Phil Sturgeon avatar Phil Sturgeon committed 9937b0c Merge

Merged default branch.

Comments (0)

Files changed (264)

+[Basic]
+develop = develop
+feature = feature/
+version_tag = 
+publish = default
+release = release/
+hotfix = hotfix/
+
 0000000000000000000000000000000000000000 v1.7.2
 ca87887086193cf375ea30e7d4e5139dbf330783 v2.0.0
 1941a814526f8aa7186112e6b9bfd868c5c4afbf v2.0.1
+1941a814526f8aa7186112e6b9bfd868c5c4afbf v2.0.1
+0000000000000000000000000000000000000000 v2.0.1
+0000000000000000000000000000000000000000 v2.0.1
+f97a33039a37fc0c3f12e48407ca08e281b6b375 v2.0.1
+f97a33039a37fc0c3f12e48407ca08e281b6b375 v2.0.1
+0000000000000000000000000000000000000000 v2.0.1
+0000000000000000000000000000000000000000 v2.0.1
+52cd3ed4a9ea5c2b0e2bdd38e9822161ef547f9a v2.0.1
+52cd3ed4a9ea5c2b0e2bdd38e9822161ef547f9a v2.0.1
+0000000000000000000000000000000000000000 v2.0.1
+0000000000000000000000000000000000000000 v2.0.1
+1941a814526f8aa7186112e6b9bfd868c5c4afbf v2.0.1
+52107601203719d6149219b28ec93d1d90c748a7 v2.0.2

application/config/autoload.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | AUTO-LOADER
 | In order to keep the framework as light-weight as possible only the
 | absolute minimal resources are loaded by default. For example,
 | the database is not connected to automatically since no assumption
-| is made regarding whether you intend to use it.  This file lets
+| is made regarding whether you intend to use it. This file lets
 | you globally define which systems you would like loaded with every
 | request.
 |
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Packges
+| Auto-load Packges
 | -------------------------------------------------------------------
 | Prototype:
 |
-|  $autoload['packages'] = array(APPPATH.'third_party', '/usr/local/shared');
+| $autoload['packages'] = array(APPPATH.'third_party', '/usr/local/shared');
 |
 */
 
-$autoload['packages'] = array(APPPATH.'third_party');
+$autoload['packages'] = array();
 
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Libraries
+| Auto-load Libraries
 | -------------------------------------------------------------------
 | These are the classes located in the system/libraries folder
 | or in your application/libraries folder.
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Helper Files
+| Auto-load Helper Files
 | -------------------------------------------------------------------
 | Prototype:
 |
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Config files
+| Auto-load Config files
 | -------------------------------------------------------------------
 | Prototype:
 |
 |	$autoload['config'] = array('config1', 'config2');
 |
 | NOTE: This item is intended for use ONLY if you have created custom
-| config files.  Otherwise, leave it blank.
+| config files. Otherwise, leave it blank.
 |
 */
 
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Language files
+| Auto-load Language files
 | -------------------------------------------------------------------
 | Prototype:
 |
 |	$autoload['language'] = array('lang1', 'lang2');
 |
-| NOTE: Do not include the "_lang" part of your file.  For example
+| NOTE: Do not include the "_lang" part of your file. For example
 | "codeigniter_lang.php" would be referenced as array('codeigniter');
 |
 */
 
 /*
 | -------------------------------------------------------------------
-|  Auto-load Models
+| Auto-load Models
 | -------------------------------------------------------------------
 | Prototype:
 |

application/config/config.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 
 /*
 |--------------------------------------------------------------------------
 |--------------------------------------------------------------------------
 |
 | This item determines which server global should be used to retrieve the
-| URI string.  The default setting of 'AUTO' works for most servers.
+| URI string. The default setting of 'AUTO' works for most servers.
 | If your links do not seem to work, try one of the other delicious flavors:
 |
 | 'AUTO'			Default - auto detects
 |--------------------------------------------------------------------------
 |
 | If you would like to use the 'hooks' feature you must enable it by
-| setting this variable to TRUE (boolean).  See the user guide for details.
+| setting this variable to TRUE (boolean). See the user guide for details.
 |
 */
 $config['enable_hooks'] = FALSE;
 |--------------------------------------------------------------------------
 |
 | This item allows you to set the filename/classname prefix when extending
-| native libraries.  For more information please see the user guide:
+| native libraries. For more information please see the user guide:
 |
 | http://codeigniter.com/user_guide/general/core_classes.html
 | http://codeigniter.com/user_guide/general/creating_libraries.html
 |--------------------------------------------------------------------------
 |
 | This lets you specify with a regular expression which characters are permitted
-| within your URLs.  When someone tries to submit a URL with disallowed
+| within your URLs. When someone tries to submit a URL with disallowed
 | characters they will get a warning message.
 |
 | As a security measure you are STRONGLY encouraged to restrict URLs to
-| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
+| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
 |
 | Leave blank to allow all characters -- but only if you are insane.
 |
 | By default CodeIgniter uses search-engine friendly segment based URLs:
 | example.com/who/what/where/
 |
-| By default CodeIgniter enables access to the $_GET array.  If for some
+| By default CodeIgniter enables access to the $_GET array. If for some
 | reason you would like to disable it, set 'allow_get_array' to FALSE.
 |
 | You can optionally enable standard query string based URLs:
 |--------------------------------------------------------------------------
 |
 | Leave this BLANK unless you would like to set something other than the default
-| system/cache/ folder.  Use a full server path with trailing slash.
+| system/cache/ folder. Use a full server path with trailing slash.
 |
 */
 $config['cache_path'] = '';
 |--------------------------------------------------------------------------
 |
 | If you use the Encryption class or the Session class you
-| MUST set an encryption key.  See the user guide for info.
+| MUST set an encryption key. See the user guide for info.
 |
 */
 $config['encryption_key'] = '';
 |
 | 'sess_cookie_name'		= the name you want for the cookie
 | 'sess_expiration'			= the number of SECONDS you want the session to last.
-|   by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
+|  by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
 | 'sess_expire_on_close'	= Whether to cause the session to expire automatically
-|   when the browser window is closed
+|  when the browser window is closed
 | 'sess_encrypt_cookie'		= Whether to encrypt the cookie
 | 'sess_use_database'		= Whether to save the session data to a database
 | 'sess_table_name'			= The name of the session database table
 |
 | 'cookie_prefix' = Set a prefix if you need to avoid collisions
 | 'cookie_domain' = Set to .your-domain.com for site-wide cookies
-| 'cookie_path'   =  Typically will be a forward slash
-| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
+| 'cookie_path'  = Typically will be a forward slash
+| 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists.
 |
 */
 $config['cookie_prefix']	= "";
 | Output Compression
 |--------------------------------------------------------------------------
 |
-| Enables Gzip output compression for faster page loads.  When enabled,
+| Enables Gzip output compression for faster page loads. When enabled,
 | the output class will test whether your server supports Gzip.
 | Even if it does, however, not all browsers support compression
 | so enable only if you are reasonably sure your visitors can handle it.
 |
-| VERY IMPORTANT:  If you are getting a blank page when compression is enabled it
+| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
 | means you are prematurely outputting something to your browser. It could
-| even be a line of whitespace at the end of one of your scripts.  For
+| even be a line of whitespace at the end of one of your scripts. For
 | compression to work, nothing can be sent before the output buffer is called
-| by the output class.  Do not 'echo' any values with compression enabled.
+| by the output class. Do not 'echo' any values with compression enabled.
 |
 */
 $config['compress_output'] = FALSE;
 | Master Time Reference
 |--------------------------------------------------------------------------
 |
-| Options are 'local' or 'gmt'.  This pref tells the system whether to use
+| Options are 'local' or 'gmt'. This pref tells the system whether to use
 | your server's local time as the master 'now' reference, or convert it to
-| GMT.  See the 'date helper' page of the user guide for information
+| GMT. See the 'date helper' page of the user guide for information
 | regarding date handling.
 |
 */
 |
 | If your PHP installation does not have short tag support enabled CI
 | can rewrite the tags on-the-fly, enabling you to utilize that syntax
-| in your view files.  Options are TRUE or FALSE (boolean)
+| in your view files. Options are TRUE or FALSE (boolean)
 |
 */
 $config['rewrite_short_tags'] = FALSE;

