Updated: At 3pm PT on June 29th, 2.1.2 was released with a security fix for xss_clean().
Updated: At 4pm PT on June 13th this was re-tagged in the repository.
It has been a few months since CodeIgniter 2.1.0 has been released and since that time lots of development work has been going into the “develop” branch on GitHub towards the new and improved 3.0. Progress has been great and now we have Unit Testing, PDO drivers, improvements to the Query Builder (no longer called Active Record), performance tweaks and all sorts of other new features.
While 3.0.0 is still a few months away from a stable release, we’re pleased to announce CodeIgniter 2.1.1, with a few bug fixes and tweaks. It’s not going to blow you away, but it does mean a more stable CodeIgniter is now available.
- Improved MIME type detection in the File Uploading Library.
- url_title()performance and output improved. You can now use any string as the word delimiter. Backwards compatible with ‘dash’ or ‘underscore’ as words delimiters.
- Added support for IPv6 IP addresses.
- A wrong array key was used in the Upload library to check for mime-types.
- form_open() compared $action against site_url() instead of base_url()
- CI_Upload::_file_mime_type() could’ve failed if mime_content_type() is used for the detection and returns FALSE.
- Windows paths were ignored when using the Image Manipulation Class to create a new file.
- When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.
- CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
- PDO put a ‘dbname’ argument in it’s connection string regardless of the database platform in use, which made it impossible to use SQLite.
- CI_DB_pdo_result::num_rows() was not returning properly value with SELECT queries, cause it was relying on PDOStatement::rowCount().
- CI_Image_lib::clear() was not correctly clearing all necessary object properties, namely width and height.
- Active Record’sfrom()method didn’t escape table aliases.
Take a look at the the Upgrade Guide to see how to upgrade from previous versions. This is a pretty simple update which does not have any API-breaking changes, so you should not have problems moving your 2.1.0 applications to this. If you are storing IP addresses in your database you may need to enlarge those columns to hold the longer IPv6 format.