From dc46d99fe8ab2058df15c6a7608e5ae41ffffb2b Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sat, 24 Sep 2011 16:25:23 +0300
Subject: Escape WHERE clause field names in the DB update_string() method

---
 system/database/DB_driver.php | 3 ++-
 user_guide/changelog.html     | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 300ca2977..12c0530c5 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -950,6 +950,7 @@ class CI_DB_driver {
 			foreach ($where as $key => $val)
 			{
 				$prefix = (count($dest) == 0) ? '' : ' AND ';
+				$key = $this->_protect_identifiers($key);
 
 				if ($val !== '')
 				{
@@ -1390,4 +1391,4 @@ class CI_DB_driver {
 
 
 /* End of file DB_driver.php */
-/* Location: ./system/database/DB_driver.php */
\ No newline at end of file
+/* Location: ./system/database/DB_driver.php */
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 7ff2af2f5..50875abf1 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -132,6 +132,7 @@ Change Log
 	<li>Fixed a bug (#344) - Using schema found in <a href="libraries/sessions.html">Saving Session Data to a Database</a>, system would throw error "user_data does not have a default value" when deleting then creating a session.</li>
 	<li>Fixed a bug (#112) - OCI8 (Oracle) driver didn't pass the configured database character set when connecting.</li>
 	<li>Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.</li>
+	<li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li>
 </ul>
 
 <h2>Version 2.0.3</h2>
-- 
cgit v1.2.3-24-g4f1b


From 89e1780f16ea91e913d4231ec07b90391622c8cb Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sat, 24 Sep 2011 17:09:44 +0300
Subject: Fix a variable type mismatch (issue #89) in
 system/database/DB_driver.php

---
 system/database/DB_driver.php | 2 +-
 user_guide/changelog.html     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 12c0530c5..31e4c2bca 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1166,7 +1166,7 @@ class CI_DB_driver {
 
 		if ($native == TRUE)
 		{
-			$message = $error;
+			$message = ( ! is_array($error)) ? array($error) : $error;
 		}
 		else
 		{
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 50875abf1..0afdbe4a1 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -133,6 +133,7 @@ Change Log
 	<li>Fixed a bug (#112) - OCI8 (Oracle) driver didn't pass the configured database character set when connecting.</li>
 	<li>Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.</li>
 	<li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li>
+	<li>Fixed a bug (#89) - Fix a variable type mismatch in DB <samp>display_error()</samp> where an array is expected, but a string could be set instead.</li>
 </ul>
 
 <h2>Version 2.0.3</h2>
-- 
cgit v1.2.3-24-g4f1b


From 85a99cc6a386e49af7dc36f5450dce2338404851 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sat, 24 Sep 2011 17:17:37 +0300
Subject: Skip is_array() check

---
 system/database/DB_driver.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 31e4c2bca..17649f7b1 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1166,7 +1166,7 @@ class CI_DB_driver {
 
 		if ($native == TRUE)
 		{
-			$message = ( ! is_array($error)) ? array($error) : $error;
+			$message = (array) $error;
 		}
 		else
 		{
-- 
cgit v1.2.3-24-g4f1b


From 8d263b02c56e25305621535e184333e8cdace9bd Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sat, 24 Sep 2011 18:47:09 +0300
Subject: Suppress warnings generated by get_magic_quotes_gpc() (issue #467)

---
 system/core/Input.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/core/Input.php b/system/core/Input.php
index f39371fb0..6f8442107 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -555,7 +555,7 @@ class CI_Input {
 		}
 
 		// We strip slashes if magic quotes is on to keep things consistent
-		if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc())
+		if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc())
 		{
 			$str = stripslashes($str);
 		}
-- 
cgit v1.2.3-24-g4f1b


From 4f27b5b93090e483d73a8be0dbb4587309ed3686 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sat, 24 Sep 2011 18:49:44 +0300
Subject: Update the ChangeLog

---
 user_guide/changelog.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 0afdbe4a1..6b4e83c2f 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -134,6 +134,7 @@ Change Log
 	<li>Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.</li>
 	<li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li>
 	<li>Fixed a bug (#89) - Fix a variable type mismatch in DB <samp>display_error()</samp> where an array is expected, but a string could be set instead.</li>
+	<li>Fixed a bug (#467) - Suppress warnings generated from get_magic_quotes_gpc() (deprecated in PHP 5.4)</li>
 </ul>
 
 <h2>Version 2.0.3</h2>
-- 
cgit v1.2.3-24-g4f1b


From 6b5908947853281c4bd5577269b90ba3eead5ddd Mon Sep 17 00:00:00 2001
From: Gerry <gerry.s.pm+git@gmail.com>
Date: Sun, 25 Sep 2011 00:16:39 +0800
Subject: Fixing the documentation url given in the Table library

---
 system/libraries/Table.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Table.php b/system/libraries/Table.php
index def696776..c14da727e 100644
--- a/system/libraries/Table.php
+++ b/system/libraries/Table.php
@@ -24,7 +24,7 @@
  * @subpackage	Libraries
  * @category	HTML Tables
  * @author		ExpressionEngine Dev Team
- * @link		http://codeigniter.com/user_guide/libraries/uri.html
+ * @link		http://codeigniter.com/user_guide/libraries/table.html
  */
 class CI_Table {
 
