.5



Security

Fixed email address handling in the form validation library



Highlights

Form helper



Bug Fixes

Database Forge

Email Query Builder

XML-RPC libraries

Inflector helper



3.1.4



Security

Fixed byte-safety handling in the encryption code, and a header injection



Highlights

Image library



Bug Fixes

Database 

Input

Loader

Session

HTML Text & common functions helpers

Updated the Query Builder and Profiler



3.1.3



Security

Fixed an email handling issue, and an XSS vulnerability, as well as some CSRF hardening



Bug Fixes

Database

Email

File Uploading

Image Manipulation

Input

Loader

Output

Query Builder

Session

XML-RPC

Date helper and the bootstrap file



3.1.2



Security

Fixed some xss_clean() vulnerabilities in the Security library



Highlights

Now allow PHP4 style constructors for routes



Bug Fixes

Query Builder

Session library

Read more: https://forum.codeigniter.com/thread-68991.html






3.1.0
 (major version)
24 August 2016 - 7MBThis release includes bug fixes for the Cache, Config, Database, Database Forge, Email, File Uploading, Form Validation, Image Manipulation, Input Library, Query Builder, Session, and User Agent libraries; as well as the file and path helpers, and some common functions. Enhancements have been made to the Database Forge, Encryption, Image Manipulation and Session libraries.
Read more: http://forum.codeigniter.com/thread-65803.html






3.0.5

15 March 2016 - 7MBCore

Changed Loader Library to allow $autoload['drivers'] assigning with custom property names.
Changed Loader Library to ignore variables prefixed with ‘_ci_’ when loading views.


General Changes

Updated the Session Library to produce friendlier error messages on failures with drivers other than ‘files’.


Query Builder

Added a $batch_size parameter to the insert_batch() method (defaults to 100).
Added a $batch_size parameter to the update_batch() method (defaults to 100).


Bug fixes for 3.0.5

Fixed a bug (#4391) - Email Library method reply_to() didn’t apply Q-encoding.
Fixed a bug (#4384) - Pagination Library ignored (possible) cur_page configuration value.
Fixed a bug (#4395) - Query Builder method count_all_results() still fails if an ORDER BY condition is used.
Fixed a bug (#4399) - Query Builder methods insert_batch(), update_batch() produced confusing error messages when called with no data and db_debug is enabled.
Fixed a bug (#4401) - Query Builder breaks WHERE and HAVING conditions that use IN() with strings containing a closing parenthesis.
Fixed a regression in Form Helper functions set_checkbox(), set_radio() where “checked” inputs aren’t recognized after a form submit.
Fixed a bug (#4407) - Text Helper function word_censor() doesn’t work under PHP 7 if there’s no custom replacement provided.
Fixed a bug (#4415) - Form Validation Library rule valid_url didn’t accept URLs with IPv6 addresses enclosed in square brackets under PHP 5 (upstream bug).
Fixed a bug (#4427) - CAPTCHA Helper triggers an error if the provided character pool is too small.
Fixed a bug (#4430) - File Uploading Library option file_ext_tolower didn’t work.
Fixed a bug (#4431) - Query Builder method join() discarded opening parentheses.
Fixed a bug (#4424) - Session Library triggered a PHP warning when writing a newly created session with the ‘redis’ driver.
Fixed a bug (#4437) - Inflector Helper function humanize() didn’t escape its $separator parameter while using it in a regular expression.
Fixed a bug where Session Library didn’t properly handle its locks’ statuses with the ‘memcached’ driver.
Fixed a bug where Session Library triggered a PHP warning when writing a newly created session with the ‘memcached’ driver.
Fixed a bug (#4449) - Query Builder method join() breaks conditions containing IS NULL, IS NOT NULL.
Fixed a bug (#4491) - Session Library didn’t clean-up internal variables for emulated locks with the ‘redis’ driver.
Fixed a bug where Session Library didn’t clean-up internal variables for emulated locks with the ‘memcached’ driver.
Fixed a bug where Database transactions didn’t work with the ‘ibase’ driver.
Fixed a bug (#4475) - Security Library method strip_image_tags() preserves only the first URL character from non-quoted src attributes.
Fixed a bug where Profiler Library didn’t apply htmlspecialchars() to all displayed inputs.
Fixed a bug (#4277) - Cache Library triggered fatal errors if accessing the Memcache(d) and/or Redis driver and they are not available on the system.
Fixed a bug where Cache Library method is_supported() logged an error message on when it returns FALSE for the APC and Wincache drivers.


