docs: fix title level

Author: kenjis

user_guide_src/source/concepts/autoloader.rst

@@ -28,13 +28,13 @@ The autoloader is always active, being registered with ``spl_autoload_register()
 beginning of the framework's execution.
 
 Configuration
-=============
+*************
 
 Initial configuration is done in **app/Config/Autoload.php**. This file contains two primary
 arrays: one for the classmap, and one for PSR-4 compatible namespaces.
 
 Namespaces
-==========
+**********
 
 The recommended method for organizing your classes is to create one or more namespaces for your
 application's files. This is most important for any business-logic related classes, entity classes,
@@ -61,7 +61,7 @@ You will need to modify any existing files that are referencing the current name
     namespace has changed.
 
 Classmap
-========
+********
 
 The classmap is used extensively by CodeIgniter to eke the last ounces of performance out of the system
 by not hitting the file-system with extra ``is_file()`` calls. You can use the classmap to link to
@@ -72,7 +72,7 @@ third-party libraries that are not namespaced:
 The key of each row is the name of the class that you want to locate. The value is the path to locate it at.
 
 Composer Support
-================
+****************
 
 Composer support is automatically initialized by default. By default, it looks for Composer's autoload file at
 ``ROOTPATH . 'vendor/autoload.php'``. If you need to change the location of that file for any reason, you can modify

user_guide_src/source/concepts/factories.rst

@@ -7,10 +7,10 @@ Factories
     :depth: 2
 
 Introduction
-============
+************
 
 What are Factories?
--------------------
+===================
 
 Like :doc:`./services`, **Factories** are an extension of autoloading that helps keep your code
 concise yet optimal, without having to pass around object instances between classes.
@@ -25,7 +25,7 @@ to work on or transmit common data. The framework itself uses Factories internal
 make sure the correct configuration is loaded when using the ``Config`` class.
 
 Differences from Services
--------------------------
+=========================
 
 Factories require a concrete class name to instantiate and do not have code to create instances.
 
@@ -37,7 +37,7 @@ that needs other services or class instances. When you get a service, Services r
 not a class name, so the returned instance can be changed without changing the client code.
 
 Example
--------
+=======
 
 Take a look at **Models** as an example. You can access the Factory specific to Models
 by using the magic static method of the Factories class, ``Factories::models()``.
@@ -69,26 +69,26 @@ you get back the instance as before:
 .. literalinclude:: factories/003.php
 
 Convenience Functions
-=====================
+*********************
 
 Two shortcut functions for Factories have been provided. These functions are always available.
 
 config()
---------
+========
 
 The first is ``config()`` which returns a new instance of a Config class. The only required parameter is the class name:
 
 .. literalinclude:: factories/008.php
 
 model()
---------
+=======
 
 The second function, ``model()`` returns a new instance of a Model class. The only required parameter is the class name:
 
 .. literalinclude:: factories/009.php
 
 Factory Parameters
-==================
+******************
 
 ``Factories`` takes as a second parameter an array of option values (described below).
 These directives will override the default options configured for each component.
@@ -106,7 +106,7 @@ class instance that uses the alternate database connection.
 .. _factories-options:
 
 Factories Options
-==================
+*****************
 
 The default behavior might not work for every component. For example, say your component
 name and its path do not align, or you need to limit instances to a certain type of class.
@@ -127,7 +127,7 @@ preferApp  boolean        Whether a class with the same basename in the App name
 ========== ============== ============================================================ ===================================================
 
 Factories Behavior
-==================
+******************
 
 Options can be applied in one of three ways (listed in ascending priority):
 
@@ -136,7 +136,7 @@ Options can be applied in one of three ways (listed in ascending priority):
 * Passing options directly at call time with a parameter.
 
 Configurations
---------------
+==============
 
 To set default component options, create a new Config files at **app/Config/Factory.php**
 that supplies options as an array property that matches the name of the component.
@@ -154,7 +154,7 @@ This would prevent conflict of an third-party module which happened to have an
 unrelated ``Filters`` path in its namespace.
 
 setOptions Method
------------------
+=================
 
 The ``Factories`` class has a static method to allow runtime option configuration: simply
 supply the desired array of options using the ``setOptions()`` method and they will be
@@ -163,7 +163,7 @@ merged with the default values and stored for the next call:
 .. literalinclude:: factories/006.php
 
 Parameter Options
------------------
+=================
 
 ``Factories``'s magic static call takes as a second parameter an array of option values.
 These directives will override the stored options configured for each component and can be
@@ -175,4 +175,4 @@ a component. By adding a second parameter to the magic static call, you can cont
 that single call will return a new or shared instance:
 
 .. literalinclude:: factories/007.php
-   :lines: 2-
+   :lines: 2-

user_guide_src/source/concepts/http.rst

@@ -10,7 +10,7 @@ The first part of this chapter gives an overview. After the concepts are out of
 how to work with the requests and responses within CodeIgniter.
 
 What is HTTP?
-=============
+*************
 
 HTTP is simply a text-based convention that allows two machines to talk to each other. When a browser
 requests a page, it asks the server if it can get the page. The server then prepares the page and sends
@@ -22,7 +22,8 @@ you develop web applications is to always understand what the browser is request
 respond appropriately.
 
