CodeIgniter 3.1.3 ·¢²¼ÁË£¬CodeIgniter ÊÇÒ»¸ö¼òµ¥¿ìËÙµÄ PHP MVC ¿ò¼Ü¡£¸Ã°æ±¾´øÀ´ÁËһЩ¹Ø¼üµÄ°²È«ÐÔÐÞ¸´£¬ÒÔ¼°Ðí¶àµÄ´íÎóÐÞ¸´¡£
°²È«£ºÐÞ¸´Á˵ç×ÓÓʼþµÄ´¦ÀíÎÊÌ⣬XSS ©¶´ÒÔ¼°Ò»Ð© CSRF Ç¿»¯
Bug ÐÞ¸´£ºÕë¶ÔÊý¾Ý¿â£¬µç×ÓÓʼþ£¬ÎļþÉÏ´«£¬Í¼Ïñ´¦Àí£¬ÊäÈ룬¼ÓÔØÆ÷£¬Êä³ö£¬²éѯÉú³ÉÆ÷£¬»á»°ºÍ XML-RPC ¿â£»ÒÔ¼° Date °ïÖú³ÌÐòºÍÒýµ¼³ÌÐòÎļþ½øÐÐÁËÐÞ¸´
ÏêÇéÈçÏÂ
°²È«
Fixed an XSS vulnerability in Security Library method xss_clean().
Fixed a possible file inclusion vulnerability in Loader Library method vars().
Fixed a possible remote code execution vulnerability in the Email Library when ¡®mail¡¯ or ¡®sendmail¡¯ are used (thanks to Paul Buonopane from NamePros).
Added protection against timing side-channel attacks in Security Library method csrf_verify().
Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().
General Changes
Deprecated $config['allow_get_array'].
Deprecated $config['standardize_newlines'].
Deprecated Date Helper function nice_date().
3.1.3 °æ±¾µÄ Bug ÐÞ¸´
Fixed a bug (#4886) - Database Library didn¡¯t differentiate bind markers inside double-quoted strings in queries.
Fixed a bug (#4890) - XML-RPC Library didn¡¯t work on PHP 7.
Fixed a regression (#4887) - File Uploading Library triggered fatal errors due to numerous PHP distribution channels (XAMPP and cPanel confirmed) explicitly disabling ext/fileinfo by default.
Fixed a bug (#4679) - Input Library method ip_address() didn¡¯t properly resolve $config['proxy_ips'] IPv6 addresses.
Fixed a bug (#4902) - Image Manipulation Library processing via ImageMagick didn¡¯t work.
Fixed a bug (#4905) - Loader Library didn¡¯t take into account possible user-provided directory paths when loading helpers.
Fixed a bug (#4916) - Session Library with sess_match_ip enabled was unusable for IPv6 clients when using the ¡®database¡¯ driver on MySQL 5.7.5+.
Fixed a bug (#4917) - Date Helper function nice_date() didn¡¯t handle YYYYMMDD inputs properly.
Fixed a bug (#4923) - Session Library could execute an erroneous SQL query with the ¡®database¡¯ driver, if the lock attempt times out.
Fixed a bug (#4927) - Output Library method get_header() returned the first matching header, regardless of whether it would be replaced by a second set_header() call.
Fixed a bug (#4844) - Email Library didn¡¯t apply escapeshellarg() to the while passing the Sendmail -f parameter through popen().
Fixed a bug (#4928) - the bootstrap file didn¡¯t check if config/constants.php exists before trying to load it.
Fixed a bug (#4937) - Image Manipulation Library method initialize() didn¡¯t translate new_image inputs to absolute paths.
Fixed a bug (#4941) - Query Builder method order_by() didn¡¯t work with ¡®RANDOM¡¯ under the ¡®pdo/sqlite¡¯ driver.
Fixed a regression (#4892) - Query Builder method update_batch() didn¡¯t properly handle identifier escaping.
Fixed a bug (#4953) - Database Forge method create_table() didn¡¯t update an internal tables list cache if it exists but is empty.
Fixed a bug (#4958) - Query Builder method count_all_results() didn¡¯t take into account cached ORDER BY clauses.
Fixed a bug (#4804) - Query Builder method insert_batch() could fail if the input array pointer was modified.
Fixed a bug (#4962) - Database Force method alter_table() would fail with the ¡®oci8¡¯ driver.
Fixed a bug (#4457) - Image Manipulation Library method get_image_properties() didn¡¯t detect invalid images.
Fixed a bug (#4765) - Email Library didn¡¯t send the User-Agent header without a prior call to clear().
Èí¼þÏêÇ飺https://www.codeigniter.com/user_guide/changelog.html
ÏÂÔصØÖ·£ºhttps://github.com/bcit-ci/CodeIgniter/archive/3.1.3.zip
À´×Ô:¿ªÔ´ÖйúÉçÇø