General Changes

Updated Security Library method get_random_bytes() to use PHP 7’s random_bytes() function when possible.
Updated Encryption Library method create_key() to use PHP 7’s random_bytes() function when possible.


Database

Added support for OFFSET-FETCH with Oracle 12c for the ‘oci8’ and ‘pdo/oci’ drivers.
Added support for the new MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT constant from PHP 5.6.16 for the ‘mysqli’ driver.


Bug fixes for 3.0.4

Fixed a bug (#4212) - Query Builder method count_all_results() could fail if an ORDER BY condition is used.
Fixed a bug where Form Helper functions set_checkbox(), set_radio() didn’t “uncheck” inputs on a submitted form if the default state is “checked”.
Fixed a bug (#4217) - Config Library method base_url() didn’t use proper formatting for IPv6 when it falls back to $_SERVER['SERVER_ADDR'].
Fixed a bug where CAPTCHA Helper entered an infinite loop while generating a random string.
Fixed a bug (#4223) - Database method simple_query() blindly executes queries without checking if the connection was initialized properly.
Fixed a bug (#4244) - Email Library could improperly use “unsafe” US-ASCII characters during Quoted-printable encoding.
Fixed a bug (#4245) - Database Forge couldn’t properly handle SET and ENUM type fields with string values.
Fixed a bug (#4283) - String Helper function alternator() couldn’t be called without arguments.
Fixed a bug (#4306) - Database method version() didn’t work properly with the ‘mssql’ driver.
Fixed a bug (#4039) - Session Library could generate multiple (redundant) warnings in case of a read failure with the ‘files’ driver, due to a bug in PHP.
Fixed a bug where Session Library didn’t have proper error handling on PHP 5 (due to a PHP bug).
Fixed a bug (#4312) - Form Validation Library didn’t provide error feedback for failed validation on empty requests.
Fixed a bug where Database method version() returned banner text instead of only the version number with the ‘oci8’ and ‘pdo/oci’ drivers.
Fixed a bug (#4331) - Database method error() didn’t really work for connection errors with the ‘mysqli’ driver.
Fixed a bug (#4343) - Email Library failing with a “More than one ‘from’ person” message when using sendmail.
Fixed a bug (#4350) - Loader Library method model() logic directly instantiated the CI_Model or MY_Model classes.
Fixed a bug (#4337) - Database method query() didn’t return a result set for queries with the RETURNING statement on PostgreSQL.
Fixed a bug (#4362) - Session Library doesn’t properly maintain its state after ID regeneration with the ‘redis’ and ‘memcached’ drivers on PHP 7.
Fixed a bug (#4349) - Database drivers ‘mysql’, ‘mysqli’, ‘pdo/mysql’ discard other sql_mode flags when “stricton” is enabled.
Fixed a bug (#4349) - Database drivers ‘mysql’, ‘mysqli’, ‘pdo/mysql’ don’t turn off STRICT_TRANS_TABLES on MySQL 5.7+ when “stricton” is disabled.
Fixed a bug (#4374) - Session Library with the ‘database’ driver could be affected by userspace Query Builder conditions.


Security

Fixed an XSS attack vector in Security Library method xss_clean().
Changed Config Library method base_url() to fallback to $_SERVER['SERVER_ADDR'] when $config['base_url'] is empty in order to avoid Host header injections.
Changed CAPTCHA Helper to use the operating system’s PRNG when possible.


Database

Optimized Database Utility method csv_from_result() for speed with larger result sets.
Added proper return values to Database Transactions method trans_start().


Bug fixes for 3.0.3

Fixed a bug (#4170) - Database method insert_id() could return an identity from the wrong scope with the ‘sqlsrv’ driver.
Fixed a bug (#4179) - Session Library doesn’t properly maintain its state after ID regeneration with the ‘database’ driver on PHP 7.
Fixed a bug (#4173) - Database Forge method add_key() didn’t allow creation of non-PRIMARY composite keys after the “bugfix” for #3968.
Fixed a bug (#4171) - Database Transactions didn’t work with nesting in methods trans_begin(), trans_commit(), trans_rollback().
Fixed a bug where Database Transaction methods trans_begin(), trans_commit(), trans_rollback() ignored failures.
Fixed a bug where all Database Transaction methods returned TRUE while transactions are actually disabled.
Fixed a bug where common function html_escape() modified keys of its array inputs.
Fixed a bug (#4192) - Email Library wouldn’t always have proper Quoted-printable encoding due to a bug in PHP’s own mb_mime_encodeheader() function.


