Merge branch 'develop'

# Conflicts:
#	fuel/modules/fuel/helpers/google_helper.php

fuel/application/config/MY_fuel.php

@@ -32,7 +32,7 @@
 // shows an alert in the admin backend if this is the admin password
 $config['default_pwd'] = 'admin';
 
-// maximum number of paramters that can be passed to the page. Used to cut down on queries to the db.
+// maximum number of parameters that can be passed to the page. Used to cut down on queries to the db.
 // If it is an array, then it will loop through the array using the keys to match against a regular expression:
 // $config['max_page_params'] = array('about/news/' => 1);
 $config['max_page_params'] = 0;

fuel/application/config/MY_fuel_layouts.php

@@ -29,6 +29,7 @@
 		'heading' => array('label' => lang('layout_field_heading')),
 		'body' => array('label' => lang('layout_field_body'), 'type' => 'textarea', 'description' => lang('layout_field_body_description')),
 		'body_class' => array('label' => lang('layout_field_body_class')),
+		'template' => array('type' => 'template', 'repeatable' => TRUE, 'fields' => array('subtemplate' => array('type' => 'template', 'fields' => array('test1'=> array('type' => 'keyval')))))
 	)
 );
 

fuel/application/config/asset.php

@@ -45,7 +45,7 @@
 YOU MUST use the assets_last_updated to refresh the cache file
 
 options: 
-* FALSE - no optimation
+* FALSE - no optimization
 * TRUE - will combine files, strip whitespace, and gzip
 * "inline" - will render the files inline
 * "gzip" - will combine files (if multiple) and gzip without stripping whitespace

fuel/application/config/mimes.php

@@ -155,7 +155,8 @@
 	'ics'	=>	'text/calendar',
 	'ical'	=>	'text/calendar',
 	'zsh'	=>	'text/x-scriptzsh',
-	'7zip'	=>	array('application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
+	'7z'	=>	array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
+	'7zip'	=>	array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
 	'cdr'	=>	array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'),
 	'wma'	=>	array('audio/x-ms-wma', 'video/x-ms-asf'),
 	'jar'	=>	array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'),

fuel/application/config/user_agents.php

@@ -61,7 +61,7 @@
 $browsers = array(
 	'OPR'			=> 'Opera',
 	'Flock'			=> 'Flock',
-	'Edge'			=> 'Spartan',
+	'Edge'			=> 'Edge',
 	'Chrome'		=> 'Chrome',
 	// Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string
 	'Opera.*?Version'	=> 'Opera',

fuel/application/views/_docs/index.php

@@ -39,16 +39,14 @@
 			<li><strong><a href="#blocks">Blocks</a></strong> - create reusable block elements (e.g. headers, footers, callouts, etc).</li>
 			<li><strong><a href="#categories">Categories</a></strong> - create categories to group records together.</li>
 			<li><strong><a href="#tags">Tags</a></strong> - create tags to associate with one or more other module records to allow for easy filtering.</li>
-			<li><strong><a href="sitevariables">Site Variables</a></strong> - create variables that can be used throughout your website (e.g. a contact email address).</li>
-			<li><strong><a href="#users">Users</a></strong> - create users and associate permissions with them.</li>
-			<li><strong><a href="#permissions">Permissions</a></strong> - create permissions to associate with other users.</li>
+			<li><strong><a href="#sitevariables">Site Variables</a></strong> - create variables that can be used throughout your website (e.g. a contact email address).</li>
+			<li><strong><a href="#users">Users &amp; Permissions</a></strong> - create users and associate permissions with them.</li>
 		</ul>
 	</li>
 
 	<li><strong>Manage</strong> - The following modules are used to manage various aspects of the site:
 		<ul>
-			<li><strong><a href="#users">Users</a></strong> - allows you to create and manage permissions of FUEL CMS users.</li>
-			<li><strong><a href="#permissions">Permissions</a></strong> - used to manage permissions and associate to users.</li>
+			<li><strong><a href="#users">Users &amp; Permissions</a></strong> - allows you to create and manage permissions of FUEL CMS users.</li>
 			<li><strong><a href="#cache">Page Cache</a></strong> - used to clear the cache of the site.</li>
 			<li><strong>Activity Log</strong> - allows you to view the activity logs within FUEL CMS.</li>
 			<li><strong><a href="#settings">Settings</a></strong> - used to manage module specific configurations.</li>