application/config/constants.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 
 /*
 |--------------------------------------------------------------------------
 |--------------------------------------------------------------------------
 |
 | These prefs are used when checking and setting modes when working
-| with the file system.  The defaults are fine on servers with proper
+| with the file system. The defaults are fine on servers with proper
 | security, but you may wish (or even need) to change the values in
 | certain environments (Apache running a separate process for each
-| user, PHP under CGI with Apache suEXEC, etc.).  Octal values should
+| user, PHP under CGI with Apache suEXEC, etc.). Octal values should
 | always be used to set the mode correctly.
 |
 */

application/config/database.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | DATABASE CONNECTIVITY SETTINGS
 |	['username'] The username used to connect to the database
 |	['password'] The password used to connect to the database
 |	['database'] The name of the database you want to connect to
-|	['dbdriver'] The database type. ie: mysql.  Currently supported:
-				 mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
+|	['dbdriver'] The database type. ie: mysql. Currently supported:
+|				 mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
 |	['dbprefix'] You can add an optional prefix, which will be added
-|				 to the table name when using the  Active Record class
+|				 to the table name when using the Active Record class
 |	['pconnect'] TRUE/FALSE - Whether to use a persistent connection
 |	['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
 |	['cache_on'] TRUE/FALSE - Enables/disables query caching
 |	['cachedir'] The path to the folder where cache files should be stored
 |	['char_set'] The character set used in communicating with the database
 |	['dbcollat'] The character collation used in communicating with the database
+|				 NOTE: For MySQL and MySQLi databases, this setting is only used
+| 				 as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7.
+| 				 There is an incompatibility in PHP with mysql_real_escape_string() which
+| 				 can make your site vulnerable to SQL injection if you are using a
+| 				 multi-byte character set and are running versions lower than these.
+| 				 Sites using Latin-1 or UTF-8 database character set and collation are unaffected.
 |	['swap_pre'] A default table prefix that should be swapped with the dbprefix
 |	['autoinit'] Whether or not to automatically initialize the database.
 |	['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
 |							- good for ensuring strict SQL while developing
 |
 | The $active_group variable lets you choose which connection group to
-| make active.  By default there is only one group (the 'default' group).
+| make active. By default there is only one group (the 'default' group).
 |
 | The $active_record variables lets you determine whether or not to load
 | the active record class

application/config/foreign_chars.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | Foreign Characters

application/config/hooks.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------------
 | Hooks
 | -------------------------------------------------------------------------
 | This file lets you define "hooks" to extend CI without hacking the core
-| files.  Please see the user guide for info:
+| files. Please see the user guide for info:
 |
 |	http://codeigniter.com/user_guide/general/hooks.html
 |

application/config/mimes.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | MIME TYPES
 | -------------------------------------------------------------------
-| This file contains an array of mime types.  It is used by the
+| This file contains an array of mime types. It is used by the
 | Upload class to help identify allowed file types.
 |
 */
 				'tgz'	=>	array('application/x-tar', 'application/x-gzip-compressed'),
 				'xhtml'	=>	'application/xhtml+xml',
 				'xht'	=>	'application/xhtml+xml',
-				'zip'	=>  array('application/x-zip', 'application/zip', 'application/x-zip-compressed'),
+				'zip'	=> array('application/x-zip', 'application/zip', 'application/x-zip-compressed'),
 				'mid'	=>	'audio/midi',
 				'midi'	=>	'audio/midi',
 				'mpga'	=>	'audio/mpeg',
 				'jpeg'	=>	array('image/jpeg', 'image/pjpeg'),
 				'jpg'	=>	array('image/jpeg', 'image/pjpeg'),
 				'jpe'	=>	array('image/jpeg', 'image/pjpeg'),
-				'png'	=>	array('image/png',  'image/x-png'),
+				'png'	=>	array('image/png', 'image/x-png'),
 				'tiff'	=>	'image/tiff',
 				'tif'	=>	'image/tiff',
 				'css'	=>	'text/css',

application/config/profiler.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------------
 | Profiler Sections

application/config/routes.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------------
 | URI ROUTING

