From 167c295813c9e5dc6c412bad8c9375dae89005ce Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 11 Jan 2017 17:07:02 +0200 Subject: [ci skip] Add changelog entry for #4977 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 64ebd61a1..ab94d6760 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -15,6 +15,7 @@ Bug fixes for 3.1.4 ------------------- - Fixed a regression (#4975) - :doc:`Loader Library ` couldn't handle objects passed as view variables. +- Fixed a bug (#4977) - :doc:`Loader Library ` method ``helper()`` could accept any character as a filename extension separator. Version 3.1.3 ============= -- cgit v1.2.3-24-g4f1b From f44c93f7a3b35b84fe47a70d8b3fd786d0536845 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 11 Jan 2017 21:47:21 +0200 Subject: [ci skip] Add a changelog entry for 37226c036a52ae857b13109774b1cdfc4b1d4db9 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index ab94d6760..b2d00345f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -16,6 +16,7 @@ Bug fixes for 3.1.4 - Fixed a regression (#4975) - :doc:`Loader Library ` couldn't handle objects passed as view variables. - Fixed a bug (#4977) - :doc:`Loader Library ` method ``helper()`` could accept any character as a filename extension separator. +- Fixed a regression where the :doc:`Session Library ` would fail on a ``session_regenerate_id(TRUE)`` call with the 'database' driver. Version 3.1.3 ============= -- cgit v1.2.3-24-g4f1b From 71d8f72ffc48a7f46747b3b6b1a554533cc1cbc5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 17 Jan 2017 12:01:00 +0200 Subject: [ci skip] Merge pull request #4986 from ka7/feature/spelling Spelling fixes in comment blocks and docs --- user_guide_src/source/database/queries.rst | 2 +- user_guide_src/source/database/transactions.rst | 2 +- user_guide_src/source/general/common_functions.rst | 2 +- user_guide_src/source/helpers/date_helper.rst | 2 +- user_guide_src/source/helpers/string_helper.rst | 2 +- user_guide_src/source/installation/upgrade_300.rst | 2 +- user_guide_src/source/installation/upgrade_313.rst | 2 +- user_guide_src/source/libraries/config.rst | 2 +- user_guide_src/source/libraries/email.rst | 4 ++-- user_guide_src/source/libraries/encryption.rst | 2 +- user_guide_src/source/libraries/ftp.rst | 2 +- user_guide_src/source/libraries/input.rst | 4 ++-- user_guide_src/source/libraries/pagination.rst | 2 +- user_guide_src/source/libraries/sessions.rst | 2 +- user_guide_src/source/libraries/trackback.rst | 2 +- 15 files changed, 17 insertions(+), 17 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst index d4ffd16cf..f626f1e83 100644 --- a/user_guide_src/source/database/queries.rst +++ b/user_guide_src/source/database/queries.rst @@ -165,7 +165,7 @@ Handling Errors **$this->db->error();** -If you need to get the last error that has occured, the error() method +If you need to get the last error that has occurred, the error() method will return an array containing its code and message. Here's a quick example:: diff --git a/user_guide_src/source/database/transactions.rst b/user_guide_src/source/database/transactions.rst index e25b8ed14..cfd6a566d 100644 --- a/user_guide_src/source/database/transactions.rst +++ b/user_guide_src/source/database/transactions.rst @@ -87,7 +87,7 @@ If you would like to disable transactions you can do so using $this->db->query('AN SQL QUERY...'); $this->db->trans_complete(); -When transactions are disabled, your queries will be auto-commited, just as +When transactions are disabled, your queries will be auto-committed, just as they are when running queries without transactions, practically ignoring any calls to ``trans_start()``, ``trans_complete()``, etc. diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst index 6d6744cf7..3e3e42264 100644 --- a/user_guide_src/source/general/common_functions.rst +++ b/user_guide_src/source/general/common_functions.rst @@ -101,7 +101,7 @@ loading any libraries or helpers. .. php:function:: set_status_header($code[, $text = '']) - :param int $code: HTTP Reponse status code + :param int $code: HTTP Response status code :param string $text: A custom message to set with the status code :rtype: void diff --git a/user_guide_src/source/helpers/date_helper.rst b/user_guide_src/source/helpers/date_helper.rst index 600a07574..6bc6c2b05 100644 --- a/user_guide_src/source/helpers/date_helper.rst +++ b/user_guide_src/source/helpers/date_helper.rst @@ -31,7 +31,7 @@ The following functions are available: :rtype: int Returns the current time as a UNIX timestamp, referenced either to your server's - local time or any PHP suported timezone, based on the "time reference" setting + local time or any PHP supported timezone, based on the "time reference" setting in your config