@@ -528,4 +528,4 @@ class CI_Table {
 
 
 /* End of file Table.php */
-/* Location: ./system/libraries/Table.php */
\ No newline at end of file
+/* Location: ./system/libraries/Table.php */
-- 
cgit v1.2.3-24-g4f1b


From f371fc907fa48a96d1fed201ab13500835e75b71 Mon Sep 17 00:00:00 2001
From: Gerry <gerry.s.pm+git@gmail.com>
Date: Sun, 25 Sep 2011 00:28:09 +0800
Subject: Fixing the Encryption link in the Sha1 library so that it's valid

---
 system/libraries/Sha1.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Sha1.php b/system/libraries/Sha1.php
index 1a657572b..8e991f54a 100644
--- a/system/libraries/Sha1.php
+++ b/system/libraries/Sha1.php
@@ -40,7 +40,7 @@
  * @subpackage	Libraries
  * @category	Encryption
  * @author		ExpressionEngine Dev Team
- * @link		http://codeigniter.com/user_guide/general/encryption.html
+ * @link		http://codeigniter.com/user_guide/libraries/encryption.html
  */
 class CI_SHA1 {
 
@@ -248,4 +248,4 @@ class CI_SHA1 {
 // END CI_SHA
 
 /* End of file Sha1.php */
-/* Location: ./system/libraries/Sha1.php */
\ No newline at end of file
+/* Location: ./system/libraries/Sha1.php */
-- 
cgit v1.2.3-24-g4f1b


From 6f2b26416f65ab86d2ebcf093bad788091cc7273 Mon Sep 17 00:00:00 2001
From: Gerry <gerry.s.pm+git@gmail.com>
Date: Sun, 25 Sep 2011 00:30:52 +0800
Subject: Fixing the documentation link in the Typography library so that it's
 valid

---
 system/libraries/Typography.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Typography.php b/system/libraries/Typography.php
index 734cec104..f061311b0 100644
--- a/system/libraries/Typography.php
+++ b/system/libraries/Typography.php
@@ -22,7 +22,7 @@
  * @access		private
  * @category	Helpers
  * @author		ExpressionEngine Dev Team
- * @link		http://codeigniter.com/user_guide/helpers/
+ * @link		http://codeigniter.com/user_guide/libraries/typography.html
  */
 class CI_Typography {
 
@@ -407,4 +407,4 @@ class CI_Typography {
 // END Typography Class
 
 /* End of file Typography.php */
-/* Location: ./system/libraries/Typography.php */
\ No newline at end of file
+/* Location: ./system/libraries/Typography.php */
-- 
cgit v1.2.3-24-g4f1b


From 33c9c3f80149825e2ffb9e67675747262b563afc Mon Sep 17 00:00:00 2001
From: Gerry <gerry.s.pm+git@gmail.com>
Date: Sun, 25 Sep 2011 00:32:38 +0800
Subject: Fixing the documentation link in the Unit_test library so that it
 points to the correct page

---
 system/libraries/Unit_test.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Unit_test.php b/system/libraries/Unit_test.php
index 5bd7e801a..d9bc8ef6b 100644
--- a/system/libraries/Unit_test.php
+++ b/system/libraries/Unit_test.php
@@ -24,7 +24,7 @@
  * @subpackage	Libraries
  * @category	UnitTesting
  * @author		ExpressionEngine Dev Team
- * @link		http://codeigniter.com/user_guide/libraries/uri.html
+ * @link		http://codeigniter.com/user_guide/libraries/unit_testing.html
  */
 class CI_Unit_test {
 
@@ -380,4 +380,4 @@ function is_false($test)
 
 
 /* End of file Unit_test.php */
-/* Location: ./system/libraries/Unit_test.php */
\ No newline at end of file
+/* Location: ./system/libraries/Unit_test.php */
-- 
cgit v1.2.3-24-g4f1b


From d93e6f3890fd50b9aaf1e116fa8ceb7e3f0caa05 Mon Sep 17 00:00:00 2001
From: Chris Berthe <chrisberthe@gmail.com>
Date: Sun, 25 Sep 2011 10:33:25 -0400
Subject: Fix #484 - Hash is never set to the cookie

---
 system/core/Security.php  | 3 ++-
 user_guide/changelog.html | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/system/core/Security.php b/system/core/Security.php
index 6c4c59057..84ecb06db 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -886,7 +886,8 @@ class CI_Security {
 				return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
 			}
 
-			return $this->_csrf_hash = md5(uniqid(rand(), TRUE));
+			$this->_csrf_hash = md5(uniqid(rand(), TRUE));
+			$this->csrf_set_cookie();
 		}
 
 		return $this->_csrf_hash;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 6b4e83c2f..fc1eb46b3 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -135,6 +135,7 @@ Change Log
 	<li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li>
 	<li>Fixed a bug (#89) - Fix a variable type mismatch in DB <samp>display_error()</samp> where an array is expected, but a string could be set instead.</li>
 	<li>Fixed a bug (#467) - Suppress warnings generated from get_magic_quotes_gpc() (deprecated in PHP 5.4)</li>
+	<li>Fixed a bug (#484) - First time _csrf_set_hash() is called, hash is never set to the cookie (in Security.php).</li>
 </ul>
 
 <h2>Version 2.0.3</h2>
-- 
cgit v1.2.3-24-g4f1b