Security

Fixed a number of XSS attack vectors in Security Library method xss_clean() (thanks to Frans Rosén from Detectify).


General Changes

Updated the application/config/constants.php file to check if constants aren’t already defined before doing that.
Changed Loader Library method model() to only apply ucfirst() and not strtolower() to the requested class name.
Changed Config Library methods base_url(), site_url() to allow protocol-relative URLs by passing an empty string as the protocol.


Bug fixes for 3.0.2

Fixed a bug (#2284) - Database method protect_identifiers() breaks when Query Builder isn’t enabled.
Fixed a bug (#4052) - Routing with anonymous functions didn’t work for routes that don’t use regular expressions.
Fixed a bug (#4056) - Input Library method get_request_header() could not return a value unless request_headers() was called beforehand.
Fixed a bug where the Database Class entered an endless loop if it fails to connect with the ‘sqlsrv’ driver.
Fixed a bug (#4065) - Database method protect_identifiers() treats a traling space as an alias separator if the input doesn’t contain ‘ AS ‘.
Fixed a bug (#4066) - Cache Library couldn’t fallback to a backup driver if the primary one is Memcache(d) or Redis.
Fixed a bug (#4073) - Email Library method send() could return TRUE in case of an actual failure when an SMTP command fails.
Fixed a bug (#4086) - Query Builder didn’t apply dbprefix to LIKE conditions if the pattern included spaces.
Fixed a bug (#4091) - Cache Library ‘file’ driver could be tricked into accepting empty cache item IDs.
Fixed a bug (#4093) - Query Builder modified string values containing ‘AND’, ‘OR’ while compiling WHERE conditions.
Fixed a bug (#4096) - Query Builder didn’t apply dbprefix when compiling BETWEEN conditions.
Fixed a bug (#4105) - Form Validation Library didn’t allow pipe characters inside “bracket parameters” when using a string ruleset.
Fixed a bug (#4109) - Routing to default_controller didn’t work when enable_query_strings is set to TRUE.
Fixed a bug (#4044) - Cache Library ‘redis’ driver didn’t catch RedisException that could be thrown during authentication.
Fixed a bug (#4120) - Database method error() didn’t return error info when called after query() with the ‘mssql’ driver.
Fixed a bug (#4116) - Pagination Library set the wrong page number on the “data-ci-pagination-page” attribute in generated links.
Fixed a bug where Pagination Library added the ‘rel=”start”’ attribute to the first displayed link even if it’s not actually linking the first page.
Fixed a bug (#4137) - Error Handling breaks for the new Error exceptions under PHP 7.
Fixed a bug (#4126) - Form Validation Library method reset_validation() discarded validation rules from config files.


Core

Added DoS mitigation to hash_pbkdf2() compatibility function.


Database

Added list_fields() support for SQLite (‘sqlite3’ and ‘pdo_sqlite’ drivers).
Added SSL connection support for the ‘mysqli’ and ‘pdo_mysql’ drivers.


Libraries

File Uploading Library changes:
Changed method set_error() to accept a custom log level (defaults to ‘error’).
Errors “no_file_selected”, “file_partial”, “stopped_by_extension”, “no_file_types”, “invalid_filetype”, “bad_filename” are now logged at the ‘debug’ level.
Errors “file_exceeds_limit”, “file_exceeds_form_limit”, “invalid_filesize”, “invalid_dimensions” are now logged at the ‘info’ level.
Added ‘is_resource’ to the available expectations in Unit Testing Library.


Helpers

Added Unicode support to URL Helper function url_title().
Added support for passing the “extra” parameter as an array to all Form Helper functions that use it.


Core

Added support for defining a list of specific query parameters in $config['cache_query_string'] for the Output Library.
Added class existence and inheritance checks to CI_Loader::model() in order to ease debugging in case of name collisions.


