Merge branch '3.1-stable' into develop

Conflicts resolved:
	system/core/CodeIgniter.php
	system/libraries/Email.php
	user_guide_src/source/changelog.rst
	user_guide_src/source/conf.py
	user_guide_src/source/installation/downloads.rst
	user_guide_src/source/installation/upgrading.rst

11 files changed, 133 insertions, 3 deletions

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 26bc4f486..04855f65a 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -585,7 +585,7 @@ class CI_Session {
 	// ------------------------------------------------------------------------
 
 	/**
-	 * Unmark flash
+	 * Unmark temp
 	 *
 	 * @param	mixed	$key	Session data key(s)
 	 * @return	void
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index e0030889c..6ed365959 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -113,6 +113,23 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 	// ------------------------------------------------------------------------
 
 	/**
+	 * PHP 5.x validate ID
+	 *
+	 * Enforces session.use_strict_mode on PHP 5.x (7+ does it by itself)
+	 *
+	 * @return	void
+	 */
+	public function php5_validate_id()
+	{
+		if (PHP_VERSION_ID < 70000 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']]))
+		{
+			unset($_COOKIE[$this->_config['cookie_name']]);
+		}
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
 	 * Cookie destroy
 	 *
 	 * Internal method to force removal of a cookie by the client
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index 72c043c4e..1a0514b53 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 			return $this->_fail();
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 			: $this->_fail();
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		// Prevent previous QB calls from messing with our queries
+		$this->_db->reset_query();
+
+		$this->_db->select('1')->from($this->_config['save_path'])->where('id', $id);
+		empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+		$result = $this->_db->get();
+		empty($result) OR $result = $result->row();
+
+		return ! empty($result);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index 92c5ebc03..4a86ec9d6 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -148,6 +148,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 			.$name // we'll use the session cookie name as a prefix to avoid collisions
 			.($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -392,6 +394,22 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 	// --------------------------------------------------------------------
 
 	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		return is_file($this->_file_path.$id);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
 	 * Byte-safe strlen()
 	 *
 	 * @param	string	$str
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index d9506ba7e..efc084d8b 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -145,6 +145,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 			return $this->_fail();
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -290,6 +292,23 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 		return $this->_success;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		$this->_memcached-get($this->_key_prefix.$id);
+		return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index 0fee40e3a..0562301b2 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -177,6 +177,8 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 			log_message('error', 'Session: Unable to connect to Redis with the configured settings.');
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_fail();
 	}
 
@@ -334,6 +336,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 		return $this->_success;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		return (bool) $this->_redis->exists($this->_key_prefix.$id);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 22535e2c5..9367e9c0e 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -2,6 +2,7 @@
 Change Log
 ##########
 
+<<<<<<< HEAD
 Version 3.2.0
 =============
 
@@ -126,26 +127,34 @@ Release Date: Not Released
       - Added 'img_alt' option with a default value of 'captcha'.
       - Added ability to generate ``data:image/png;base64`` URIs instead of writing image files to disk.
       - Updated to always create PNG images instead of JPEG.
+=======
+Version 3.1.10
+==============
+
+>>>>>>> 3.1-stable
 
 
 Version 3.1.9
 =============
 
-Release Date: Not Released
+Release Date: Jun 12, 2018
 
 - **Security**
 
    -  Updated :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking.
+   -  Fixed a possible session fixation vulnerability where the :doc:`Session Library <libraries/sessions>` enabled ``session.use_strict_mode`` but it didn't actually do anything (thanks to Aamer Shah, Prasanna Kumar).
 
 -  General Changes
 
    -  Updated :doc:`Query Builder <database/query_builder>` method ``limit()`` to allow ``0`` values.
+   -  Updated :doc:`Email Library <libraries/email>` and :doc:`Form Validation Library <libraries/form_validation>` to discard the results of failed ``idn_to_ascii()`` calls while validating e-mail addresses.
 
 Bug fixes for 3.1.9
 -------------------
 
 -  Fixed a regression (#5448) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) didn't apply *dbprefix* or identifier escaping.
 -  Fixed a regression (#5462) - :doc:`Query Builder <database/query_builder>` methods ``like()``, ``or_like()`` (and siblings) produced incorrect SQL syntax when used with ``'before'`` as the third parameter.
+-  Fixed a bug (#5516) - :doc:`HTML Helper <helpers/html_helper>` functions :php:func:`img()`, :php:func:`link_tag()` would output results with double slashes if a prefix slash was included in their path inputs.
 
 Version 3.1.8
 =============
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index c915616d7..60d1881b3 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -3,7 +3,8 @@ Downloading CodeIgniter
 #######################
 
 -  `CodeIgniter v3.2.0-dev (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/develop>`_
--  `CodeIgniter v3.1.9-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1-stable>`_
+-  `CodeIgniter v3.1.10-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1-stable>`_
+-  `CodeIgniter v3.1.9 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.9>`_
 -  `CodeIgniter v3.1.8 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.8>`_
 -  `CodeIgniter v3.1.7 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.7>`_
 -  `CodeIgniter v3.1.6 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.6>`_
diff --git a/user_guide_src/source/installation/upgrade_3110.rst b/user_guide_src/source/installation/upgrade_3110.rst
new file mode 100644
index 000000000..a19f1e68e
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_3110.rst
@@ -0,0 +1,14 @@
+##############################
+Upgrading from 3.1.9 to 3.1.10
+##############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+	please make copies of them first.
diff --git a/user_guide_src/source/installation/upgrade_319.rst b/user_guide_src/source/installation/upgrade_319.rst
index 99a7347a0..3b8da3367 100644
--- a/user_guide_src/source/installation/upgrade_319.rst
+++ b/user_guide_src/source/installation/upgrade_319.rst
@@ -12,3 +12,10 @@ Replace all files and directories in your *system/* directory.
 
 .. note:: If you have any custom developed files in these directories,
 	please make copies of them first.
+
+********************************
+Step 3: Replace config/mimes.php
+********************************
+
+This config file has received some updates. Please copy it to
+*application/config/mimes.php*.
diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst
index 32617389d..1b9ac3c77 100644
--- a/user_guide_src/source/installation/upgrading.rst
+++ b/user_guide_src/source/installation/upgrading.rst
@@ -9,6 +9,7 @@ upgrading from.
 	:titlesonly:
 
 	Upgrading from 3.1.3+ to 3.2.x <upgrade_320>
+	Upgrading from 3.1.9 to 3.1.10 <upgrade_3110>
 	Upgrading from 3.1.8 to 3.1.9 <upgrade_319>
 	Upgrading from 3.1.7 to 3.1.8 <upgrade_318>
 	Upgrading from 3.1.6 to 3.1.7 <upgrade_317>