application/config/smileys.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | SMILEYS
 | -------------------------------------------------------------------
 | This file contains an array of smileys for use with the emoticon helper.
-| Individual images can be used to replace multiple simileys.  For example:
+| Individual images can be used to replace multiple simileys. For example:
 | :-) and :) use the same image replacement.
 |
 | Please see user guide for more info:

application/config/user_agents.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | USER AGENT TYPES
 | -------------------------------------------------------------------
-| This file contains four arrays of user agent data.  It is used by the
+| This file contains four arrays of user agent data. It is used by the
 | User Agent Class to help identify browser, platform, robot, and
-| mobile device data.  The array keys are used to identify the device
+| mobile device data. The array keys are used to identify the device
 | and the array values are used to set the actual name of the item.
 |
 */

application/controllers/welcome.php

 	 *
 	 * Maps to the following URL
 	 * 		http://example.com/index.php/welcome
-	 *	- or -  
+	 *	- or -
 	 * 		http://example.com/index.php/welcome/index
 	 *	- or -
-	 * Since this controller is set as the default controller in 
+	 * Since this controller is set as the default controller in
 	 * config/routes.php, it's displayed at http://example.com/
 	 *
 	 * So any other public methods not prefixed with an underscore will

application/errors/error_404.php

-<html>
+<!DOCTYPE html>
+<html lang="en">
 <head>
 <title>404 Page Not Found</title>
 <style type="text/css">
 
+::selection{ background-color: #E13300; color: white; }
+::moz-selection{ background-color: #E13300; color: white; }
+::webkit-selection{ background-color: #E13300; color: white; }
+
 body {
-background-color:	#fff;
-margin:				40px;
-font-family:		Lucida Grande, Verdana, Sans-serif;
-font-size:			12px;
-color:				#000;
+	background-color: #fff;
+	margin: 40px;
+	font: 13px/20px normal Helvetica, Arial, sans-serif;
+	color: #4F5155;
 }
 
-#content  {
-border:				#999 1px solid;
-background-color:	#fff;
-padding:			20px 20px 12px 20px;
+a {
+	color: #003399;
+	background-color: transparent;
+	font-weight: normal;
 }
 
 h1 {
-font-weight:		normal;
-font-size:			14px;
-color:				#990000;
-margin:				0 0 4px 0;
+	color: #444;
+	background-color: transparent;
+	border-bottom: 1px solid #D0D0D0;
+	font-size: 19px;
+	font-weight: normal;
+	margin: 0 0 14px 0;
+	padding: 14px 15px 10px 15px;
+}
+
+code {
+	font-family: Consolas, Monaco, Courier New, Courier, monospace;
+	font-size: 12px;
+	background-color: #f9f9f9;
+	border: 1px solid #D0D0D0;
+	color: #002166;
+	display: block;
+	margin: 14px 0 14px 0;
+	padding: 12px 10px 12px 10px;
+}
+
+#container {
+	margin: 10px;
+	border: 1px solid #D0D0D0;
+	-webkit-box-shadow: 0 0 8px #D0D0D0;
+}
+
+p {
+	margin: 12px 15px 12px 15px;
 }
 </style>
 </head>
 <body>
-	<div id="content">
+	<div id="container">
 		<h1><?php echo $heading; ?></h1>
 		<?php echo $message; ?>
 	</div>

application/errors/error_db.php

-<html>
+<!DOCTYPE html>
+<html lang="en">
 <head>
 <title>Database Error</title>
 <style type="text/css">
 
+::selection{ background-color: #E13300; color: white; }
+::moz-selection{ background-color: #E13300; color: white; }
+::webkit-selection{ background-color: #E13300; color: white; }
+
 body {
-background-color:	#fff;
-margin:				40px;
-font-family:		Lucida Grande, Verdana, Sans-serif;
-font-size:			12px;
-color:				#000;
+	background-color: #fff;
+	margin: 40px;
+	font: 13px/20px normal Helvetica, Arial, sans-serif;
+	color: #4F5155;
 }
 
-#content  {
-border:				#999 1px solid;
-background-color:	#fff;
-padding:			20px 20px 12px 20px;
+a {
+	color: #003399;
+	background-color: transparent;
+	font-weight: normal;
 }
 
 h1 {
-font-weight:		normal;
-font-size:			14px;
-color:				#990000;
-margin:				0 0 4px 0;
+	color: #444;
+	background-color: transparent;
+	border-bottom: 1px solid #D0D0D0;
+	font-size: 19px;
+	font-weight: normal;
+	margin: 0 0 14px 0;
+	padding: 14px 15px 10px 15px;
+}
+
+code {
+	font-family: Consolas, Monaco, Courier New, Courier, monospace;
+	font-size: 12px;
+	background-color: #f9f9f9;
+	border: 1px solid #D0D0D0;
+	color: #002166;
+	display: block;
+	margin: 14px 0 14px 0;
+	padding: 12px 10px 12px 10px;
+}
+
+#container {
+	margin: 10px;
+	border: 1px solid #D0D0D0;
+	-webkit-box-shadow: 0 0 8px #D0D0D0;
+}
+
+p {
+	margin: 12px 15px 12px 15px;
 }
 </style>
 </head>
 <body>
-	<div id="content">
+	<div id="container">
 		<h1><?php echo $heading; ?></h1>
 		<?php echo $message; ?>
 	</div>

application/errors/error_general.php

-<html>
+<!DOCTYPE html>
+<html lang="en">
 <head>
 <title>Error</title>
 <style type="text/css">
 
+::selection{ background-color: #E13300; color: white; }
+::moz-selection{ background-color: #E13300; color: white; }
+::webkit-selection{ background-color: #E13300; color: white; }
+
 body {
-background-color:	#fff;
-margin:				40px;
-font-family:		Lucida Grande, Verdana, Sans-serif;
-font-size:			12px;
-color:				#000;
+	background-color: #fff;
+	margin: 40px;
+	font: 13px/20px normal Helvetica, Arial, sans-serif;
+	color: #4F5155;
 }
 
