From 4488538665d37b07a08d7fe4ce6f4156a9899211 Mon Sep 17 00:00:00 2001
From: Greg Aker <greg.aker@ellislab.com>
Date: Tue, 19 Apr 2011 15:28:40 -0500
Subject: Removed APPPATH.'third_party' from the packages autoloader to negate
 needless file stats if no packages exist or if the developer does not load
 any other packages by default.

---
 application/config/autoload.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'application/config')

diff --git a/application/config/autoload.php b/application/config/autoload.php
index 90b1a808f..53129c9c6 100644
--- a/application/config/autoload.php
+++ b/application/config/autoload.php
@@ -37,7 +37,7 @@
 |
 */
 
-$autoload['packages'] = array(APPPATH.'third_party');
+$autoload['packages'] = array();
 
 
 /*
-- 
cgit v1.2.3-24-g4f1b


From 6ae70cc8499499b5d77d77ec8974f95873edb861 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Tue, 19 Apr 2011 16:13:48 -0500
Subject: modified MySQL and MySQLi drivers to address a potential SQL
 injection attack vector when multi-byte character set connections are
 employed. (Does not impact Latin-1, UTF-8, etc. encodings)

---
 application/config/database.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'application/config')

diff --git a/application/config/database.php b/application/config/database.php
index 24d611ac5..fa541a734 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -26,6 +26,12 @@
 |	['cachedir'] The path to the folder where cache files should be stored
 |	['char_set'] The character set used in communicating with the database
 |	['dbcollat'] The character collation used in communicating with the database
+|				 NOTE: For MySQL and MySQLi databases, this setting is only used
+| 				 as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7.
+| 				 There is an incompatibility in PHP with mysql_real_escape_string() which
+| 				 can make your site vulnerable to SQL injection if you are using a
+| 				 multi-byte character set and are running versions lower than these.
+| 				 Sites using Latin-1 or UTF-8 database character set and collation are unaffected.
 |	['swap_pre'] A default table prefix that should be swapped with the dbprefix
 |	['autoinit'] Whether or not to automatically initialize the database.
 |	['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
-- 
cgit v1.2.3-24-g4f1b


From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001
From: Razican <devnull@localhost>
Date: Mon, 25 Apr 2011 17:26:45 +0200
Subject: Fixed double-space typo.

---
 application/config/autoload.php      | 22 ++++++++++----------
 application/config/config.php        | 40 ++++++++++++++++++------------------
 application/config/constants.php     |  6 +++---
 application/config/database.php      | 10 ++++-----
 application/config/foreign_chars.php |  2 +-
 application/config/hooks.php         |  4 ++--
 application/config/mimes.php         |  8 ++++----
 application/config/profiler.php      |  2 +-
 application/config/routes.php        |  2 +-
 application/config/smileys.php       |  4 ++--
 application/config/user_agents.php   |  6 +++---
 11 files changed, 53 insertions(+), 53 deletions(-)

(limited to 'application/config')

diff --git a/application/config/autoload.php b/application/config/autoload.php
index 53129c9c6..1c492a20d 100644
--- a/application/config/autoload.php
+++ b/application/config/autoload.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | AUTO-LOADER
@@ -8,7 +8,7 @@
 | In order to keep the framework as light-weight as possible only the
 | absolute minimal resources are loaded by default. For example,
 | the database is not connected to automatically since no assumption
-| is made regarding whether you intend to use it.  This file lets
+| is made regarding whether you intend to use it. This file lets
 | you globally define which systems you would like loaded with every
 | request.
 |
@@ -29,11 +29,11 @@
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Packges
+| Auto-load Packges
 | -------------------------------------------------------------------
 | Prototype:
 |
-|  $autoload['packages'] = array(APPPATH.'third_party', '/usr/local/shared');
+| $autoload['packages'] = array(APPPATH.'third_party', '/usr/local/shared');
 |
 */
 
@@ -42,7 +42,7 @@ $autoload['packages'] = array();
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Libraries
+| Auto-load Libraries
 | -------------------------------------------------------------------
 | These are the classes located in the system/libraries folder
 | or in your application/libraries folder.
@@ -57,7 +57,7 @@ $autoload['libraries'] = array();
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Helper Files
+| Auto-load Helper Files
 | -------------------------------------------------------------------
 | Prototype:
 |
@@ -69,14 +69,14 @@ $autoload['helper'] = array();
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Config files
+| Auto-load Config files
 | -------------------------------------------------------------------
 | Prototype:
 |
 |	$autoload['config'] = array('config1', 'config2');
 |
 | NOTE: This item is intended for use ONLY if you have created custom
-| config files.  Otherwise, leave it blank.
+| config files. Otherwise, leave it blank.
 |
 */
 
