summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/general
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src/source/general')
-rw-r--r--user_guide_src/source/general/ancillary_classes.rst4
-rw-r--r--user_guide_src/source/general/cli.rst2
-rw-r--r--user_guide_src/source/general/common_functions.rst20
-rw-r--r--user_guide_src/source/general/compatibility_functions.rst28
-rw-r--r--user_guide_src/source/general/creating_libraries.rst2
-rw-r--r--user_guide_src/source/general/credits.rst2
-rw-r--r--user_guide_src/source/general/errors.rst123
-rw-r--r--user_guide_src/source/general/requirements.rst11
-rw-r--r--user_guide_src/source/general/reserved_names.rst26
-rw-r--r--user_guide_src/source/general/security.rst102
-rw-r--r--user_guide_src/source/general/styleguide.rst35
11 files changed, 214 insertions, 141 deletions
diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst
index f9b6ba231..6a64742ce 100644
--- a/user_guide_src/source/general/ancillary_classes.rst
+++ b/user_guide_src/source/general/ancillary_classes.rst
@@ -9,7 +9,7 @@ resources. This is easily possible as you'll see.
get_instance()
==============
-.. function:: get_instance()
+.. php:function:: get_instance()
:returns: object of class CI_Controller
@@ -52,7 +52,7 @@ Once you've assigned the object to a variable, you'll use that variable
This is very important. Assigning by reference allows you to use the
original CodeIgniter object rather than creating a copy of it.
-Furthermore, if you'll be using ``get_intance()`` inside anoter class,
+Furthermore, if you'll be using ``get_instance()`` inside another class,
then it would be better if you assign it to a property. This way, you
won't need to call ``get_instance()`` in every single method.
diff --git a/user_guide_src/source/general/cli.rst b/user_guide_src/source/general/cli.rst
index 4f3b07d9e..b45be1aa8 100644
--- a/user_guide_src/source/general/cli.rst
+++ b/user_guide_src/source/general/cli.rst
@@ -23,7 +23,7 @@ but they are not always obvious.
- Run your cron-jobs without needing to use *wget* or *curl*
- Make your cron-jobs inaccessible from being loaded in the URL by
- checking the return value of :func:`is_cli()`.
+ checking the return value of :php:func:`is_cli()`.
- Make interactive "tasks" that can do things like set permissions,
prune cache folders, run backups, etc.
- Integrate with other applications in other languages. For example, a
diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst
index 399a323cc..6d6744cf7 100644
--- a/user_guide_src/source/general/common_functions.rst
+++ b/user_guide_src/source/general/common_functions.rst
@@ -13,7 +13,7 @@ loading any libraries or helpers.
<div class="custom-index container"></div>
-.. function:: is_php($version)
+.. php:function:: is_php($version)
:param string $version: Version number
:returns: TRUE if the running PHP version is at least the one specified or FALSE if not
@@ -33,7 +33,7 @@ loading any libraries or helpers.
greater than the supplied version number. Returns FALSE if the installed
version of PHP is lower than the supplied version number.
-.. function:: is_really_writable($file)
+.. php:function:: is_really_writable($file)
:param string $file: File path
:returns: TRUE if the path is writable, FALSE if not
@@ -60,7 +60,7 @@ loading any libraries or helpers.
.. note:: See also `PHP bug #54709 <https://bugs.php.net/bug.php?id=54709>`_ for more info.
-.. function:: config_item($key)
+.. php:function:: config_item($key)
:param string $key: Config item key
:returns: Configuration key value or NULL if not found
@@ -99,7 +99,7 @@ loading any libraries or helpers.
This function is an alias for ``CI_Log::write_log()``. For more info,
please see the :doc:`Error Handling <errors>` documentation.
-.. function:: set_status_header($code[, $text = ''])
+.. php:function:: set_status_header($code[, $text = ''])
:param int $code: HTTP Reponse status code
:param string $text: A custom message to set with the status code
@@ -113,7 +113,7 @@ loading any libraries or helpers.
`See here <http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html>`_ for
a full list of headers.
-.. function:: remove_invisible_characters($str[, $url_encoded = TRUE])
+.. php:function:: remove_invisible_characters($str[, $url_encoded = TRUE])
:param string $str: Input string
:param bool $url_encoded: Whether to remove URL-encoded characters as well
@@ -128,7 +128,7 @@ loading any libraries or helpers.
remove_invisible_characters('Java\\0script');
// Returns: 'Javascript'
-.. function:: html_escape($var)
+.. php:function:: html_escape($var)
:param mixed $var: Variable to escape (string or array)
:returns: HTML escaped string(s)
@@ -139,7 +139,7 @@ loading any libraries or helpers.
