summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-10-28 20:32:20 +0100
committerAndrey Andreev <narf@devilix.net>2014-10-28 20:32:20 +0100
commit815ac8a3be770b7de7a805a551f136cc6bb9f83c (patch)
treec605ac9dae927bb3e85ce618e140cb9942eede0f /user_guide_src/source
parent98251706c81a7ca6057430c7c6a56ee4dfbe10a0 (diff)
Close #3292
Diffstat (limited to 'user_guide_src/source')
-rw-r--r--user_guide_src/source/changelog.rst1
-rw-r--r--user_guide_src/source/general/environments.rst2
2 files changed, 2 insertions, 1 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index f57e244b1..909c3bc3c 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -503,6 +503,7 @@ Release Date: Not Released
- Removed internal method ``_assign_to_config()`` and moved its implementation to *CodeIgniter.php* instead.
- ``item()`` now returns NULL instead of FALSE when the required config item doesn't exist.
- Added an optional second parameter to both ``base_url()`` and ``site_url()`` that allows enforcing of a protocol different than the one in the *base_url* configuration setting.
+ - Added HTTP "Host" header character validation to prevent cache poisoning attacks when ``base_url`` auto-detection is used.
- :doc:`Security Library <libraries/security>` changes include:
diff --git a/user_guide_src/source/general/environments.rst b/user_guide_src/source/general/environments.rst
index d74ebb8d5..1ce4fde3a 100644
--- a/user_guide_src/source/general/environments.rst
+++ b/user_guide_src/source/general/environments.rst
@@ -20,7 +20,7 @@ the value provided in ``$_SERVER['CI_ENV']``, otherwise defaults to
This server variable can be set in your .htaccess file, or Apache
config using `SetEnv <https://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv>`_.
Alternative methods are available for nginx and other servers, or you can
-remove this logic entirely and set the constant based on the HTTP_HOST or IP.
+remove this logic entirely and set the constant based on the server's IP address.
In addition to affecting some basic framework behavior (see the next
section), you may use this constant in your own development to