fuel/application/views/_install.php

@@ -159,7 +159,7 @@ function svg_icon($id, $width, $height, $viewbox = "0 0 126.962 115.395")
 							<h4>Make configuration changes</h4>
 							<ul class="writable">
 								<?php if ($this->config->item('encryption_key') == '') : ?>
-								<li>In the <strong>fuel/application/config/config.php</strong>, change the <code>$config['encryption_key']</code> to your own unique key.</li></li>
+								<li>In the <strong>fuel/application/config/config.php</strong>, change the <code>$config['encryption_key']</code> to your own unique key.</li>
 								<?php endif; ?>
 								<?php if (!$this->config->item('admin_enabled', 'fuel')) : ?>
 								<li>In the <strong>fuel/application/config/MY_fuel.php</strong> file, change the <code>$config['admin_enabled']</code> configuration property to <code>TRUE</code>. If you do not want the CMS accessible, leave it as <strong>FALSE</strong>.</li>
@@ -222,7 +222,7 @@ function svg_icon($id, $width, $height, $viewbox = "0 0 126.962 115.395")
 						</div>
 						<div class="content_block">
 							<h4>Get rolling</h4>
-							<p>FUEL CMS is open source and on GitHub for a good reason. The communities involvement is an important part of it's success.
+							<p>FUEL CMS is open source and on GitHub for a good reason. The communities involvement is an important part of its success.
 							If you have any ideas for improvement, or even better, a <a href="https://help.github.com/articles/creating-a-pull-request" target="_blank">GitHub pull request</a>, please let us know.</p>
 
 

fuel/codeigniter/core/CodeIgniter.php

@@ -55,7 +55,7 @@
  * @var	string
  *
  */
-	const CI_VERSION = '3.1.7';
+	const CI_VERSION = '3.1.9';
 
 /*
  * ------------------------------------------------------

fuel/codeigniter/core/Security.php

@@ -134,7 +134,9 @@ class CI_Security {
 	 */
 	protected $_never_allowed_str =	array(
 		'document.cookie' => '[removed]',
+		'(document).cookie' => '[removed]',
 		'document.write'  => '[removed]',
+		'(document).write'  => '[removed]',
 		'.parentNode'     => '[removed]',
 		'.innerHTML'      => '[removed]',
 		'-moz-binding'    => '[removed]',
@@ -152,7 +154,7 @@ class CI_Security {
 	 */
 	protected $_never_allowed_regex = array(
 		'javascript\s*:',
-		'(document|(document\.)?window)\.(location|on\w*)',
+		'(\(?document\)?|\(?window\)?(\.document)?)\.(location|on\w*)',
 		'expression\s*(\(|&\#40;)', // CSS and IE
 		'vbscript\s*:', // IE, surprise!
 		'wscript\s*:', // IE
@@ -542,6 +544,14 @@ public function xss_clean($str, $is_image = FALSE)
 			$str
 		);
 
+		// Same thing, but for "tag functions" (e.g. eval`some code`)
+		// See https://github.com/bcit-ci/CodeIgniter/issues/5420
+		$str = preg_replace(
+			'#(alert|prompt|confirm|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)`(.*?)`#si',
+			'\\1\\2`\\3`',
+			$str
+		);
+
 		// Final clean up
 		// This adds a bit of extra precaution in case
 		// something got through the above filters
@@ -853,7 +863,7 @@ protected function _sanitize_naughty_html($matches)
 		// For other tags, see if their attributes are "evil" and strip those
 		elseif (isset($matches['attributes']))
 		{
-			// We'll store the already fitlered attributes here
+			// We'll store the already filtered attributes here
 			$attributes = array();
 
 			// Attribute-catching pattern
@@ -927,7 +937,7 @@ protected function _js_link_removal($match)
 		return str_replace(
 			$match[1],
 			preg_replace(
-				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
+				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;|`|&\#96;)|javascript:|livescript:|mocha:|charset=|window\.|\(?document\)?\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
 				'',
 				$this->_filter_attributes($match[1])
 			),
@@ -955,7 +965,7 @@ protected function _js_img_removal($match)
 		return str_replace(
 			$match[1],
 			preg_replace(
-				'#src=.*?(?:(?:alert|prompt|confirm|eval)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+				'#src=.*?(?:(?:alert|prompt|confirm|eval)(?:\(|&\#40;|`|&\#96;)|javascript:|livescript:|mocha:|charset=|window\.|\(?document\)?\.|\.cookie|<script|<xss|base64\s*,)#si',
 				'',
 				$this->_filter_attributes($match[1])
 			),

fuel/codeigniter/database/DB_driver.php

@@ -1528,7 +1528,7 @@ protected function _update($table, $values)
 		return 'UPDATE '.$table.' SET '.implode(', ', $valstr)
 			.$this->_compile_wh('qb_where')
 			.$this->_compile_order_by()
-			.($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+			.($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
 	}
 
