升级到 3.1.3

README.rst

@@ -33,7 +33,7 @@ http://python.org/download/releases/2.7.2/
 
 1. 安装 `easy_install <http://peak.telecommunity.com/DevCenter/EasyInstall#installing-easy-install>`_
 2. ``easy_install "sphinx==1.2.3"``
-3. ``easy_install sphinxcontrib-phpdomain``
+3. ``easy_install "sphinxcontrib-phpdomain==0.1.3.post1"``
 4. 安装 CI Lexer，它可以高亮文档中的 PHP, HTML, CSS, 和 JavaScript 代码 (参见 *cilexer/README*)
 5. 返回代码库根目录
 6. ``make html``

cilexer/cilexer/cilexer.py

@@ -5,7 +5,7 @@
 #
 # This content is released under the MIT License (MIT)
 #
-# Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+# Copyright (c) 2014 - 2017, British Columbia Institute of Technology
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

source/changelog.rst

@@ -2,6 +2,50 @@
 变更记录
 ##########
 
+版本 3.1.3
+=============
+
+发布日期：2017.1.9
+
+-  **Security**
+
+   -  Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
+   -  Fixed a possible file inclusion vulnerability in :doc:`Loader Library <libraries/loader>` method ``vars()``.
+   -  Fixed a possible remote code execution vulnerability in the :doc:`Email Library <libraries/email>` when 'mail' or 'sendmail' are used (thanks to Paul Buonopane from `NamePros <https://www.namepros.com/>`_).
+   -  Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``.
+   -  Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`.
+
+-  General Changes
+
+   -  Deprecated ``$config['allow_get_array']``.
+   -  Deprecated ``$config['standardize_newlines']``.
+   -  Deprecated :doc:`Date Helper <helpers/date_helper>` function :php:func:`nice_date()`.
+
+Bug fixes for 3.1.3
+-------------------
+
+-  Fixed a bug (#4886) - :doc:`Database Library <database/index>` didn't differentiate bind markers inside double-quoted strings in queries.
+-  Fixed a bug (#4890) - :doc:`XML-RPC Library <libraries/xmlrpc>` didn't work on PHP 7.
+-  Fixed a regression (#4887) - :doc:`File Uploading Library <libraries/file_uploading>` triggered fatal errors due to numerous PHP distribution channels (XAMPP and cPanel confirmed) explicitly disabling ext/fileinfo by default.
+-  Fixed a bug (#4679) - :doc:`Input Library <libraries/input>` method ``ip_address()`` didn't properly resolve ``$config['proxy_ips']`` IPv6 addresses.
+-  Fixed a bug (#4902) - :doc:`Image Manipulation Library <libraries/image_lib>` processing via ImageMagick didn't work.
+-  Fixed a bug (#4905) - :doc:`Loader Library <libraries/loader>` didn't take into account possible user-provided directory paths when loading helpers.
+-  Fixed a bug (#4916) - :doc:`Session Library <libraries/sessions>` with ``sess_match_ip`` enabled was unusable for IPv6 clients when using the 'database' driver on MySQL 5.7.5+.
+-  Fixed a bug (#4917) - :doc:`Date Helper <helpers/date_helper>` function :php:func:`nice_date()` didn't handle YYYYMMDD inputs properly.
+-  Fixed a bug (#4923) - :doc:`Session Library <libraries/sessions>` could execute an erroneous SQL query with the 'database' driver, if the lock attempt times out.
+-  Fixed a bug (#4927) - :doc:`Output Library <libraries/output>` method ``get_header()`` returned the first matching header, regardless of whether it would be replaced by a second ``set_header()`` call.
+-  Fixed a bug (#4844) - :doc:`Email Library <libraries/email>` didn't apply ``escapeshellarg()`` to the while passing the Sendmail ``-f`` parameter through ``popen()``.
+-  Fixed a bug (#4928) - the bootstrap file didn't check if *config/constants.php* exists before trying to load it.
+-  Fixed a bug (#4937) - :doc:`Image Manipulation Library <libraries/image_lib>` method ``initialize()`` didn't translate *new_image* inputs to absolute paths.
+-  Fixed a bug (#4941) - :doc:`Query Builder <database/query_builder>` method ``order_by()`` didn't work with 'RANDOM' under the 'pdo/sqlite' driver.
+-  Fixed a regression (#4892) - :doc:`Query Builder <database/query_builder>` method ``update_batch()`` didn't properly handle identifier escaping.
+-  Fixed a bug (#4953) - :doc:`Database Forge <database/forge>` method ``create_table()`` didn't update an internal tables list cache if it exists but is empty.
+-  Fixed a bug (#4958) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` didn't take into account cached ``ORDER BY`` clauses.
+-  Fixed a bug (#4804) - :doc:`Query Builder <database/query_builder>` method ``insert_batch()`` could fail if the input array pointer was modified.
+-  Fixed a bug (#4962) - :doc:`Database Force <database/forge>` method ``alter_table()`` would fail with the 'oci8' driver.
+-  Fixed a bug (#4457) - :doc:`Image Manipulation Library <libraries/image_lib>` method ``get_image_properties()`` didn't detect invalid images.
+-  Fixed a bug (#4765) - :doc:`Email Library <libraries/email>` didn't send the ``User-Agent`` header without a prior call to ``clear()``.
+
 版本 3.1.2
 =============
 
@@ -13,7 +57,7 @@
 
 -  General Changes
 
-   -  Allowed PHP 4-style constructors (``Mathching_name::Matching_name()`` methods) to be used as routes, if there's a ``__construct()`` to override them.
+   -  Allowed PHP 4-style constructors (``Matching_name::Matching_name()`` methods) to be used as routes, if there's a ``__construct()`` to override them.
 
