From d593fd57194f6078abdb973a8e8a4bc1d4b20101 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Sat, 1 Dec 2012 02:55:26 +0100
Subject: [PATCH] small hint on security checks after container creation

---
 developer_manual/tutorial.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/developer_manual/tutorial.rst b/developer_manual/tutorial.rst
index 327400c90..b287304af 100644
--- a/developer_manual/tutorial.rst
+++ b/developer_manual/tutorial.rst
@@ -192,9 +192,9 @@ A simple route would look like this:
 
   <?php
   $this->create('yourappname_routename', '/myurl/{value}')->action(
-  function($params){
-    callController('MyController', 'methodName', $params);
-  }
+      function($params){
+          callController('MyController', 'methodName', $params);
+      }
   );
   ?>
 
@@ -232,7 +232,7 @@ You can also omit the second generate function parameter if you dont extract any
 
 If you want to disable/enable security checks or simply swap stuff in the container, you can do it by passing a container as the fourth parameter of **callController** or callAjaxController.
 
-The following example turns off the CSRF check for callAjaxController
+The following example turns off the CSRF check for callAjaxController (but runs all the other checks, see :file:`lib/security.php`)
 
 .. code-block:: php