 	// --------------------------------------------------------------------

fuel/codeigniter/database/DB_query_builder.php

@@ -680,7 +680,7 @@ protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = N
 			{
 				if ($escape === TRUE)
 				{
-					$v = ' '.$this->escape($v);
+					$v = $this->escape($v);
 				}
 
 				if ( ! $this->_has_operator($k))
@@ -698,10 +698,11 @@ protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = N
 				$k = substr($k, 0, $match[0][1]).($match[1][0] === '=' ? ' IS NULL' : ' IS NOT NULL');
 			}
 
-			$this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
+			${$qb_key} = array('condition' => $prefix.$k, 'value' => $v, 'escape' => $escape);
+			$this->{$qb_key}[] = ${$qb_key};
 			if ($this->qb_caching === TRUE)
 			{
-				$this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
+				$this->{$qb_cache_key}[] = ${$qb_key};
 				$this->qb_cache_exists[] = substr($qb_key, 3);
 			}
 
@@ -834,6 +835,7 @@ protected function _where_in($key = NULL, $values = NULL, $not = FALSE, $type =
 
 		$where_in = array(
 			'condition' => $prefix.$key.$not.' IN('.implode(', ', $where_in).')',
+			'value' => NULL,
 			'escape' => $escape
 		);
 
@@ -962,33 +964,34 @@ protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $n
 				$v = $this->escape_like_str($v);
 			}
 
-			if ($side === 'none')
+			switch ($side)
 			{
-				$like_statement = "{$prefix} {$k} {$not} LIKE '{$v}'";
-			}
-			elseif ($side === 'before')
-			{
-				$like_statement = "{$prefix} {$k} {$not} LIKE '%{$v}'";
-			}
-			elseif ($side === 'after')
-			{
-				$like_statement = "{$prefix} {$k} {$not} LIKE '{$v}%'";
-			}
-			else
-			{
-				$like_statement = "{$prefix} {$k} {$not} LIKE '%{$v}%'";
+				case 'none':
+					$v = "'{$v}'";
+					break;
+				case 'before':
+					$v = "'%{$v}'";
+					break;
+				case 'after':
+					$v = "'{$v}%'";
+					break;
+				case 'both':
+				default:
+					$v = "'%{$v}%'";
+					break;
 			}
 
 			// some platforms require an escape sequence definition for LIKE wildcards
 			if ($escape === TRUE && $this->_like_escape_str !== '')
 			{
-				$like_statement .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
+				$v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
 			}
 
-			$this->qb_where[] = array('condition' => $like_statement, 'escape' => $escape);
+			$qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape);
+			$this->qb_where[] = $qb_where;
 			if ($this->qb_caching === TRUE)
 			{
-				$this->qb_cache_where[] = array('condition' => $like_statement, 'escape' => $escape);
+				$this->qb_cache_where[] = $qb_where;
 				$this->qb_cache_exists[] = 'where';
 			}
 		}
@@ -1013,6 +1016,7 @@ public function group_start($not = '', $type = 'AND ')
 		$prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type;
 		$where = array(
 			'condition' => $prefix.$not.str_repeat(' ', ++$this->qb_where_group_count).' (',
+			'value' => NULL,
 			'escape' => FALSE
 		);
 
@@ -1073,6 +1077,7 @@ public function group_end()
 		$this->qb_where_group_started = FALSE;
 		$where = array(
 			'condition' => str_repeat(' ', $this->qb_where_group_count--).')',
+			'value' => NULL,
 			'escape' => FALSE
 		);
 
@@ -1433,7 +1438,7 @@ public function count_all_results($table = '', $reset = TRUE)
 	// --------------------------------------------------------------------
 
 	/**
-	 * Get_Where
+	 * get_where()
 	 *
 	 * Allows the where clause, limit and offset to be added directly
 	 *
@@ -2210,7 +2215,7 @@ public function delete($table = '', $where = '', $limit = NULL, $reset_data = TR
 	protected function _delete($table)
 	{
 		return 'DELETE FROM '.$table.$this->_compile_wh('qb_where')
-			.($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+			.($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
 	}
 
 	// --------------------------------------------------------------------
@@ -2360,7 +2365,7 @@ protected function _compile_select($select_override = FALSE)
 			.$this->_compile_order_by(); // ORDER BY
 