-#content  {
-border:				#999 1px solid;
-background-color:	#fff;
-padding:			20px 20px 12px 20px;
+a {
+	color: #003399;
+	background-color: transparent;
+	font-weight: normal;
 }
 
 h1 {
-font-weight:		normal;
-font-size:			14px;
-color:				#990000;
-margin:				0 0 4px 0;
+	color: #444;
+	background-color: transparent;
+	border-bottom: 1px solid #D0D0D0;
+	font-size: 19px;
+	font-weight: normal;
+	margin: 0 0 14px 0;
+	padding: 14px 15px 10px 15px;
+}
+
+code {
+	font-family: Consolas, Monaco, Courier New, Courier, monospace;
+	font-size: 12px;
+	background-color: #f9f9f9;
+	border: 1px solid #D0D0D0;
+	color: #002166;
+	display: block;
+	margin: 14px 0 14px 0;
+	padding: 12px 10px 12px 10px;
+}
+
+#container {
+	margin: 10px;
+	border: 1px solid #D0D0D0;
+	-webkit-box-shadow: 0 0 8px #D0D0D0;
+}
+
+p {
+	margin: 12px 15px 12px 15px;
 }
 </style>
 </head>
 <body>
-	<div id="content">
+	<div id="container">
 		<h1><?php echo $heading; ?></h1>
 		<?php echo $message; ?>
 	</div>

application/errors/error_php.php

 <h4>A PHP Error was encountered</h4>
 
 <p>Severity: <?php echo $severity; ?></p>
-<p>Message:  <?php echo $message; ?></p>
+<p>Message: <?php echo $message; ?></p>
 <p>Filename: <?php echo $filepath; ?></p>
 <p>Line Number: <?php echo $line; ?></p>
 

application/views/welcome_message.php

 	<meta charset="utf-8">
 	<title>Welcome to CodeIgniter</title>
 
-<style type="text/css">
+	<style type="text/css">
 
-body {
- background-color: #fff;
- margin: 40px;
- font-family: Lucida Grande, Verdana, Sans-serif;
- font-size: 14px;
- color: #4F5155;
-}
+	::selection{ background-color: #E13300; color: white; }
+	::moz-selection{ background-color: #E13300; color: white; }
+	::webkit-selection{ background-color: #E13300; color: white; }
 
-a {
- color: #003399;
- background-color: transparent;
- font-weight: normal;
-}
+	body {
+		background-color: #fff;
+		margin: 40px;
+		font: 13px/20px normal Helvetica, Arial, sans-serif;
+		color: #4F5155;
+	}
 
-h1 {
- color: #444;
- background-color: transparent;
- border-bottom: 1px solid #D0D0D0;
- font-size: 16px;
- font-weight: bold;
- margin: 24px 0 2px 0;
- padding: 5px 0 6px 0;
-}
+	a {
+		color: #003399;
+		background-color: transparent;
+		font-weight: normal;
+	}
 
-code {
- font-family: Monaco, Verdana, Sans-serif;
- font-size: 12px;
- background-color: #f9f9f9;
- border: 1px solid #D0D0D0;
- color: #002166;
- display: block;
- margin: 14px 0 14px 0;
- padding: 12px 10px 12px 10px;
-}
+	h1 {
+		color: #444;
+		background-color: transparent;
+		border-bottom: 1px solid #D0D0D0;
+		font-size: 19px;
+		font-weight: normal;
+		margin: 0 0 14px 0;
+		padding: 14px 15px 10px 15px;
+	}
 
-</style>
+	code {
+		font-family: Consolas, Monaco, Courier New, Courier, monospace;
+		font-size: 12px;
+		background-color: #f9f9f9;
+		border: 1px solid #D0D0D0;
+		color: #002166;
+		display: block;
+		margin: 14px 0 14px 0;
+		padding: 12px 10px 12px 10px;
+	}
+
+	#body{
+		margin: 0 15px 0 15px;
+	}
+	
+	p.footer{
+		text-align: right;
+		font-size: 11px;
+		border-top: 1px solid #D0D0D0;
+		line-height: 32px;
+		padding: 0 10px 0 10px;
+		margin: 20px 0 0 0;
+	}
+	
+	#container{
+		margin: 10px;
+		border: 1px solid #D0D0D0;
+		-webkit-box-shadow: 0 0 8px #D0D0D0;
+	}
+	</style>
 </head>
 <body>
 
-<h1>Welcome to CodeIgniter!</h1>
+<div id="container">
+	<h1>Welcome to CodeIgniter!</h1>
 
-<p>The page you are looking at is being generated dynamically by CodeIgniter.</p>
+	<div id="body">
+		<p>The page you are looking at is being generated dynamically by CodeIgniter.</p>
 
-<p>If you would like to edit this page you'll find it located at:</p>
-<code>application/views/welcome_message.php</code>
+		<p>If you would like to edit this page you'll find it located at:</p>
+		<code>application/views/welcome_message.php</code>
 
-<p>The corresponding controller for this page is found at:</p>
-<code>application/controllers/welcome.php</code>
+		<p>The corresponding controller for this page is found at:</p>
+		<code>application/controllers/welcome.php</code>
 
-<p>If you are exploring CodeIgniter for the very first time, you should start by reading the <a href="user_guide/">User Guide</a>.</p>
+		<p>If you are exploring CodeIgniter for the very first time, you should start by reading the <a href="user_guide/">User Guide</a>.</p>
+	</div>
 
-
-<p><br />Page rendered in {elapsed_time} seconds</p>
+	<p class="footer">Page rendered in <strong>{elapsed_time}</strong> seconds</p>
+</div>
 
