Merge branch 'develop' into feature/user-guide-cleanup

4 files changed, 46 insertions, 20 deletions

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 825e0f845..ca228565d 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -222,6 +222,9 @@ Release Date: Not Released
       - Added port handling support for UNIX-based systems (MSSQL driver).
       - Added *OFFSET* support for SQL Server 2005 and above.
       - Added ``db_set_charset()`` support (MSSQL driver).
+      - Added a *scrollable* property to enable configuration of the cursor to use (SQLSRV driver).
+      - Added support and auto-detection for the ``SQLSRV_CURSOR_CLIENT_BUFFERED`` scrollable cursor flag (SQLSRV driver).
+      - Changed default behavior to not use ``SQLSRV_CURSOR_STATIC`` due to performance issues (SQLSRV driver).
 
    -  Improved support of the Oracle (OCI8) driver, including:
 
@@ -240,8 +243,9 @@ Release Date: Not Released
 
       - Added an optional second parameter to ``drop_table()`` that allows adding the **IF EXISTS** condition, which is no longer the default.
       - Added support for passing a custom database object to the loader.
-      - Deprecated ``add_column()``'s third method. *AFTER* clause should now be added to the field definition array instead.
+      - Added support for passing custom table attributes (such as ``ENGINE`` for MySQL) to ``create_table()``.
       - Added support for usage of the *FIRST* clause in ``add_column()`` for MySQL and CUBRID.
+      - Deprecated ``add_column()``'s third method. *AFTER* clause should now be added to the field definition array instead.
       - Overall improved support for all of the drivers.
 
    -  :doc:`Database Utility <database/utilities>` changes include:
@@ -255,22 +259,18 @@ Release Date: Not Released
 
    -  :doc:`Session Library <libraries/sessions>` changes include:
 
-      -  Library changed to :doc:`Driver <general/drivers>` with classic Cookie driver as default.
-      -  Added Native PHP Session driver to work with ``$_SESSION``.
-      -  Custom drivers can be added anywhere in package paths and be loaded with the library.
-      -  Drivers interchangeable on the fly.
-      -  New **tempdata** feature allows setting user data items with an expiration time.
-      -  Added default ``$config['sess_driver']`` and ``$config['sess_valid_drivers']`` items to *config.php* file.
-      -  Cookie driver now respects php.ini's *session.gc_probability* and *session.gc_divisor* settings.
-      -  Cookie driver now uses HMAC authentication instead of the simple md5 checksum.
-      -  The Cookie driver now also checks authentication on encrypted session data.
-      -  Changed the Cookie driver to select only one row when using database sessions.
-      -  Cookie driver now only writes to database at end of request when using database.
-      -  Cookie driver now uses PHP functions for faster array manipulation when using database.
-      -  Added ``all_flashdata()`` method to session class. Returns an associative array of only flashdata.
-      -  Added ``has_userdata()`` method to verify existence of userdata item.
-      -  Added ``tempdata()``, ``set_tempdata()``, and ``unset_tempdata()`` methods for manipulating tempdata.
-      -  ``keep_flashdata()`` now accepts an array of keys.
+      -  Library changed to :doc:`Driver <general/drivers>` with classic 'cookie' driver as the default.
+      -  Added a 'native' PHP Session driver to work with ``$_SESSION``.
+      -  Added a new **tempdata** feature that allows setting userdata items with expiration time (``tempdata()``, ``set_tempdata()``, ``unset_tempdata()``). 
+      -  Added default ``$config['sess_driver']`` and ``$config['sess_valid_drivers']`` items to *application/config.php* file.
+      -  Changed 'cookie' driver to respect php.ini's *session.gc_probability* and *session.gc_divisor* settings.
+      -  Changed 'cookie' driver to use HMAC authentication instead of a simple md5 checksum.
+      -  Changed 'cookie' driver to select only one row when using database sessions.
+      -  Changed 'cookie' driver to write to only write to the database at end of page execution.
+      -  Changed method ``keep_flashdata()`` to also accept an array of keys.
+      -  Changed methods ``userdata()``, ``flashdata()`` to return an array of all userdata/flashdata when no parameter is passed.
+      -  Deprecated method ``all_userdata()`` - it is now just an alias for ``userdata()`` with no parameters.
+      -  Added method ``has_userdata()`` that verifies the existence of a userdata item.
       -  Added *debug* level log messages for key events in the session validation process.
 