It is useful in preventing Cross Site Scripting (XSS).
-.. function:: get_mimes()
+.. php:function:: get_mimes()
:returns: An associative array of file types
:rtype: array
@@ -147,7 +147,7 @@ loading any libraries or helpers.
This function returns a *reference* to the MIMEs array from
*application/config/mimes.php*.
-.. function:: is_https()
+.. php:function:: is_https()
:returns: TRUE if currently using HTTP-over-SSL, FALSE if not
:rtype: bool
@@ -155,7 +155,7 @@ loading any libraries or helpers.
Returns TRUE if a secure (HTTPS) connection is used and FALSE
in any other case (including non-HTTP requests).
-.. function:: is_cli()
+.. php:function:: is_cli()
:returns: TRUE if currently running under CLI, FALSE otherwise
:rtype: bool
@@ -166,7 +166,7 @@ loading any libraries or helpers.
.. note:: This function checks both if the ``PHP_SAPI`` value is 'cli'
or if the ``STDIN`` constant is defined.
-.. function:: function_usable($function_name)
+.. php:function:: function_usable($function_name)
:param string $function_name: Function name
:returns: TRUE if the function can be used, FALSE if not
diff --git a/user_guide_src/source/general/compatibility_functions.rst b/user_guide_src/source/general/compatibility_functions.rst
index aee9b1ef0..434b0982f 100644
--- a/user_guide_src/source/general/compatibility_functions.rst
+++ b/user_guide_src/source/general/compatibility_functions.rst
@@ -44,7 +44,7 @@ Constants
Function reference
==================
-.. function:: password_get_info($hash)
+.. php:function:: password_get_info($hash)
:param string $hash: Password hash
:returns: Information about the hashed password
@@ -53,7 +53,7 @@ Function reference
For more information, please refer to the `PHP manual for
password_get_info() <http://php.net/password_get_info>`_.
-.. function:: password_hash($password, $algo[, $options = array()])
+.. php:function:: password_hash($password, $algo[, $options = array()])
:param string $password: Plain-text password
:param int $algo: Hashing algorithm
@@ -72,7 +72,7 @@ Function reference
- /dev/arandom
- /dev/urandom
-.. function:: password_needs_rehash()
+.. php:function:: password_needs_rehash()
:param string $hash: Password hash
:param int $algo: Hashing algorithm
@@ -83,7 +83,7 @@ Function reference
For more information, please refer to the `PHP manual for
password_needs_rehash() <http://php.net/password_needs_rehash>`_.
-.. function:: password_verify($password, $hash)
+.. php:function:: password_verify($password, $hash)
:param string $password: Plain-text password
:param string $hash: Password hash
@@ -109,7 +109,7 @@ Dependencies
Function reference
==================
-.. function:: hash_equals($known_string, $user_string)
+.. php:function:: hash_equals($known_string, $user_string)
:param string $known_string: Known string
:param string $user_string: User-supplied string
@@ -119,7 +119,7 @@ Function reference
For more information, please refer to the `PHP manual for
hash_equals() <http://php.net/hash_equals>`_.
-.. function:: hash_pbkdf2($algo, $password, $salt, $iterations[, $length = 0[, $raw_output = FALSE]])
+.. php:function:: hash_pbkdf2($algo, $password, $salt, $iterations[, $length = 0[, $raw_output = FALSE]])
:param string $algo: Hashing algorithm
:param string $password: Password
@@ -162,7 +162,7 @@ Dependencies
Function reference
==================
-.. function:: mb_strlen($str[, $encoding = NULL])
+.. php:function:: mb_strlen($str[, $encoding = NULL])
:param string $str: Input string
:param string $encoding: Character set
@@ -172,7 +172,7 @@ Function reference
For more information, please refer to the `PHP manual for
mb_strlen() <http://php.net/mb_strlen>`_.
-.. function:: mb_strpos($haystack, $needle[, $offset = 0[, $encoding = NULL]])
+.. php:function:: mb_strpos($haystack, $needle[, $offset = 0[, $encoding = NULL]])
:param string $haystack: String to search in
:param string $needle: Part of string to search for
@@ -184,7 +184,7 @@ Function reference
For more information, please refer to the `PHP manual for
mb_strpos() <http://php.net/mb_strpos>`_.
