There's a a lot of huge changes from Codeigniter Version 2 to Codeigniter Version 3. Here is some of the changes I take from Codeigniter sites.
- License
- CodeIgniter has been relicensed with the MIT License, eliminating its old proprietary licensing.
- General Changes
- PHP 5.1.6 is no longer supported. CodeIgniter now requires PHP 5.2.4 and recommends PHP 5.4+ or newer to be used.
- Changed filenaming convention (class file names now must be Ucfirst and everything else in lowercase).
- Changed the default database driver to ‘mysqli’ (the old ‘mysql’ driver is DEPRECATED).
- $_SERVER['CI_ENV'] can now be set to control the ENVIRONMENT constant.
- Added an optional backtrace to php-error template.
- Added Android to the list of user agents.
- Added Windows 7, Windows 8, Windows 8.1, Android, Blackberry, iOS and PlayStation 3 to the list of user platforms.
- Added Fennec (Firefox for mobile) to the list of mobile user agents.
- Ability to log certain error types, not all under a threshold.
- Added support for pem, p10, p12, p7a, p7c, p7m, p7r, p7s, crt, crl, der, kdb, rsa, cer, sst, csr Certs to mimes.php.
- Added support for pgp, gpg, zsh and cdr files to mimes.php.
- Added support for 3gp, 3g2, mp4, wmv, f4v, vlc Video files to mimes.php.
- Added support for m4a, aac, m4u, xspf, au, ac3, flac, ogg, wma Audio files to mimes.php.
- Added support for kmz and kml (Google Earth) files to mimes.php.
- Added support for ics Calendar files to mimes.php.
- Added support for rar, jar and 7zip archives to mimes.php.
- Updated support for xml (‘application/xml’) and xsl (‘application/xml’, ‘text/xsl’) files in mimes.php.
- Updated support for doc files in mimes.php.
- Updated support for docx files in mimes.php.
- Updated support for php files in mimes.php.
- Updated support for zip files in mimes.php.
- Updated support for csv files in mimes.php.
- Added Romanian, Greek, Vietnamese and Cyrilic characters in application/config/foreign_characters.php.
- Changed logger to only chmod when file is first created.
- Removed previously deprecated SHA1 Library.
- Removed previously deprecated use of $autoload['core'] in application/config/autoload.php. Only entries in$autoload['libraries'] are auto-loaded now.
- Removed previously deprecated EXT constant.
- Updated all classes to be written in PHP 5 style, with visibility declarations and no var usage for properties.
- Added an Exception handler.
- Moved error templates to application/views/errors/ and made the path configurable via $config['error_views_path'].
- Added support non-HTML error templates for CLI applications.
- Moved the Log class to application/core/
- Global config files are loaded first, then environment ones. Environment config keys overwrite base ones, allowing to only set the keys we want changed per environment.
- Changed detection of $view_folder so that if it’s not found in the current path, it will now also be searched for under the application folder.
- Path constants BASEPATH, APPPATH and VIEWPATH are now (internally) defined as absolute paths.
- Updated email validation methods to use filter_var() instead of PCRE.
- Changed environment defaults to report all errors in development and only fatal ones in testing, production but only display them in development.
- Updated ip_address database field lengths from 16 to 45 for supporting IPv6 address on Trackback Library and Captcha Helper.
- Removed cheatsheets and quick_reference PDFs from the documentation.
- Added availability checks where usage of dangerous functions like eval() and exec() is required.
- Added support for changing the file extension of log files using $config['log_file_extension'].
- Added support for turning newline standardization on/off via $config['standardize_newlines'] and set it to FALSE by default.
- Added configuration setting $config['composer_autoload'] to enable loading of a Composer auto-loader.
- Removed the automatic conversion of ‘programmatic characters’ to HTML entities from the URI Library.
- Changed log messages that say a class or file was loaded to “info” level instead of “debug”, so that they don’t pollute log files when $config['log_threshold'] is set to 2 (debug).