file. If you do not intend to set your master time reference to any other PHP supported timezone (which you'll typically do if you run a site that lets each user set their own timezone settings) there is no benefit to using diff --git a/user_guide_src/source/helpers/string_helper.rst b/user_guide_src/source/helpers/string_helper.rst index 53052557e..a1fd7ee15 100644 --- a/user_guide_src/source/helpers/string_helper.rst +++ b/user_guide_src/source/helpers/string_helper.rst @@ -186,7 +186,7 @@ The following functions are available: :returns: Reduced string :rtype: string - Reduces multiple instances of a particular character occuring directly + Reduces multiple instances of a particular character occurring directly after each other. Example:: $string = "Fred, Bill,, Joe, Jimmy"; diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 0fc211f89..5b2d3947d 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -111,7 +111,7 @@ that you should make: - Set your ``$config['sess_driver']`` value - It will default to 'files', unles you've previously used + It will default to 'files', unless you've previously used ``$config['sess_use_database']``, in which case it will be set to 'database'. diff --git a/user_guide_src/source/installation/upgrade_313.rst b/user_guide_src/source/installation/upgrade_313.rst index 76dd159e6..13af775a1 100644 --- a/user_guide_src/source/installation/upgrade_313.rst +++ b/user_guide_src/source/installation/upgrade_313.rst @@ -35,7 +35,7 @@ Step 3: Remove usage of $config['standardize_newlines'] ======================================================= The :doc:`Input Library <../libraries/input>` would optionally replace -occurences of `\r\n`, `\r`, `\n` in input data with whatever the ``PHP_EOL`` +occurrences of `\r\n`, `\r`, `\n` in input data with whatever the ``PHP_EOL`` value is on your system - if you've set ``$config['standardize_newlines']`` to ``TRUE`` in your *application/config/config.php*. diff --git a/user_guide_src/source/libraries/config.rst b/user_guide_src/source/libraries/config.rst index a45cacdf5..fe2e0a99d 100644 --- a/user_guide_src/source/libraries/config.rst +++ b/user_guide_src/source/libraries/config.rst @@ -211,7 +211,7 @@ Class Reference .. php:method:: load([$file = ''[, $use_sections = FALSE[, $fail_gracefully = FALSE]]]) :param string $file: Configuration file name - :param bool $use_sections: Whether config values shoud be loaded into their own section (index of the main config array) + :param bool $use_sections: Whether config values should be loaded into their own section (index of the main config array) :param bool $fail_gracefully: Whether to return FALSE or to display an error message :returns: TRUE on success, FALSE on failure :rtype: bool diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst index 0b38737f1..1be6e2adb 100644 --- a/user_guide_src/source/libraries/email.rst +++ b/user_guide_src/source/libraries/email.rst @@ -348,7 +348,7 @@ Class Reference $this->email->attach('http://example.com/filename.pdf'); - If you'd like to use a custom file name, you can use the third paramater:: + If you'd like to use a custom file name, you can use the third parameter:: $this->email->attach('filename.pdf', 'attachment', 'report.pdf'); @@ -387,7 +387,7 @@ Class Reference :rtype: string Returns a string containing any server messages, the email headers, and - the email messsage. Useful for debugging. + the email message. Useful for debugging. You can optionally specify which parts of the message should be printed. Valid options are: **headers**, **subject**, **body**. diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 377e650a9..b16511d4d 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -382,7 +382,7 @@ the hood: #. Check if the string is long enough, separate the HMAC out of it and validate if it is correct (this is done in a way that - prevents timing attacks agains it). Return FALSE if either of + prevents timing attacks against it). Return FALSE if either of the checks fails. #. Base64-decode the string. diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst index ddd4442fd..2a015256d 100644 --- a/user_guide_src/source/libraries/ftp.rst +++ b/user_guide_src/source/libraries/ftp.rst @@ -2,7 +2,7 @@ FTP Class ######### -CodeIgniter's FTP Class permits files to be transfered to a remote +CodeIgniter's FTP Class permits files to be transferred to a remote server. Remote files can also be moved, renamed, and deleted. The FTP class also includes a "mirroring" function that permits an entire local directory to be recreated remotely via FTP. diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index d9c6c2dd1..01099a955 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -167,7 +167,7 @@ Class Reference $this->input->post(array('field1', 'field2')); - Same rule applied here, to retrive the parameters with XSS filtering enabled, set the + Same rule applied here, to retrieve the parameters with XSS filtering enabled, set the second parameter to boolean TRUE. :: @@ -200,7 +200,7 @@ Class Reference $this->input->get(array('field1', 'field2')); - Same rule applied here, to retrive the parameters with XSS filtering enabled, set the + Same rule applied here, to retrieve the parameters with XSS filtering enabled, set the second parameter to boolean TRUE. :: diff --git a/user_guide_src/source/libraries/pagination.rst b/user_guide_src/source/libraries/pagination.rst index 913717c67..99b5a80a2 100644 --- a/user_guide_src/source/libraries/pagination.rst +++ b/user_guide_src/source/libraries/pagination.rst @@ -101,7 +101,7 @@ like:: If you have ``$config['enable_query_strings']`` set to TRUE your links will automatically be re-written using Query Strings. This option can -also be explictly set. Using ``$config['page_query_string']`` set to TRUE, +also be explicitly set. Using ``$config['page_query_string']`` set to TRUE, the pagination link will become:: http://example.com/index.php?c=test&m=page&per_page=20 diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index a95cd5a19..b1f658d8f 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -471,7 +471,7 @@ Preference Default Description .. note:: The 'cookie_httponly' setting doesn't have an effect on sessions. Instead the HttpOnly parameter is always enabled, for security - reasons. Additionaly, the 'cookie_prefix' setting is completely + reasons. Additionally, the 'cookie_prefix' setting is completely ignored. Session Drivers diff --git a/user_guide_src/source/libraries/trackback.rst b/user_guide_src/source/libraries/trackback.rst index bceb515f2..dc4477e9f 100644 --- a/user_guide_src/source/libraries/trackback.rst +++ b/user_guide_src/source/libraries/trackback.rst @@ -262,7 +262,7 @@ Class Reference :returns: Data value or empty string if not found :rtype: string - Returns a single item from the reponse data array. + Returns a single item from the response data array. .. php:method:: process($url, $data) -- cgit v1.2.3-24-g4f1b From 2649e6e3f3d2a44fd09a25e6f8f70848a75dbed5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 17 Jan 2017 12:47:50 +0200 Subject: [ci skip] Add changelog entry for #4987 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index b2d00345f..2769990f8 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -17,6 +17,7 @@ Bug fixes for 3.1.4 - Fixed a regression (#4975) - :doc:`Loader Library ` couldn't handle objects passed as view variables. - Fixed a bug (#4977) - :doc:`Loader Library ` method ``helper()`` could accept any character as a filename extension separator. - Fixed a regression where the :doc:`Session Library ` would fail on a ``session_regenerate_id(TRUE)`` call with the 'database' driver. +- Fixed a bug (#4987) - :doc:`Query Builder ` caching didn't keep track of table aliases. Version 3.1.3 ============= -- cgit v1.2.3-24-g4f1b From f565212c5aa07a8016394a3bc66874be83c73d4d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jan 2017 15:17:00 +0200 Subject: Fix byte-safety issues & actually test for them --- user_guide_src/source/changelog.rst | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 2769990f8..17069ca32 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -7,6 +7,12 @@ Version 3.1.4 Release Date: Not Released +- **Security** + + - Updated :doc:`Encrypt Library ` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``. + - Fixed byte-safety issues in :doc:`Encrypt Library ` (DEPRECATED) when ``mbstring.func_overload`` is enabled. + - Fixed byte-safety issues in :doc:`Encryption Library ` when ``mbstring.func_overload`` is enabled. + - General Changes - Updated the :doc:`Image Manipulation Library ` to work-around an issue with some JPEGs when using GD. @@ -18,6 +24,7 @@ Bug fixes for 3.1.4 - Fixed a bug (#4977) - :doc:`Loader Library ` method ``helper()`` could accept any character as a filename extension separator. - Fixed a regression where the :doc:`Session Library ` would fail on a ``session_regenerate_id(TRUE)`` call with the 'database' driver. - Fixed a bug (#4987) - :doc:`Query Builder ` caching didn't keep track of table aliases. +- Fixed a bug where :doc:`Text Helper ` function ``ascii_to_entities()`` wasn't byte-safe when ``mbstring.func_overload`` is enabled. Version 3.1.3 ============= @@ -82,7 +89,7 @@ Bug fixes for 3.1.2 - Fixed a regression (#4874) - :doc:`Session Library ` didn't take into account ``session.hash_bits_per_character`` when validating session IDs. - Fixed a bug (#4871) - :doc:`Query Builder ` method ``update_batch()`` didn't