Bug fixes for 3.0.1

Fixed a bug (#3733) - Autoloading of libraries with aliases didn’t work, although it was advertised to.
Fixed a bug (#3744) - Redis Caching driver didn’t handle authentication failures properly.
Fixed a bug (#3761) - URL Helper function anchor() didn’t work with array inputs.
Fixed a bug (#3773) - db_select() didn’t work for MySQL with the PDO Database driver.
Fixed a bug (#3771) - Form Validation Library was looking for a ‘form_validation_’ prefix when trying to translate field name labels.
Fixed a bug (#3787) - FTP Library method delete_dir() failed when the target has subdirectories.
Fixed a bug (#3801) - Output Library method _display_cache() incorrectly looked for the last modified time of a directory instead of the cache file.
Fixed a bug (#3816) - Form Validation Library treated empty string values as non-existing ones.
Fixed a bug (#3823) - Session Library drivers Redis and Memcached didn’t properly handle locks that are blocking the request for more than 30 seconds.
Fixed a bug (#3846) - Image Manipulation Library method image_mirror_gd() didn’t properly initialize its variables.
Fixed a bug (#3854) - field_data() didn’t work properly with the Oracle (OCI8) database driver.
Fixed a bug in the Database Utility Class method csv_from_result() didn’t work with a whitespace CSV delimiter.
Fixed a bug (#3890) - Input Library method get_request_header() treated header names as case-sensitive.
Fixed a bug (#3903) - Form Validation Library ignored “unnamed” closure validation rules.
Fixed a bug (#3904) - Form Validation Library ignored “named” callback rules when the field is empty and there’s no ‘required’ rule.
Fixed a bug (#3922) - Email and XML-RPC libraries could enter an infinite loop due to PHP bug #39598.
Fixed a bug (#3913) - Cache Library didn’t work with the direct $this->cache->$driver_name->method() syntax with Redis and Memcache(d).
Fixed a bug (#3932) - Query Builder didn’t properly compile WHERE and HAVING conditions for field names that end with “and”, “or”.
Fixed a bug in Query Builder where delete() didn’t properly work on multiple tables with a WHERE condition previously set via where().
Fixed a bug (#3952) - Database method list_fields() didn’t work with SQLite3.
Fixed a bug (#3955) - Cache Library methods increment() and decrement() ignored the ‘key_prefix’ setting.
Fixed a bug (#3963) - Unit Testing Library wrongly tried to translate filenames, line numbers and notes values in test results.
Fixed a bug (#3965) - File Uploading Library ignored the “encrypt_name” setting when “overwrite” is enabled.
Fixed a bug (#3968) - Database Forge method add_key() didn’t treat array inputs as composite keys unless it’s a PRIMARY KEY.
Fixed a bug (#3715) - Pagination Library could generate broken link when a protocol-relative base URL is used.
Fixed a bug (#3828) - Output Library method delete_cache() couldn’t delete index page caches.
Fixed a bug (#3704) - Database method stored_procedure() in the ‘oci8’ driver didn’t properly bind parameters.
Fixed a bug (#3778) - Download Helper function force_download() incorrectly sent a Pragma response header.
Fixed a bug (#3752) - $routing['directory'] overrides were not properly handled and always resulted in a 404 “Not Found” error.
Fixed a bug (#3279) - Query Builder methods update() and get_compiled_update() did double escaping on the table name if it was provided via from().
Fixed a bug (#3991) - $config['rewrite_short_tags'] never worked due to function_exists('eval') always returning FALSE.
Fixed a bug where the File Uploading Library library will not properly configure its maximum file size unless the input value is of type integer.
Fixed a bug (#4000) - Pagination Library didn’t enable “rel” attributes by default if no attributes-related config options were used.
Fixed a bug (#4004) - URI Class didn’t properly parse the request URI if it contains a colon followed by a digit.
Fixed a bug in Query Builder where the $escape parameter for some methods only affected field names.
Fixed a bug (#4012) - Query Builder methods where_in(), or_where_in(), where_not_in(), or_where_not_in() didn’t take into account previously cached WHERE conditions when query cache is in use.
Fixed a bug (#4015) - Email Library method set_header() didn’t support method chaining, although it was advertised.
Fixed a bug (#4027) - Routing with HTTP verbs only worked if the route request method was declared in all-lowercase letters.
Fixed a bug (#4026) - Database Transactions always rollback if any previous query() call fails.
Fixed a bug (#4023) - String Helper function increment_string() didn’t escape its $separator parameter.