- Helpers
- Date Helper changes include:
- Added an optional third parameter to timespan() that constrains the number of time units displayed.
- Added an optional parameter to timezone_menu() that allows more attributes to be added to the generated select tag.
- Added function date_range() that generates a list of dates between a specified period.
- Deprecated standard_date(), which now just uses the native date() with DateTime constants.
- Changed now() to work with all timezone strings supported by PHP.
- Changed days_in_month() to use the native cal_days_in_month() PHP function, if available.
- URL Helper changes include:
- Deprecated separator options dash and underscore for function url_title() (they are only aliases for ‘-‘ and ‘_’ respectively).
- url_title() will now trim extra dashes from beginning and end.
- anchor_popup() will now fill the href attribute with the URL and its JS code will return FALSE instead.
- Added JS window name support to the anchor_popup() function.
- Added support for menubar attribute to the anchor_popup().
- Added support (auto-detection) for HTTP/1.1 response codes 303, 307 in redirect().
- Changed redirect() to choose the refresh method only on IIS servers, instead of all servers on Windows (when auto is used).
- Changed anchor(), anchor_popup(), and redirect() to support protocol-relative URLs (e.g. //ellislab.com/codeigniter).
- HTML Helper changes include:
- Added more doctypes.
- Changed application and environment config files to be loaded in a cascade-like manner.
- Changed doctype() to cache and only load once the doctypes array.
- Deprecated functions nbs() and br(), which are just aliases for the native str_repeat() with and <br />respectively.
- Inflector Helper changes include:
- Changed humanize() to allow passing an input separator as its second parameter.
- Changed humanize() and underscore() to utilize mbstring, if available.
- Changed plural() and singular() to avoid double pluralization and support more words.
- Download Helper changes include:
- Added an optional third parameter to force_download() that enables/disables sending the actual file MIME type in the Content-Type header (disabled by default).
- Added a work-around in force_download() for a bug Android <= 2.1, where the filename extension needs to be in uppercase.
- Added support for reading from an existing file path by passing NULL as the second parameter to force_download()(useful for large files and/or safely transmitting binary data).
- Form Helper changes include:
- form_dropdown() will now also take an array for unity with other form helpers.
- form_prep() is now DEPRECATED and only acts as an alias for common function html_escape().
- set_value() will now also accept a third argument, allowing to turn off HTML escaping of the value.
- Security Helper changes include:
- do_hash() now uses PHP’s native hash() function (supporting more algorithms) and is deprecated.
- strip_image_tags() is now an alias for the same method in the Security Library.
- Smiley Helper changes include:
- Deprecated the whole helper as too specific for CodeIgniter.
- Removed previously deprecated function js_insert_smiley().
- Changed application and environment config files to be loaded in a cascade-like manner.
- The smileys array is now cached and loaded only once.
- File Helper changes include:
- set_realpath() can now also handle file paths as opposed to just directories.
- Added an optional paramater to delete_files() to enable it to skip deleting files such as .htaccess and index.html.
- Deprecated function read_file() - it’s just an alias for PHP’s native file_get_contents().
- String Helper changes include:
- Deprecated function repeater() - it’s just an alias for PHP’s native str_repeat().
- Deprecated function trim_slashes() - it’s just an alias for PHP’s native trim() (with a slash as its second argument).
- Deprecated randomization type options unique and encrypt for funcion random_string() (they are only aliases formd5 and sha1 respectively).
- CAPTCHA Helper changes include:
- Added word_length and pool options to allow customization of the generated word.
- Added colors configuration to allow customization for the background, border, text and grid colors.
- Added filename to the returned array elements.
- Updated to use imagepng() in case that imagejpeg() isn’t available.
- Added font_size option to allow customization of font size.
- Added img_id option to set id attribute of captcha image.
- Text Helper changes include:
- Changed the default tag for use in highlight_phrase() to <mark> (formerly <strong>).
