Merge branch '3.1-stable'

author: Andrey Andreev <narf@devilix.net> 2017-09-25 18:44:51 +0200
committer: Andrey Andreev <narf@devilix.net> 2017-09-25 18:44:51 +0200
commit: e76217041ddcae80f11b50b44a7d409b6722ad40 (patch)
tree: 6f7dd444bfc5b4206a6e07169ad3c05b9b63fa4d /user_guide_src/source
parent: 9c07c3697bab0bf43e10daf59068497dd3a0a9fd (diff)
parent: cf728703b5852591c160cbd9566a0e508dd5759a (diff)
31 files changed, 197 insertions, 42 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index cccef1cda..e5387cc5a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -2,6 +2,95 @@
 Change Log
 ##########
 
+Version 3.1.6
+=============
+
+Release Date: Sep 25, 2017
+
+-  **Security**
+
+   -  Fixed a potential object injection in :doc:`Cache Library <libraries/caching>` 'apc' driver when ``save()`` is used with ``$raw = TRUE`` (thanks to Tomas Bortoli).
+
+-  General Changes
+
+   -  Deprecated :doc:`Cache Library Library <libraries/caching>` driver 'apc'.
+   -  Updated the :doc:`Session Library <libraries/sessions>` 'redis', 'memcached' drivers to reduce the potential of a locking race conditions.
+
+
+Bug fixes for 3.1.6
+-------------------
+
+-  Fixed a bug (#5164) - :doc:`Loader Library <libraries/loader>` method ``library()`` ignored requests to load libraries previously assigned to super-object properties named differently than the library name.
+-  Fixed a bug (#5168) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` produced erroneous queries on Microsoft SQL Server when ``ORDER BY`` clauses are cached.
+-  Fixed a bug (#5128) - :doc:`Profiler <general/profiling>` didn't wrap ``$_SESSION`` and configuration arrays in ``<pre>`` tags.
+-  Fixed a bug (#5183) - :doc:`Database Library <database/index>` method ``is_write_type()`` didn't return TRUE for ``MERGE`` statements.
+-  Fixed a bug where :doc:`Image Manipulation Library <libraries/image_lib>` didn't escape image source paths passed to NetPBM as shell arguments.
+-  Fixed a bug (#5236) - :doc:`Query Builder <database/query_builder>` methods ``limit()``, ``offset()`` break SQL Server 2005, 2008 queries with ``"<tablename>".*`` in the ``SELECT`` clause.
+-  Fixed a bug (#5243) - :doc:`Database Library <database/index>` method ``version()`` didn't work with the 'pdo/dblib' driver.
+-  Fixed a bug (#5246) - :doc:`Database transactions <database/transactions>` status wasn't reset unless ``trans_complete()`` was called.
+-  Fixed a bug (#5260) - :doc:`Database Utilities <database/utilities>` method ``backup()`` generated incorrect ``INSERT`` statements with the 'mysqli' driver.
+-  Fixed a bug where :doc:`Database Results <database/results>` method ``field_data()`` didn't parse field types with the 'mysqli' driver.
+
+Version 3.1.5
+=============
+
+Release Date: Jun 19, 2017
+
+-  **Security**
+
+   -  :doc:`Form Validation Library <libraries/form_validation>` rule ``valid_email`` could be bypassed if ``idn_to_ascii()`` is available.
+
+-  General Changes
+
+   -  Updated :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_label()` to accept HTML attributes as a string.
+
+Bug fixes for 3.1.5
+-------------------
+
+-  Fixed a bug (#5070) - :doc:`Email Library <libraries/email>` didn't properly detect 7-bit encoding.
+-  Fixed a bug (#5084) - :doc:`XML-RPC Library <libraries/xmlrpc>` errored because of a variable name typo.
+-  Fixed a bug (#5108) - :doc:`Inflector Helper <helpers/inflector_helper>` function :php:func:`singular()` didn't properly handle 'quizzes'.
+-  Fixed a regression (#5131) - private controller methods triggered PHP errors instead of a 404 response.