 		// LIMIT
-		if ($this->qb_limit OR $this->qb_offset)
+		if ($this->qb_limit !== FALSE OR $this->qb_offset)
 		{
 			return $this->_limit($sql."\n");
 		}
@@ -2395,7 +2400,7 @@ protected function _compile_wh($qb_key)
 				}
 				elseif ($this->{$qb_key}[$i]['escape'] === FALSE)
 				{
-					$this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition'];
+					$this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition'].(isset($this->{$qb_key}[$i]['value']) ? ' '.$this->{$qb_key}[$i]['value'] : '');
 					continue;
 				}
 
@@ -2434,7 +2439,7 @@ protected function _compile_wh($qb_key)
 						.' '.trim($matches[3]).$matches[4].$matches[5];
 				}
 
-				$this->{$qb_key}[$i] = implode('', $conditions);
+				$this->{$qb_key}[$i] = implode('', $conditions).(isset($this->{$qb_key}[$i]['value']) ? ' '.$this->{$qb_key}[$i]['value'] : '');
 			}
 
 			return ($qb_key === 'qb_having' ? "\nHAVING " : "\nWHERE ")

fuel/codeigniter/database/drivers/oci8/oci8_driver.php

@@ -97,7 +97,7 @@ class CI_DB_oci8_driver extends CI_DB {
 	 *
 	 * @var	bool
 	 */
-	public $limit_used;
+	public $limit_used = FALSE;
 
 	// --------------------------------------------------------------------
 
@@ -685,4 +685,17 @@ protected function _close()
 		oci_close($this->conn_id);
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * We need to reset our $limit_used hack flag, so it doesn't propagate
+	 * to subsequent queries.
+	 *
+	 * @return	void
+	 */
+	protected function _reset_select()
+	{
+		$this->limit_used = FALSE;
+		parent::_reset_select();
+	}
 }

fuel/codeigniter/database/drivers/postgre/postgre_driver.php

@@ -224,8 +224,8 @@ public function version()
 		 * and so we'll have to fall back to running a query in
 		 * order to get it.
 		 */
-		return isset($pg_version['server'])
-			? $this->data_cache['version'] = $pg_version['server']
+		return (isset($pg_version['server']) && preg_match('#^(\d+\.\d+)#', $pg_version['server'], $match))
+			? $this->data_cache['version'] = $match[1]
 			: parent::version();
 	}
 
@@ -354,8 +354,7 @@ public function affected_rows()
 	 */
 	public function insert_id()
 	{
-		$v = pg_version($this->conn_id);
-		$v = isset($v['server']) ? $v['server'] : 0; // 'server' key is only available since PosgreSQL 7.4
+		$v = $this->version();
 
 		$table	= (func_num_args() > 0) ? func_get_arg(0) : NULL;
 		$column	= (func_num_args() > 1) ? func_get_arg(1) : NULL;

fuel/codeigniter/helpers/html_helper.php

@@ -200,7 +200,7 @@ function img($src = '', $index_page = FALSE, $attributes = '')
 				}
 				else
 				{
-					$img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"';
+					$img .= ' src="'.get_instance()->config->base_url($v).'"';
 				}
 			}
 			else
@@ -292,7 +292,7 @@ function link_tag($href = '', $rel = 'stylesheet', $type = 'text/css', $title =
 					}
 					else
 					{
-						$link .= 'href="'.$CI->config->slash_item('base_url').$v.'" ';
+						$link .= 'href="'.$CI->config->base_url($v).'" ';
 					}
 				}
 				else
@@ -313,7 +313,7 @@ function link_tag($href = '', $rel = 'stylesheet', $type = 'text/css', $title =
 			}
 			else
 			{
-				$link .= 'href="'.$CI->config->slash_item('base_url').$href.'" ';
+				$link .= 'href="'.$CI->config->base_url($href).'" ';
 			}
 
 			$link .= 'rel="'.$rel.'" type="'.$type.'" ';

fuel/codeigniter/helpers/url_helper.php

@@ -396,7 +396,7 @@ function auto_link($str, $type = 'both', $popup = FALSE)
 		if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
 		{
 			// Set our target HTML if using popup links.
-			$target = ($popup) ? ' target="_blank"' : '';
+			$target = ($popup) ? ' target="_blank" rel="noopener"' : '';
 
 			// We process the links in reverse order (last -> first) so that
 			// the returned string offsets from preg_match_all() are not