- Changed character_limiter(), word_wrap() and ellipsize() to utilize mbstring or iconv, if available.
- Directory Helper directory_map() will now append DIRECTORY_SEPARATOR to directory names in the returned array.
- Array Helper element() and elements() now return NULL instead of FALSE when the required elements don’t exist.
- Language Helper lang() now accepts an optional list of additional HTML attributes.
- Deprecated the Email Helper as its valid_email(), send_email() functions are now only aliases for PHP native functionsfilter_var() and mail() respectively.
- Date Helper changes include:
- Database
- DEPRECATED the ‘mysql’, ‘sqlite’, ‘mssql’ and ‘pdo/dblib’ (also known as ‘pdo/mssql’ or ‘pdo/sybase’) drivers.
- Added dsn configuration setting for drivers that support DSN strings (PDO, PostgreSQL, Oracle, ODBC, CUBRID).
- Added schema configuration setting (defaults to public) for drivers that might need it (currently used by PostgreSQL and ODBC).
- Added save_queries configuration setting to application/config/database.php (defaults to TRUE).
- Removed autoinit configuration setting as it doesn’t make sense to instantiate the database class but not connect to the database.
- Added subdrivers support (currently only used by PDO).
- Added an optional database name parameter to db_select().
- Removed protect_identifiers() and renamed internal method _protect_identifiers() to it instead - it was just an alias.
- Renamed internal method _escape_identifiers() to escape_identifiers().
- Updated escape_identifiers() to accept an array of fields as well as strings.
- MySQL and MySQLi drivers now require at least MySQL version 5.1.
- Added a $persistent parameter to db_connect() and changed db_pconnect() to be an alias for db_connect(TRUE).
- db_set_charset() now only requires one parameter (collation was only needed due to legacy support for MySQL versions prior to 5.1).
- db_select() will now always (if required by the driver) be called by db_connect() instead of only when initializing.
- Replaced the _error_message() and _error_number() methods with error(), which returns an array containing the last database error code and message.
- Improved version() implementation so that drivers that have a native function to get the version number don’t have to be defined in the core DB_driver class.
- Added capability for packages to hold config/database.php config files.
- Added MySQL client compression support.
- Added encrypted connections support (for mysql, sqlsrv and PDO with sqlsrv).
- Removed Loader Class from Database error tracing to better find the likely culprit.
- Added support for SQLite3 database driver.
- Added Interbase/Firebird database support via the ibase driver.
- Added ODBC support for create_database(), drop_database() and drop_table() in Database Forge.
- Added support to binding arrays as IN() sets in query().
- Query Builder changes include:
- Renamed the Active Record class to Query Builder to remove confusion with the Active Record design pattern.
- Added the ability to insert objects with insert_batch().
- Added new methods that return the SQL string of queries without executing them: get_compiled_select(),get_compiled_insert(), get_compiled_update(), get_compiled_delete().
- Added an optional parameter that allows to disable escaping (useful for custom fields) for methods join(),order_by(), where_in(), or_where_in(), where_not_in(), or_where_not_in(), insert(), insert_batch().
- Added support for join() with multiple conditions.
- Added support for USING in join().
- Added support for EXISTS in where().
- Added seed values support for random ordering with order_by(seed, 'RANDOM').
- Changed limit() to ignore NULL values instead of always casting to integer.
- Changed offset() to ignore empty values instead of always casting to integer.
- Methods insert_batch() and update_batch() now return an integer representing the number of rows affected by them.
- Methods where(), or_where(), having() and or_having() now convert trailing = and <>, != SQL operators toIS NULL and IS NOT NULL respectively when the supplied comparison value is NULL.
- Added method chaining support to reset_query(), start_cache(), stop_cache() and flush_cache().
- Added an optional second parameter to count_all_results() to disable resetting of QB values.
- Database Results changes include:
- Added a constructor to the DB_result class and moved all driver-specific properties and logic out of the baseDB_driver class to allow better abstraction.
