Release Date: January 9, 2022
4.1.7 release of CodeIgniter4
FILTER_SANITIZE_STRINGis deprecated since PHP 8.1,
get_cookie()that uses it when
$xssCleanis true changed the output. Now it uses
FILTER_SANITIZE_FULL_SPECIAL_CHARS. Note that using XSS filtering is a bad practice. It does not prevent XSS attacks perfectly. Using
esc()with the correct
$contextin the views is recommended.
See the repo’s CHANGELOG_4.1.md for a complete list of bugs fixed.