Read more: http://forum.codeigniter.com/thread-64610.html






3.0.0
 (major version)
31 March 2015 - 7MB
The framework is released under the MIT license
The database drivers have had extensive refactoring
PDO is fully functional with subdrivers
There is a new Session library
There is a new Encryption library
The unit testing has been beefed up, and code coverage improved
PHP 5.4 or newer is recommended, but CI will still work on PHP 5.2.4

Read more: http://forum.codeigniter.com/thread-1657.html






2.2.1
 (security release)
17 February 2015 - 7MBThis is a security release for the 2.x branch. XSS handling has been improved and timezones were updated. 



General Changes

Improved security in xss_clean().
Updated timezones in Date Helper.


Bug fixes

Fixed a bug (#3094) - CI_Input::_clean_input_data() breaks encrypted session cookies.
Fixed a bug (#2268) - CI_Security::xss_clean() didn't properly match JavaScript events.
Fixed a bug (#3309) - CI_Security::xss_clean() used an overly-invasive pattern to strip JS event handlers.
Fixed a bug (#2771) - CI_Security::xss_clean() didn't take into account HTML5 entities.
Fixed a bug (#73) - CI_Security::sanitize_filename() could be tricked by an XSS attack.
Fixed a bug (#2681) - CI_Security::entity_decode() used the PREG_REPLACE_EVAL flag, which is deprecated since PHP 5.5.
Fixed a bug (#3302) - Internal function get_config() triggered an E_NOTICE message on PHP 5.6.
Fixed a bug (#2508) - Config Library didn't properly detect if the current request is via HTTPS.
Fixed a bug (#3314) - SQLSRV Database driver's method count_all() didn't escape the supplied table name.
Fixed a bug (#3404) - MySQLi Database driver's method escape_str() had a wrong fallback to mysql_escape_string() when there was no active connection.
Fixed a bug in the Session Library where session ID regeneration occurred during AJAX requests.






2.2.0
 (major version) (security release)
5 June 2014 - 7MBThis is a security release for the 2.x branch. The Encryption Class now requires the Mcrypt extension, so please ensure your environment is ready for the update.



General Changes

Security: The xor_encode() method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.
Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum.


Bug Fixes

Fixed an edge case (#2583) in the Email Library where Suhosin blocked messages sent via mail() due to trailing newspaces in headers.
Fixed a bug (#696) - make oci_execute() calls inside num_rows() non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed.
Fixed a bug (#2689) - Database Forge Class methods create_table(), drop_table() and rename_table() produced broken SQL for tge 'sqlsrv' driver.
Fixed a bug (#2427) - PDO Database driver didn't properly check for query failures.
Fixed a bug in the Session Library where authentication was not performed for encrypted cookies.






2.1.4

8 July 2013 - 7MBGeneral Changes

Improved security in xss_clean().


Bug Fixes

Fixed a bug (#1936) - Migrations Library method latest() had a typo when retrieving language values.
Fixed a bug (#2021) - Migrations Library configuration file was mistakenly using Windows style line feeds.
Fixed a bug (#1969) - Active Record method set_update_batch() was using the incorrect variables and would cause an error.
Fixed a bug (#2337) - Email Library method print_debugger() was not using htmlspecialchar() when being shown in the browser.






2.1.3

8 October 2012 - 7MB





2.1.2

29 June 2012 - 7MB





2.1.1

13 June 2012 - 7MB





2.1.0
 (major version)
15 November 2011 - 7MB





2.0.3

20 August 2011 - 7MB





2.0.2

8 April 2011 - 7MB





2.0.1

15 March 2011 - 7MB





2.0.0
 (major version)
1 February 2011 - 7MB





1.7.3

15 December 2010 - 3MB





1.7.2

11 September 2009 - 3MB





1.7.1

19 February 2009 - 3MB





1.7.0
 (major version)
1 November 2008 - 3MB





1.6.3

30 June 2008 - 3MB





1.6.2

14 May 2008 - 3MB





1.6.1

18 February 2008 - 3MB





1.6.0
 (major version)
4 February 2008 - 3MB





1.5.4

30 July 2007 - 3MB





1.5.3

28 April 2007 - 3MB





1.5.2

23 February 2007 - 3MB





1.5.1

13 December 2006 - 3MB





1.5.0.1b

3 November 2006 - 3MB





1.5.0.1
 (major version)
3 November 2006 - 3MB





1.4.1

23 October 2006 - 3MB