@@ -85,13 +85,13 @@ $autoload['config'] = array();
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Language files
+| Auto-load Language files
 | -------------------------------------------------------------------
 | Prototype:
 |
 |	$autoload['language'] = array('lang1', 'lang2');
 |
-| NOTE: Do not include the "_lang" part of your file.  For example
+| NOTE: Do not include the "_lang" part of your file. For example
 | "codeigniter_lang.php" would be referenced as array('codeigniter');
 |
 */
@@ -101,7 +101,7 @@ $autoload['language'] = array();
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Models
+| Auto-load Models
 | -------------------------------------------------------------------
 | Prototype:
 |
diff --git a/application/config/config.php b/application/config/config.php
index 1ec65435e..bcda884f0 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 
 /*
 |--------------------------------------------------------------------------
@@ -34,7 +34,7 @@ $config['index_page'] = 'index.php';
 |--------------------------------------------------------------------------
 |
 | This item determines which server global should be used to retrieve the
-| URI string.  The default setting of 'AUTO' works for most servers.
+| URI string. The default setting of 'AUTO' works for most servers.
 | If your links do not seem to work, try one of the other delicious flavors:
 |
 | 'AUTO'			Default - auto detects
@@ -88,7 +88,7 @@ $config['charset'] = 'UTF-8';
 |--------------------------------------------------------------------------
 |
 | If you would like to use the 'hooks' feature you must enable it by
-| setting this variable to TRUE (boolean).  See the user guide for details.
+| setting this variable to TRUE (boolean). See the user guide for details.
 |
 */
 $config['enable_hooks'] = FALSE;
@@ -100,7 +100,7 @@ $config['enable_hooks'] = FALSE;
 |--------------------------------------------------------------------------
 |
 | This item allows you to set the filename/classname prefix when extending
-| native libraries.  For more information please see the user guide:
+| native libraries. For more information please see the user guide:
 |
 | http://codeigniter.com/user_guide/general/core_classes.html
 | http://codeigniter.com/user_guide/general/creating_libraries.html
@@ -115,11 +115,11 @@ $config['subclass_prefix'] = 'MY_';
 |--------------------------------------------------------------------------
 |
 | This lets you specify with a regular expression which characters are permitted
-| within your URLs.  When someone tries to submit a URL with disallowed
+| within your URLs. When someone tries to submit a URL with disallowed
 | characters they will get a warning message.
 |
 | As a security measure you are STRONGLY encouraged to restrict URLs to
-| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
+| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
 |
 | Leave blank to allow all characters -- but only if you are insane.
 |
@@ -137,7 +137,7 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
 | By default CodeIgniter uses search-engine friendly segment based URLs:
 | example.com/who/what/where/
 |
-| By default CodeIgniter enables access to the $_GET array.  If for some
+| By default CodeIgniter enables access to the $_GET array. If for some
 | reason you would like to disable it, set 'allow_get_array' to FALSE.
 |
 | You can optionally enable standard query string based URLs:
@@ -210,7 +210,7 @@ $config['log_date_format'] = 'Y-m-d H:i:s';
 |--------------------------------------------------------------------------
 |
 | Leave this BLANK unless you would like to set something other than the default
-| system/cache/ folder.  Use a full server path with trailing slash.
+| system/cache/ folder. Use a full server path with trailing slash.
 |
 */
 $config['cache_path'] = '';
@@ -221,7 +221,7 @@ $config['cache_path'] = '';
 |--------------------------------------------------------------------------
 |
 | If you use the Encryption class or the Session class you
-| MUST set an encryption key.  See the user guide for info.
+| MUST set an encryption key. See the user guide for info.
 |
 */
 $config['encryption_key'] = '';
@@ -233,9 +233,9 @@ $config['encryption_key'] = '';
 |
 | 'sess_cookie_name'		= the name you want for the cookie
 | 'sess_expiration'			= the number of SECONDS you want the session to last.
-|   by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
+|  by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
 | 'sess_expire_on_close'	= Whether to cause the session to expire automatically
-|   when the browser window is closed
+|  when the browser window is closed
