12 files changed, 136 insertions, 71 deletions

diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst
index edb3a14fb..cc232f447 100644
--- a/user_guide_src/source/general/ancillary_classes.rst
+++ b/user_guide_src/source/general/ancillary_classes.rst
@@ -52,7 +52,7 @@ Once you've assigned the object to a variable, you'll use that variable
 	This is very important. Assigning by reference allows you to use the
 	original CodeIgniter object rather than creating a copy of it.
 
-Furthermore, if you'll be using ``get_intance()`` inside anoter class,
+Furthermore, if you'll be using ``get_instance()`` inside another class,
 then it would be better if you assign it to a property. This way, you
 won't need to call ``get_instance()`` in every single method.
 
@@ -78,7 +78,7 @@ Example::
 
 		public function bar()
 		{
-			$this->CI->config_item('base_url');
+			$this->CI->config->item('base_url');
 		}
 
 	}
diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst
index 9c0a7cbe1..399a323cc 100644
--- a/user_guide_src/source/general/common_functions.rst
+++ b/user_guide_src/source/general/common_functions.rst
@@ -63,7 +63,7 @@ loading any libraries or helpers.
 .. function:: config_item($key)
 
 	:param	string	$key: Config item key
-	:returns:	Configuration key value or FALSE if not found
+	:returns:	Configuration key value or NULL if not found
 	:rtype:	mixed
 
 	The :doc:`Config Library <../libraries/config>` is the preferred way of
diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst
index a1e1b3e78..d6b0631af 100644
--- a/user_guide_src/source/general/creating_libraries.rst
+++ b/user_guide_src/source/general/creating_libraries.rst
@@ -54,8 +54,6 @@ Classes should have this basic prototype::
 		}
 	}
 
-	/* End of file Someclass.php */
-
 .. note:: We are using the name Someclass purely as an example.
 
 Using Your Class
@@ -170,7 +168,7 @@ methods, you're encouraged to assign it to a property instead::
 
 		public function bar()
 		{
-			echo $this->CI->config_item('base_url');
+			echo $this->CI->config->item('base_url');
 		}
 
 	}
diff --git a/user_guide_src/source/general/credits.rst b/user_guide_src/source/general/credits.rst
index 03ee83dd6..d22e3a9bc 100644
--- a/user_guide_src/source/general/credits.rst
+++ b/user_guide_src/source/general/credits.rst
@@ -2,18 +2,21 @@
 Credits
 #######
 
-CodeIgniter was originally developed by `Rick
-Ellis <http://www.ellislab.com/>`_ (CEO of `EllisLab,
-Inc. <http://ellislab.com/>`_). The framework was written for
-performance in the real world, with many of the class libraries,
-helpers, and sub-systems borrowed from the code-base of
-`ExpressionEngine <http://www.expressionengine.com/>`_.
+CodeIgniter was originally developed by `Rick Ellis <http://www.ellislab.com/>`_
+(CEO of `EllisLab, Inc. <http://ellislab.com/>`_). The framework was written for
+performance in the real world, with many of the class libraries, helpers, and
+sub-systems borrowed from the code-base of `ExpressionEngine
+<http://www.expressionengine.com/>`_.
+
+It was, for years, developed and maintained by EllisLab, the ExpressionEngine
+Development Team and a group of community members called the Reactor Team.
+
+In 2014, CodeIgniter was acquired by the `British Columbia Institute of Technology
+<http://bcit.ca/>`_ and was then officially announced as a community-maintained
+project.
 
-It is currently developed and maintained by the ExpressionEngine
-Development Team.
 Bleeding edge development is spearheaded by the handpicked contributors
 of the Reactor Team.
 
