diff options
Diffstat (limited to 'user_guide_src/source/libraries')
| -rw-r--r-- | user_guide_src/source/libraries/config.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/email.rst | 4 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/encryption.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/ftp.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/input.rst | 12 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/loader.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/pagination.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/security.rst | 11 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/sessions.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/trackback.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/typography.rst | 4 |
11 files changed, 26 insertions, 19 deletions
diff --git a/user_guide_src/source/libraries/config.rst b/user_guide_src/source/libraries/config.rst index a45cacdf5..fe2e0a99d 100644 --- a/user_guide_src/source/libraries/config.rst +++ b/user_guide_src/source/libraries/config.rst @@ -211,7 +211,7 @@ Class Reference .. php:method:: load([$file = ''[, $use_sections = FALSE[, $fail_gracefully = FALSE]]]) :param string $file: Configuration file name - :param bool $use_sections: Whether config values shoud be loaded into their own section (index of the main config array) + :param bool $use_sections: Whether config values should be loaded into their own section (index of the main config array) :param bool $fail_gracefully: Whether to return FALSE or to display an error message :returns: TRUE on success, FALSE on failure :rtype: bool diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst index 0b38737f1..1be6e2adb 100644 --- a/user_guide_src/source/libraries/email.rst +++ b/user_guide_src/source/libraries/email.rst @@ -348,7 +348,7 @@ Class Reference $this->email->attach('http://example.com/filename.pdf'); - If you'd like to use a custom file name, you can use the third paramater:: + If you'd like to use a custom file name, you can use the third parameter:: $this->email->attach('filename.pdf', 'attachment', 'report.pdf'); @@ -387,7 +387,7 @@ Class Reference :rtype: string Returns a string containing any server messages, the email headers, and - the email messsage. Useful for debugging. + the email message. Useful for debugging. You can optionally specify which parts of the message should be printed. Valid options are: **headers**, **subject**, **body**. diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 377e650a9..b16511d4d 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -382,7 +382,7 @@ the hood: #. Check if the string is long enough, separate the HMAC out of it and validate if it is correct (this is done in a way that - prevents timing attacks agains it). Return FALSE if either of + prevents timing attacks against it). Return FALSE if either of the checks fails. #. Base64-decode the string. diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst index ddd4442fd..2a015256d 100644 --- a/user_guide_src/source/libraries/ftp.rst +++ b/user_guide_src/source/libraries/ftp.rst @@ -2,7 +2,7 @@ FTP Class ######### -CodeIgniter's FTP Class permits files to be transfered to a remote +CodeIgniter's FTP Class permits files to be transferred to a remote server. Remote files can also be moved, renamed, and deleted. The FTP class also includes a "mirroring" function that permits an entire local directory to be recreated remotely via FTP. diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index d9c6c2dd1..300f47112 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -167,7 +167,7 @@ Class Reference $this->input->post(array('field1', 'field2')); - Same rule applied here, to retrive the parameters with XSS filtering enabled, set the + Same rule applied here, to retrieve the parameters with XSS filtering enabled, set the second parameter to boolean TRUE. :: @@ -200,7 +200,7 @@ Class Reference $this->input->get(array('field1', 'field2')); - Same rule applied here, to retrive the parameters with XSS filtering enabled, set the + Same rule applied here, to retrieve the parameters with XSS filtering enabled, set the second parameter to boolean TRUE. :: @@ -245,7 +245,7 @@ Class Reference data:: $this->input->cookie('some_cookie'); - $this->input->cookie('some_cookie, TRUE); // with XSS filter + $this->input->cookie('some_cookie', TRUE); // with XSS filter To return an array of multiple cookie values, pass all the required keys as an array. @@ -285,7 +285,7 @@ Class Reference This method is identical to ``get()``, ``post()`` and ``cookie()``, only it fetches the *php://input* stream data. - .