Re-wrote parts of "Build Your First Application" [ci skip]

Author: jreklund

user_guide_src/source/outgoing/views.rst

@@ -180,7 +180,7 @@ into the `$option` array in the third parameter.
 
 	echo view('blogview', $data, ['saveData' => true]);
 
-Additionally, if you would like the default functionality of the view method to be that it does save the data
+Additionally, if you would like the default functionality of the view function to be that it does save the data
 between calls, you can set ``$saveData`` to **true** in **app/Config/Views.php**.
 
 Creating Loops

user_guide_src/source/tutorial/conclusion.rst

@@ -10,7 +10,7 @@ design patterns, which you can expand upon.
 Now that you've completed this tutorial, we recommend you check out the
 rest of the documentation. CodeIgniter is often praised because of its
 comprehensive documentation. Use this to your advantage and read the
-"Introduction" and "General Topics" sections thoroughly. You should read
+"Overview" and "General Topics" sections thoroughly. You should read
 the class and helper references when needed.
 
 Every intermediate PHP programmer should be able to get the hang of

user_guide_src/source/tutorial/create_news_items.rst

@@ -33,7 +33,7 @@ the slug from our title in the model. Create a new view at
 
     </form>
 
-There is only one thing here that probably look unfamiliar to you: the 
+There is only one thing here that probably look unfamiliar to you: the
 ``\Config\Services::validation()->listErrors()`` function. It is used to report
 errors related to form validation.
 
@@ -46,7 +46,6 @@ validation <../libraries/validation>` library to do this.
 
     public function create()
     {
-        helper('form');
         $model = new NewsModel();
 
         if (! $this->validate([
@@ -57,7 +56,6 @@ validation <../libraries/validation>` library to do this.
             echo view('templates/header', ['title' => 'Create a news item']);
             echo view('news/create');
             echo view('templates/footer');
-
         }
         else
         {
@@ -66,14 +64,14 @@ validation <../libraries/validation>` library to do this.
                 'slug'  => url_title($this->request->getVar('title')),
                 'body'  => $this->request->getVar('body'),
             ]);
+
             echo view('news/success');
         }
     }
 
-The code above adds a lot of functionality. The first few lines load the
-form helper and the NewsModel. After that, the Controller-provided helper
-function is used to validate the $_POST fields. In this case, the title and
-text fields are required.
+The code above adds a lot of functionality. First we load the NewsModel.
+After that, the Controller-provided helper function is used to validate
+the $_POST fields. In this case, the title and text fields are required.
 
 CodeIgniter has a powerful validation library as demonstrated
 above. You can read :doc:`more about this library
@@ -83,18 +81,20 @@ Continuing down, you can see a condition that checks whether the form
 validation ran successfully. If it did not, the form is displayed; if it
 was submitted **and** passed all the rules, the model is called. This
 takes care of passing the news item into the model.
-This contains a new function, url\_title(). This function -
+This contains a new function ``url_title()``. This function -
 provided by the :doc:`URL helper <../helpers/url_helper>` - strips down
 the string you pass it, replacing all spaces by dashes (-) and makes
 sure everything is in lowercase characters. This leaves you with a nice
 slug, perfect for creating URIs.
 
 After this, a view is loaded to display a success message. Create a view at
-**app/Views/news/success.php** and write a success message. 
+**app/Views/news/success.php** and write a success message.
 
-This could be as simple as:::
+This could be as simple as:
+
+::
 
-    News item created successfully. 
+    News item created successfully.
 
 Model Updating
 -------------------------------------------------------
@@ -134,8 +134,9 @@ Routing
 
 Before you can start adding news items into your CodeIgniter application
 you have to add an extra rule to **app/Config/Routes.php** file. Make sure your
-file contains the following. This makes sure CodeIgniter sees 'create'
-as a method instead of a news item's slug.
+file contains the following. This makes sure CodeIgniter sees ``create``
+as a method instead of a news item's slug. You can read more about different
+routing types :doc:`here </incoming/routing>`.
 
 ::
 
@@ -158,15 +159,14 @@ Add some news and check out the different pages you made.
     :height: 415px
     :width: 45%
 
-.. image:: ../images/tutorial9.png
-    :align: left
- 
-
 Congratulations
 -------------------------------------------------------
 
 You just completed your first CodeIgniter4 application!
 
-The image to the left shows your project's **app** folder,
+The image underneath shows your project's **app** folder,
 with all of the files that you created in green.
 The two modified configuration files (Database & Routes) are not shown.
+
+.. image:: ../images/tutorial9.png
+    :align: left

user_guide_src/source/tutorial/index.rst

@@ -59,7 +59,7 @@ From your command line type the following:
 
 ::
 
-    ➜ composer create-project codeigniter4/appstarter ci-blog -s rc
+    composer create-project codeigniter4/appstarter ci-blog -s rc
 
 This creates a new folder, ci-blog, which contains your application code, with
 CodeIgniter installed in the vendor folder.
@@ -121,9 +121,9 @@ greeted by a screen looking something like this:
 There are a couple of things to note here:
 
 1. Hovering over the red header at the top reveals a ``search`` link that will open up
-Google.com in a new tab and searching for the exception.
+   Google.com in a new tab and searching for the exception.
 2. Clicking the ``arguments`` link on any line in the Backtrace will expand a list of
-the arguments that were passed into that function call.
+   the arguments that were passed into that function call.
 
 Everything else should be clear when you see it.
 

user_guide_src/source/tutorial/news_section.rst

@@ -11,7 +11,7 @@ Create a database to work with
 
 The CodeIgniter installation assumes that you have set up an appropriate
 database, as outlined in the :doc:`requirements </intro/requirements>`.
-In this tutorial, we provide SQL code for a MySQL database, and 
+In this tutorial, we provide SQL code for a MySQL database, and
 we also assume that you have a suitable client for issuing database
 commands (mysql, MySQL Workbench, or phpMyAdmin).
 
