<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="utf-8" lang="utf-8">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0" />
<title>变更记录 - CodeIgniter 中文手册|用户手册|用户指南|Wiki文档</title>
<link rel="shortcut icon" href="../images/design/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" media="all" href="userguide.css" />
<link rel="search" href="../CodeIgniterSearch.xml" type="application/opensearchdescription+xml" title="CodeIgniter 搜索"/>
<link rel="canonical" href="changelog.html" />
<script type="text/javascript" src="nav/mootools.js@ver=20130324"></script>
<script type="text/javascript" src="nav/mootools-more.js@ver=20130324"></script>
<script type="text/javascript" src="nav/nav.js@ver=20130324"></script>
<script type="text/javascript" src="nav/user_guide_menu.js@ver=20130324"></script>
<meta name="robots" content="all" />
<meta name="author" content="ExpressionEngine Dev Team" />
<meta name="description" content="CodeIgniter 中文手册, CodeIgniter 用户指南, CodeIgniter User Guide, Wiki 文档" />
</head>
<body>
<!-- START NAVIGATION -->
<div id="nav">
<div id="nav_inner">
<script type="text/javascript">create_menu('./');</script>
</div>
</div>
<script type="text/javascript">_setNavigation();</script>
<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="切换目录" alt="切换目录" /></a></div>
<div id="masthead" class="clearfix">
<div class="topbar-hd"><h1>CodeIgniter 用户指南 版本 2.2.2</h1></div>
<div class="topbar-tip">编辑文档、查看近期更改请 <a href="auth/login">登录</a> 或 <a href="auth/register">注册</a> <a href="auth/forgotten_password">找回密码</a></div> <div id="breadcrumb_right"><a href="toc.html">目录页</a></div>
</div>
<!-- END NAVIGATION -->
<!-- START BREADCRUMB -->
<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
<tr>
<td id="breadcrumb">
<a href="../default.htm" target="_blank">CodeIgniter 中国首页</a> ›
<a href="index.html">用户指南首页</a> › 变更记录 </td>
<td id="searchbox">
<form method="get" action="http://www.google.com.hk/search" target="google_window">
<input type="hidden" name="client" value="pub-0176846097796333"></input>
<input type="hidden" name="forid" value="1"></input>
<input type="hidden" name="ie" value="UTF-8"></input>
<input type="hidden" name="oe" value="UTF-8"></input>
<input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.org.cn/user_guide/" />
搜索用户指南
<input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" />
<input type="submit" class="submit" name="sa" value="Go" />
</form>
</td>
</tr>
</table>
<!-- END BREADCRUMB -->
<div style="clear:both;text-align:right;padding: 6px 40px 0 0;">
<a href="../../www.codeigniter.com/user_guide/changelog.html" target="_blank">查看原文</a>
</div>
<!--<br clear="all" />--><!-- START CONTENT -->
<div id="content">
<h1>变更记录</h1>
<p>带<img src="images/reactor-bullet.png" width="16" height="16" alt="Reactor Marker" />标识的为社区贡献。</p>
<h2>版本 2.2.2</h2>
<p>发布日期: 2015年4月15日</p>
<ul>
<li>General Changes</li>
<ul>
<li>Added HTTP "Host" header character validation to prevent cache poisoning attacks when <kbd>base_url</kbd> auto-detection is used.</li>
<li>Added <kbd>FSCommand</kbd> and <kbd>seekSegmentTime</kbd> to the "evil attributes" list in <samp>CI_Security::xss_clean()</samp>.</li>
</ul>
</li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Fixed a bug (#3665) - <samp>CI_Security::entity_decode()</samp> triggered warnings under some circumstances.</li>
</ul>
<h2>版本 2.2.1</h2>
