Merge remote-tracking branch 'upstream/develop' into 4.5

 Conflicts:
	user_guide_src/source/libraries/validation.rst

Author: kenjis

phpstan-baseline.php

@@ -56,11 +56,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/system/BaseModel.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Only booleans are allowed in &&, string given on the right side\\.$#',
-	'count' => 7,
-	'path' => __DIR__ . '/system/BaseModel.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Only booleans are allowed in a ternary operator condition, array\\|null given\\.$#',
 	'count' => 1,
@@ -2573,7 +2568,7 @@
 ];
 $ignoreErrors[] = [
 	'message' => '#^Only booleans are allowed in &&, string given on the right side\\.$#',
-	'count' => 3,
+	'count' => 2,
 	'path' => __DIR__ . '/system/Model.php',
 ];
 $ignoreErrors[] = [

system/BaseModel.php

@@ -750,11 +750,11 @@ public function insert($data = null, bool $returnID = true)
         // Set created_at and updated_at with same time
         $date = $this->setDate();
 
-        if ($this->useTimestamps && $this->createdField && ! array_key_exists($this->createdField, $data)) {
+        if ($this->useTimestamps && $this->createdField !== '' && ! array_key_exists($this->createdField, $data)) {
             $data[$this->createdField] = $date;
         }
 
-        if ($this->useTimestamps && $this->updatedField && ! array_key_exists($this->updatedField, $data)) {
+        if ($this->useTimestamps && $this->updatedField !== '' && ! array_key_exists($this->updatedField, $data)) {
             $data[$this->updatedField] = $date;
         }
 
@@ -837,11 +837,11 @@ public function insertBatch(?array $set = null, ?bool $escape = null, int $batch
                 // Set created_at and updated_at with same time
                 $date = $this->setDate();
 
-                if ($this->useTimestamps && $this->createdField && ! array_key_exists($this->createdField, $row)) {
+                if ($this->useTimestamps && $this->createdField !== '' && ! array_key_exists($this->createdField, $row)) {
                     $row[$this->createdField] = $date;
                 }
 
-                if ($this->useTimestamps && $this->updatedField && ! array_key_exists($this->updatedField, $row)) {
+                if ($this->useTimestamps && $this->updatedField !== '' && ! array_key_exists($this->updatedField, $row)) {
                     $row[$this->updatedField] = $date;
                 }
             }
@@ -909,7 +909,7 @@ public function update($id = null, $data = null): bool
             throw DataException::forEmptyDataset('update');
         }
 
-        if ($this->useTimestamps && $this->updatedField && ! array_key_exists($this->updatedField, $data)) {
+        if ($this->useTimestamps && $this->updatedField !== '' && ! array_key_exists($this->updatedField, $data)) {
             $data[$this->updatedField] = $this->setDate();
         }
 
@@ -994,7 +994,7 @@ public function updateBatch(?array $set = null, ?string $index = null, int $batc
                     $row[$index] = $updateIndex;
                 }
 
-                if ($this->useTimestamps && $this->updatedField && ! array_key_exists($this->updatedField, $row)) {
+                if ($this->useTimestamps && $this->updatedField !== '' && ! array_key_exists($this->updatedField, $row)) {
                     $row[$this->updatedField] = $this->setDate();
                 }
             }
@@ -1127,7 +1127,7 @@ public function replace(?array $data = null, bool $returnSQL = false)
             return false;
         }
 
-        if ($this->useTimestamps && $this->updatedField && ! array_key_exists($this->updatedField, (array) $data)) {
+        if ($this->useTimestamps && $this->updatedField !== '' && ! array_key_exists($this->updatedField, (array) $data)) {
             $data[$this->updatedField] = $this->setDate();
         }
 

system/Model.php

@@ -432,7 +432,7 @@ protected function doDelete($id = null, bool $purge = false)
 
             $set[$this->deletedField] = $this->setDate();
 
-            if ($this->useTimestamps && $this->updatedField) {
+            if ($this->useTimestamps && $this->updatedField !== '') {
                 $set[$this->updatedField] = $this->setDate();
             }
 

user_guide_src/source/extending/core_classes.rst

@@ -22,26 +22,41 @@ System Class List
 The following is a list of the core system classes that are invoked every time CodeIgniter runs:
 