- Added method unbuffered_row() for fetching a row without prefetching the whole result (consume less memory).
- Renamed former method _data_seek() to data_seek() and made it public.
- Improved support for the MySQLi driver, including:
- OOP style usage of the PHP extension is now used, instead of the procedural aliases.
- Server version checking is now done via mysqli::$server_info instead of running an SQL query.
- Added persistent connections support for PHP >= 5.3.
- Added support for configuring socket pipe connections.
- Added support for backup() in Database Utilities.
- Changed methods trans_begin(), trans_commit() and trans_rollback() to use the PHP API instead of sending queries.
- Improved support of the PDO driver, including:
- Added support for create_database(), drop_database() and drop_table() in Database Forge.
- Added support for list_fields() in Database Results.
- Subdrivers are now isolated from each other instead of being in one large class.
- Improved support of the PostgreSQL driver, including:
- pg_version() is now used to get the database version number, when possible.
- Added db_set_charset() support.
- Added support for optimize_table() in Database Utilities (rebuilds table indexes).
- Added boolean data type support in escape().
- Added update_batch() support.
- Removed limit() and order_by() support for UPDATE and DELETE queries as PostgreSQL does not support those features.
- Added a work-around for dead persistent connections to be re-created after a database restart.
- Changed db_connect() to include the (new) schema value into Postgre’s search_path session variable.
- pg_escape_literal() is now used for escaping strings, if available.
- Improved support of the CUBRID driver, including:
- Added DSN string support.
- Added persistent connections support.
- Improved list_databases() in Database Utility (until now only the currently used database was returned).
- Improved support of the MSSQL and SQLSRV drivers, including:
- Added random ordering support.
- Added support for optimize_table() in Database Utility.
- Added escaping with QUOTE_IDENTIFIER setting detection.
- Added port handling support for UNIX-based systems (MSSQL driver).
- Added OFFSET support for SQL Server 2005 and above.
- Added db_set_charset() support (MSSQL driver).
- Added a scrollable property to enable configuration of the cursor to use (SQLSRV driver).
- Added support and auto-detection for the SQLSRV_CURSOR_CLIENT_BUFFERED scrollable cursor flag (SQLSRV driver).
- Changed default behavior to not use SQLSRV_CURSOR_STATIC due to performance issues (SQLSRV driver).
- Improved support of the Oracle (OCI8) driver, including:
- Added DSN string support (Easy Connect and TNS).
- Added support for drop_table() in Database Forge.
- Added support for list_databases() in Database Utilities.
- Generally improved for speed and cleaned up all of its components.
- num_rows() is now only called explicitly by the developer and no longer re-executes statements.
- Improved support of the SQLite driver, including:
- Added support for replace() in Query Builder.
- Added support for drop_table() in Database Forge.
- Database Forge changes include:
- Added an optional second parameter to drop_table() that allows adding the IF EXISTS condition, which is no longer the default.
- Added support for passing a custom database object to the loader.
- Added support for passing custom table attributes (such as ENGINE for MySQL) to create_table().
- Added support for usage of the FIRST clause in add_column() for MySQL and CUBRID.
- Added partial support for field comments (MySQL, PostgreSQL, Oracle).
- Deprecated add_column()‘s third method. AFTER clause should now be added to the field definition array instead.
- Overall improved support for all of the drivers.
- Database Utility changes include:
- Added support for passing a custom database object to the loader.
- Modified the class to no longer extend Database Forge, which has been a deprecated behavior for awhile.
- Overall improved support for all of the drivers.
- Added foreign_key_checks option to MySQL/MySQLi backup, allowing statement to disable/re-enable foreign key checks to be inserted into the backup output.
- Libraries
- Added a new Encryption Library to replace the old, largely insecure Encrypt Library.
- Encrypt Library changes include:
- Deprecated the library in favor of the new Encryption Library.