properly handle identifier escaping. - Fixed a bug (#4884) - :doc:`Query Builder ` didn't properly parse field names ending in 'is' when used inside WHERE and HAVING statements. -- Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_override`` is enabled. +- Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_overload`` is enabled. Version 3.1.1 ============= @@ -119,7 +126,7 @@ Bug fixes for 3.1.1 - Fixed a bug where :doc:`Query Builder ` method ``insert_batch()`` tried to execute an unsupported SQL query with the 'ibase' and 'pdo/firebird' drivers. - Fixed a bug (#4809) - :doc:`Database ` driver 'pdo/mysql' didn't turn off ``AUTOCOMMIT`` when starting a transaction. - Fixed a bug (#4822) - :doc:`CAPTCHA Helper ` didn't clear expired PNG images. -- Fixed a bug (#4823) - :doc:`Session Library ` 'files' driver could enter an infinite loop if ``mbstring.func_override`` is enabled. +- Fixed a bug (#4823) - :doc:`Session Library ` 'files' driver could enter an infinite loop if ``mbstring.func_overload`` is enabled. - Fixed a bug (#4851) - :doc:`Database Forge ` didn't quote schema names passed to its ``create_database()`` method. - Fixed a bug (#4863) - :doc:`HTML Table Library ` method ``set_caption()`` was missing method chaining support. - Fixed a bug (#4843) - :doc:`XML-RPC Library ` client class didn't set a read/write socket timeout. -- cgit v1.2.3-24-g4f1b From c0c74d5201c171cd6d0cdc2133e63077ebe1a407 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jan 2017 15:26:35 +0200 Subject: More byte-safety --- user_guide_src/source/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 17069ca32..7d1302b3a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -12,6 +12,7 @@ Release Date: Not Released - Updated :doc:`Encrypt Library ` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``. - Fixed byte-safety issues in :doc:`Encrypt Library ` (DEPRECATED) when ``mbstring.func_overload`` is enabled. - Fixed byte-safety issues in :doc:`Encryption Library ` when ``mbstring.func_overload`` is enabled. + - Fixed byte-safety issues in :doc:`compatibility function ` ``password_hash()`` when ``mbstring.func_overload`` is enabled. - General Changes @@ -25,6 +26,8 @@ Bug fixes for 3.1.4 - Fixed a regression where the :doc:`Session Library ` would fail on a ``session_regenerate_id(TRUE)`` call with the 'database' driver. - Fixed a bug (#4987) - :doc:`Query Builder ` caching didn't keep track of table aliases. - Fixed a bug where :doc:`Text Helper ` function ``ascii_to_entities()`` wasn't byte-safe when ``mbstring.func_overload`` is enabled. +- Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_overload`` is enabled. +- Fixed a bug where :doc:`Session Library ` didn't read session data in a byte-safe manner when ``mbstring.func_overload`` is enabled. Version 3.1.3 ============= -- cgit v1.2.3-24-g4f1b From 25461d8eac80c0f1242150f7316ec58ac14c5d39 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jan 2017 15:42:43 +0200 Subject: hash_pbkdf2() byte-safety --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 7d1302b3a..ce82f071c 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -12,7 +12,7 @@ Release Date: Not Released - Updated :doc:`Encrypt Library ` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``. - Fixed byte-safety issues in :doc:`Encrypt Library ` (DEPRECATED) when ``mbstring.func_overload`` is enabled. - Fixed byte-safety issues in :doc:`Encryption Library ` when ``mbstring.func_overload`` is enabled. - - Fixed byte-safety issues in :doc:`compatibility function ` ``password_hash()`` when ``mbstring.func_overload`` is enabled. + - Fixed byte-safety issues in :doc:`compatibility functions ` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled. - General Changes -- cgit v1.2.3-24-g4f1b From dba035db1cee163e6c3d9de9903125ed239386d7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 23 Jan 2017 12:01:32 +0200 Subject: [ci skip] Add changelog entries for PR #4990 --- user_guide_src/source/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index ce82f071c..b1dadb14b 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -28,6 +28,8 @@ Bug fixes for 3.1.4 - Fixed a bug where :doc:`Text Helper ` function ``ascii_to_entities()`` wasn't byte-safe when ``mbstring.func_overload`` is enabled. - Fixed a bug where ``CI_Log``, ``CI_Output``, ``CI_Email`` and ``CI_Zip`` didn't handle strings in a byte-safe manner when ``mbstring.func_overload`` is enabled. - Fixed a bug where :doc:`Session Library ` didn't read session data in a byte-safe manner when ``mbstring.func_overload`` is enabled. +- Fixed a bug (#4990) - :doc:`Profiler ` didn't close ``
`` tags it generated.
+-  Fixed a bug (#4990) - :doc:`Profiler ` didn't HTML-escape quotes for ``$_SESSION`` variables.
 