 | 'sess_encrypt_cookie'		= Whether to encrypt the cookie
 | 'sess_use_database'		= Whether to save the session data to a database
 | 'sess_table_name'			= The name of the session database table
@@ -261,8 +261,8 @@ $config['sess_time_to_update']	= 300;
 |
 | 'cookie_prefix' = Set a prefix if you need to avoid collisions
 | 'cookie_domain' = Set to .your-domain.com for site-wide cookies
-| 'cookie_path'   =  Typically will be a forward slash
-| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
+| 'cookie_path'  = Typically will be a forward slash
+| 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists.
 |
 */
 $config['cookie_prefix']	= "";
@@ -303,16 +303,16 @@ $config['csrf_expire'] = 7200;
 | Output Compression
 |--------------------------------------------------------------------------
 |
-| Enables Gzip output compression for faster page loads.  When enabled,
+| Enables Gzip output compression for faster page loads. When enabled,
 | the output class will test whether your server supports Gzip.
 | Even if it does, however, not all browsers support compression
 | so enable only if you are reasonably sure your visitors can handle it.
 |
-| VERY IMPORTANT:  If you are getting a blank page when compression is enabled it
+| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
 | means you are prematurely outputting something to your browser. It could
-| even be a line of whitespace at the end of one of your scripts.  For
+| even be a line of whitespace at the end of one of your scripts. For
 | compression to work, nothing can be sent before the output buffer is called
-| by the output class.  Do not 'echo' any values with compression enabled.
+| by the output class. Do not 'echo' any values with compression enabled.
 |
 */
 $config['compress_output'] = FALSE;
@@ -322,9 +322,9 @@ $config['compress_output'] = FALSE;
 | Master Time Reference
 |--------------------------------------------------------------------------
 |
-| Options are 'local' or 'gmt'.  This pref tells the system whether to use
+| Options are 'local' or 'gmt'. This pref tells the system whether to use
 | your server's local time as the master 'now' reference, or convert it to
-| GMT.  See the 'date helper' page of the user guide for information
+| GMT. See the 'date helper' page of the user guide for information
 | regarding date handling.
 |
 */
@@ -338,7 +338,7 @@ $config['time_reference'] = 'local';
 |
 | If your PHP installation does not have short tag support enabled CI
 | can rewrite the tags on-the-fly, enabling you to utilize that syntax
-| in your view files.  Options are TRUE or FALSE (boolean)
+| in your view files. Options are TRUE or FALSE (boolean)
 |
 */
 $config['rewrite_short_tags'] = FALSE;
diff --git a/application/config/constants.php b/application/config/constants.php
index 4a879d360..edaefe86b 100644
--- a/application/config/constants.php
+++ b/application/config/constants.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 
 /*
 |--------------------------------------------------------------------------
@@ -6,10 +6,10 @@
 |--------------------------------------------------------------------------
 |
 | These prefs are used when checking and setting modes when working
-| with the file system.  The defaults are fine on servers with proper
+| with the file system. The defaults are fine on servers with proper
 | security, but you may wish (or even need) to change the values in
 | certain environments (Apache running a separate process for each
-| user, PHP under CGI with Apache suEXEC, etc.).  Octal values should
+| user, PHP under CGI with Apache suEXEC, etc.). Octal values should
 | always be used to set the mode correctly.
 |
 */
diff --git a/application/config/database.php b/application/config/database.php
index fa541a734..e77bf97df 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | DATABASE CONNECTIVITY SETTINGS
@@ -16,10 +16,10 @@
 |	['username'] The username used to connect to the database
 |	['password'] The password used to connect to the database
 |	['database'] The name of the database you want to connect to
-|	['dbdriver'] The database type. ie: mysql.  Currently supported:
-				 mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
+|	['dbdriver'] The database type. ie: mysql. Currently supported:
+|				 mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
 |	['dbprefix'] You can add an optional prefix, which will be added
-|				 to the table name when using the  Active Record class
+|				 to the table name when using the Active Record class
 |	['pconnect'] TRUE/FALSE - Whether to use a persistent connection
 |	['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