- Added support for hashing algorithms other than SHA1 and MD5.
- Removed previously deprecated sha1() method.
- Session Library changes include:
- Completely re-written the library to use self-contained drivers via $config['sess_driver'].
- Added ‘files’, ‘database’, ‘redis’ and ‘memcached’ drivers (using ‘files’ by default).
- Added $config['sess_save_path'] setting to specify where the session data is stored, depending on the driver.
- Dropped support for storing session data in cookies (which renders $config['sess_encrypt_cookie'] useless and is therefore also removed).
- Dropped official support for storing session data in databases other than MySQL and PostgreSQL.
- Changed table structure for the ‘database’ driver.
- Added a new tempdata feature that allows setting userdata items with expiration time (mark_as_temp(), tempdata(),set_tempdata(), unset_tempdata()).
- Changed method keep_flashdata() to also accept an array of keys.
- Changed methods userdata(), flashdata() to return an array of all userdata/flashdata when no parameter is passed.
- Deprecated method all_userdata() - it is now just an alias for userdata() with no parameters.
- Added method has_userdata() that verifies the existence of a userdata item.
- Added debug level log messages for key events in the session validation process.
- Dropped support for the sess_match_useragent option.
- File Uploading Library changes include:
- Added method chaining support.
- Added support for using array notation in file field names.
- Added max_filename_increment and file_ext_tolower configuration settings.
- Added min_width and min_height configuration settings for images.
- Added mod_mime_fix configuration setting to disable suffixing multiple file extensions with an underscore.
- Added the possibility pass allowed_types as an array.
- Added an $index parameter to the method data().
- Added a $reset parameter to method initialize().
- Removed method clean_file_name() and its usage in favor of Security Library‘s sanitize_filename().
- Removed method mimes_types().
- Changed CI_Upload::_prep_filename() to simply replace all (but the last) dots in the filename with underscores, instead of suffixing them.
- Calendar Library changes include:
- Added method chaining support.
- Added configuration to generate days of other months instead of blank cells.
- Added auto-configuration for next_prev_url if it is empty and show_prev_next is set to TRUE.
- Added support for templating via an array in addition to the encoded string.
- Changed method get_total_days() to be an alias for Date Helper days_in_month().
- Cart Library changes include:
- Deprecated the library as too specific for CodeIgniter.
- Added method remove() to remove a cart item, updating with quantity of 0 seemed like a hack but has remained to retain compatibility.
- Added method get_item() to enable retrieving data for a single cart item.
- Added unicode support for product names.
- Added support for disabling product name strictness via the $product_name_safe property.
- Changed insert() method to auto-increment quantity for an item when inserted twice instead of resetting it.
- Changed update() method to support updating all properties attached to an item and not to require ‘qty’.
- Image Manipulation Library changes include:
- The initialize() method now only sets existing class properties.
- Added support for 3-length hex color values for wm_font_color and wm_shadow_color properties, as well as validation for them.
- Class properties wm_font_color, wm_shadow_color and wm_use_drop_shadow are now protected, to avoid breaking thetext_watermark() method if they are set manually after initialization.
- If property maintain_ratio is set to TRUE, image_reproportion() now doesn’t need both width and height to be specified.
- Property maintain_ratio is now taken into account when resizing images using ImageMagick library.
- Added support for maintaining transparency for PNG images when watermarking.
- Added a file_permissions setting.
- Form Validation Library changes include:
- Added method error_array() to return all error messages as an array.
- Added method set_data() to set an alternative data array to be validated instead of the default $_POST.
- Added method reset_validation() which resets internal validation variables in case of multiple validation routines.
- Added support for setting error delimiters in the config file via $config['error_prefix'] and $config['error_suffix'].
- Internal method _execute() now considers input data to be invalid if a specified rule is not found.
- Removed method is_numeric() as it exists as a native PHP function and _execute() will find and use that (theis_numeric rule itself is deprecated since 1.6.1).