 Version 3.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b


From b1780fc79e1b24ecc51b5448642a84d4022cbadc Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 30 Jan 2017 15:35:07 +0200
Subject: [ci skip] Fix #5002

---
 user_guide_src/source/libraries/typography.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/libraries/typography.rst b/user_guide_src/source/libraries/typography.rst
index 1d1e4f3c4..9e1386835 100644
--- a/user_guide_src/source/libraries/typography.rst
+++ b/user_guide_src/source/libraries/typography.rst
@@ -44,7 +44,7 @@ Class Reference
 			$this->load->library('typography');
 			$this->typography->protect_braced_quotes = TRUE;
 
-	.. method auto_typography($str[, $reduce_linebreaks = FALSE])
+	.. php:method:: auto_typography($str[, $reduce_linebreaks = FALSE])
 
 		:param	string	$str: Input string
 		:param	bool	$reduce_linebreaks: Whether to reduce consequitive linebreaks
@@ -104,4 +104,4 @@ Class Reference
 
 		Usage example::
 
-			$string = $this->typography->nl2br_except_pre($string);
\ No newline at end of file
+			$string = $this->typography->nl2br_except_pre($string);
-- 
cgit v1.2.3-24-g4f1b


From 422b8890e8b41a9ecf6644bff169c8c82fa2c82d Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Wed, 1 Feb 2017 14:36:49 +0200
Subject: Fix a CI_Input::set_cookie() bug

Found on StackOverflow: https://stackoverflow.com/questions/41925028/codeigniter-config-overrides-set-cookie-parameters
---
 user_guide_src/source/changelog.rst             | 1 +
 user_guide_src/source/helpers/cookie_helper.rst | 2 +-
 user_guide_src/source/libraries/input.rst       | 6 +++---
 3 files changed, 5 insertions(+), 4 deletions(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b1dadb14b..28a862126 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -30,6 +30,7 @@ Bug fixes for 3.1.4
 -  Fixed a bug where :doc:`Session Library ` didn't read session data in a byte-safe manner when ``mbstring.func_overload`` is enabled.
 -  Fixed a bug (#4990) - :doc:`Profiler ` didn't close ``
`` tags it generated.
 -  Fixed a bug (#4990) - :doc:`Profiler ` didn't HTML-escape quotes for ``$_SESSION`` variables.
+-  Fixed a bug where :doc:`Input Library ` method ``set_cookie()`` didn't allow its *httponly* and *secure* parameters to be overriden to ``FALSE``.
 
 Version 3.1.3
 =============
diff --git a/user_guide_src/source/helpers/cookie_helper.rst b/user_guide_src/source/helpers/cookie_helper.rst
index c9d2f419c..2ad51e78c 100644
--- a/user_guide_src/source/helpers/cookie_helper.rst
+++ b/user_guide_src/source/helpers/cookie_helper.rst
@@ -25,7 +25,7 @@ Available Functions
 The following functions are available:
 
 
-.. php:function:: set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]])
+.. php:function:: set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]])
 
 	:param	mixed	$name: Cookie name *or* associative array of all of the parameters available to this function
 	:param	string	$value: Cookie value
diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst
index 01099a955..e7107fa06 100644
--- a/user_guide_src/source/libraries/input.rst
+++ b/user_guide_src/source/libraries/input.rst
@@ -285,7 +285,7 @@ Class Reference
 		This method is identical to ``get()``, ``post()`` and ``cookie()``,
 		only it fetches the *php://input* stream data.
 
-	.. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]])
+	.. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]])
 
 		:param	mixed	$name: Cookie name or an array of parameters
 		:param	string	$value: Cookie value
@@ -338,8 +338,8 @@ Class Reference
 		The prefix is only needed if you need to avoid name collisions with
 		other identically named cookies for your server.
 
-		The secure boolean is only needed if you want to make it a secure cookie
-		by setting it to TRUE.
+		The *httponly* and *secure* flags, when omitted, will default to your
+		``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings.
 