 </body>
 </html>
  *
  * This can be set to anything, but default usage is:
  *
- *     development
- *     testing
- *     production
+ *   development
+ *   testing
+ *   production
  *
  * NOTE: If you change these, also change the error_reporting() code below
  *
 		case 'development':
 			error_reporting(E_ALL);
 		break;
-	
+
 		case 'testing':
 		case 'production':
 			error_reporting(0);
  *---------------------------------------------------------------
  *
  * This variable must contain the name of your "system" folder.
- * Include the path if the folder is not in the same  directory
+ * Include the path if the folder is not in the same directory
  * as this file.
  *
  */
  *
  * If you want this front controller to use a different "application"
  * folder then the default one you can set its name here. The folder
- * can also be renamed or relocated anywhere on your server.  If
+ * can also be renamed or relocated anywhere on your server. If
  * you do, use a full server path. For more info please see the user guide:
  * http://codeigniter.com/user_guide/general/managing_apps.html
  *
  *
  * Normally you will set your default controller in the routes.php file.
  * You can, however, force a custom routing by hard-coding a
- * specific controller class/function here.  For most applications, you
+ * specific controller class/function here. For most applications, you
  * WILL NOT set your routing here, but it's an option for those
  * special instances where you might want to override the standard
  * routing in a specific front controller that shares a common CI installation.
  *
- * IMPORTANT:  If you set the routing here, NO OTHER controller will be
+ * IMPORTANT: If you set the routing here, NO OTHER controller will be
  * callable. In essence, this preference limits your application to ONE
- * specific controller.  Leave the function name blank if you need
+ * specific controller. Leave the function name blank if you need
  * to call functions dynamically via the URI.
  *
  * Un-comment the $routing array below to use this feature
  *
  */
-	// The directory name, relative to the "controllers" folder.  Leave blank
+	// The directory name, relative to the "controllers" folder. Leave blank
 	// if your controller is not in a sub-folder within the "controllers" folder
 	// $routing['directory'] = '';
 
-	// The controller class file name.  Example:  Mycontroller.php
+	// The controller class file name. Example: Mycontroller
 	// $routing['controller'] = '';
 
 	// The controller function you wish to be called.
 
 /*
  * -------------------------------------------------------------------
- *  CUSTOM CONFIG VALUES
+ * CUSTOM CONFIG VALUES
  * -------------------------------------------------------------------
  *
  * The $assign_to_config array below will be passed dynamically to the
 
 
 // --------------------------------------------------------------------
-// END OF USER CONFIGURABLE SETTINGS.  DO NOT EDIT BELOW THIS LINE
+// END OF USER CONFIGURABLE SETTINGS. DO NOT EDIT BELOW THIS LINE
 // --------------------------------------------------------------------
 
 /*
  * ---------------------------------------------------------------
- *  Resolve the system path for increased reliability
+ * Resolve the system path for increased reliability
  * ---------------------------------------------------------------
  */
 
 
 /*
  * -------------------------------------------------------------------
- *  Now that we know the path, set the main path constants
+ * Now that we know the path, set the main path constants
  * -------------------------------------------------------------------
  */
 	// The name of THIS file
 	define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));
 
 	// The PHP file extension
+	// this global constant is deprecated.
 	define('EXT', '.php');
 
 	// Path to the system folder
  * And away we go...
  *
  */
-require_once BASEPATH.'core/CodeIgniter'.EXT;
+require_once BASEPATH.'core/CodeIgniter.php';
 
 /* End of file index.php */
 /* Location: ./index.php */
 All rights reserved.
 
 This license is a legal agreement between you and EllisLab Inc. for the use
-of CodeIgniter Software (the "Software").  By obtaining the Software you
+of CodeIgniter Software (the "Software"). By obtaining the Software you
 agree to comply with the terms and conditions of this license.
 
 PERMITTED USE
 WITH THE SOFTWARE. LICENSE HOLDERS ARE SOLELY RESPONSIBLE FOR DETERMINING THE
 APPROPRIATENESS OF USE AND ASSUME ALL RISKS ASSOCIATED WITH ITS USE, INCLUDING
 BUT NOT LIMITED TO THE RISKS OF PROGRAM ERRORS, DAMAGE TO EQUIPMENT, LOSS OF
-DATA OR SOFTWARE PROGRAMS, OR UNAVAILABILITY OR INTERRUPTION OF OPERATIONS.
+DATA OR SOFTWARE PROGRAMS, OR UNAVAILABILITY OR INTERRUPTION OF OPERATIONS.

system/core/Benchmark.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
  * CodeIgniter Benchmark Class
  *
  * This class enables you to mark points and calculate the time difference
- * between them.  Memory consumption can also be displayed.
+ * between them. Memory consumption can also be displayed.
  *
  * @package		CodeIgniter
  * @subpackage	Libraries

system/core/CodeIgniter.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
 
 /*
  * ------------------------------------------------------
- *  Define the CodeIgniter Version
+ * Define the CodeIgniter Version
  * ------------------------------------------------------
  */
-	define('CI_VERSION', '2.0.1');
+	define('CI_VERSION', '2.0.2');
 
 /*
  * ------------------------------------------------------
- *  Define the CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
+ * Define the CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
  * ------------------------------------------------------
  */
 	define('CI_CORE', FALSE);
 
 /*
  * ------------------------------------------------------
- *  Load the global functions
+ * Load the global functions
  * ------------------------------------------------------
  */
-	require(BASEPATH.'core/Common'.EXT);
+	require(BASEPATH.'core/Common.php');
 
 /*
  * ------------------------------------------------------
- *  Load the framework constants
+ * Load the framework constants
  * ------------------------------------------------------
  */
-	if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants'.EXT))
+	if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
 	{
-		require(APPPATH.'config/'.ENVIRONMENT.'/constants'.EXT);
+		require(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
 	}
 	else
 	{
-		require(APPPATH.'config/constants'.EXT);
+		require(APPPATH.'config/constants.php');
 	}
 
 /*
  * ------------------------------------------------------
- *  Define a custom error handler so we can log PHP errors
+ * Define a custom error handler so we can log PHP errors
  * ------------------------------------------------------
  */
 	set_error_handler('_exception_handler');
 
 /*
  * ------------------------------------------------------
- *  Set the subclass_prefix
+ * Set the subclass_prefix
  * ------------------------------------------------------
  *
  * Normally the "subclass_prefix" is set in the config file.
  * "libraries" folder. Since CI allows config items to be
  * overriden via data set in the main index. php file,
  * before proceeding we need to know if a subclass_prefix
- * override exists.  If so, we will set this value now,
+ * override exists. If so, we will set this value now,
  * before any classes are loaded
  * Note: Since the config file data is cached it doesn't
  * hurt to load it here.
 
