Terug..   naar de blogs.


 

  Codeigniter 3.1.3 is uitgebracht

Een nieuwe versie van Codeigniter.
Deze werkt probleemloos met de vorige versie van Codeigniter samen.

CodeIgniter 3.1.3 is uitgebracht op 09-01-2017, met enkele noodzakelijke beveiligings fizes alswel met meerdere bug fixes.
Beveliging: Een email handling issue en een XSS kwetsbaarheid is aangepast, alsmede de aanscherping CSRF.
Bug fixes: Voor dee Database, Email, File Uploading, Image Manipulation, Input, Loader, Output, Query Builder, Session en XML-RPC libraries. Voor de Date helper en de bootstrap file.

 

   Gobale aanpassingen.

 

Security

  • Fixed an XSS vulnerability in Security Library method xss_clean().
  • Fixed a possible file inclusion vulnerability in Loader Library method vars().
  • Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane from NamePros).
  • Added protection against timing side-channel attacks in Security Library method csrf_verify().
  • Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().

 

General Changes

  • Deprecated $config['allow_get_array'].
  • Deprecated $config['standardize_newlines'].
  • Deprecated Date Helper function nice_date().

 

Bug fixes for 3.1.3

  • Fixed a bug (#4886) - Database Library didn’t differentiate bind markers inside double-quoted strings in queries.
  • Fixed a bug (#4890) - XML-RPC Library didn’t work on PHP 7.
  • Fixed a regression (#4887) - File Uploading Library triggered fatal errors due to numerous PHP distribution channels (XAMPP and cPanel confirmed) explicitly disabling ext/fileinfo by default.
  • Fixed a bug (#4679) - Input Library method ip_address() didn’t properly resolve $config['proxy_ips'] IPv6 addresses.
  • Fixed a bug (#4902) - Image Manipulation Library processing via ImageMagick didn’t work.
  • Fixed a bug (#4905) - Loader Library didn’t take into account possible user-provided directory paths when loading helpers.
  • Fixed a bug (#4916) - Session Library with sess_match_ip enabled was unusable for IPv6 clients when using the ‘database’ driver on MySQL 5.7.5+.
  • Fixed a bug (#4917) - Date Helper function nice_date() didn’t handle YYYYMMDD inputs properly.
  • Fixed a bug (#4923) - Session Library could execute an erroneous SQL query with the ‘database’ driver, if the lock attempt times out.
  • Fixed a bug (#4927) - Output Library method get_header() returned the first matching header, regardless of whether it would be replaced by a second set_header() call.
  • Fixed a bug (#4844) - Email Library didn’t apply escapeshellarg() to the while passing the Sendmail -f parameter through popen().
  • Fixed a bug (#4928) - the bootstrap file didn’t check if config/constants.php exists before trying to load it.
  • Fixed a bug (#4937) - Image Manipulation Library method initialize() didn’t translate new_image inputs to absolute paths.
  • Fixed a bug (#4941) - Query Builder method order_by() didn’t work with ‘RANDOM’ under the ‘pdo/sqlite’ driver.
  • Fixed a regression (#4892) - Query Builder method update_batch() didn’t properly handle identifier escaping.
  • Fixed a bug (#4953) - Database Forge method create_table() didn’t update an internal tables list cache if it exists but is empty.
  • Fixed a bug (#4958) - Query Builder method count_all_results() didn’t take into account cached ORDER BY clauses.
  • Fixed a bug (#4804) - Query Builder method insert_batch() could fail if the input array pointer was modified.
  • Fixed a bug (#4962) - Database Force method alter_table() would fail with the ‘oci8’ driver.
  • Fixed a bug (#4457) - Image Manipulation Library method get_image_properties() didn’t detect invalid images.
  • Fixed a bug (#4765) - Email Library didn’t send the User-Agent header without a prior call to clear().

 

  Hoe te gebruiken?

Kopieer de gehele map /system in de map /system.
Kortom overschrijf alles..

 

  Download link

Klik hier om de scripts te downloaden

 



Tags: codeigniter, core       09-01-2017



Reacties:

 


Uw reactie

Uw naam
Uw e-mail
Uw bericht
  Beveiliging     Neem deze over aub.
   
     

 

Contact:

van Wijhe Web

Frederikastraat 102

7543 CW Enschede

053 - 431 78 76

06 - 511 828 79

Ontvang tips, nieuws en andere interessante feitjes
in je mailbox.

2017 * van Wijhe Web