 *  ``CodeIgniter\Autoloader\Autoloader``
+*  ``CodeIgniter\Autoloader\FileLocator``
+*  ``CodeIgniter\Cache\CacheFactory``
+*  ``CodeIgniter\Cache\Handlers\BaseHandler``
+*  ``CodeIgniter\Cache\Handlers\FileHandler``
+*  ``CodeIgniter\Cache\ResponseCache``
 *  ``CodeIgniter\CodeIgniter``
+*  ``CodeIgniter\Config\BaseService``
 *  ``CodeIgniter\Config\DotEnv``
+*  ``CodeIgniter\Config\Factories``
 *  ``CodeIgniter\Config\Services``
 *  ``CodeIgniter\Controller``
+*  ``CodeIgniter\Cookie\Cookie``
+*  ``CodeIgniter\Cookie\CookieStore``
 *  ``CodeIgniter\Debug\Exceptions``
 *  ``CodeIgniter\Debug\Timer``
 *  ``CodeIgniter\Events\Events``
 *  ``CodeIgniter\Filters\Filters``
-*  ``CodeIgniter\HTTP\ContentSecurityPolicy``
 *  ``CodeIgniter\HTTP\CLIRequest`` (if launched from command line only)
+*  ``CodeIgniter\HTTP\ContentSecurityPolicy``
+*  ``CodeIgniter\HTTP\Header``
 *  ``CodeIgniter\HTTP\IncomingRequest`` (if launched over HTTP)
+*  ``CodeIgniter\HTTP\Message``
+*  ``CodeIgniter\HTTP\OutgoingRequest``
 *  ``CodeIgniter\HTTP\Request``
 *  ``CodeIgniter\HTTP\Response``
-*  ``CodeIgniter\HTTP\Message``
+*  ``CodeIgniter\HTTP\SiteURI``
+*  ``CodeIgniter\HTTP\SiteURIFactory``
 *  ``CodeIgniter\HTTP\URI``
+*  ``CodeIgniter\HTTP\UserAgent`` (if launched over HTTP)
 *  ``CodeIgniter\Log\Logger``
 *  ``CodeIgniter\Log\Handlers\BaseHandler``
 *  ``CodeIgniter\Log\Handlers\FileHandler``
 *  ``CodeIgniter\Router\RouteCollection``
 *  ``CodeIgniter\Router\Router``
+*  ``CodeIgniter\Superglobals``
 *  ``CodeIgniter\View\View``
 
 Replacing Core Classes

user_guide_src/source/helpers/cookie_helper.rst

@@ -42,6 +42,11 @@ The following functions are available:
     a description of its use, as this function is an alias for
     :php:meth:`CodeIgniter\\HTTP\\Response::setCookie()`.
 
+    .. note:: This helper function just sets browser cookies to the global response
+        instance that ``Services::response()`` returns. So, if you create and
+        return another response instance (e.g., if you call :php:func:`redirect()`),
+        the cookies set here will not be sent automatically.
+
 .. php:function:: get_cookie($index[, $xssClean = false[, $prefix = '']])
 
     :param    string    $index: Cookie name
@@ -78,6 +83,9 @@ The following functions are available:
     This function is otherwise identical to :php:func:`set_cookie()`, except that it
     does not have the ``value`` and ``expire`` parameters.
 
+    This also just sets browser cookies for deleting the cookies to the global
+    response instance that ``Services::response()`` returns.
+
     .. note:: When you use :php:func:`set_cookie()`,
         if the ``value`` is set to empty string and the ``expire`` is set to ``0``, the cookie will be deleted.
         If the ``value`` is set to non-empty string and the ``expire`` is set to ``0``, the cookie will only last as long as the browser is open.
@@ -95,4 +103,6 @@ The following functions are available:
     :param string $prefix: Cookie prefix
     :rtype: bool
 
-    Checks if a cookie exists by name. This is an alias of ``Response::hasCookie()``.
+    Checks if a cookie exists by name in the global response instance that
+    ``Services::response()`` returns. This is an alias of
+    :php:meth:`CodeIgniter\\HTTP\\Response::hasCookie()`.

user_guide_src/source/incoming/controllers.rst

@@ -422,6 +422,10 @@ CodeIgniter also permits you to map your URIs using its :ref:`Defined Route Rout
 Auto Routing (Legacy)
 *********************
 