-.. function:: mb_substr($str, $start[, $length = NULL[, $encoding = NULL]])
+.. php:function:: mb_substr($str, $start[, $length = NULL[, $encoding = NULL]])
:param string $str: Input string
:param int $start: Position of first character
@@ -211,7 +211,7 @@ Dependencies
Function reference
==================
-.. function:: array_column(array $array, $column_key[, $index_key = NULL])
+.. php:function:: array_column(array $array, $column_key[, $index_key = NULL])
:param array $array: Array to fetch results from
:param mixed $column_key: Key of the column to return values from
@@ -222,7 +222,7 @@ Function reference
For more information, please refer to the `PHP manual for
array_column() <http://php.net/array_column>`_.
-.. function:: array_replace(array $array1[, ...])
+.. php:function:: array_replace(array $array1[, ...])
:param array $array1: Array in which to replace elements
:param array ...: Array (or multiple ones) from which to extract elements
@@ -232,7 +232,7 @@ Function reference
For more information, please refer to the `PHP manual for
array_replace() <http://php.net/array_replace>`_.
-.. function:: array_replace_recursive(array $array1[, ...])
+.. php:function:: array_replace_recursive(array $array1[, ...])
:param array $array1: Array in which to replace elements
:param array ...: Array (or multiple ones) from which to extract elements
@@ -245,7 +245,7 @@ Function reference
.. important:: Only PHP's native function can detect endless recursion.
Unless you are running PHP 5.3+, be careful with references!
-.. function:: hex2bin($data)
+.. php:function:: hex2bin($data)
:param array $data: Hexadecimal representation of data
:returns: Binary representation of the given data
@@ -254,7 +254,7 @@ Function reference
For more information, please refer to the `PHP manual for hex2bin()
<http://php.net/hex2bin>`_.
-.. function:: quoted_printable_encode($str)
+.. php:function:: quoted_printable_encode($str)
:param string $str: Input string
:returns: 8bit-encoded string
diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst
index 0e3ae4c85..d6b0631af 100644
--- a/user_guide_src/source/general/creating_libraries.rst
+++ b/user_guide_src/source/general/creating_libraries.rst
@@ -54,8 +54,6 @@ Classes should have this basic prototype::
}
}
- /* End of file Someclass.php */
-
.. note:: We are using the name Someclass purely as an example.
Using Your Class
diff --git a/user_guide_src/source/general/credits.rst b/user_guide_src/source/general/credits.rst
index 371808fe4..d22e3a9bc 100644
--- a/user_guide_src/source/general/credits.rst
+++ b/user_guide_src/source/general/credits.rst
@@ -12,7 +12,7 @@ It was, for years, developed and maintained by EllisLab, the ExpressionEngine
Development Team and a group of community members called the Reactor Team.
In 2014, CodeIgniter was acquired by the `British Columbia Institute of Technology
-<http://bcit.ca/>`_ and was then officially announced as a community-maintaned
+<http://bcit.ca/>`_ and was then officially announced as a community-maintained
project.
Bleeding edge development is spearheaded by the handpicked contributors
diff --git a/user_guide_src/source/general/errors.rst b/user_guide_src/source/general/errors.rst
index 26c26bea1..9c190feb1 100644
--- a/user_guide_src/source/general/errors.rst
+++ b/user_guide_src/source/general/errors.rst
@@ -29,84 +29,93 @@ software keep track of your scripts and the health of your application.
The following functions let you generate errors:
-.. function:: show_error($message, $status_code, $heading = 'An Error Was Encountered')
+.. php:function:: show_error($message, $status_code, $heading = 'An Error Was Encountered')
:param mixed $message: Error message
:param int $status_code: HTTP Response status code
:param string $heading: Error page heading
:rtype: void
-This function will display the error message supplied to it using the
-following error template::
+ This function will display the error message supplied to it using
+ the error template appropriate to your execution::
- application/views/errors/error_general.php
+ application/views/errors/html/error_general.php
-The optional parameter ``$status_code`` determines what HTTP status
-code should be sent with the error. If ``$status_code`` is less than 100,
-the HTTP status code will be set to 500, and the exit status code will
-be set to ``$status_code + EXIT__AUTO_MIN``. If that value is larger than
-``EXIT__AUTO_MAX``, or if ``$status_code`` is 100 or higher, the exit
-status code will be set to ``EXIT_ERROR``. You can check in
-*application/config/constants.php* for more detail.