 		**Discrete Parameters**
 
-- 
cgit v1.2.3-24-g4f1b


From 7173c9641df9b39a5f07d3b57a8c05cabefcfa52 Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 6 Feb 2017 10:37:50 +0200
Subject: [ci skip] Add changelog entries for PR #5006

---
 user_guide_src/source/changelog.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 28a862126..ed1f18666 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -31,6 +31,8 @@ Bug fixes for 3.1.4
 -  Fixed a bug (#4990) - :doc:`Profiler ` didn't close ``
`` tags it generated.
 -  Fixed a bug (#4990) - :doc:`Profiler ` didn't HTML-escape quotes for ``$_SESSION`` variables.
 -  Fixed a bug where :doc:`Input Library ` method ``set_cookie()`` didn't allow its *httponly* and *secure* parameters to be overriden to ``FALSE``.
+-  Fixed a bug (#5006) - :doc:`common function ` :php:func:`get_mimes()` didn't load *application/config/mimes.php* if an environment specific config exists.
+-  Fixed a bug (#5006) - :doc:`common function ` :php:func:`remove_invisible_characters()` didn't remove URL-encoded ``0x7F``.
 
 Version 3.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b


From d072d449ffa2912f5d922f23e0bc9cac4712a337 Mon Sep 17 00:00:00 2001
From: Zach Ploskey 
Date: Sat, 11 Feb 2017 01:45:46 -0800
Subject: Increase version in userguide to 3.1.4-dev

The version number was not increased after the 3.1.3 release.
---
 user_guide_src/source/conf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py
index 5c447b722..2df5f9eb2 100644
--- a/user_guide_src/source/conf.py
+++ b/user_guide_src/source/conf.py
@@ -48,9 +48,9 @@ copyright = u'2014 - 2017, British Columbia Institute of Technology'
 # built documents.
 #
 # The short X.Y version.
-version = '3.1.3-dev'
+version = '3.1.4-dev'
 # The full version, including alpha/beta/rc tags.
-release = '3.1.3-dev'
+release = '3.1.4-dev'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
-- 
cgit v1.2.3-24-g4f1b


From 56d1a70e8149529058e442f4876e90ff963c533a Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Feb 2017 11:35:24 +0200
Subject: [ci skip] Add a note on xss_clean() and HTML attributes

---
 user_guide_src/source/libraries/security.rst | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index f7604ef00..fc5cba19d 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -40,6 +40,9 @@ browser may attempt to execute.
 		// file failed the XSS test
 	}
 
+.. important:: If you want to filter HTML attribute values, use
+	:php:func:`html_escape()` instead!
+
 *********************************
 Cross-site request forgery (CSRF)
 *********************************
@@ -101,7 +104,11 @@ Class Reference
 		:rtype:	mixed
 
 		Tries to remove XSS exploits from the input data and returns the cleaned string.
-		If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it.
+		If the optional second parameter is set to true, it will return boolean TRUE if
+		the image is safe to use and FALSE if malicious data was detected in it.
+
+		.. important:: This method is not suitable for filtering HTML attribute vales!
+			Use :php:func:`html_escape()` for that instead.
 
 	.. php:method:: sanitize_filename($str[, $relative_path = FALSE])
 
@@ -162,4 +169,4 @@ Class Reference
 		Used for generating CSRF and XSS tokens.
 
 		.. note:: The output is NOT guaranteed to be cryptographically secure,
-			just the best attempt at that.
\ No newline at end of file
+			just the best attempt at that.
-- 
cgit v1.2.3-24-g4f1b


From cdf1bfb73f9d7aec0eeb7e3a0299fee25b48d6ef Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Feb 2017 11:50:12 +0200
Subject: [ci skip] Add a changelog entry for #4815, PR #5023

---
 user_guide_src/source/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index ed1f18666..8283f530c 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -33,6 +33,7 @@ Bug fixes for 3.1.4
 -  Fixed a bug where :doc:`Input Library ` method ``set_cookie()`` didn't allow its *httponly* and *secure* parameters to be overriden to ``FALSE``.
 -  Fixed a bug (#5006) - :doc:`common function ` :php:func:`get_mimes()` didn't load *application/config/mimes.php* if an environment specific config exists.
 -  Fixed a bug (#5006) - :doc:`common function ` :php:func:`remove_invisible_characters()` didn't remove URL-encoded ``0x7F``.
+-  Fixed a bug (#4815) - :doc:`Database Library ` stripped URL-encoded sequences while escaping strings with the 'mssql' driver.
 