 /*
  * ------------------------------------------------------
- *  Set a liberal script execution time limit
+ * Set a liberal script execution time limit
  * ------------------------------------------------------
  */
 	if (function_exists("set_time_limit") == TRUE AND @ini_get("safe_mode") == 0)
 
 /*
  * ------------------------------------------------------
- *  Start the timer... tick tock tick tock...
+ * Start the timer... tick tock tick tock...
  * ------------------------------------------------------
  */
 	$BM =& load_class('Benchmark', 'core');
 
 /*
  * ------------------------------------------------------
- *  Instantiate the hooks class
+ * Instantiate the hooks class
  * ------------------------------------------------------
  */
 	$EXT =& load_class('Hooks', 'core');
 
 /*
  * ------------------------------------------------------
- *  Is there a "pre_system" hook?
+ * Is there a "pre_system" hook?
  * ------------------------------------------------------
  */
 	$EXT->_call_hook('pre_system');
 
 /*
  * ------------------------------------------------------
- *  Instantiate the config class
+ * Instantiate the config class
  * ------------------------------------------------------
  */
 	$CFG =& load_class('Config', 'core');
 
 /*
  * ------------------------------------------------------
- *  Instantiate the UTF-8 class
+ * Instantiate the UTF-8 class
  * ------------------------------------------------------
  *
  * Note: Order here is rather important as the UTF-8
 
 /*
  * ------------------------------------------------------
- *  Instantiate the URI class
+ * Instantiate the URI class
  * ------------------------------------------------------
  */
 	$URI =& load_class('URI', 'core');
 
 /*
  * ------------------------------------------------------
- *  Instantiate the routing class and set the routing
+ * Instantiate the routing class and set the routing
  * ------------------------------------------------------
  */
 	$RTR =& load_class('Router', 'core');
 
 /*
  * ------------------------------------------------------
- *  Instantiate the output class
+ * Instantiate the output class
  * ------------------------------------------------------
  */
 	$OUT =& load_class('Output', 'core');
 
 /*
  * ------------------------------------------------------
- *	Is there a valid cache file?  If so, we're done...
+ *	Is there a valid cache file? If so, we're done...
  * ------------------------------------------------------
  */
 	if ($EXT->_call_hook('cache_override') === FALSE)
 	}
 
 /*
+ * -----------------------------------------------------
+ * Load the security class for xss and csrf support
+ * -----------------------------------------------------
+ */
+	$SEC =& load_class('Security', 'core');
+
+/*
  * ------------------------------------------------------
- *  Load the Input class and sanitize globals
+ * Load the Input class and sanitize globals
  * ------------------------------------------------------
  */
 	$IN	=& load_class('Input', 'core');
 
 /*
  * ------------------------------------------------------
- *  Load the Language class
+ * Load the Language class
  * ------------------------------------------------------
  */
 	$LANG =& load_class('Lang', 'core');
 
 /*
  * ------------------------------------------------------
- *  Load the app controller and local controller
+ * Load the app controller and local controller
  * ------------------------------------------------------
  *
  */
 	// Load the base controller class
-	require BASEPATH.'core/Controller'.EXT;
+	require BASEPATH.'core/Controller.php';
 
 	function &get_instance()
 	{
 	}
 
 
-	if (file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller'.EXT))
+	if (file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php'))
 	{
-		require APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller'.EXT;
+		require APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php';
 	}
 
 	// Load the local application controller
 	// Note: The Router class automatically validates the controller path using the router->_validate_request().
 	// If this include fails it means that the default controller in the Routes.php file is not resolving to something valid.
-	if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT))
+	if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php'))
 	{
 		show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.');
 	}
 
-	include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT);
+	include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');
 
 	// Set a mark point for benchmarking
 	$BM->mark('loading_time:_base_classes_end');
 
 /*
  * ------------------------------------------------------
- *  Security check
+ * Security check
  * ------------------------------------------------------
  *
- *  None of the functions in the app controller or the
- *  loader class can be called via the URI, nor can
- *  controller functions that begin with an underscore
+ * None of the functions in the app controller or the
+ * loader class can be called via the URI, nor can
+ * controller functions that begin with an underscore
  */
-	$class  = $RTR->fetch_class();
+	$class = $RTR->fetch_class();
 	$method = $RTR->fetch_method();
 
 	if ( ! class_exists($class)
 
 /*
  * ------------------------------------------------------
- *  Is there a "pre_controller" hook?
+ * Is there a "pre_controller" hook?
  * ------------------------------------------------------
  */
 	$EXT->_call_hook('pre_controller');
 
 /*
  * ------------------------------------------------------
- *  Instantiate the requested controller
+ * Instantiate the requested controller
  * ------------------------------------------------------
  */
 	// Mark a start point so we can benchmark the controller
 
 /*
  * ------------------------------------------------------
- *  Is there a "post_controller_constructor" hook?
+ * Is there a "post_controller_constructor" hook?
  * ------------------------------------------------------
  */
 	$EXT->_call_hook('post_controller_constructor');
 
 /*
  * ------------------------------------------------------
- *  Call the requested method
+ * Call the requested method
  * ------------------------------------------------------
  */
 	// Is there a "remap" function? If so, we call it instead
 				$method = (isset($x[1]) ? $x[1] : 'index');
 				if ( ! class_exists($class))
 				{
-					if ( ! file_exists(APPPATH.'controllers/'.$class.EXT))
+					if ( ! file_exists(APPPATH.'controllers/'.$class.'.php'))
 					{
 						show_404("{$class}/{$method}");
 					}
 
-					include_once(APPPATH.'controllers/'.$class.EXT);
+					include_once(APPPATH.'controllers/'.$class.'.php');
 					unset($CI);
 					$CI = new $class();
 				}
 
 /*
  * ------------------------------------------------------
- *  Is there a "post_controller" hook?
+ * Is there a "post_controller" hook?
  * ------------------------------------------------------
  */
 	$EXT->_call_hook('post_controller');
 
 /*
  * ------------------------------------------------------
- *  Send the final rendered output to the browser
+ * Send the final rendered output to the browser
  * ------------------------------------------------------
  */
 	if ($EXT->_call_hook('display_override') === FALSE)
 
 /*
  * ------------------------------------------------------
- *  Is there a "post_system" hook?
+ * Is there a "post_system" hook?
  * ------------------------------------------------------
  */
 	$EXT->_call_hook('post_system');
 