+ or:
-.. function:: show_404($page = '', $log_error = TRUE)
+ application/views/errors/cli/error_general.php
+
+ The optional parameter ``$status_code`` determines what HTTP status
+ code should be sent with the error. If ``$status_code`` is less
+ than 100, the HTTP status code will be set to 500, and the exit
+ status code will be set to ``$status_code + EXIT__AUTO_MIN``.
+ If that value is larger than ``EXIT__AUTO_MAX``, or if
+ ``$status_code`` is 100 or higher, the exit status code will be set
+ to ``EXIT_ERROR``.
+ You can check in *application/config/constants.php* for more detail.
+
+.. php:function:: show_404($page = '', $log_error = TRUE)
:param string $page: URI string
:param bool $log_error: Whether to log the error
:rtype: void
-This function will display the 404 error message supplied to it using
-the following error template::
+ This function will display the 404 error message supplied to it
+ using the error template appropriate to your execution::
+
+ application/views/errors/html/error_404.php
+
+ or:
- application/views/errors/error_404.php
+ application/views/errors/cli/error_404.php
-The function expects the string passed to it to be the file path to the
-page that isn't found. The exit status code will be set to ``EXIT_UNKNOWN_FILE``.
-Note that CodeIgniter automatically shows 404 messages if controllers are
-not found.
+ The function expects the string passed to it to be the file path to
+ the page that isn't found. The exit status code will be set to
+ ``EXIT_UNKNOWN_FILE``.
+ Note that CodeIgniter automatically shows 404 messages if
+ controllers are not found.
-CodeIgniter automatically logs any ``show_404()`` calls. Setting the
-optional second parameter to FALSE will skip logging.
+ CodeIgniter automatically logs any ``show_404()`` calls. Setting the
+ optional second parameter to FALSE will skip logging.
-.. function:: log_message($level, $message, $php_error = FALSE)
+.. php:function:: log_message($level, $message, $php_error = FALSE)
:param string $level: Log level: 'error', 'debug' or 'info'
:param string $message: Message to log
:param bool $php_error: Whether we're logging a native PHP error message
:rtype: void
-This function lets you write messages to your log files. You must supply
-one of three "levels" in the first parameter, indicating what type of
-message it is (debug, error, info), with the message itself in the
-second parameter.
-
-Example::
-
- if ($some_var == '')
- {
- log_message('error', 'Some variable did not contain a value.');
- }
- else
- {
- log_message('debug', 'Some variable was correctly set');
- }
-
- log_message('info', 'The purpose of some variable is to provide some value.');
-
-There are three message types:
-
-#. Error Messages. These are actual errors, such as PHP errors or user
- errors.
-#. Debug Messages. These are messages that assist in debugging. For
- example, if a class has been initialized, you could log this as
- debugging info.
-#. Informational Messages. These are the lowest priority messages,
- simply giving information regarding some process. CodeIgniter doesn't
- natively generate any info messages but you may want to in your
- application.
-
-.. note:: In order for the log file to actually be written, the *logs*
- directory must be writable. In addition, you must set the "threshold"
- for logging in *application/config/config.php*. You might, for example,
- only want error messages to be logged, and not the other two types.
- If you set it to zero logging will be disabled. \ No newline at end of file
+ This function lets you write messages to your log files. You must
+ supply one of three "levels" in the first parameter, indicating what
+ type of message it is (debug, error, info), with the message itself
+ in the second parameter.
+
+ Example::
+
+ if ($some_var == '')
+ {
+ log_message('error', 'Some variable did not contain a value.');
+ }
+ else
+ {
+ log_message('debug', 'Some variable was correctly set');
+ }
+
+ log_message('info', 'The purpose of some variable is to provide some value.');
+
+ There are three message types:
+
+ #. Error Messages. These are actual errors, such as PHP errors or
+ user errors.
+ #. Debug Messages. These are messages that assist in debugging. For
+ example, if a class has been initialized, you could log this as
+ debugging info.
+ #. Informational Messages. These are the lowest priority messages,
+ simply giving information regarding some process.
+
+ .. note:: In order for the log file to actually be written, the
+ *logs/* directory must be writable. In addition, you must
+ set the "threshold" for logging in
+ *application/config/config.php*. You might, for example,
+ only want error messages to be logged, and not the other
+ two types. If you set it to zero logging will be disabled.
diff --git a/user_guide_src/source/general/requirements.rst b/user_guide_src/source/general/requirements.rst
index 1cb5938aa..e3f73dba8 100644
--- a/user_guide_src/source/general/requirements.rst
+++ b/user_guide_src/source/general/requirements.rst
@@ -2,10 +2,15 @@
Server Requirements
###################
-- `PHP <http://www.php.net/>`_ version 5.4 or newer is recommended and 5.2.4 as the absolute minimum required.