 Version 3.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b


From 356bc66ebcd6a4d48c28fd119233e9d0bb12375f Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 6 Mar 2017 14:39:28 +0200
Subject: Fix #5044; add unit tests for img() HTML helper

---
 user_guide_src/source/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8283f530c..8d2beb74f 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -34,6 +34,7 @@ Bug fixes for 3.1.4
 -  Fixed a bug (#5006) - :doc:`common function ` :php:func:`get_mimes()` didn't load *application/config/mimes.php* if an environment specific config exists.
 -  Fixed a bug (#5006) - :doc:`common function ` :php:func:`remove_invisible_characters()` didn't remove URL-encoded ``0x7F``.
 -  Fixed a bug (#4815) - :doc:`Database Library ` stripped URL-encoded sequences while escaping strings with the 'mssql' driver.
+-  Fixed a bug (#5044) - :doc:`HTML Helper ` function :php:func:`img()` didn't accept ``data:`` URI schemes for the image source.
 
 Version 3.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b


From e9d68ab58f01e15bb344a015fcce8444ea8cc247 Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Wed, 8 Mar 2017 11:56:09 +0200
Subject: [ci skip] Remove an obsolete note from routing docs

---
 user_guide_src/source/general/routing.rst | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst
index b53a85d31..909289d8d 100644
--- a/user_guide_src/source/general/routing.rst
+++ b/user_guide_src/source/general/routing.rst
@@ -205,6 +205,3 @@ underscores in the controller and method URI segments, thus saving you
 additional route entries if you need to do that.
 This is required, because the dash isn't a valid class or method name
 character and would cause a fatal error if you try to use it.
-
-.. important:: The reserved routes must come before any wildcard or
-	regular expression routes.
\ No newline at end of file
-- 
cgit v1.2.3-24-g4f1b


From ea0735264dfebd64858933e03a3b33323b14178e Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Tue, 14 Mar 2017 18:42:12 +0200
Subject: Fix #5050

---
 user_guide_src/source/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8d2beb74f..fd6c1c790 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -35,6 +35,7 @@ Bug fixes for 3.1.4
 -  Fixed a bug (#5006) - :doc:`common function ` :php:func:`remove_invisible_characters()` didn't remove URL-encoded ``0x7F``.
 -  Fixed a bug (#4815) - :doc:`Database Library ` stripped URL-encoded sequences while escaping strings with the 'mssql' driver.
 -  Fixed a bug (#5044) - :doc:`HTML Helper ` function :php:func:`img()` didn't accept ``data:`` URI schemes for the image source.
+-  Fixed a bug (#5050) - :doc:`Database Library ` tried to access an undefined property in a number of error handling cases.
 
 Version 3.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b


From 62b655b92667f1e417a4f260a34ff447ddeee2c2 Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Mar 2017 09:14:14 +0200
Subject: Fix #5057

---
 user_guide_src/source/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index fd6c1c790..32f2b81e6 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -36,6 +36,7 @@ Bug fixes for 3.1.4
 -  Fixed a bug (#4815) - :doc:`Database Library ` stripped URL-encoded sequences while escaping strings with the 'mssql' driver.
 -  Fixed a bug (#5044) - :doc:`HTML Helper ` function :php:func:`img()` didn't accept ``data:`` URI schemes for the image source.
 -  Fixed a bug (#5050) - :doc:`Database Library ` tried to access an undefined property in a number of error handling cases.
+-  Fixed a bug (#5057) - :doc:`Database ` driver 'postgre' didn't actually apply extra options (such as 'connect_timeout') to its DSN.
 
 Version 3.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b


From df33ec2e45356895c5aec0a1ebfc325c2af4f74a Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Mar 2017 17:43:58 +0200
Subject: Fix Apache header injection vulnerability in set_status_header()

---
 user_guide_src/source/changelog.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 32f2b81e6..d891b786b 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -9,10 +9,11 @@ Release Date: Not Released
 
 -  **Security**
 
-   -  Updated :doc:`Encrypt Library ` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
+   -  Fixed a header injection vulnerability in :doc:`common function ` :php:func:`set_status_header()` under Apache (thanks to Guillermo Caminer from `Flowgate `_).
    -  Fixed byte-safety issues in :doc:`Encrypt Library ` (DEPRECATED) when ``mbstring.func_overload`` is enabled.
    -  Fixed byte-safety issues in :doc:`Encryption Library ` when ``mbstring.func_overload`` is enabled.
    -  Fixed byte-safety issues in :doc:`compatibility functions ` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled.
+   -  Updated :doc:`Encrypt Library ` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
 
 -  General Changes
 
-- 
cgit v1.2.3-24-g4f1b


From f58643bab5e5a868aabdaa64668cdb67a9b82fbb Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Mar 2017 17:46:23 +0200
Subject: [ci skip] Prepare 3.1.4 release

---
 user_guide_src/source/changelog.rst              | 2 +-
 user_guide_src/source/conf.py                    | 4 ++--
 user_guide_src/source/installation/downloads.rst | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index d891b786b..1369eab96 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -5,7 +5,7 @@ Change Log
 Version 3.1.4
 =============
 