+-  Fixed a bug (#5150) - :doc:`Database Forge <database/forge>` method ``modify_column()`` triggered an error while renaming columns with the 'oci8', 'pdo/oci' drivers.
+-  Fixed a bug (#5155) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` returned incorrect result for queries using ``LIMIT``, ``OFFSET``.
+
+Version 3.1.4
+=============
+
+Release Date: Mar 20, 2017
+
+-  **Security**
+
+   -  Fixed a header injection vulnerability in :doc:`common function <general/common_functions>` :php:func:`set_status_header()` under Apache (thanks to Guillermo Caminer from `Flowgate <https://flowgate.net/>`_).
+   -  Fixed byte-safety issues in :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) when ``mbstring.func_overload`` is enabled.
+   -  Fixed byte-safety issues in :doc:`Encryption Library <libraries/encryption>` when ``mbstring.func_overload`` is enabled.
+   -  Fixed byte-safety issues in :doc:`compatibility functions <general/compatibility_functions>` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled.
+   -  Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
+
+-  General Changes
+
+   -  Updated the :doc:`Image Manipulation Library <libraries/image_lib>` to work-around an issue with some JPEGs when using GD.
+
+Bug fixes for 3.1.4
+-------------------
+
+-  Fixed a regression (#4975) - :doc:`Loader Library <libraries/loader>` couldn't handle objects passed as view variables.
+-  Fixed a bug (#4977) - :doc:`Loader Library <libraries/loader>` method ``helper()`` could accept any character as a filename extension separator.
+-  Fixed a regression where the :doc:`Session Library <libraries/sessions>` would fail on a ``session_regenerate_id(TRUE)`` call with the 'database' driver.
+-  Fixed a bug (#4987) - :doc:`Query Builder <database/query_builder>` caching didn't keep track of table aliases.
+-  Fixed a bug where :doc:`Text Helper <helpers/text_helper>` function ``ascii_to_entities()`` wasn't byte-safe when ``mbstring.func_overload`` is enabled.
+-  Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_overload`` is enabled.
+-  Fixed a bug where :doc:`Session Library <libraries/sessions>` didn't read session data in a byte-safe manner when ``mbstring.func_overload`` is enabled.
+-  Fixed a bug (#4990) - :doc:`Profiler <general/profiling>` didn't close ``<pre>`` tags it generated.
+-  Fixed a bug (#4990) - :doc:`Profiler <general/profiling>` didn't HTML-escape quotes for ``$_SESSION`` variables.
+-  Fixed a bug where :doc:`Input Library <libraries/input>` method ``set_cookie()`` didn't allow its *httponly* and *secure* parameters to be overriden to ``FALSE``.
+-  Fixed a bug (#5006) - :doc:`common function <general/common_functions>` :php:func:`get_mimes()` didn't load *application/config/mimes.php* if an environment specific config exists.
+-  Fixed a bug (#5006) - :doc:`common function <general/common_functions>` :php:func:`remove_invisible_characters()` didn't remove URL-encoded ``0x7F``.
+-  Fixed a bug (#4815) - :doc:`Database Library <database/index>` stripped URL-encoded sequences while escaping strings with the 'mssql' driver.
+-  Fixed a bug (#5044) - :doc:`HTML Helper <helpers/html_helper>` function :php:func:`img()` didn't accept ``data:`` URI schemes for the image source.
+-  Fixed a bug (#5050) - :doc:`Database Library <database/index>` tried to access an undefined property in a number of error handling cases.
+-  Fixed a bug (#5057) - :doc:`Database <database/index>` driver 'postgre' didn't actually apply extra options (such as 'connect_timeout') to its DSN.
+
 Version 3.1.3
 =============
 