-- A Database is required for most web application programming.
+`PHP <http://www.php.net/>`_ version 5.4 or newer is recommended.
+
+It should work on 5.2.4 as well, but we strongly advise you NOT to run
+such old versions of PHP, because of potential security and performance
+issues, as well as missing features.
+
+A database is required for most web application programming.
+Currently supported databases are:
- Currently supported databases are:
- MySQL (5.1+) via the *mysql* (deprecated), *mysqli* and *pdo* drivers
- Oracle via the *oci8* and *pdo* drivers
- PostgreSQL via the *postgre* and *pdo* drivers
diff --git a/user_guide_src/source/general/reserved_names.rst b/user_guide_src/source/general/reserved_names.rst
index 9da94b398..a7b0c3465 100644
--- a/user_guide_src/source/general/reserved_names.rst
+++ b/user_guide_src/source/general/reserved_names.rst
@@ -23,22 +23,22 @@ your controller any of these:
Functions
---------
-- :func:`is_php()`
-- :func:`is_really_writable()`
+- :php:func:`is_php()`
+- :php:func:`is_really_writable()`
- ``load_class()``
- ``is_loaded()``
- ``get_config()``
-- :func:`config_item()`
-- :func:`show_error()`
-- :func:`show_404()`
-- :func:`log_message()`
-- :func:`set_status_header()`
-- :func:`get_mimes()`
-- :func:`html_escape()`
-- :func:`remove_invisible_characters()`
-- :func:`is_https()`
-- :func:`function_usable()`
-- :func:`get_instance()`
+- :php:func:`config_item()`
+- :php:func:`show_error()`
+- :php:func:`show_404()`
+- :php:func:`log_message()`
+- :php:func:`set_status_header()`
+- :php:func:`get_mimes()`
+- :php:func:`html_escape()`
+- :php:func:`remove_invisible_characters()`
+- :php:func:`is_https()`
+- :php:func:`function_usable()`
+- :php:func:`get_instance()`
- ``_error_handler()``
- ``_exception_handler()``
- ``_stringify_attributes()``
diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst
index 3f93443bb..0c58f96b4 100644
--- a/user_guide_src/source/general/security.rst
+++ b/user_guide_src/source/general/security.rst
@@ -23,12 +23,12 @@ the following:
- Space
Register_globals
-=================
+================
+
+During system initialization all global variables that are found to exist
+in the ``$_GET``, ``$_POST``, ``$_REQUEST`` and ``$_COOKIE`` are unset.
-During system initialization all global variables are unset, except
-those found in the ``$_GET``, ``$_POST``, and ``$_COOKIE`` arrays.
-The unsetting routine is effectively the same as
-*register_globals = off*.
+The unsetting routine is effectively the same as *register_globals = off*.
display_errors
==============
@@ -60,12 +60,14 @@ from a form submission, COOKIE data, URI data, XML-RPC data, or even
data from the SERVER array, you are encouraged to practice this three
step approach:
-#. Filter the data as if it were tainted.
#. Validate the data to ensure it conforms to the correct type, length,
size, etc. (sometimes this step can replace step one)
-#. Escape the data before submitting it into your database.
+#. Filter the data as if it were tainted.
+#. Escape the data before submitting it into your database or outputting
+ it to a browser.
-CodeIgniter provides the following functions to assist in this process:
+CodeIgniter provides the following functions and tips to assist you
+in this process:
XSS Filtering
=============
@@ -76,13 +78,95 @@ your data, or other types of code that attempt to hijack cookies or
do other malicious things. The XSS Filter is described
:doc:`here <../libraries/security>`.
-Validate the data
+.. note:: XSS filtering should *only be performed on output*. Filtering
+ input data may modify the data in undesirable ways, including
+ stripping special characters from passwords, which reduces
+ security instead of improving it.
+
+CSRF protection
+===============
+
+CSRF stands for Cross-Site Request Forgery, which is the process of an
+attacker tricking their victim into unknowingly submitting a request.
+
+CodeIgniter provides CSRF protection out of the box, which will get
+automatically triggered for every non-GET HTTP request, but also needs
+you to create your submit forms in a certain way. This is explained in
+the :doc:`Security Library <../libraries/security>` documentation.
+
+Password handling
=================
+It is *critical* that you handle passwords in your application properly.
+
+Unfortunately, many developers don't know how to do that, and the web is
+full of outdated or otherwise wrongful advices, which doesn't help.