-Release Date: Not Released
+Release Date: March 23, 2017
 
 -  **Security**
 
diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py
index 2df5f9eb2..41eaa609d 100644
--- a/user_guide_src/source/conf.py
+++ b/user_guide_src/source/conf.py
@@ -48,9 +48,9 @@ copyright = u'2014 - 2017, British Columbia Institute of Technology'
 # built documents.
 #
 # The short X.Y version.
-version = '3.1.4-dev'
+version = '3.1.4'
 # The full version, including alpha/beta/rc tags.
-release = '3.1.4-dev'
+release = '3.1.4'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index a614e164a..0b0b89707 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -2,7 +2,7 @@
 Downloading CodeIgniter
 #######################
 
--  `CodeIgniter v3.1.4 (Current version) `_
+-  `CodeIgniter v3.1.4 (Current version) `_
 -  `CodeIgniter v3.1.3 `_
 -  `CodeIgniter v3.1.2 `_
 -  `CodeIgniter v3.1.1 `_
-- 
cgit v1.2.3-24-g4f1b


From f83d10b375bd028480a47ec3c0bbb2b07dcabfee Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Mar 2017 17:55:38 +0200
Subject: [ci skip] Mark the start of 3.1.5-dev

---
 user_guide_src/source/changelog.rst                |  6 ++++++
 user_guide_src/source/conf.py                      |  4 ++--
 user_guide_src/source/installation/downloads.rst   |  3 ++-
 user_guide_src/source/installation/upgrade_315.rst | 14 ++++++++++++++
 user_guide_src/source/installation/upgrading.rst   |  1 +
 5 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 user_guide_src/source/installation/upgrade_315.rst

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 1369eab96..d7418ffa2 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -2,6 +2,12 @@
 Change Log
 ##########
 
+Version 3.1.5
+=============
+
+Release Date: Not Released
+
+
 Version 3.1.4
 =============
 
diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py
index 41eaa609d..f3d477591 100644
--- a/user_guide_src/source/conf.py
+++ b/user_guide_src/source/conf.py
@@ -48,9 +48,9 @@ copyright = u'2014 - 2017, British Columbia Institute of Technology'
 # built documents.
 #
 # The short X.Y version.
-version = '3.1.4'
+version = '3.1.5-dev'
 # The full version, including alpha/beta/rc tags.
-release = '3.1.4'
+release = '3.1.5-dev'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index 0b0b89707..fd4f90753 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -2,7 +2,8 @@
 Downloading CodeIgniter
 #######################
 
--  `CodeIgniter v3.1.4 (Current version) `_
+-  `CodeIgniter v3.1.5-dev (Current version) `_
+-  `CodeIgniter v3.1.4 `_
 -  `CodeIgniter v3.1.3 `_
 -  `CodeIgniter v3.1.2 `_
 -  `CodeIgniter v3.1.1 `_
diff --git a/user_guide_src/source/installation/upgrade_315.rst b/user_guide_src/source/installation/upgrade_315.rst
new file mode 100644
index 000000000..cf673abbb
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_315.rst
@@ -0,0 +1,14 @@
+#############################
+Upgrading from 3.1.4 to 3.1.5
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+	please make copies of them first.
diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst
index 8c68fc868..8f30e1a01 100644
--- a/user_guide_src/source/installation/upgrading.rst
+++ b/user_guide_src/source/installation/upgrading.rst
@@ -8,6 +8,7 @@ upgrading from.
 .. toctree::
 	:titlesonly:
 
+	Upgrading from 3.1.4 to 3.1.5 
 	Upgrading from 3.1.3 to 3.1.4 
 	Upgrading from 3.1.2 to 3.1.3 
 	Upgrading from 3.1.1 to 3.1.2 
-- 
cgit v1.2.3-24-g4f1b


From 0eb38af2eaf1127b9b82261b7ec3bf4d4b847318 Mon Sep 17 00:00:00 2001
From: Andrey Andreev 
Date: Mon, 20 Mar 2017 19:38:59 +0200
Subject: [ci skip] Fix 3.1.4 release date ...

Apparently, I'm from the future.
---
 user_guide_src/source/changelog.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index d7418ffa2..209193bb0 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -11,7 +11,7 @@ Release Date: Not Released
 Version 3.1.4
 =============
 
-Release Date: March 23, 2017
+Release Date: March 20, 2017
 
 -  **Security**
 
-- 
cgit v1.2.3-24-g4f1b