- Native PHP functions used as rules can now accept an additional parameter, other than the data itself.
- Updated method set_rules() to accept an array of rules as well as a string.
- Fields that have empty rules set no longer run through validation (and therefore are not considered erroneous).
- Added rule differs to check if the value of a field differs from the value of another field.
- Added rule valid_url.
- Added rule in_list to check if the value of a field is within a given list.
- Added support for named parameters in error messages.
- Language line keys must now be prefixed with form_validation_.
- Added rule alpha_numeric_spaces.
- Added support for custom error messages per field rule.
- Added support for callable rules when they are passed as an array.
- Added support for non-ASCII domains in valid_email rule, depending on the Intl extension.
- Changed the debug message about an error message not being set to include the rule name it is about.
- Caching Library changes include:
- Added Wincache driver.
- Added Redis driver.
- Added a key_prefix option for cache IDs.
- Updated driver is_supported() methods to log at the “debug” level.
- Added option to store raw values instead of CI-formatted ones (APC, Memcache).
- Added atomic increment/decrement feature via increment(), decrement().
- E-mail Library changes include:
- Added a custom filename parameter to attach() as $this->email->attach($filename, $disposition, $newname).
- Added possibility to send attachment as buffer string in attach() as$this->email->attach($buffer, $disposition, $newname, $mime).
- Added possibility to attach remote files by passing a URL.
- Added method attachment_cid() to enable embedding inline attachments into HTML.
- Added dsn (delivery status notification) option.
- Renamed method _set_header() to set_header() and made it public to enable adding custom headers.
- Successfully sent emails will automatically clear the parameters.
- Added a return_path parameter to the from() method.
- Removed the second parameter (character limit) from internal method _prep_quoted_printable() as it is never used.
- Internal method _prep_quoted_printable() will now utilize the native quoted_printable_encode(), imap_8bit()functions (if available) when CRLF is set to “rn”.
- Default charset now relies on the global $config['charset'] setting.
- Removed unused protected method _get_ip() (Input Library‘s ip_address() should be used anyway).
- Internal method _prep_q_encoding() now utilizes PHP’s mbstring and iconv extensions (when available) and no longer has a second ($from) argument.
- Added an optional parameter to print_debugger() to allow specifying which parts of the message should be printed (‘headers’, ‘subject’, ‘body’).
- Added SMTP keepalive option to avoid opening the connection for each send() call. Accessible as $smtp_keepalive.
- Public method set_header() now filters the input by removing all “\r” and “\n” characters.
- Added support for non-ASCII domains in valid_email(), depending on the Intl extension.
- Pagination Library changes include:
- Deprecated usage of the “anchor_class” setting (use the new “attributes” setting instead).
- Added method chaining support to initialize() method.
- Added support for the anchor “rel” attribute.
- Added support for setting custom attributes.
- Added support for language translations of the first_link, next_link, prev_link and last_link values.
- Added support for $config['num_links'] = 0 configuration.
- Added $config['reuse_query_string'] to allow automatic repopulation of query string arguments, combined with normal URI segments.
- Added $config['use_global_url_suffix'] to allow overriding the library ‘suffix’ value with that of the global$config['url_suffix'] setting.
- Removed the default from a number of the configuration variables.
- Profiler Library changes include:
- Database object names are now being displayed.
- The sum of all queries running times in seconds is now being displayed.
- Added support for displaying the HTTP DNT (“Do Not Track”) header.
- Added support for displaying $_FILES.
- Migration Library changes include:
- Added support for timestamp-based migrations (enabled by default).
- Added $config['migration_type'] to allow switching between sequential and timestamp migrations.
- XML-RPC Library changes include:
- Added the ability to use a proxy.
- Added Basic HTTP authentication support.
- User Agent Library changes include:
- Added check to detect if robots are pretending to be mobile clients (helps with e.g. Google indexing mobile website versions).