<p>发布日期: 2015年1月22日</p>
<ul>
<li>General Changes
<ul>
<li>Improved security in <kbd>xss_clean()</kbd>.</li>
<li>Updated timezones in <a href="helpers/date_helper.html">Date Helper</a>.</li>
</ul>
</li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Fixed a bug (#3094) - <samp>CI_Input::_clean_input_data()</samp> breaks encrypted session cookies.</li>
<li>Fixed a bug (#2268) - <samp>CI_Security::xss_clean()</samp> didn't properly match JavaScript events.</li>
<li>Fixed a bug (#3309) - <samp>CI_Security::xss_clean()</samp> used an overly-invasive pattern to strip JS event handlers.</li>
<li>Fixed a bug (#2771) - <samp>CI_Security::xss_clean()</samp> didn't take into account HTML5 entities.</li>
<li>Fixed a bug (#73) - <samp>CI_Security::sanitize_filename()</samp> could be tricked by an XSS attack.</li>
<li>Fixed a bug (#2681) - <samp>CI_Security::entity_decode()</samp> used the PREG_REPLACE_EVAL flag, which is deprecated since PHP 5.5.</li>
<li>Fixed a bug (#3302) - Internal function <samp>get_config()</samp> triggered an E_NOTICE message on PHP 5.6.</li>
<li>Fixed a bug (#2508) - <a href="libraries/config.html">Config Library</a> didn't properly detect if the current request is via HTTPS.</li>
<li>Fixed a bug (#3314) - SQLSRV <a href="database/index.html">Database driver</a>'s method <samp>count_all()</samp> didn't escape the supplied table name.</li>
<li>Fixed a bug (#3404) - MySQLi <a href="database/index.html">Database driver</a>'s method <samp>escape_str()</samp> had a wrong fallback to <samp>mysql_escape_string()</samp> when there was no active connection.</li>
<li>Fixed a bug in the <a href="libraries/sessions.html">Session Library</a> where session ID regeneration occurred during AJAX requests.</li>
</ul>
<h2>版本 2.2.0</h2>
<p>发版日期: 2014年6月5日</p>
<ul>
<li>一般性更改
<ul>
<li><b>安全:</b> <samp>xor_encode()</samp> 方法从加密类中移除。加密类现在必须安装Mcrypt扩展。</li>
<li><b>安全:</b> <a href="libraries/sessions.html">Session 类</a> 使用HMAC认证来代替简单的MD5校验和.<p class="critical">HMAC参考:<a href="../../en.wikipedia.org/wiki/Hash-based_message_authentication_code" target="_blank">http://en.wikipedia.org/wiki/Hash-based_message_authentication_code</a></p></li>
</ul>
</li>
</ul>
<h3>2.2.0 修正缺陷:</h3>
<ul>
<li>修复了 - (#2583) - <a href="../../www.hardened-php.net/suhosin/default.htm">Suhosin</a>会导致<a href="libraries/email.html">邮件类</a>在header尾部加入了新的条目而阻止通过<samp>mail()</samp>方法发送邮件的特殊情况。</li>
<li>修复了 - (#696) - make <samp>oci_execute()</samp> calls inside <samp>num_rows()</samp> non-committing, since they are only there to reset which row is next in line for oci_fetch calls and thus don't need to be committed.</li>
<li>修复了 - (#2689) - <a href="database/forge.html">数据库维护类</a> 中的 <samp>create_table()</samp>, <samp>drop_table()</samp> 以及 <samp>rename_table()</samp> 等方法会在'sqlsrv'驱动中产生有问题的SQL语句。</li>
<li>修复了 - (#2427) - <a href="database/index.html">数据库类</a>中的PDO驱动没有检查是否查询失败的问题。</li>
<li>修复了 <a href="libraries/sessions.html">Session 类</a>中没经过加密的cookies验证的问题。</li>
</ul>
<h2>版本 2.1.4</h2>
<p>发布日期:2013年7月8日</p>
<ul>
<li>General Changes
<ul>
<li>Improved security in <kbd>xss_clean()</kbd>.</li>
</ul>
</li>
</ul>
<h3>Bug fixes for 2.1.4:</h3>
<ul>
<li>Fixed a bug (#1936) - <a href="libraries/migration.html">Migrations Library</a> method <samp>latest()</samp> had a typo when retrieving language values.</li>
<li>Fixed a bug (#2021) - <a href="l