 /*
  * ------------------------------------------------------
- *  Close the DB connection if one exists
+ * Close the DB connection if one exists
  * ------------------------------------------------------
  */
 	if (class_exists('CI_DB') AND isset($CI->db))

system/core/Common.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
  * Tests for file writability
  *
  * is_writable() returns TRUE on Windows servers when you really can't write to
- * the file, based on the read-only attribute.  is_writable() is also unreliable
+ * the file, based on the read-only attribute. is_writable() is also unreliable
  * on Unix servers if safe_mode is on.
  *
  * @access	private
 		}
 
 		// For windows servers and safe_mode "on" installations we'll actually
-		// write a file then read it.  Bah...
+		// write a file then read it. Bah...
 		if (is_dir($file))
 		{
 			$file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
 /**
 * Class registry
 *
-* This function acts as a singleton.  If the requested class does not
-* exist it is instantiated and set to a static variable.  If it has
+* This function acts as a singleton. If the requested class does not
+* exist it is instantiated and set to a static variable. If it has
 * previously been instantiated the variable is returned.
 *
 * @access	public
 	{
 		static $_classes = array();
 
-		// Does the class exist?  If so, we're done...
+		// Does the class exist? If so, we're done...
 		if (isset($_classes[$class]))
 		{
 			return $_classes[$class];
 		// thenin the local application/libraries folder
 		foreach (array(BASEPATH, APPPATH) as $path)
 		{
-			if (file_exists($path.$directory.'/'.$class.EXT))
+			if (file_exists($path.$directory.'/'.$class.'.php'))
 			{
 				$name = $prefix.$class;
 
 				if (class_exists($name) === FALSE)
 				{
-					require($path.$directory.'/'.$class.EXT);
+					require($path.$directory.'/'.$class.'.php');
 				}
 
 				break;
 			}
 		}
 
-		// Is the request a class extension?  If so we load it too
-		if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.EXT))
+		// Is the request a class extension? If so we load it too
+		if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php'))
 		{
 			$name = config_item('subclass_prefix').$class;
 
 			if (class_exists($name) === FALSE)
 			{
-				require(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.EXT);
+				require(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php');
 			}
 		}
 
 		{
 			// Note: We use exit() rather then show_error() in order to avoid a
 			// self-referencing loop with the Excptions class
-			exit('Unable to locate the specified class: '.$class.EXT);
+			exit('Unable to locate the specified class: '.$class.'.php');
 		}
 
 		// Keep track of what we just loaded
 // --------------------------------------------------------------------
 
 /**
-* Keeps track of which libraries have been loaded.  This function is
+* Keeps track of which libraries have been loaded. This function is
 * called by the load_class() function above
 *
 * @access	public
 		}
 
 		// Is the config file in the environment folder?
-		if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config'.EXT))
+		if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php'))
 		{
-			$file_path = APPPATH.'config/config'.EXT;
+			$file_path = APPPATH.'config/config.php';
 		}
 
 		// Fetch the config file
 
 		if ($text == '')
 		{
-			show_error('No status text available.  Please check your status code number or supply your own message text.', 500);
+			show_error('No status text available. Please check your status code number or supply your own message text.', 500);
 		}
 
 		$server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE;
 * Exception Handler
 *
 * This is the custom exception handler that is declaired at the top
-* of Codeigniter.php.  The main reason we use this is to permit
+* of Codeigniter.php. The main reason we use this is to permit
 * PHP errors to be logged in our own log files since the user may
 * not have access to server logs. Since this function
 * effectively intercepts PHP errors, however, we also need
 			$_error->show_php_error($severity, $message, $filepath, $line);
 		}
 
-		// Should we log the error?  No?  We're done...
+		// Should we log the error? No? We're done...
 		if (config_item('log_threshold') == 0)
 		{
 			return;
 	 * @param	string
 	 * @return	string
 	 */
-	function remove_invisible_characters($str)
+	function remove_invisible_characters($str, $url_encoded = TRUE)
 	{
-		static $non_displayables;
+		$non_displayables = array();
 
-		if ( ! isset($non_displayables))
+		// every control character except newline (dec 10)
+		// carriage return (dec 13), and horizontal tab (dec 09)
+
+		if ($url_encoded)
 		{
-			// every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
-			$non_displayables = array(
-										'/%0[0-8bcef]/',			// url encoded 00-08, 11, 12, 14, 15
-										'/%1[0-9a-f]/',				// url encoded 16-31
-										'/[\x00-\x08]/',			// 00-08
-										'/\x0b/', '/\x0c/',			// 11, 12
-										'/[\x0e-\x1f]/'				// 14-31
-									);
+			$non_displayables[] = '/%0[0-8bcef]/';	// url encoded 00-08, 11, 12, 14, 15
+			$non_displayables[] = '/%1[0-9a-f]/';	// url encoded 16-31
 		}
 
+		$non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S';	// 00-08, 11, 12, 14-31, 127
+
 		do
 		{
-			$cleaned = $str;
-			$str = preg_replace($non_displayables, '', $str);
+			$str = preg_replace($non_displayables, '', $str, -1, $count);
 		}
-		while ($cleaned != $str);
+		while ($count);
 
 		return $str;
 	}

system/core/Config.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
 	 *
 	 * Sets the $config data from the primary config.php file as a class variable
 	 *
-	 * @access   public
-	 * @param   string	the config file name
-	 * @param   boolean  if configuration values should be loaded into their own section
-	 * @param   boolean  true if errors should just return false, false if an error message should be displayed
-	 * @return  boolean  if the file was successfully loaded or not
+	 * @access  public
+	 * @param  string	the config file name
+	 * @param  boolean if configuration values should be loaded into their own section
+	 * @param  boolean true if errors should just return false, false if an error message should be displayed
+	 * @return boolean if the file was successfully loaded or not
 	 */
 	function __construct()
 	{
 	 *
 	 * @access	public
 	 * @param	string	the config file name
-	 * @param   boolean  if configuration values should be loaded into their own section
-	 * @param   boolean  true if errors should just return false, false if an error message should be displayed
+	 * @param  boolean if configuration values should be loaded into their own section
+	 * @param  boolean true if errors should just return false, false if an error message should be displayed
 	 * @return	boolean	if the file was loaded correctly
 	 */
 	function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE)
 	{
-		$file = ($file == '') ? 'config' : str_replace(EXT, '', $file);
+		$file = ($file == '') ? 'config' : str_replace('.php', '', $file);
 		$found = FALSE;
 		$loaded = FALSE;
 