- Added method parse() to allow parsing a custom user-agent string, different from the current visitor’s.
- HTML Table Library changes include:
- Added method chaining support.
- Added support for setting table class defaults in a config file.
- Zip Library changes include:
- Method read_file() can now also alter the original file path/name while adding files to an archive.
- Added support for changing the compression level.
- Trackback Library method receive() will now utilize iconv() if it is available but mb_convert_encoding() is not.
- Core
- Routing changes include:
- Added support for multiple levels of controller directories.
- Added support for per-directory default_controller and 404_override classes.
- Added possibility to route requests using HTTP verbs.
- Added possibility to route requests using callbacks.
- Added a new reserved route (translate_uri_dashes) to allow usage of dashes in the controller and method URI segments.
- Deprecated methods fetch_directory(), fetch_class() and fetch_method() in favor of their respective public properties.
- Removed method _set_overrides() and moved its logic to the class constructor.
- URI Library changes include:
- Added conditional PCRE UTF-8 support to the “invalid URI characters” check and removed the preg_quote() call from it to allow more flexibility.
- Renamed method _filter_uri() to filter_uri().
- Changed method filter_uri() to accept by reference and removed its return value.
- Changed private methods to protected so that MY_URI can override them.
- Renamed internal method _parse_cli_args() to _parse_argv().
- Renamed internal method _detect_uri() to _parse_request_uri().
- Changed _parse_request_uri() to accept absolute URIs for compatibility with HTTP/1.1 as per RFC2616 <http://www.ietf.org/rfc/rfc2616.txt>.
- Added protected method _parse_query_string() to URI paths in the the QUERY_STRING value, like_parse_request_uri() does.
- Changed URI string detection logic to always default to REQUEST_URI unless configured otherwise or under CLI.
- Removed methods _remove_url_suffix(), _explode_segments() and moved their logic into _set_uri_string().
- Removed method _fetch_uri_string() and moved its logic into the class constructor.
- Removed method _reindex_segments().
- Loader Library changes include:
- Added method chaining support.
- Added method get_vars() to the Loader to retrieve all variables loaded with $this->load->vars().
- _ci_autoloader() is now a protected method.
- Added autoloading of drivers with $autoload['drivers'].
- $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as <?= will always be available.
- Changed method config() to return whatever CI_Config::load() returns instead of always being void.
- Added support for library and model aliasing on autoload.
- Changed method is_loaded() to ask for the (case sensitive) library name instead of its instance name.
- Removed $_base_classes property and unified all class data in $_ci_classes instead.
- Added method clear_vars() to allow clearing the cached variables for views.
- Input Library changes include:
- Deprecated the $config['global_xss_filtering'] setting.
- Added method() to retrieve $_SERVER['REQUEST_METHOD'].
- Added support for arrays and network addresses (e.g. 192.168.1.1/24) for use with the proxy_ips setting.
- Added method input_stream() to aid in using php://input stream data such as one passed via PUT, DELETE and PATCH requests.
- Changed method valid_ip() to use PHP’s native filter_var() function.
- Changed internal method _sanitize_globals() to skip enforcing reversal of register_globals in PHP 5.4+, where this functionality no longer exists.
- Changed methods get(), post(), get_post(), cookie(), server(), user_agent() to return NULL instead of FALSE when no value is found.
- Changed default value of the $xss_clean parameter to NULL for all methods that utilize it, the default value is now determined by the $config['global_xss_filtering'] setting.
- Added method post_get() and changed get_post() to search in GET data first. Both methods’ names now properly match their GET/POST data search priorities.
- Changed method _fetch_from_array() to parse array notation in field name.
- Changed method _fetch_from_array() to allow retrieving multiple fields at once.
- Added an option for _clean_input_keys() to return FALSE instead of terminating the whole script.
- Deprecated the is_cli_request() method, it is now an alias for the new is_cli() common function.
- Added an $xss_clean parameter to method user_agent() and removed the $user_agent property.