-A hat tip goes to Ruby on Rails for inspiring us to create a PHP
-framework, and for bringing frameworks into the general consciousness of
-the web community.
\ No newline at end of file
+A hat tip goes to Ruby on Rails for inspiring us to create a PHP framework, and
+for bringing frameworks into the general consciousness of the web community.
\ No newline at end of file
diff --git a/user_guide_src/source/general/environments.rst b/user_guide_src/source/general/environments.rst
index d74ebb8d5..1ce4fde3a 100644
--- a/user_guide_src/source/general/environments.rst
+++ b/user_guide_src/source/general/environments.rst
@@ -20,7 +20,7 @@ the value provided in ``$_SERVER['CI_ENV']``, otherwise defaults to
 This server variable can be set in your .htaccess file, or Apache 
 config using `SetEnv <https://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv>`_. 
 Alternative methods are available for nginx and other servers, or you can 
-remove this logic entirely and set the constant based on the HTTP_HOST or IP.
+remove this logic entirely and set the constant based on the server's IP address.
 
 In addition to affecting some basic framework behavior (see the next
 section), you may use this constant in your own development to
diff --git a/user_guide_src/source/general/errors.rst b/user_guide_src/source/general/errors.rst
index 26c26bea1..721c78ca7 100644
--- a/user_guide_src/source/general/errors.rst
+++ b/user_guide_src/source/general/errors.rst
@@ -101,9 +101,7 @@ There are three message types:
    example, if a class has been initialized, you could log this as
    debugging info.
 #. Informational Messages. These are the lowest priority messages,
-   simply giving information regarding some process. CodeIgniter doesn't
-   natively generate any info messages but you may want to in your
-   application.
+   simply giving information regarding some process.
 
 .. note:: In order for the log file to actually be written, the *logs*
 	directory must be writable. In addition, you must set the "threshold"
diff --git a/user_guide_src/source/general/models.rst b/user_guide_src/source/general/models.rst
index c4fd12476..1cfe736de 100644
--- a/user_guide_src/source/general/models.rst
+++ b/user_guide_src/source/general/models.rst
@@ -137,7 +137,7 @@ view::
 		{
 			$this->load->model('blog');
 
-			$data['query'] = $this->Blog->get_last_ten_entries();
+			$data['query'] = $this->blog->get_last_ten_entries();
 
 			$this->load->view('blog', $data);
 		}
diff --git a/user_guide_src/source/general/profiling.rst b/user_guide_src/source/general/profiling.rst
index 63a261cc6..2716d1781 100644
--- a/user_guide_src/source/general/profiling.rst
+++ b/user_guide_src/source/general/profiling.rst
@@ -82,8 +82,9 @@ Key                     Description
                         hidden.
 ======================= =================================================================== ========
 
-.. note:: Disabling the (save_queries)[http://ellislab.com/codeigniter/user-guide/database/configuration.html] setting in your database configuration
-	will also effectively disable profiling for database queries and render
-	the 'queries' setting above useless. You can optionally override this
-	setting with `$this->db->save_queries = TRUE;`. Without this setting you
-	won't be able to view the queries or the (last_query)[http://ellislab.com/codeigniter/user-guide/database/helpers.html].
+.. note:: Disabling the :doc:`save_queries </database/configuration>` setting in
+	your database configuration will also effectively disable profiling for
+	database queries and render the 'queries' setting above useless. You can
+	optionally override this setting with ``$this->db->save_queries = TRUE;``.
+	Without this setting you won't be able to view the queries or the
+	`last_query <database/helpers>`.
\ No newline at end of file
diff --git a/user_guide_src/source/general/requirements.rst b/user_guide_src/source/general/requirements.rst
index 0b67e8e3a..e3f73dba8 100644
--- a/user_guide_src/source/general/requirements.rst
+++ b/user_guide_src/source/general/requirements.rst
@@ -2,10 +2,15 @@
 Server Requirements
 ###################
 
-- `PHP <http://www.php.net/>`_ version 5.2.4 or newer.
-- A Database is required for most web application programming.
+`PHP <http://www.php.net/>`_ version 5.4 or newer is recommended.
+
+It should work on 5.2.4 as well, but we strongly advise you NOT to run
+such old versions of PHP, because of potential security and performance
+issues, as well as missing features.
+
+A database is required for most web application programming.
+Currently supported databases are:
 
