CodeIgniter 3.1.4 was released today, with some security and bug fixes.

Security: Fixed byte-safety handling in the encryption code, and a header injection.

Bug fixes: for the Database, Input, Loader, Session libraries; and for the Html, Text & common functions helpers.
Also updated the Query Builder and Profiler.

Enhancements: Image library.

Changelog of version 3.1.4

Release Date: March 23, 2017

Bug fixes for 3.1.4

  • Fixed a regression (#4975) - Loader Library couldn’t handle objects passed as view variables.
  • Fixed a bug (#4977) - Loader Library method helper() could accept any character as a filename extension separator.
  • Fixed a regression where the Session Library would fail on a session_regenerate_id(TRUE) call with the ‘database’ driver.
  • Fixed a bug (#4987) - Query Builder caching didn’t keep track of table aliases.
  • Fixed a bug where Text Helper function ascii_to_entities() wasn’t byte-safe when mbstring.func_overload is enabled.
  • Fixed a bug where CI_LogCI_OutputCI_Email and CI_Zip didn’t handle strings in a byte-safe manner when mbstring.func_overload is enabled.
  • Fixed a bug where Session Library didn’t read session data in a byte-safe manner when mbstring.func_overload is enabled.
  • Fixed a bug (#4990) - Profiler didn’t close <pre> tags it generated.
  • Fixed a bug (#4990) - Profiler didn’t HTML-escape quotes for $_SESSION variables.
  • Fixed a bug where Input Library method set_cookie() didn’t allow its httponly and secure parameters to be overriden to FALSE.
  • Fixed a bug (#5006) - common function get_mimes() didn’t load application/config/mimes.php if an environment specific config exists.
  • Fixed a bug (#5006) - common function remove_invisible_characters() didn’t remove URL-encoded 0x7F.
  • Fixed a bug (#4815) - Database Library stripped URL-encoded sequences while escaping strings with the ‘mssql’ driver.
  • Fixed a bug (#5044) - HTML Helper function img() didn’t accept data: URI schemes for the image source.
  • Fixed a bug (#5050) - Database Library tried to access an undefined property in a number of error handling cases.
  • Fixed a bug (#5057) - Database driver ‘postgre’ didn’t actually apply extra options (such as ‘connect_timeout’) to its DSN.

Stay up-to-date with latest news and special offers!