@@ -65,7 +154,7 @@ Bug fixes for 3.1.2
 -  Fixed a regression (#4874) - :doc:`Session Library <libraries/sessions>` didn't take into account ``session.hash_bits_per_character`` when validating session IDs.
 -  Fixed a bug (#4871) - :doc:`Query Builder <database/query_builder>` method ``update_batch()`` didn't properly handle identifier escaping.
 -  Fixed a bug (#4884) - :doc:`Query Builder <database/query_builder>` didn't properly parse field names ending in 'is' when used inside WHERE and HAVING statements.
--  Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_override`` is enabled.
+-  Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_overload`` is enabled.
 
 Version 3.1.1
 =============
@@ -102,7 +191,7 @@ Bug fixes for 3.1.1
 -  Fixed a bug where :doc:`Query Builder <database/query_builder>` method ``insert_batch()`` tried to execute an unsupported SQL query with the 'ibase' and 'pdo/firebird' drivers.
 -  Fixed a bug (#4809) - :doc:`Database <database/index>` driver 'pdo/mysql' didn't turn off ``AUTOCOMMIT`` when starting a transaction.
 -  Fixed a bug (#4822) - :doc:`CAPTCHA Helper <helpers/captcha_helper>` didn't clear expired PNG images.
--  Fixed a bug (#4823) - :doc:`Session Library <libraries/sessions>` 'files' driver could enter an infinite loop if ``mbstring.func_override`` is enabled.
+-  Fixed a bug (#4823) - :doc:`Session Library <libraries/sessions>` 'files' driver could enter an infinite loop if ``mbstring.func_overload`` is enabled.
 -  Fixed a bug (#4851) - :doc:`Database Forge <database/forge>` didn't quote schema names passed to its ``create_database()`` method.
 -  Fixed a bug (#4863) - :doc:`HTML Table Library <libraries/table>` method ``set_caption()`` was missing method chaining support.
 -  Fixed a bug (#4843) - :doc:`XML-RPC Library <libraries/xmlrpc>` client class didn't set a read/write socket timeout.
diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py
index e86f085cf..7929f8ae7 100644
--- a/user_guide_src/source/conf.py
+++ b/user_guide_src/source/conf.py
@@ -48,9 +48,9 @@ copyright = u'2014 - 2017, British Columbia Institute of Technology'
 # built documents.
 #
 # The short X.Y version.
-version = '3.1.3'
+version = '3.1.6'
 # The full version, including alpha/beta/rc tags.
-release = '3.1.3'
+release = '3.1.6'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst
index d4ffd16cf..710ababb0 100644
--- a/user_guide_src/source/database/queries.rst
+++ b/user_guide_src/source/database/queries.rst
@@ -66,7 +66,7 @@ the following::
 If for any reason you would like to change the prefix programatically
 without needing to create a new connection, you can use this method::
 
-	$this->db->set_dbprefix('newprefix');
+	$this->db->set_dbprefix('newprefix_');
 	$this->db->dbprefix('tablename'); // outputs newprefix_tablename
 
 
@@ -165,7 +165,7 @@ Handling Errors
 
 **$this->db->error();**
 
-If you need to get the last error that has occured, the error() method
+If you need to get the last error that has occurred, the error() method
 will return an array containing its code and message. Here's a quick
 example::
 
diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst
index 3135f76da..1b79c893a 100644
--- a/user_guide_src/source/database/query_builder.rst
+++ b/user_guide_src/source/database/query_builder.rst
@@ -119,7 +119,7 @@ escaping of fields may break them.
 
 ::
 
-	$this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4') AS amount_paid', FALSE);
+	$this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4) AS amount_paid', FALSE);
 	$query = $this->db->get('mytable');
 
 **$this->db->select_max()**
diff --git a/user_guide_src/source/database/transactions.rst b/user_guide_src/source/database/transactions.rst
index e25b8ed14..cfd6a566d 100644
--- a/user_guide_src/source/database/transactions.rst
+++ b/user_guide_src/source/database/transactions.rst
@@ -87,7 +87,7 @@ If you would like to disable transactions you can do so using
 	$this->db->query('AN SQL QUERY...');
 	$this->db->trans_complete();
 
-When transactions are disabled, your queries will be auto-commited, just as
+When transactions are disabled, your queries will be auto-committed, just as
 they are when running queries without transactions, practically ignoring
 any calls to ``trans_start()``, ``trans_complete()``, etc.
 
diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst
index f1285d931..4d6528aae 100644
--- a/user_guide_src/source/general/ancillary_classes.rst
+++ b/user_guide_src/source/general/ancillary_classes.rst
@@ -19,7 +19,7 @@ access CodeIgniter's native resources** simply by using the
 ``get_instance()`` function. This function returns the main
 CodeIgniter object.
 
-Normally, to call any of the available CodeIgniter methods requires
+Normally, to call any of the available methods, CodeIgniter requires
 you to use the ``$this`` construct::
 
 	$this->load->helper('url');
diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst
index 6d6744cf7..3e3e42264 100644
--- a/user_guide_src/source/general/common_functions.rst
+++ b/user_guide_src/source/general/common_functions.rst
@@ -101,7 +101,7 @@ loading any libraries or helpers.
 