+
+We would like to give you a list of combined do's and don'ts to help you
+with that. Please read below.
+
+- DO NOT store passwords in plain-text format.
+
+ Always **hash** your passwords.
+
+- DO NOT use Base64 or similar encoding for storing passwords.
+
+ This is as good as storing them in plain-text. Really. Do **hashing**,
+ not *encoding*.
+
+ Encoding, and encryption too, are two-way processes. Passwords are
+ secrets that must only be known to their owner, and thus must work
+ only in one direction. Hashing does that - there's *no* un-hashing or
+ de-hashing, but there is decoding and decryption.
+
+- DO NOT use weak or broken hashing algorithms like MD5 or SHA1.
+
+ These algorithms are old, proven to be flawed, and not designed for
+ password hashing in the first place.
+
+ Also, DON'T invent your own algorithms.
+
+ Only use strong password hashing algorithms like BCrypt, which is used
+ in PHP's own `Password Hashing <http://php.net/password>`_ functions.
+
+ Please use them, even if you're not running PHP 5.5+, CodeIgniter
+ provides them for you as long as you're running at least PHP version
+ 5.3.7 (and if you don't meet that requirement - please, upgrade).
+
+- DO NOT ever display or send a password in plain-text format!
+
+ Even to the password's owner, if you need a "Forgotten password"
+ feature, just randomly generate a new, one-time (this is also important)
+ password and send that instead.
+
+- DO NOT put artificial limits on your users' passwords.
+
+ There's no point in forcing a rule that a password can only be up to
+ a number of characters, or that it can't contain a certain set of
+ special characters.
+
+ Not only does this **reduce** security instead of improving it, but
+ there's literally no reason to do it. No technical limitations and
+ no (practical) storage constraints apply once you've hashed them, none!
+
+Validate input data
+===================
+
CodeIgniter has a :doc:`Form Validation Library
<../libraries/form_validation>` that assists you in
validating, filtering, and prepping your data.
+Even if that doesn't work for your use case however, be sure to always
+validate and sanitize all input data. For example, if you expect a numeric
+string for an input variable, you can check for that with ``is_numeric()``
+or ``ctype_digit()``. Always try to narrow down your checks to a certain
+pattern.
+
+Have it in mind that this includes not only ``$_POST`` and ``$_GET``
+variables, but also cookies, the user-agent string and basically
+*all data that is not created directly by your own code*.
+
+
Escape all data before database insertion
=========================================
diff --git a/user_guide_src/source/general/styleguide.rst b/user_guide_src/source/general/styleguide.rst
index 3d8f0a78a..7704a59c5 100644
--- a/user_guide_src/source/general/styleguide.rst
+++ b/user_guide_src/source/general/styleguide.rst
@@ -52,31 +52,8 @@ The PHP closing tag on a PHP document **?>** is optional to the PHP
parser. However, if used, any whitespace following the closing tag,
whether introduced by the developer, user, or an FTP application, can
cause unwanted output, PHP errors, or if the latter are suppressed,
-blank pages. For this reason, all PHP files should **OMIT** the closing
-PHP tag, and instead use a comment block to mark the end of file and
-its location relative to the application root. This allows you to still
-identify a file as being complete and not truncated.
-
-**INCORRECT**::
-
- <?php
-
- echo "Here's my code!";
-
- ?>
-
-**CORRECT**::
-
- <?php
-
- echo "Here's my code!";
-
- /* End of file Myfile.php */
- /* Location: ./system/modules/mymodule/myfile.php */
-
-.. note:: There should be no empty line or newline character(s) following
- the closing comments. If you happen to see one when
- submitting a pull request, please check your IDE settings and fix it.
+blank pages. For this reason, all PHP files MUST OMIT the PHP closing
+tag and end with a single empty line instead.
File Naming
===========
@@ -368,10 +345,10 @@ inability for CodeIgniter to send proper headers.
Compatibility
=============
-CodeIgniter recommends PHP 5.4 or newer to be used, but the absolute
-minimum version required is 5.2.4. Your code must either be compatible
-with this minimum requirement, provide a suitable fallback, or be an
-optional feature that dies quietly without affecting a user's application.
+CodeIgniter recommends PHP 5.4 or newer to be used, but it should be
+compatible with PHP 5.2.4. Your code must either be compatible with this
+requirement, provide a suitable fallback, or be an optional feature that
+dies quietly without affecting a user's application.
Additionally, do not use PHP functions that require non-default libraries
to be installed unless your code contains an alternative method when the