+.. important:: This feature exists only for backward compatibility. Do not use it
+    in new projects. Even if you are already using it, we recommend that you use
+    the :ref:`auto-routing-improved` instead.
+
 This section describes the functionality of Auto Routing (Legacy) that is a routing system from CodeIgniter 3.
 It automatically routes an HTTP request, and executes the corresponding controller method
 without route definitions. The auto-routing is disabled by default.

user_guide_src/source/incoming/filters.rst

@@ -224,7 +224,7 @@ filter:check
 
 .. versionadded:: 4.3.0
 
-Check the filters for the route ``/`` with **GET** method:
+For example, check the filters for the route ``/`` with **GET** method:
 
 .. code-block:: console
 
@@ -240,8 +240,9 @@ The output is like the following:
     | GET    | /     |                | toolbar       |
     +--------+-------+----------------+---------------+
 
-You can also see the routes and filters by the ``spark routes`` command.
-See :ref:`URI Routing <routing-spark-routes>`.
+You can also see the routes and filters by the ``spark routes`` command,
+but it might not show accurate filters when you use regular expressions for routes.
+See :ref:`URI Routing <routing-spark-routes>` for details.
 
 ****************
 Provided Filters

user_guide_src/source/incoming/routing.rst

@@ -817,6 +817,10 @@ will be routed to ``Acme\Blog\Controllers\Foo::getBar()``.
 Auto Routing (Legacy)
 *********************
 
+.. important:: This feature exists only for backward compatibility. Do not use it
+    in new projects. Even if you are already using it, we recommend that you use
+    the :ref:`auto-routing-improved` instead.
+
 Auto Routing (Legacy) is a routing system from CodeIgniter 3.
 It can automatically route HTTP requests based on conventions and execute the corresponding controller methods.
 
@@ -931,7 +935,13 @@ The *Route* column shows the route path to match. The route of a defined route i
 
 Since v4.3.0, the *Name* column shows the route name. ``»`` indicates the name is the same as the route path.
 
-.. important:: The system is not perfect. If you use Custom Placeholders, *Filters* might not be correct. If you want to check filters for a route, you can use :ref:`spark filter:check <spark-filter-check>` command.
+.. important:: The system is not perfect.
+    For routes containing regular expression patterns like ``([^/]+)`` or ``{locale}``,
+    the *Filters* displayed might not be correct (if you set complicated URI pattern
+    for the filters in **app/Config/Filters.php**), or it is displayed as ``<unknown>``.
+
+    The :ref:`spark filter:check <spark-filter-check>` command can be used to check
+    for 100% accurate filters.
 
 Auto Routing (Improved)
 -----------------------

user_guide_src/source/installation/upgrade_4xx.rst

@@ -142,7 +142,12 @@ Helpers
 - In CI4, ``redirect()`` is completely changed from CI3's.
     - `redirect() Documentation CodeIgniter 3.X <https://codeigniter.com/userguide3/helpers/url_helper.html#redirect>`_
     - `redirect() Documentation CodeIgniter 4.X <../general/common_functions.html#redirect>`_
-    - In CI4, ``redirect()`` returns a ``RedirectResponse`` instance instead of redirecting and terminating script execution. You must return it.
+    - In CI4, :php:func:`redirect()` returns a ``RedirectResponse`` instance instead of
+      redirecting and terminating script execution. You must return it from Controllers
+      or Controller Filters.
+    - Cookies and Headers you set before calling ``redirect()`` are not automatically
+      carried over to a ``RedirectResponse``. You need to call ``withCookies()``
+      or ``withHeaders()`` manually if you want to send them.
     - You need to change CI3's ``redirect('login/form')`` to ``return redirect()->to('login/form')``.
 
 Hooks

user_guide_src/source/libraries/curlrequest.rst

@@ -28,9 +28,11 @@ Config for CURLRequest
 Sharing Options
 ===============
 
-.. note:: Since v4.4.0, the default value has been changed to ``false``. This
-    setting exists only for backward compatibility. New users do not need to
-    change the setting.
+.. important:: This setting exists only for backward compatibility. Do not use it
+    in new projects. Even if you are already using it, we recommend that you disable
+    it.
+
+.. note:: Since v4.4.0, the default value has been changed to ``false``.
 