 Bug fixes for 3.1.2
 -------------------

source/conf.py

@@ -41,16 +41,16 @@
 
 # General information about the project.
 project = u'CodeIgniter'
-copyright = u'2014 - 2016, 不列颠哥伦比亚理工学院'
+copyright = u'2014 - 2017, 不列颠哥伦比亚理工学院'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '3.1.2'
+version = '3.1.3'
 # The full version, including alpha/beta/rc tags.
-release = '3.1.2'
+release = '3.1.3'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@@ -254,7 +254,7 @@
 epub_title = u'CodeIgniter'
 epub_author = u'不列颠哥伦比亚理工学院'
 epub_publisher = u'不列颠哥伦比亚理工学院'
-epub_copyright = u'2014 - 2016, 不列颠哥伦比亚理工学院'
+epub_copyright = u'2014 - 2017, 不列颠哥伦比亚理工学院'
 
 # The language of the text. It defaults to the language option
 # or en if the language is not set.

source/documentation/index.rst

@@ -15,7 +15,7 @@ CodeIgniter 使用 Sphinx 来生成多种不同格式的文档，并采用 reStr
 
 	.. raw:: html
 
-  	<div class="custom-index container"></div>
+	<div class="custom-index container"></div>
 
 .. contents::
   :local:
@@ -38,7 +38,7 @@ CodeIgniter 使用 Sphinx 来生成多种不同格式的文档，并采用 reStr
 .. code-block:: bash
 
 	easy_install "sphinx==1.2.3"
-	easy_install sphinxcontrib-phpdomain
+	easy_install "sphinxcontrib-phpdomain==0.1.3.post1"
 
 然后按照 :samp:`cilexer` 目录下的 README 文件的提示，来安装 CI Lexer 。
 
@@ -58,7 +58,7 @@ CodeIgniter 使用 Sphinx 来生成多种不同格式的文档，并采用 reStr
 	^ 子子子标题
 	" 子子子子标题 (!)
 
-使用 :download:`TextMate ELDocs Bundle <./ELDocs.tmbundle.zip>` 可以用下面这些 tab 
+使用 :download:`TextMate ELDocs Bundle <./ELDocs.tmbundle.zip>` 可以用下面这些 tab
 快捷键快速创建这些标题::
 
 	title->
@@ -186,4 +186,4 @@ CodeIgniter 使用 Sphinx 来生成多种不同格式的文档，并采用 reStr
 	.. php:method:: should_do_something()
 
 		:returns: Whether or not something should be done
-		:rtype: bool
+		:rtype: bool

source/general/core_classes.rst

@@ -82,6 +82,7 @@
 		public function __construct()
 		{
 			parent::__construct();
+			// Your own constructor code
 		}
 
 		public function index()
@@ -97,4 +98,4 @@
 
 	$config['subclass_prefix'] = 'MY_';
 
-请注意所有原始的 CodeIgniter 类库都以 CI\_ 开头，所以请不要使用这个作为你的自定义前缀。
+请注意所有原始的 CodeIgniter 类库都以 CI\_ 开头，所以请不要使用这个作为你的自定义前缀。

source/general/models.rst

@@ -19,12 +19,6 @@
 		public $content;
 		public $date;
 
-		public function __construct()
-		{
-			// Call the CI_Model constructor
-			parent::__construct();
-		}
-
 		public function get_last_ten_entries()
 		{
 			$query = $this->db->get('entries', 10);
@@ -68,6 +62,7 @@
 		public function __construct()
 		{
 			parent::__construct();
+			// Your own constructor code
 		}
 
 	}
@@ -82,6 +77,7 @@
 		public function __construct()
 		{
 			parent::__construct();
+			// Your own constructor code
 		}
 
 	}
@@ -131,7 +127,7 @@
 			$this->load->view('blog', $data);
 		}
 	}
-	
+
 
 模型的自动加载
 ===================
@@ -162,4 +158,4 @@
 	$config['pconnect'] = FALSE;
 	$config['db_debug'] = TRUE;
 
-	$this->load->model('model_name', '', $config);
+	$this->load->model('model_name', '', $config);

source/helpers/date_helper.rst

@@ -74,7 +74,7 @@
 		echo standard_date($format, $time);
 