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]]) + .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]]) :param mixed $name: Cookie name or an array of parameters :param string $value: Cookie value @@ -338,8 +338,8 @@ Class Reference The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server. - The secure boolean is only needed if you want to make it a secure cookie - by setting it to TRUE. + The *httponly* and *secure* flags, when omitted, will default to your + ``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings. **Discrete Parameters** diff --git a/user_guide_src/source/libraries/loader.rst b/user_guide_src/source/libraries/loader.rst index 228d5e478..22abb4586 100644 --- a/user_guide_src/source/libraries/loader.rst +++ b/user_guide_src/source/libraries/loader.rst @@ -125,7 +125,7 @@ Class Reference $config = array ( 'mailtype' => 'html', - 'charset' => 'utf-8, + 'charset' => 'utf-8', 'priority' => '1' ); diff --git a/user_guide_src/source/libraries/pagination.rst b/user_guide_src/source/libraries/pagination.rst index 913717c67..99b5a80a2 100644 --- a/user_guide_src/source/libraries/pagination.rst +++ b/user_guide_src/source/libraries/pagination.rst @@ -101,7 +101,7 @@ like:: If you have ``$config['enable_query_strings']`` set to TRUE your links will automatically be re-written using Query Strings. This option can -also be explictly set. Using ``$config['page_query_string']`` set to TRUE, +also be explicitly set. Using ``$config['page_query_string']`` set to TRUE, the pagination link will become:: http://example.com/index.php?c=test&m=page&per_page=20 diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index f7604ef00..868112684 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -40,6 +40,9 @@ browser may attempt to execute. // file failed the XSS test } +.. important:: If you want to filter HTML attribute values, use + :php:func:`html_escape()` instead! + ********************************* Cross-site request forgery (CSRF) ********************************* @@ -101,7 +104,11 @@ Class Reference :rtype: mixed Tries to remove XSS exploits from the input data and returns the cleaned string. - If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it. + If the optional second parameter is set to true, it will return boolean TRUE if + the image is safe to use and FALSE if malicious data was detected in it. + + .. important:: This method is not suitable for filtering HTML attribute values! + Use :php:func:`html_escape()` for that instead. .. php:method:: sanitize_filename($str[, $relative_path = FALSE]) @@ -162,4 +169,4 @@ Class Reference Used for generating CSRF and XSS tokens. .. note:: The output is NOT guaranteed to be cryptographically secure, - just the best attempt at that.
\ No newline at end of file + just the best attempt at that. diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index a95cd5a19..b1f658d8f 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -471,7 +471,7 @@ Preference Default Description .. note:: The 'cookie_httponly' setting doesn't have an effect on sessions. Instead the HttpOnly parameter is always enabled, for security - reasons. Additionaly, the 'cookie_prefix' setting is completely + reasons. Additionally, the 'cookie_prefix' setting is completely ignored. Session Drivers diff --git a/user_guide_src/source/libraries/trackback.rst b/user_guide_src/source/libraries/trackback.rst index bceb515f2..dc4477e9f 100644 --- a/user_guide_src/source/libraries/trackback.rst +++ b/user_guide_src/source/libraries/trackback.rst @@ -262,7 +262,7 @@ Class Reference :returns: Data value or empty string if not found :rtype: string - Returns a single item from the reponse data array. + Returns a single item from the response data array. .. php:method:: process($url, $data) diff --git a/user_guide_src/source/libraries/typography.rst b/user_guide_src/source/libraries/typography.rst index 1d1e4f3c4..9e1386835 100644 --- a/user_guide_src/source/libraries/typography.rst +++ b/user_guide_src/source/libraries/typography.rst @@ -44,7 +44,7 @@ Class Reference $this->load->library('typography'); $this->typography->protect_braced_quotes = TRUE; - .. method auto_typography($str[, $reduce_linebreaks = FALSE]) + .. php:method:: auto_typography($str[, $reduce_linebreaks = FALSE]) :param string $str: Input string :param bool $reduce_linebreaks: Whether to reduce consequitive linebreaks @@ -104,4 +104,4 @@ Class Reference Usage example:: - $string = $this->typography->nl2br_except_pre($string);
\ No newline at end of file + $string = $this->typography->nl2br_except_pre($string); |