- Currently supported databases are:
   - MySQL (5.1+) via the *mysql* (deprecated), *mysqli* and *pdo* drivers
   - Oracle via the *oci8* and *pdo* drivers
   - PostgreSQL via the *postgre* and *pdo* drivers
diff --git a/user_guide_src/source/general/reserved_names.rst b/user_guide_src/source/general/reserved_names.rst
index 81a05ace6..9da94b398 100644
--- a/user_guide_src/source/general/reserved_names.rst
+++ b/user_guide_src/source/general/reserved_names.rst
@@ -16,9 +16,7 @@ the ones used by that class, otherwise your local methods will
 override them. The following is a list of reserved names. Do not name
 your controller any of these:
 
--  Controller
--  CI_Base
--  _ci_initialize
+-  CI_Controller
 -  Default
 -  index
 
@@ -41,6 +39,7 @@ Functions
 -  :func:`is_https()`
 -  :func:`function_usable()`
 -  :func:`get_instance()`
+-  ``_error_handler()``
 -  ``_exception_handler()``
 -  ``_stringify_attributes()``
 
diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst
index 3f93443bb..0c58f96b4 100644
--- a/user_guide_src/source/general/security.rst
+++ b/user_guide_src/source/general/security.rst
@@ -23,12 +23,12 @@ the following:
 -  Space
 
 Register_globals
-=================
+================
+
+During system initialization all global variables that are found to exist
+in the ``$_GET``, ``$_POST``, ``$_REQUEST`` and ``$_COOKIE`` are unset.
 
-During system initialization all global variables are unset, except
-those found in the ``$_GET``, ``$_POST``, and ``$_COOKIE`` arrays.
-The unsetting routine is effectively the same as
-*register_globals = off*.
+The unsetting routine is effectively the same as *register_globals = off*.
 
 display_errors
 ==============
@@ -60,12 +60,14 @@ from a form submission, COOKIE data, URI data, XML-RPC data, or even
 data from the SERVER array, you are encouraged to practice this three
 step approach:
 
-#. Filter the data as if it were tainted.
 #. Validate the data to ensure it conforms to the correct type, length,
    size, etc. (sometimes this step can replace step one)
-#. Escape the data before submitting it into your database.
+#. Filter the data as if it were tainted.
+#. Escape the data before submitting it into your database or outputting
+   it to a browser.
 
-CodeIgniter provides the following functions to assist in this process:
+CodeIgniter provides the following functions and tips to assist you
+in this process:
 
 XSS Filtering
 =============
@@ -76,13 +78,95 @@ your data, or other types of code that attempt to hijack cookies or
 do other malicious things. The XSS Filter is described
 :doc:`here <../libraries/security>`.
 
-Validate the data
+.. note:: XSS filtering should *only be performed on output*. Filtering
+	input data may modify the data in undesirable ways, including
+	stripping special characters from passwords, which reduces
+	security instead of improving it.
+
+CSRF protection
+===============
+
+CSRF stands for Cross-Site Request Forgery, which is the process of an
+attacker tricking their victim into unknowingly submitting a request.
+
+CodeIgniter provides CSRF protection out of the box, which will get
+automatically triggered for every non-GET HTTP request, but also needs
+you to create your submit forms in a certain way. This is explained in
+the :doc:`Security Library <../libraries/security>` documentation.
+
+Password handling
 =================
 