 If you want to share all the options between requests, set ``$shareOptions`` to
 ``true`` in **app/Config/CURLRequest.php**:

user_guide_src/source/libraries/validation.rst

@@ -234,6 +234,10 @@ The **Strict Rules** don't use implicit type conversion.
 Traditional Rules
 -----------------
 
+.. important:: Traditional Rules exist only for backward compatibility. Do not
+    use them in new projects. Even if you are already using them, we recommend
+    switching to Strict Rules.
+
 .. warning:: When validating data that contains non-string values, such as JSON data,
     you should use **Strict Rules**.
 

user_guide_src/source/models/model.rst

@@ -180,13 +180,13 @@ $createdField
 ^^^^^^^^^^^^^
 
 Specifies which database field to use for data record create timestamp.
-Leave it empty to avoid updating it (even if ``$useTimestamps`` is enabled).
+Leave it empty (``''``) to avoid updating it (even if ``$useTimestamps`` is enabled).
 
 $updatedField
 ^^^^^^^^^^^^^
 
 Specifies which database field should use for keep data record update timestamp.
-Leave it empty to avoid update it (even ``$useTimestamps`` is enabled).
+Leave it empty (``''``) to avoid updating it (even ``$useTimestamps`` is enabled).
 
 $deletedField
 ^^^^^^^^^^^^^

user_guide_src/source/outgoing/response.rst

@@ -12,8 +12,11 @@ a server responding to the client that called it.
 Working with the Response
 =========================
 
-A Response class is instantiated for you and passed into your controllers. It can be accessed through
-``$this->response``. Many times you will not need to touch the class directly, since CodeIgniter takes care of
+A Response class is instantiated for you and passed into your controllers. It can
+be accessed through ``$this->response``. It is the same instance that
+``Services::response()`` returns. We call it the global response instance.
+
+Many times you will not need to touch the class directly, since CodeIgniter takes care of
 sending the headers and the body for you. This is great if the page successfully created the content it was asked to.
 When things go wrong, or you need to send very specific status codes back, or even take advantage of the
 powerful HTTP caching, it's there for you.
@@ -40,20 +43,36 @@ You can set format an array into either JSON or XML and set the content type hea
 Setting Headers
 ---------------
 
+setHeader()
+^^^^^^^^^^^
+
 Often, you will need to set headers to be set for the response. The Response class makes this very simple to do,
-with the ``setHeader()`` method. The first parameter is the name of the header. The second parameter is the value,
+with the ``setHeader()`` method.
+
+The first parameter is the name of the header. The second parameter is the value,
 which can be either a string or an array of values that will be combined correctly when sent to the client.
+
+.. literalinclude:: response/004.php
+
 Using these functions instead of using the native PHP functions allows you to ensure that no headers are sent
 prematurely, causing errors, and makes testing possible.
 
-.. literalinclude:: response/004.php
+.. note:: This method just sets headers to the response instance. So, if you create
+    and return another response instance (e.g., if you call :php:func:`redirect()`),
+    the headers set here will not be sent automatically.
+
+appendHeader()
+^^^^^^^^^^^^^^
 
 If the header exists and can have more than one value, you may use the ``appendHeader()`` and ``prependHeader()``
 methods to add the value to the end or beginning of the values list, respectively. The first parameter is the name
 of the header, while the second is the value to append or prepend.
 
 .. literalinclude:: response/005.php
 
+removeHeader()
+^^^^^^^^^^^^^^
+
 Headers can be removed from the response with the ``removeHeader()`` method, which takes the header name as the only
 parameter. This is not case-sensitive.
 
@@ -384,7 +403,9 @@ The methods provided by the parent class that are available are:
         .. note:: Prior to v4.2.7, the default values of ``$secure`` and ``$httponly`` were ``false``
             due to a bug, and these values from **app/Config/Cookie.php** were never used.
 
-        Sets a cookie containing the values you specify. There are two ways to
+        Sets a cookie containing the values you specify to the Response instance.
+
+        There are two ways to
         pass information to this method so that a cookie can be set: Array
         Method, and Discrete Parameters:
 
@@ -439,6 +460,8 @@ The methods provided by the parent class that are available are:
 
         Delete an existing cookie.
 
+        .. note:: This also just sets browser cookie for deleting the cookie.
+
         Only the ``name`` is required.
 
         The ``prefix`` is only needed if you need to avoid name collisions with