 |	['cache_on'] TRUE/FALSE - Enables/disables query caching
@@ -38,7 +38,7 @@
 |							- good for ensuring strict SQL while developing
 |
 | The $active_group variable lets you choose which connection group to
-| make active.  By default there is only one group (the 'default' group).
+| make active. By default there is only one group (the 'default' group).
 |
 | The $active_record variables lets you determine whether or not to load
 | the active record class
diff --git a/application/config/foreign_chars.php b/application/config/foreign_chars.php
index 14b0d7373..111fe5821 100644
--- a/application/config/foreign_chars.php
+++ b/application/config/foreign_chars.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | Foreign Characters
diff --git a/application/config/hooks.php b/application/config/hooks.php
index a4ad2be6d..4b2666569 100644
--- a/application/config/hooks.php
+++ b/application/config/hooks.php
@@ -1,10 +1,10 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------------
 | Hooks
 | -------------------------------------------------------------------------
 | This file lets you define "hooks" to extend CI without hacking the core
-| files.  Please see the user guide for info:
+| files. Please see the user guide for info:
 |
 |	http://codeigniter.com/user_guide/general/hooks.html
 |
diff --git a/application/config/mimes.php b/application/config/mimes.php
index 8065794ff..e573ed061 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -1,9 +1,9 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | MIME TYPES
 | -------------------------------------------------------------------
-| This file contains an array of mime types.  It is used by the
+| This file contains an array of mime types. It is used by the
 | Upload class to help identify allowed file types.
 |
 */
@@ -51,7 +51,7 @@ $mimes = array(	'hqx'	=>	'application/mac-binhex40',
 				'tgz'	=>	array('application/x-tar', 'application/x-gzip-compressed'),
 				'xhtml'	=>	'application/xhtml+xml',
 				'xht'	=>	'application/xhtml+xml',
-				'zip'	=>  array('application/x-zip', 'application/zip', 'application/x-zip-compressed'),
+				'zip'	=> array('application/x-zip', 'application/zip', 'application/x-zip-compressed'),
 				'mid'	=>	'audio/midi',
 				'midi'	=>	'audio/midi',
 				'mpga'	=>	'audio/mpeg',
@@ -71,7 +71,7 @@ $mimes = array(	'hqx'	=>	'application/mac-binhex40',
 				'jpeg'	=>	array('image/jpeg', 'image/pjpeg'),
 				'jpg'	=>	array('image/jpeg', 'image/pjpeg'),
 				'jpe'	=>	array('image/jpeg', 'image/pjpeg'),
-				'png'	=>	array('image/png',  'image/x-png'),
+				'png'	=>	array('image/png', 'image/x-png'),
 				'tiff'	=>	'image/tiff',
 				'tif'	=>	'image/tiff',
 				'css'	=>	'text/css',
diff --git a/application/config/profiler.php b/application/config/profiler.php
index f8a5b1a1e..b0f43b1d8 100644
--- a/application/config/profiler.php
+++ b/application/config/profiler.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------------
 | Profiler Sections
diff --git a/application/config/routes.php b/application/config/routes.php
index 5f9a58343..480645c83 100644
--- a/application/config/routes.php
+++ b/application/config/routes.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------------
 | URI ROUTING
diff --git a/application/config/smileys.php b/application/config/smileys.php
index 25d28b2c4..5b2964e24 100644
--- a/application/config/smileys.php
+++ b/application/config/smileys.php
@@ -1,10 +1,10 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | SMILEYS
 | -------------------------------------------------------------------
 | This file contains an array of smileys for use with the emoticon helper.
-| Individual images can be used to replace multiple simileys.  For example:
+| Individual images can be used to replace multiple simileys. For example:
 | :-) and :) use the same image replacement.
 |
 | Please see user guide for more info:
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
index e2d3c3af0..3c018a357 100644
--- a/application/config/user_agents.php
+++ b/application/config/user_agents.php
@@ -1,11 +1,11 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | USER AGENT TYPES
 | -------------------------------------------------------------------
-| This file contains four arrays of user agent data.  It is used by the
+| This file contains four arrays of user agent data. It is used by the
 | User Agent Class to help identify browser, platform, robot, and
-| mobile device data.  The array keys are used to identify the device
+| mobile device data. The array keys are used to identify the device
 | and the array values are used to set the actual name of the item.
 |
 */
-- 
cgit v1.2.3-24-g4f1b