+It is *critical* that you handle passwords in your application properly.
+
+Unfortunately, many developers don't know how to do that, and the web is
+full of outdated or otherwise wrongful advices, which doesn't help.
+
+We would like to give you a list of combined do's and don'ts to help you
+with that. Please read below.
+
+-  DO NOT store passwords in plain-text format.
+
+   Always **hash** your passwords.
+
+-  DO NOT use Base64 or similar encoding for storing passwords.
+
+   This is as good as storing them in plain-text. Really. Do **hashing**,
+   not *encoding*.
+
+   Encoding, and encryption too, are two-way processes. Passwords are
+   secrets that must only be known to their owner, and thus must work
+   only in one direction. Hashing does that - there's *no* un-hashing or
+   de-hashing, but there is decoding and decryption.
+
+-  DO NOT use weak or broken hashing algorithms like MD5 or SHA1.
+
+   These algorithms are old, proven to be flawed, and not designed for
+   password hashing in the first place.
+
+   Also, DON'T invent your own algorithms.
+
+   Only use strong password hashing algorithms like BCrypt, which is used
+   in PHP's own `Password Hashing <http://php.net/password>`_ functions.
+
+   Please use them, even if you're not running PHP 5.5+, CodeIgniter
+   provides them for you as long as you're running at least PHP version
+   5.3.7 (and if you don't meet that requirement - please, upgrade).
+
+-  DO NOT ever display or send a password in plain-text format!
+
+   Even to the password's owner, if you need a "Forgotten password"
+   feature, just randomly generate a new, one-time (this is also important)
+   password and send that instead.
+
+-  DO NOT put artificial limits on your users' passwords.
+
+   There's no point in forcing a rule that a password can only be up to
+   a number of characters, or that it can't contain a certain set of
+   special characters.
+
+   Not only does this **reduce** security instead of improving it, but
+   there's literally no reason to do it. No technical limitations and
+   no (practical) storage constraints apply once you've hashed them, none!
+
+Validate input data
+===================
+
 CodeIgniter has a :doc:`Form Validation Library
 <../libraries/form_validation>` that assists you in
 validating, filtering, and prepping your data.
 
+Even if that doesn't work for your use case however, be sure to always
+validate and sanitize all input data. For example, if you expect a numeric
+string for an input variable, you can check for that with ``is_numeric()``
+or ``ctype_digit()``. Always try to narrow down your checks to a certain
+pattern.
+
+Have it in mind that this includes not only ``$_POST`` and ``$_GET``
+variables, but also cookies, the user-agent string and basically
+*all data that is not created directly by your own code*.
+
+
 Escape all data before database insertion
 =========================================
 
diff --git a/user_guide_src/source/general/styleguide.rst b/user_guide_src/source/general/styleguide.rst
index 6718bc342..7704a59c5 100644
--- a/user_guide_src/source/general/styleguide.rst
+++ b/user_guide_src/source/general/styleguide.rst
@@ -52,31 +52,8 @@ The PHP closing tag on a PHP document **?>** is optional to the PHP
 parser. However, if used, any whitespace following the closing tag,
 whether introduced by the developer, user, or an FTP application, can
 cause unwanted output, PHP errors, or if the latter are suppressed,
-blank pages. For this reason, all PHP files should **OMIT** the closing
-PHP tag, and instead use a comment block to mark the end of file and
-its location relative to the application root. This allows you to still
-identify a file as being complete and not truncated.
-
-**INCORRECT**::
-
-	<?php
-
-	echo "Here's my code!";
-
-	?>
-
-**CORRECT**::
-
-	<?php
-
-	echo "Here's my code!";
-
-	/* End of file Myfile.php */
-	/* Location: ./system/modules/mymodule/myfile.php */
-
-.. note:: There should be no empty line or newline character(s) following
-	the closing comments. If you happen to see one when
-	submitting a pull request, please check your IDE settings and fix it.
+blank pages. For this reason, all PHP files MUST OMIT the PHP closing
+tag and end with a single empty line instead.
 
 File Naming
 ===========
@@ -368,10 +345,10 @@ inability for CodeIgniter to send proper headers.
 Compatibility
 =============
 
-CodeIgniter requires a minimum PHP version of 5.2.4. Your code must either
-be compatible with this minimum requirement, provide a suitable fallback,
-or be an optional feature that dies quietly without affecting a user's
-application.
+CodeIgniter recommends PHP 5.4 or newer to be used, but it should be
+compatible with PHP 5.2.4. Your code must either be compatible with this
+requirement, provide a suitable fallback, or be an optional feature that
+dies quietly without affecting a user's application.
 
 Additionally, do not use PHP functions that require non-default libraries
 to be installed unless your code contains an alternative method when the