 	.. note:: 该函数已经废弃，请使用原生的 ``date()`` 函数和
-		`时间格式化常量 <http://php.net/manual/en/class.datetime.php#datetime.constants.types>`_
+		`时间格式化常量 <https://secure.php.net/manual/en/class.datetime.php#datetime.constants.types>`_
 		替代::
 
 			echo date(DATE_RFC822, time());
@@ -200,6 +200,9 @@
 		// Should Produce: 2001-09-11
 		$better_date = nice_date($bad_date, 'Y-m-d');
 
+	.. note:: This function is DEPRECATED. Use PHP's native `DateTime class
+		<https://secure.php.net/datetime>`_ instead.
+
 .. php:function:: timespan([$seconds = 1[, $time = ''[, $units = '']]])
 
 	:param	int	$seconds: Number of seconds
@@ -403,4 +406,4 @@ UP12            (UTC +12:00) 斐济、吉尔伯特群岛、堪察加半岛、新
 UP1275          (UTC +12:45) 查塔姆群岛标准时间
 UP13            (UTC +13:00) 凤凰岛、汤加
 UP14            (UTC +14:00) 莱恩群岛
-===========     =====================================================================
+===========     =====================================================================

source/installation/downloads.rst

@@ -2,7 +2,8 @@
 下载 CodeIgniter
 #######################
 
--  `CodeIgniter v3.1.2 (当前版本) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.2>`_
+-  `CodeIgniter v3.1.3 (当前版本) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.3>`_
+-  `CodeIgniter v3.1.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.2>`_
 -  `CodeIgniter v3.1.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.1>`_
 -  `CodeIgniter v3.1.0 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.0>`_
 -  `CodeIgniter v3.0.6 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.6>`_

source/installation/upgrade_313.rst

@@ -0,0 +1,46 @@
+#############################
+Upgrading from 3.1.2 to 3.1.3
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+	please make copies of them first.
+
+Step 2: Remove usage of nice_date() helper (deprecation)
+========================================================
+
+The :doc:`Date Helper <../helpers/date_helper>` function ``nice_date()`` is
+no longer useful since the introduction of PHP's `DateTime classes
+<https://secure.php.net/datetime>`_
+
+You can replace it with the following:
+::
+
+	DateTime::createFromFormat($input_format, $input_date)->format($desired_output_format);
+
+Thus, ``nice_date()`` is now deprecated and scheduled for removal in
+CodeIgniter 3.2+.
+
+.. note:: The function is still available, but you're strongly encouraged
+	to remove its usage sooner rather than later.
+
+Step 3: Remove usage of $config['standardize_newlines']
+=======================================================
+
+The :doc:`Input Library <../libraries/input>` would optionally replace
+occurences of `\r\n`, `\r`, `\n` in input data with whatever the ``PHP_EOL``
+value is on your system - if you've set ``$config['standardize_newlines']``
+to ``TRUE`` in your *application/config/config.php*.
+
+This functionality is now deprecated and scheduled for removal in
+CodeIgniter 3.2.+.
+
+.. note:: The functionality is still available, but you're strongly
+	encouraged to remove its usage sooner rather than later.

source/installation/upgrading.rst

@@ -7,6 +7,7 @@
 .. toctree::
 	:titlesonly:
 
+	从 3.1.2 升级到 3.1.3 <upgrade_313>
 	从 3.1.1 升级到 3.1.2 <upgrade_312>
 	从 3.1.0 升级到 3.1.1 <upgrade_311>
 	从 3.0.6 升级到 3.1.0 <upgrade_310>

source/libraries/form_validation.rst

@@ -888,7 +888,7 @@ another array of your choice.
 **valid_url**             No         如果表单元素值包含不合法的 URL，返回 FALSE
 **valid_email**           No         如果表单元素值包含不合法的 email 地址，返回 FALSE
 **valid_emails**          No         如果表单元素值包含不合法的 email 地址（地址之间用逗号分割），返回 FALSE
-**valid_ip**              No         如果表单元素值不是一个合法的 IP 地址，返回 FALSE
+**valid_ip**              Yes        如果表单元素值不是一个合法的 IP 地址，返回 FALSE
                                      通过可选参数 "ipv4" 或 "ipv6" 来指定 IP 地址格式。
 **valid_base64**          No         如果表单元素值包含除了 base64 编码字符之外的其他字符，返回 FALSE
 ========================= ========== ============================================================================================= =======================

source/license.rst

@@ -2,7 +2,7 @@
 The MIT License (MIT)
 #####################
 
-Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+Copyright (c) 2014 - 2017, British Columbia Institute of Technology
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -28,7 +28,7 @@ THE SOFTWARE.
 
 MIT 开源许可协议
 
-版权所有 (c) 2014 - 2015, 不列颠哥伦比亚理工学院
+版权所有 (c) 2014 - 2017, 不列颠哥伦比亚理工学院
 
 特此向任何得到本软件副本或相关文档的人授权：被授权人有权使用、复制、修改、
 合并、出版、发布、散布、再授权和/或贩售软件及软件的副本，及授予被供应人