Merge branch 'release/3.1.2' into 3.1-stable
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 32ad618..a2067fb 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@
* @var string
*
*/
- const CI_VERSION = '3.1.2-dev';
+ const CI_VERSION = '3.1.2';
/*
* ------------------------------------------------------
diff --git a/system/core/Security.php b/system/core/Security.php
index b9160a2..d0308c5 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -133,15 +133,16 @@
* @var array
*/
protected $_never_allowed_str = array(
- 'document.cookie' => '[removed]',
- 'document.write' => '[removed]',
- '.parentNode' => '[removed]',
- '.innerHTML' => '[removed]',
- '-moz-binding' => '[removed]',
- '<!--' => '<!--',
- '-->' => '-->',
- '<![CDATA[' => '<![CDATA[',
- '<comment>' => '<comment>'
+ 'document.cookie' => '[removed]',
+ 'document.write' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
+ '-moz-binding' => '[removed]',
+ '<!--' => '<!--',
+ '-->' => '-->',
+ '<![CDATA[' => '<![CDATA[',
+ '<comment>' => '<comment>',
+ '<%' => '<%'
);
/**
@@ -924,7 +925,7 @@
return str_replace(
$match[1],
preg_replace(
- '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+ '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
'',
$this->_filter_attributes($match[1])
),
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 4be0b31..437fdba 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -5,11 +5,11 @@
Version 3.1.2
=============
-Release Date: Not Released
+Release Date: Oct 28, 2016
- **Security**
- - Fixed a new URL-encoding attack vector in :doc:`Security Library <libraries/security>` method ``xss_clean()`` affecting Firefox.
+ - Fixed a number of new vulnerabilities in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
- General Changes
diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py
index 17771fa..2f44e0c 100644
--- a/user_guide_src/source/conf.py
+++ b/user_guide_src/source/conf.py
@@ -48,9 +48,9 @@
# built documents.
#
# The short X.Y version.
-version = '3.1.2-dev'
+version = '3.1.2'
# The full version, including alpha/beta/rc tags.
-release = '3.1.2-dev'
+release = '3.1.2'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index 1eacd4d..6c1f007 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -2,7 +2,7 @@
Downloading CodeIgniter
#######################
-- `CodeIgniter v3.1.2-dev (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1-stable>`_
+- `CodeIgniter v3.1.2 (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.2>`_
- `CodeIgniter v3.1.1 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.1>`_
- `CodeIgniter v3.1.0 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.1.0>`_
- `CodeIgniter v3.0.6 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.6>`_