Merge remote-tracking branch 'upstream/develop' into develop

5 files changed, 25 insertions, 25 deletions

diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst
index 6a64742ce..f1285d931 100644
--- a/user_guide_src/source/general/ancillary_classes.rst
+++ b/user_guide_src/source/general/ancillary_classes.rst
@@ -11,7 +11,8 @@ get_instance()
 
 .. php:function:: get_instance()
 
-	:returns:	object of class CI_Controller
+	:returns:	Reference to your controller's instance
+	:rtype:	CI_Controller
 
 **Any class that you instantiate within your controller methods can
 access CodeIgniter's native resources** simply by using the
@@ -44,17 +45,9 @@ Once you've assigned the object to a variable, you'll use that variable
 	$CI->config->item('base_url');
 	// etc.
 
-.. note:: You'll notice that the above get_instance() ``function`` is being
-	passed by reference::
-
-		$CI =& get_instance();
-
-	This is very important. Assigning by reference allows you to use the
-	original CodeIgniter object rather than creating a copy of it.
-
-Furthermore, if you'll be using ``get_instance()`` inside another class,
-then it would be better if you assign it to a property. This way, you
-won't need to call ``get_instance()`` in every single method.
+If you'll be using ``get_instance()`` inside another class, then it would
+be better if you assign it to a property. This way, you won't need to call
+``get_instance()`` in every single method.
 
 Example::
 
@@ -80,9 +73,8 @@ Example::
 		{
 			$this->CI->config->item('base_url');
 		}
-
 	}
 
 In the above example, both methods ``foo()`` and ``bar()`` will work
 after you instantiate the Example class, without the need to call
-``get_instance()`` in each of them.
\ No newline at end of file
+``get_instance()`` in each of them.
diff --git a/user_guide_src/source/general/credits.rst b/user_guide_src/source/general/credits.rst
index d22e3a9bc..d0f14b3bd 100644
--- a/user_guide_src/source/general/credits.rst
+++ b/user_guide_src/source/general/credits.rst
@@ -2,17 +2,17 @@
 Credits
 #######
 
-CodeIgniter was originally developed by `Rick Ellis <http://www.ellislab.com/>`_
-(CEO of `EllisLab, Inc. <http://ellislab.com/>`_). The framework was written for
+CodeIgniter was originally developed by `Rick Ellis <https://ellislab.com/>`_
+(CEO of `EllisLab, Inc. <https://ellislab.com/>`_). The framework was written for
 performance in the real world, with many of the class libraries, helpers, and
 sub-systems borrowed from the code-base of `ExpressionEngine
-<http://www.expressionengine.com/>`_.
+<https://ellislab.com/expressionengine>`_.
 
 It was, for years, developed and maintained by EllisLab, the ExpressionEngine
 Development Team and a group of community members called the Reactor Team.
 
 In 2014, CodeIgniter was acquired by the `British Columbia Institute of Technology
-<http://bcit.ca/>`_ and was then officially announced as a community-maintained
+<http://www.bcit.ca/>`_ and was then officially announced as a community-maintained
 project.
 
 Bleeding edge development is spearheaded by the handpicked contributors
diff --git a/user_guide_src/source/general/environments.rst b/user_guide_src/source/general/environments.rst
index 1ce4fde3a..f5a4f617e 100644
--- a/user_guide_src/source/general/environments.rst
+++ b/user_guide_src/source/general/environments.rst
@@ -48,5 +48,5 @@ Configuration Files
 Optionally, you can have CodeIgniter load environment-specific
 configuration files. This may be useful for managing things like
 differing API keys across multiple environments. This is described in
-more detail in the environment section of the `Config
-Class <../libraries/config.html#environments>`_ documentation.
\ No newline at end of file
+more detail in the environment section of the :doc:`Config
+Class <../libraries/config#environments>`_ documentation.
\ No newline at end of file
diff --git a/user_guide_src/source/general/requirements.rst b/user_guide_src/source/general/requirements.rst
index e3f73dba8..f90cdd30d 100644
--- a/user_guide_src/source/general/requirements.rst
+++ b/user_guide_src/source/general/requirements.rst
@@ -2,7 +2,7 @@
 Server Requirements
 ###################
 
-`PHP <http://www.php.net/>`_ version 5.4 or newer is recommended.
+`PHP <http://php.net/>`_ version 5.4 or newer is recommended.
 
 It should work on 5.2.4 as well, but we strongly advise you NOT to run
 such old versions of PHP, because of potential security and performance
diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst
index 0c58f96b4..fcfe4c24b 100644
--- a/user_guide_src/source/general/security.rst
+++ b/user_guide_src/source/general/security.rst
@@ -133,17 +133,25 @@ with that. Please read below.
    provides them for you as long as you're running at least PHP version
    5.3.7 (and if you don't meet that requirement - please, upgrade).
 
+   If you're one of the really unlucky people who can't even upgrade to a
+   more recent PHP version, use `hash_pbkdf() <http://php.net/hash_pbkdf2>`,
+   which we also provide in our compatibility layer.
+
 -  DO NOT ever display or send a password in plain-text format!
 
    Even to the password's owner, if you need a "Forgotten password"
    feature, just randomly generate a new, one-time (this is also important)
    password and send that instead.
 
--  DO NOT put artificial limits on your users' passwords.
+-  DO NOT put unnecessary limits on your users' passwords.
+
+   If you're using a hashing algorithm other than BCrypt (which has a limit
+   of 72 characters), you should set a relatively high limit on password
+   lengths in order to mitigate DoS attacks - say, 1024 characters.
 
-   There's no point in forcing a rule that a password can only be up to
-   a number of characters, or that it can't contain a certain set of
-   special characters.
+   Other than that however, there's no point in forcing a rule that a
+   password can only be up to a number of characters, or that it can't
+   contain a certain set of special characters.
 
    Not only does this **reduce** security instead of improving it, but
    there's literally no reason to do it. No technical limitations and