    -  :doc:`File Uploading Library <libraries/file_uploading>` changes include:
@@ -681,7 +681,9 @@ Bug fixes for 3.0
 -  Fixed a bug where :doc:`User Agent Library <libraries/user_agent>` methods ``accept_charset()`` and ``accept_lang()`` didn't properly parse HTTP headers that contain spaces.
 -  Fixed a bug where *default_controller* was called instad of triggering a 404 error if the current route is in a controller directory.
 -  Fixed a bug (#2737) - :doc:`XML-RPC Library <libraries/xmlrpc>` used objects as array keys, which triggered E_NOTICE messages.
--  Fixed a bug (#2729) - ``CI_Securty::_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives.
+-  Fixed a bug (#2729) - ``CI_Security::_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives.
+-  Fixed a bug (#2771) - ``CI_Security::xss_clean()`` didn't take into account HTML5 entities.
+-  Fixed a bug in the :doc:`Session Library <libraries/sessions>` 'cookie' driver where authentication was not performed for encrypted cookies.
 
 Version 2.1.4
 =============
diff --git a/user_guide_src/source/database/forge.rst b/user_guide_src/source/database/forge.rst
index ca904ed00..48642ad7e 100644
--- a/user_guide_src/source/database/forge.rst
+++ b/user_guide_src/source/database/forge.rst
@@ -201,6 +201,15 @@ into the definition
 	$this->dbforge->create_table('table_name', TRUE);
 	// gives CREATE TABLE IF NOT EXISTS table_name
 
+You could also pass optional table attributes, such as MySQL's ``ENGINE``::
+
+	$attributes = array('ENGINE' => 'InnoDB');
+	$this->dbforge->create_table('table_name', FALSE, $attributes);
+	// produces: CREATE TABLE `table_name` (...) ENGINE = InnoDB DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci
+
+.. note:: Unless you specify the ``CHARACTER SET`` and/or ``COLLATE`` attributes,
+	``create_table()`` will always add them with your configured *char_set*
+	and *dbcollat* values, as long as they are not empty (MySQL only).
 
 Dropping a table
 ================
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index c11db34f8..fccaa2933 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -469,6 +469,21 @@ in CodeIgniter 3.1+.
 .. note:: These options are still available, but you're strongly encouraged to remove their usage
 	sooner rather than later.
 
+Session Library method all_userdata()
+=====================================
+
+As seen in the :doc:`Change Log <../changelog>`, :doc:`Session Library <libraries/sessions>`
+method ``userdata()`` now allows you to fetch all userdata by simply omitting its parameter::
+
+	$this->session->userdata();
+
+This makes the ``all_userdata()`` method redudant and therefore it is now just an alias for
+``userdata()`` with the above shown usage and is being deprecated and scheduled for removal
+in CodeIgniter 3.1+.
+
+.. note:: This method is still available, but you're strongly encouraged to remove its usage
+	sooner rather than later.
+
 Database Forge method add_column() with an AFTER clause
 =======================================================
 
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index c4f861620..f63f584a6 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -149,7 +149,7 @@ Retrieving All Session Data
 
 An array of all userdata can be retrieved as follows::
 
-	$this->session->all_userdata()
+	$this->session->userdata()
 
 And returns an associative array like the following::
 
@@ -206,7 +206,7 @@ To read a flashdata variable::
 
 An array of all flashdata can be retrieved as follows::
 
-	$this->session->all_flashdata();
+	$this->session->flashdata();
 
 
 If you find that you need to preserve a flashdata variable through an