 .. php:function:: set_status_header($code[, $text = ''])
 
-	:param	int	$code: HTTP Reponse status code
+	:param	int	$code: HTTP Response status code
 	:param	string	$text: A custom message to set with the status code
 	:rtype:	void
 
diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst
index b53a85d31..909289d8d 100644
--- a/user_guide_src/source/general/routing.rst
+++ b/user_guide_src/source/general/routing.rst
@@ -205,6 +205,3 @@ underscores in the controller and method URI segments, thus saving you
 additional route entries if you need to do that.
 This is required, because the dash isn't a valid class or method name
 character and would cause a fatal error if you try to use it.
-
-.. important:: The reserved routes must come before any wildcard or
-	regular expression routes.
-\ No newline at end of file
diff --git a/user_guide_src/source/general/urls.rst b/user_guide_src/source/general/urls.rst
index ca44e2f4c..e23554907 100644
--- a/user_guide_src/source/general/urls.rst
+++ b/user_guide_src/source/general/urls.rst
@@ -42,10 +42,10 @@ By default, the **index.php** file will be included in your URLs::
 If your Apache server has *mod_rewrite* enabled, you can easily remove this
 file by using a .htaccess file with some simple rules. Here is an example
 of such a file, using the "negative" method in which everything is redirected
-except the specified items:
-
-::
+except the specified items::
 	
+.. code-block:: console
+
 	RewriteEngine On
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d
diff --git a/user_guide_src/source/helpers/cookie_helper.rst b/user_guide_src/source/helpers/cookie_helper.rst
index c9d2f419c..2ad51e78c 100644
--- a/user_guide_src/source/helpers/cookie_helper.rst
+++ b/user_guide_src/source/helpers/cookie_helper.rst
@@ -25,7 +25,7 @@ Available Functions
 The following functions are available:
 
 
-.. php:function:: set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]])
+.. php:function:: set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]])
 
 	:param	mixed	$name: Cookie name *or* associative array of all of the parameters available to this function
 	:param	string	$value: Cookie value
diff --git a/user_guide_src/source/helpers/date_helper.rst b/user_guide_src/source/helpers/date_helper.rst
index 600a07574..6bc6c2b05 100644
--- a/user_guide_src/source/helpers/date_helper.rst
+++ b/user_guide_src/source/helpers/date_helper.rst
@@ -31,7 +31,7 @@ The following functions are available:
 	:rtype:	int
 
 	Returns the current time as a UNIX timestamp, referenced either to your server's
-	local time or any PHP suported timezone, based on the "time reference" setting
+	local time or any PHP supported timezone, based on the "time reference" setting
 	in your config file. If you do not intend to set your master time reference to
 	any other PHP supported timezone (which you'll typically do if you run a site
 	that lets each user set their own timezone settings) there is no benefit to using
diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst
index bc30a0e98..8da5d22b5 100644
--- a/user_guide_src/source/helpers/form_helper.rst
+++ b/user_guide_src/source/helpers/form_helper.rst
@@ -486,7 +486,7 @@ The following functions are available:
 
 	:param	string	$label_text: Text to put in the <label> tag
 	:param	string	$id: ID of the form element that we're making a label for
-	:param	string	$attributes: HTML attributes
+	:param	mixed	$attributes: HTML attributes
 	:returns:	An HTML field label tag
 	:rtype:	string
 
diff --git a/user_guide_src/source/helpers/string_helper.rst b/user_guide_src/source/helpers/string_helper.rst
index 53052557e..a1fd7ee15 100644
--- a/user_guide_src/source/helpers/string_helper.rst
+++ b/user_guide_src/source/helpers/string_helper.rst
@@ -186,7 +186,7 @@ The following functions are available:
 	:returns:	Reduced string
 	:rtype:	string
 
-	Reduces multiple instances of a particular character occuring directly
+	Reduces multiple instances of a particular character occurring directly
 	after each other. Example::
 
 		$string = "Fred, Bill,, Joe, Jimmy";
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index 652314b60..76335bb67 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -2,7 +2,10 @@
 Downloading CodeIgniter
 #######################
 
--  `CodeIgniter v3.1.3 (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.3>`_
+-  `CodeIgniter v3.1.6 (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.6>`_
+-  `CodeIgniter v3.1.5 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.5>`_
+-  `CodeIgniter v3.1.4 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.4>`_
+-  `CodeIgniter v3.1.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.3>`_
 -  `CodeIgniter v3.1.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.2>`_
 -  `CodeIgniter v3.1.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.1>`_
 -  `CodeIgniter v3.1.0 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.0>`_
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index 0fc211f89..5b2d3947d 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -111,7 +111,7 @@ that you should make:
 