- Added property $raw_input_stream to access php://input data.
- Common functions changes include:
- Added function get_mimes() to return the application/config/mimes.php array.
- Added support for HTTP code 303 (“See Other”) in set_status_header().
- Removed redundant conditional to determine HTTP server protocol in set_status_header().
- Renamed _exception_handler() to _error_handler() and replaced it with a real exception handler.
- Changed _error_handler() to respect php.ini display_errors setting.
- Added function is_https() to check if a secure connection is used.
- Added function is_cli() to replace the CI_Input::is_cli_request() method.
- Added function function_usable() to work around a bug in Suhosin <http://www.hardened-php.net/suhosin/>.
- Removed the third ($php_error) argument from function log_message().
- Changed internal function load_class() to accept a constructor parameter instead of (previously unused) class name prefix.
- Removed default parameter value of is_php().
- Added a second argument $double_encode to html_escape().
- Changed function config_item() to return NULL instead of FALSE when no value is found.
- Changed function set_status_header() to return immediately when run under CLI.
- Output Library changes include:
- Added a second argument to method set_content_type() that allows setting the document charset as well.
- Added methods get_content_type() and get_header().
- Added method delete_cache().
- Added configuration option $config['cache_query_string'] to enable taking the query string into account when caching.
- Changed caching behavior to compress the output before storing it, if $config['compress_output'] is enabled.
- Config Library changes include:
- Changed site_url() method to accept an array as well.
- Removed internal method _assign_to_config() and moved its implementation to CodeIgniter.php instead.
- item() now returns NULL instead of FALSE when the required config item doesn’t exist.
- Added an optional second parameter to both base_url() and site_url() that allows enforcing of a protocol different than the one in the base_url configuration setting.
- Added HTTP “Host” header character validation to prevent cache poisoning attacks when base_url auto-detection is used.
- Security Library changes include:
- Added $config['csrf_regeneration'], which makes CSRF token regeneration optional.
- Added $config['csrf_exclude_uris'], allowing for exclusion of URIs from the CSRF protection (regular expressions are supported).
- Added method strip_image_tags().
- Added method get_random_bytes() and switched CSRF & XSS token generation to use it.
- Modified method sanitize_filename() to read a public $filename_bad_chars property for getting the invalid characters list.
- Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request.
- Language Library changes include:
- Changed method load() to filter the language name with ctype_alpha().
- Changed method load() to also accept an array of language files.
- Added an optional second parameter to method line() to disable error logging for line keys that were not found.
- Language files are now loaded in a cascading style with the one in system/ always loaded and overridden afterwards, if another one is found.
- Hooks Library changes include:
- Added support for closure hooks (or anything that is_callable() returns TRUE for).
- Renamed method _call_hook() to call_hook().
- Class instances are now stored in order to maintain their state.
- UTF-8 Library changes include:
- UTF8_ENABLED now requires only one of Multibyte String or iconv to be available instead of both.
- Changed method clean_string() to utilize mb_convert_encoding() if it is available.
- Renamed method _is_ascii() to is_ascii() and made it public.
- Log Library changes include:
- Added a $config['log_file_permissions'] setting.
- Changed the library constructor to try to create the log_path directory if it doesn’t exist.
- Added support for microseconds (“u” date format character) in $config['log_date_format'].
- Added compatibility layers <general/compatibility_functions> for:
- Multibyte String (limited support).
- Hash (hash_equals(), hash_pbkdf2()).
- Password Hashing.
- Standard Functions ``array_column()`, array_replace(), array_replace_recursive(), hex2bin(),quoted_printable_encode().
- Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions).
- Added support for HTTP-Only cookies with new config option cookie_httponly (default FALSE).
- $config['time_reference'] now supports all timezone strings supported by PHP.
- Fatal PHP errors are now also passed to _error_handler(), so they can be logged.
- Routing changes include:
0 comments:
Post a Comment