• General Changes
  • Fixed a potential parameter injection flaw in the Security Library and strengthened the XSS filter for HTML5 vulnerabilites.
  • Callback validation rules can now accept parameters like any other validation rule.
  • Added html_escape() to the Common functions to escape HTML output for preventing XSS easliy.
• Helpers
  • Added increment_string() to String Helper to turn "foo" into "foo-1" or "foo-1" into "foo-2".
  • Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)
  • url_title() will now trim extra dashes from beginning and end.
  • Improved speed of String Helper's random_string() method
• Database
  • Added a CUBRID driver to the Database driver. Thanks to the CUBRID team for supplying this patch.
  • Added a PDO driver to the Database driver.
  • Typecast limit and offset in the Database driver to integers to avoid possible injection.
  • Added additional option 'none' for the optional third argument for $this->db->like() in the Database driver.
  • Added $this->db->insert_batch() support to the OCI8 (Oracle) driver.
• Libraries
  • Changed $this->cart->insert() in the Cart library to return the Row ID if a single item was inserted successfully.
  • Added support to set an optional parameter in your callback rules of validation using the Form Validation library.
  • Added a Migration library to assist with applying incremental updates to your database schema.
  • Driver children can be located in any package path.
  • Added is_unique to the Form Validation library.
  • Added $config['use_page_numbers'] to the Pagination library, which enables real page numbers in the URI.
  • Added TLS and SSL Encryption for SMTP.
• Core
  • Changed private functions in URI library to protected so MY_URI can override them.
  • Removed CI_CORE boolean constant from CodeIgniter.php (there are no longer different Reactor and Core versions).

Bug fixes for 2.1.0

• Fixed #378 Robots identified as regular browsers by the User Agent class.
• If a config class was loaded first then a library with the same name is loaded, the config would be ignored.
• Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.
• Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.
• Fixed a bug (#200) where MySQL queries would be malformed after calling $this->db->count_all() then $this->db->get()
• Fixed bug #105 that stopped query errors from being logged unless database debugging was enabled
• Fixed a bug (#160) - Removed unneeded array copy in the file cache driver.
• Fixed a bug (#150) - field_data() now correctly returns column length.
• Fixed a bug (#8) - load_class() now looks for core classes in APPPATH first, allowing them to be replaced.
• Fixed a bug (#24) - ODBC database driver called incorrect parent in __construct().
• Fixed a bug (#85) - OCI8 (Oracle) database escape_str() function did not escape correct.
• Fixed a bug (#344) - Using schema found in Saving Session Data to a Database, system would throw error "user_data does not have a default value" when deleting then creating a session.
• Fixed a bug (#112) - OCI8 (Oracle) driver didn't pass the configured database character set when connecting.
• Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.
• Fixed a bug (#82) - WHERE clause field names in the DB update_string() method were not escaped, resulting in failed queries in some cases.
• Fixed a bug (#89) - Fix a variable type mismatch in DB display_error() where an array is expected, but a string could be set instead.
• Fixed a bug (#467) - Suppress warnings generated from get_magic_quotes_gpc() (deprecated in PHP 5.4)
• Fixed a bug (#484) - First time _csrf_set_hash() is called, hash is never set to the cookie (in Security.php).
• Fixed a bug (#60) - Added _file_mime_type() method to the File Uploading Library in order to fix a possible MIME-type injection (also fixes bug #394).
• Fixed a bug (#537) - Support for all wav type in browser.
• Fixed a bug (#576) - Using ini_get() function to detect if apc is enabled or not.
• Fixed invalid date time format in Date helper and XMLRPC library.