   - Set your ``$config['sess_driver']`` value
 
-    It will default to 'files', unles you've previously used
+    It will default to 'files', unless you've previously used
     ``$config['sess_use_database']``, in which case it will be set to
     'database'.
 
diff --git a/user_guide_src/source/installation/upgrade_313.rst b/user_guide_src/source/installation/upgrade_313.rst
index 76dd159e6..13af775a1 100644
--- a/user_guide_src/source/installation/upgrade_313.rst
+++ b/user_guide_src/source/installation/upgrade_313.rst
@@ -35,7 +35,7 @@ Step 3: Remove usage of $config['standardize_newlines']
 =======================================================
 
 The :doc:`Input Library <../libraries/input>` would optionally replace
-occurences of `\r\n`, `\r`, `\n` in input data with whatever the ``PHP_EOL``
+occurrences of `\r\n`, `\r`, `\n` in input data with whatever the ``PHP_EOL``
 value is on your system - if you've set ``$config['standardize_newlines']``
 to ``TRUE`` in your *application/config/config.php*.
 
diff --git a/user_guide_src/source/installation/upgrade_314.rst b/user_guide_src/source/installation/upgrade_314.rst
new file mode 100644
index 000000000..3f2da6564
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_314.rst
@@ -0,0 +1,14 @@
+#############################
+Upgrading from 3.1.3 to 3.1.4
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+	please make copies of them first.
diff --git a/user_guide_src/source/installation/upgrade_315.rst b/user_guide_src/source/installation/upgrade_315.rst
new file mode 100644
index 000000000..cf673abbb
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_315.rst
@@ -0,0 +1,14 @@
+#############################
+Upgrading from 3.1.4 to 3.1.5
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+	please make copies of them first.
diff --git a/user_guide_src/source/installation/upgrade_316.rst b/user_guide_src/source/installation/upgrade_316.rst
new file mode 100644
index 000000000..1d86b5720
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_316.rst
@@ -0,0 +1,28 @@
+#############################
+Upgrading from 3.1.5 to 3.1.6
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+	please make copies of them first.
+
+Step 2: Remove usage of the APC Cache driver (deprecation)
+==========================================================
+
+The :doc:`Cache Library <../libraries/caching>` APC driver is now
+deprecated, as the APC extension is effectively dead, as explained in its
+`PHP Manual page <https://secure.php.net/manual/en/intro.apc.php>`_.
+
+If your application happens to be using it, you can switch to another
+cache driver, as APC support will be removed in a future CodeIgniter
+version.
+
+.. note:: The driver is still available, but you're strongly encouraged
+	to remove its usage sooner rather than later.
diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst
index bc96e209f..991d5cf4c 100644
--- a/user_guide_src/source/installation/upgrading.rst
+++ b/user_guide_src/source/installation/upgrading.rst
@@ -8,6 +8,9 @@ upgrading from.
 .. toctree::
 	:titlesonly:
 
+	Upgrading from 3.1.5 to 3.1.6 <upgrade_316>
+	Upgrading from 3.1.4 to 3.1.5 <upgrade_315>
+	Upgrading from 3.1.3 to 3.1.4 <upgrade_314>
 	Upgrading from 3.1.2 to 3.1.3 <upgrade_313>
 	Upgrading from 3.1.1 to 3.1.2 <upgrade_312>
 	Upgrading from 3.1.0 to 3.1.1 <upgrade_311>
diff --git a/user_guide_src/source/libraries/config.rst b/user_guide_src/source/libraries/config.rst
index a45cacdf5..fe2e0a99d 100644
--- a/user_guide_src/source/libraries/config.rst
+++ b/user_guide_src/source/libraries/config.rst
@@ -211,7 +211,7 @@ Class Reference
 	.. php:method:: load([$file = ''[, $use_sections = FALSE[, $fail_gracefully = FALSE]]])
 