@@ -35,13 +35,14 @@ and :doc:`Seeds <../dbmgmt/seeds>` to create more useful database setups later.
 		KEY slug (slug)
 	);
 
-A note of interest: a "slug", in the context of web publishing, is a 
+A note of interest: a "slug", in the context of web publishing, is a
 user- and SEO-friendly short text used in a URL to identify and describe a resource.
 
-The seed records might be something like:::
+The seed records might be something like:
 
+::
 
-    INSERT INTO news VALUES 
+    INSERT INTO news VALUES
     (1,'Elvis sighted','elvis-sighted','Elvis was sighted at the Podunk internet cafe. It looked like he was writing a CodeIgniter app.'),
     (2,'Say it isn\'t so!','say-it-isnt-so','Scientists conclude that some programmers have a sense of humor.'),
     (3,'Caffeination, Yes!','caffeination-yes','World\'s largest coffee shop open onsite nested coffee shop for staff only.');
@@ -50,8 +51,11 @@ Connect to your database
 -------------------------------------------------------
 
 The local configuration file, ``.env``, that you created when you installed
-CodeIgniter, should have the database property settings uncommented and 
-set appropriately for the database you want to use.::
+CodeIgniter, should have the database property settings uncommented and
+set appropriately for the database you want to use. Make sure you've configured
+your database properly as described :doc:`here <../database/configuration>`.
+
+::
 
     database.default.hostname = localhost
     database.default.database = ci4tutorial
@@ -66,16 +70,16 @@ Instead of writing database operations right in the controller, queries
 should be placed in a model, so they can easily be reused later. Models
 are the place where you retrieve, insert, and update information in your
 database or other data stores. They provide access to your data.
+You can read more about it :doc:`here </models/model>`.
 
 Open up the **app/Models/** directory and create a new file called
-**NewsModel.php** and add the following code. Make sure you've configured
-your database properly as described :doc:`here <../database/configuration>`.
+**NewsModel.php** and add the following code.
 
 ::
 
-        <?php namespace App\Models;
+	<?php namespace App\Models;
 
-        use CodeIgniter\Model;
+	use CodeIgniter\Model;
 
 	class NewsModel extends Model
 	{
@@ -107,8 +111,8 @@ following code to your model.
 		}
 
 		return $this->asArray()
-		             ->where(['slug' => $slug])
-		             ->first();
+		            ->where(['slug' => $slug])
+		            ->first();
 	}
 
 With this code, you can perform two different queries. You can get all
@@ -130,13 +134,14 @@ Now that the queries are written, the model should be tied to the views
 that are going to display the news items to the user. This could be done
 in our ``Pages`` controller created earlier, but for the sake of clarity,
 a new ``News`` controller is defined. Create the new controller at
-*app/Controllers/News.php*.
+**app/Controllers/News.php**.
 
 ::
 
 	<?php namespace App\Controllers;
+
 	use App\Models\NewsModel;
-        use CodeIgniter\Controller;
+	use CodeIgniter\Controller;
 
 	class News extends Controller
 	{
@@ -181,7 +186,7 @@ the views. Modify the ``index()`` method to look like this::
 
 		echo view('templates/header', $data);
 		echo view('news/overview', $data);
-		echo view('templates/footer');
+		echo view('templates/footer', $data);
 	}
 
 The code above gets all news records from the model and assigns it to a
@@ -192,18 +197,18 @@ and add the next piece of code.
 
 ::
 
-	<h2><?= $title ?></h2>
+	<h2><?= esc($title); ?></h2>
 
 	<?php if (! empty($news) && is_array($news)) : ?>
 
 		<?php foreach ($news as $news_item): ?>
 
-			<h3><?= $news_item['title'] ?></h3>
+			<h3><?= esc($news_item['title']); ?></h3>
 
 			<div class="main">
-				<?= $news_item['body'] ?>
+				<?= esc($news_item['body']); ?>
 			</div>
-			<p><a href="<?= '/news/'.$news_item['slug'] ?>">View article</a></p>
+			<p><a href="/news/<?= esc($news_item['slug'], 'url'); ?>">View article</a></p>
 
 		<?php endforeach; ?>
 
@@ -243,7 +248,7 @@ add some code to the controller and create a new view. Go back to the
 
 		echo view('templates/header', $data);
 		echo view('news/view', $data);
-		echo view('templates/footer');
+		echo view('templates/footer', $data);
 	}
 
 Instead of calling the ``getNews()`` method without a parameter, the
@@ -253,9 +258,13 @@ The only thing left to do is create the corresponding view at
 
 ::
 
-	<?php
-	echo '<h2>'.$news['title'].'</h2>';
-	echo $news['body'];
+	<h2><?= esc($news['title']); ?></h2>
+	<?= esc($news['body']); ?>
+
+.. note:: We are again using using **esc()** to help prevent XSS attacks.
+	But this time we also passed "url" as a second parameter. That's because
+	attack patterns are different depending on the context in which the output
+	is used. You can read more about it :doc:`here </general/common_functions>`.
 
 Routing
 -------------------------------------------------------
@@ -271,7 +280,7 @@ with a slug to the ``view()`` method in the ``News`` controller.
 
 	$routes->get('news/(:segment)', 'News::view/$1');
 	$routes->get('news', 'News::index');
-	$routes->get('(:any)', 'Pages::showme/$1');
+	$routes->get('(:any)', 'Pages::view/$1');
 
 Point your browser to your "news" page, i.e. ``localhost:8080/news``,
 you should see a list of the news items, each of which has a link