 
 			foreach ($check_locations as $location)
 			{
-				$file_path = $path.'config/'.$location.EXT;
+				$file_path = $path.'config/'.$location.'.php';
 
 				if (in_array($file_path, $this->is_loaded, TRUE))
 				{
 
 			$loaded = TRUE;
 			log_message('debug', 'Config file loaded: '.$file_path);
+			break;
 		}
 
 		if ($loaded === FALSE)
 			{
 				return FALSE;
 			}
-			show_error('The configuration file '.$file.EXT.' does not exist.');
+			show_error('The configuration file '.$file.'.php'.' does not exist.');
 		}
 
 		return TRUE;
 	 * Assign to Config
 	 *
 	 * This function is called by the front controller (CodeIgniter.php)
-	 * after the Config class is instantiated.  It permits config items
+	 * after the Config class is instantiated. It permits config items
 	 * to be assigned or overriden by variables contained in the index.php file
 	 *
 	 * @access	private
 // END CI_Config class
 
 /* End of file Config.php */
-/* Location: ./system/core/Config.php */
+/* Location: ./system/core/Config.php */

system/core/Controller.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
 	public function __construct()
 	{
 		self::$instance =& $this;
-		
+
 		// Assign all the class objects that were instantiated by the
 		// bootstrap file (CodeIgniter.php) to local class variables
 		// so that CI can run as one big super object.
 
 		$this->load =& load_class('Loader', 'core');
 
-		$this->load->_base_classes =& is_loaded();
-
-		$this->load->_ci_autoloader();
+		$this->load->set_base_classes()->ci_autoloader();
 
 		log_message('debug', "Controller Class Initialized");
-
 	}
 
 	public static function &get_instance()

system/core/Exceptions.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
 	public function __construct()
 	{
 		$this->ob_level = ob_get_level();
-		// Note:  Do not log messages from this constructor.
+		// Note: Do not log messages from this constructor.
 	}
 
 	// --------------------------------------------------------------------
 	{
 		$severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity];
 
-		log_message('error', 'Severity: '.$severity.'  --> '.$message. ' '.$filepath.' '.$line, TRUE);
+		log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE);
 	}
 
 	// --------------------------------------------------------------------
 			ob_end_flush();
 		}
 		ob_start();
-		include(APPPATH.'errors/'.$template.EXT);
+		include(APPPATH.'errors/'.$template.'.php');
 		$buffer = ob_get_contents();
 		ob_end_clean();
 		return $buffer;
 			ob_end_flush();
 		}
 		ob_start();
-		include(APPPATH.'errors/error_php'.EXT);
+		include(APPPATH.'errors/error_php.php');
 		$buffer = ob_get_contents();
 		ob_end_clean();
 		echo $buffer;

system/core/Hooks.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
 		// Grab the "hooks" definition file.
 		// If there are no hooks, we're done.
 
-		if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks'.EXT))
+		if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'))
 		{
-		    include(APPPATH.'config/'.ENVIRONMENT.'/hooks'.EXT);
+		  include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php');
 		}
-		elseif (is_file(APPPATH.'config/hooks'.EXT))
+		elseif (is_file(APPPATH.'config/hooks.php'))
 		{
-			include(APPPATH.'config/hooks'.EXT);
+			include(APPPATH.'config/hooks.php');
 		}
 
 

system/core/Input.php

-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
 	var $_enable_csrf			= FALSE; // Set automatically based on config setting
 
 	protected $headers			= array();
-	
+
 
 	/**
 	 * Constructor
 		$this->_enable_xss		= (config_item('global_xss_filtering') === TRUE);
 		$this->_enable_csrf		= (config_item('csrf_protection') === TRUE);
 
-		// Do we need to load the security class?
-		if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
-		{
-			$this->security =& load_class('Security');
-		}
+		global $SEC;
+		$this->security =& $SEC;
 
 		// Do we need the UTF-8 class?
 		if (UTF8_ENABLED === TRUE)
 
 		if ($xss_clean === TRUE)
 		{
-			$_security =& load_class('Security');
-			return $_security->xss_clean($array[$index]);
+			return $this->security->xss_clean($array[$index]);
 		}
 
 		return $array[$index];
 			}
 			return $post;
 		}
-		
+
 		return $this->_fetch_from_array($_POST, $index, $xss_clean);
 	}
 
 	* @param	mixed
 	* @param	string	the value of the cookie
 	* @param	string	the number of seconds until expiration
-	* @param	string	the cookie domain.  Usually:  .yourdomain.com
+	* @param	string	the cookie domain. Usually: .yourdomain.com
 	* @param	string	the cookie path
 	* @param	string	the cookie prefix
 	* @param	bool	true makes the cookie secure
 	function _sanitize_globals()
 	{
 		// It would be "wrong" to unset any of these GLOBALS.
-		$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', 
+		$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
 							'_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
-							'system_folder', 'application_folder', 'BM', 'EXT', 
+							'system_folder', 'application_folder', 'BM', 'EXT',
 							'CFG', 'URI', 'RTR', 'OUT', 'IN');
 
 		// Unset globals for securiy.
 			$str = $this->uni->clean_string($str);
 		}
 
+		// Remove control characters
+		$str = remove_invisible_characters($str);
+
 		// Should we filter the input data?
 		if ($this->_enable_xss === TRUE)
 		{
 	/**
 	 * Request Headers
 	 *
-	 * In Apache, you can simply call apache_request_headers(), however for 
+	 * In Apache, you can simply call apache_request_headers(), however for
 	 * people running other webservers the function is undefined.
 	 *
 	 * @return array
 		{
 			$key = str_replace('_', ' ', strtolower($key));
 			$key = str_replace(' ', '-', ucwords($key));
-			
+
 			$this->headers[$key] = $val;
 		}
-		
+
 		return $this->headers;
 	}
 
 		{
 			$this->request_headers();