 		:param	string	$file: Configuration file name
-		:param	bool	$use_sections: Whether config values shoud be loaded into their own section (index of the main config array)
+		:param	bool	$use_sections: Whether config values should be loaded into their own section (index of the main config array)
 		:param	bool	$fail_gracefully: Whether to return FALSE or to display an error message
 		:returns:	TRUE on success, FALSE on failure
 		:rtype:	bool
diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst
index 0b38737f1..1be6e2adb 100644
--- a/user_guide_src/source/libraries/email.rst
+++ b/user_guide_src/source/libraries/email.rst
@@ -348,7 +348,7 @@ Class Reference
 
 			$this->email->attach('http://example.com/filename.pdf');
 
-		If you'd like to use a custom file name, you can use the third paramater::
+		If you'd like to use a custom file name, you can use the third parameter::
 
 			$this->email->attach('filename.pdf', 'attachment', 'report.pdf');
 
@@ -387,7 +387,7 @@ Class Reference
 		:rtype:	string
 
 		Returns a string containing any server messages, the email headers, and
-		the email messsage. Useful for debugging.
+		the email message. Useful for debugging.
 
 		You can optionally specify which parts of the message should be printed.
 		Valid options are: **headers**, **subject**, **body**.
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 377e650a9..b16511d4d 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -382,7 +382,7 @@ the hood:
 
   #. Check if the string is long enough, separate the HMAC out of
      it and validate if it is correct (this is done in a way that
-     prevents timing attacks agains it). Return FALSE if either of
+     prevents timing attacks against it). Return FALSE if either of
      the checks fails.
 
   #. Base64-decode the string.
diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst
index ddd4442fd..2a015256d 100644
--- a/user_guide_src/source/libraries/ftp.rst
+++ b/user_guide_src/source/libraries/ftp.rst
@@ -2,7 +2,7 @@
 FTP Class
 #########
 
-CodeIgniter's FTP Class permits files to be transfered to a remote
+CodeIgniter's FTP Class permits files to be transferred to a remote
 server. Remote files can also be moved, renamed, and deleted. The FTP
 class also includes a "mirroring" function that permits an entire local
 directory to be recreated remotely via FTP.
diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst
index d9c6c2dd1..300f47112 100644
--- a/user_guide_src/source/libraries/input.rst
+++ b/user_guide_src/source/libraries/input.rst
@@ -167,7 +167,7 @@ Class Reference
 
 			$this->input->post(array('field1', 'field2'));
 
-		Same rule applied here, to retrive the parameters with XSS filtering enabled, set the
+		Same rule applied here, to retrieve the parameters with XSS filtering enabled, set the
 		second parameter to boolean TRUE.
 		::
 
@@ -200,7 +200,7 @@ Class Reference
 
 			$this->input->get(array('field1', 'field2'));
 
-		Same rule applied here, to retrive the parameters with XSS filtering enabled, set the
+		Same rule applied here, to retrieve the parameters with XSS filtering enabled, set the
 		second parameter to boolean TRUE.
 		::
 
@@ -245,7 +245,7 @@ Class Reference
 		data::
 
 			$this->input->cookie('some_cookie');
-			$this->input->cookie('some_cookie, TRUE); // with XSS filter
+			$this->input->cookie('some_cookie', TRUE); // with XSS filter
 
 		To return an array of multiple cookie values, pass all the required keys
 		as an array.
@@ -285,7 +285,7 @@ Class Reference
 		This method is identical to ``get()``, ``post()`` and ``cookie()``,
 		only it fetches the *php://input* stream data.
 
-	.. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]])
+	.. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]])
 
 		:param	mixed	$name: Cookie name or an array of parameters
 		:param	string	$value: Cookie value
@@ -338,8 +338,8 @@ Class Reference
 		The prefix is only needed if you need to avoid name collisions with
 		other identically named cookies for your server.
 
-		The secure boolean is only needed if you want to make it a secure cookie
-		by setting it to TRUE.
+		The *httponly* and *secure* flags, when omitted, will default to your
+		``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings.
 