 The Request
------------
+===========
+
 Whenever a client (a web browser, smartphone app, etc) makes a request, it sends a small text message
 to the server and waits for a response.
 
@@ -42,7 +43,7 @@ client accepts, and much more. Wikipedia has an article that lists `all header f
 <https://en.wikipedia.org/wiki/List_of_HTTP_header_fields>`_ if you want to look it over.
 
 The Response
-------------
+============
 
 Once the server receives the request, your application will take that information and generate some output.
 The server will bundle your output as part of its response to the client. This is also represented as
@@ -64,7 +65,7 @@ wasn't found (404). Head over to IANA for a `full list of HTTP status codes
 <https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml>`_.
 
 Working with Requests and Responses
------------------------------------
+***********************************
 
 While PHP provides ways to interact with the request and response headers, CodeIgniter, like most frameworks,
 abstracts them so that you have a consistent, simple interface to them. The :doc:`IncomingRequest class </incoming/incomingrequest>`

user_guide_src/source/concepts/security.rst

@@ -24,15 +24,15 @@ the input data from the client to the application. Attack vectors include SQL,
 XML, ORM, code & buffer overflows.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: set correct content type, character set & locale
 - Submission: validate fields and provide feedback
 - Controller: sanitize input; positive input validation using correct character set
 - Model: parameterized queries
 
 CodeIgniter provisions
-----------------------
+======================
 
 - :doc:`HTTP library <../incoming/incomingrequest>` provides for input field filtering & content metadata
 - Form validation library
@@ -45,7 +45,7 @@ Inadequate authentication or improper session management can lead to a user
 getting more privileges than they are entitled to.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: validate authentication & role; send CSRF token with forms
 - Design: only use built-in session management
@@ -54,7 +54,7 @@ OWASP recommendations
 - Tip: consider the use of a request governor
 
 CodeIgniter provisions
-----------------------
+======================
 
 - :doc:`Session <../libraries/sessions>` library
 - :doc:`Security </libraries/security>` library provides for CSRF validation
@@ -68,14 +68,14 @@ Insufficient input validation where one user can add content to a web site
 that can be malicious when viewed by other users to the web site.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: output encode all user data as per output context; set input constraints
 - Controller: positive input validation
 - Tips: only process trustworthy data; do not store data HTML encoded in DB
 
 CodeIgniter provisions
-----------------------
+======================
 
 - esc function
 - Form validation library
@@ -90,14 +90,14 @@ attackers can bypass authorization and access resources in the system directly,
 for example database records or files.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: don't expose internal data; use random reference maps
 - Controller: obtain data from trusted sources or random reference maps
 - Model: validate user roles before updating data
 
 CodeIgniter provisions
-----------------------
+======================
 
 - Form validation library
 - Easy to add third party authentication
@@ -110,14 +110,14 @@ Improper configuration of an application architecture can lead to mistakes
 that might compromise the security of the whole architecture.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: harden web and application servers; use HTTP strict transport security
 - Controller: harden web and application servers; protect your XML stack
 - Model: harden database servers
 
 CodeIgniter provisions
-----------------------
+======================
 
 - Sanity checks during bootstrap
 
@@ -131,14 +131,14 @@ if data must be protected when it is stored, it must be protected also during
 transmission.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: use TLS1.2; use strong ciphers and hashes; do not send keys or hashes to browser
 - Controller: use strong ciphers and hashes
 - Model: mandate strong encrypted communications with servers
 
 CodeIgniter provisions
-----------------------
+======================
 
 - Session keys stored encrypted
 
@@ -152,14 +152,14 @@ if data must be protected when it is stored, it must be protected also during
 transmission.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: ensure that non-web data is outside the web root; validate users and roles; send CSRF tokens
 - Controller: validate users and roles; validate CSRF tokens
 - Model: validate roles
 
 CodeIgniter provisions
-----------------------
+======================
 
 - Public folder, with application and system outside
 - :doc:`Security </libraries/security>` library provides for CSRF validation
@@ -172,14 +172,14 @@ CSRF is an attack that forces an end user to execute unwanted actions on a web
 application in which he/she is currently authenticated.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: validate users and roles; send CSRF tokens
 - Controller: validate users and roles; validate CSRF tokens
 - Model: validate roles
 
 CodeIgniter provisions
-----------------------
+======================
 
 - :doc:`Security </libraries/security>` library provides for CSRF validation
 
@@ -191,12 +191,12 @@ Many applications have known vulnerabilities and known attack strategies that
 can be exploited in order to gain remote control or to exploit data.
 
 OWASP recommendations
----------------------
+=====================
 
 - Don't use any of these
 
 CodeIgniter provisions
-----------------------
+======================
 
 - Third party libraries incorporated must be vetted
 
@@ -208,14 +208,14 @@ Faulty business logic or injected actionable code could redirect the user
 inappropriately.
 
 OWASP recommendations
----------------------
+=====================
 
 - Presentation: don't use URL redirection; use random indirect references
 - Controller: don't use URL redirection; use random indirect references
 - Model: validate roles
 
 CodeIgniter provisions
-----------------------
+======================
 
 - :doc:`HTTP library <../incoming/incomingrequest>` provides for ...
 - :doc:`Session <../libraries/sessions>` library provides flashdata