 		**Discrete Parameters**
 
diff --git a/user_guide_src/source/libraries/loader.rst b/user_guide_src/source/libraries/loader.rst
index 228d5e478..22abb4586 100644
--- a/user_guide_src/source/libraries/loader.rst
+++ b/user_guide_src/source/libraries/loader.rst
@@ -125,7 +125,7 @@ Class Reference
 
 			$config = array (
 				'mailtype' => 'html',
-				'charset'  => 'utf-8,
+				'charset'  => 'utf-8',
 				'priority' => '1'
 			);
 
diff --git a/user_guide_src/source/libraries/pagination.rst b/user_guide_src/source/libraries/pagination.rst
index 913717c67..99b5a80a2 100644
--- a/user_guide_src/source/libraries/pagination.rst
+++ b/user_guide_src/source/libraries/pagination.rst
@@ -101,7 +101,7 @@ like::
 
 If you have ``$config['enable_query_strings']`` set to TRUE your links
 will automatically be re-written using Query Strings. This option can
-also be explictly set. Using ``$config['page_query_string']`` set to TRUE,
+also be explicitly set. Using ``$config['page_query_string']`` set to TRUE,
 the pagination link will become::
 
 	http://example.com/index.php?c=test&m=page&per_page=20
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index f7604ef00..868112684 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -40,6 +40,9 @@ browser may attempt to execute.
 		// file failed the XSS test
 	}
 
+.. important:: If you want to filter HTML attribute values, use
+	:php:func:`html_escape()` instead!
+
 *********************************
 Cross-site request forgery (CSRF)
 *********************************
@@ -101,7 +104,11 @@ Class Reference
 		:rtype:	mixed
 
 		Tries to remove XSS exploits from the input data and returns the cleaned string.
-		If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it.
+		If the optional second parameter is set to true, it will return boolean TRUE if
+		the image is safe to use and FALSE if malicious data was detected in it.
+
+		.. important:: This method is not suitable for filtering HTML attribute values!
+			Use :php:func:`html_escape()` for that instead.
 
 	.. php:method:: sanitize_filename($str[, $relative_path = FALSE])
 
@@ -162,4 +169,4 @@ Class Reference
 		Used for generating CSRF and XSS tokens.
 
 		.. note:: The output is NOT guaranteed to be cryptographically secure,
-			just the best attempt at that.
-\ No newline at end of file
+			just the best attempt at that.
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index a95cd5a19..b1f658d8f 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -471,7 +471,7 @@ Preference         Default         Description
 
 .. note:: The 'cookie_httponly' setting doesn't have an effect on sessions.
 	Instead the HttpOnly parameter is always enabled, for security
-	reasons. Additionaly, the 'cookie_prefix' setting is completely
+	reasons. Additionally, the 'cookie_prefix' setting is completely
 	ignored.
 
 Session Drivers
diff --git a/user_guide_src/source/libraries/trackback.rst b/user_guide_src/source/libraries/trackback.rst
index bceb515f2..dc4477e9f 100644
--- a/user_guide_src/source/libraries/trackback.rst
+++ b/user_guide_src/source/libraries/trackback.rst
@@ -262,7 +262,7 @@ Class Reference
 		:returns:	Data value or empty string if not found
 		:rtype:	string
 
-		Returns a single item from the reponse data array.
+		Returns a single item from the response data array.
 
 	.. php:method:: process($url, $data)
 
diff --git a/user_guide_src/source/libraries/typography.rst b/user_guide_src/source/libraries/typography.rst
index 1d1e4f3c4..9e1386835 100644
--- a/user_guide_src/source/libraries/typography.rst
+++ b/user_guide_src/source/libraries/typography.rst
@@ -44,7 +44,7 @@ Class Reference
 			$this->load->library('typography');
 			$this->typography->protect_braced_quotes = TRUE;
 
-	.. method auto_typography($str[, $reduce_linebreaks = FALSE])
+	.. php:method:: auto_typography($str[, $reduce_linebreaks = FALSE])
 
 		:param	string	$str: Input string
 		:param	bool	$reduce_linebreaks: Whether to reduce consequitive linebreaks
@@ -104,4 +104,4 @@ Class Reference
 
 		Usage example::
 
-			$string = $this->typography->nl2br_except_pre($string);
-\ No newline at end of file
+			$string = $this->typography->nl2br_except_pre($string);
author	Andrey Andreev <narf@devilix.net>	2017-09-25 18:44:51 +0200
committer	Andrey Andreev <narf@devilix.net>	2017-09-25 18:44:51 +0200
commit	e76217041ddcae80f11b50b44a7d409b6722ad40 (patch)
tree	6f7dd444bfc5b4206a6e07169ad3c05b9b63fa4d /user_guide_src/source
parent	9c07c3697bab0bf43e10daf59068497dd3a0a9fd (diff)
parent	cf728703b5852591c160cbd9566a0e508dd5759a (diff)