Merge remote-tracking branch 'origin/develop' into 4.5

Author: kenjis

CHANGELOG.md

@@ -1,6 +1,23 @@
 # Changelog
 
-## [v4.4.2](https://github.com/codeigniter4/CodeIgniter4/tree/v4.4.1) (2023-10-19)
+## [v4.4.3](https://github.com/codeigniter4/CodeIgniter4/tree/v4.4.3) (2023-10-26)
+[Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.4.2...v4.4.3)
+
+### SECURITY
+
+* *Detailed Error Report is Displayed in Production Environment* was fixed. See the [Security advisory](https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj) for more information.
+
+### Fixed Bugs
+
+* fix: FilterTestTrait::getFilterCaller() does not support Filter classes as array by @kenjis in https://github.com/codeigniter4/CodeIgniter4/pull/8058
+* fix: add dbgroup to model template only when specified as an option by @sammyskills in https://github.com/codeigniter4/CodeIgniter4/pull/8077
+* Update phpstan-codeigniter and fix errors on Modules by @paulbalandan in https://github.com/codeigniter4/CodeIgniter4/pull/8036
+* fix: [Validation] exact_length does not pass int values by @kenjis in https://github.com/codeigniter4/CodeIgniter4/pull/8088
+* fix: [Table] field named `data` will produce bugged output by @ping-yee in https://github.com/codeigniter4/CodeIgniter4/pull/8054
+* docs: fix event points descriptions by @kenjis in https://github.com/codeigniter4/CodeIgniter4/pull/8076
+* docs: fix helper loading by @kenjis in https://github.com/codeigniter4/CodeIgniter4/pull/8084
+
+## [v4.4.2](https://github.com/codeigniter4/CodeIgniter4/tree/v4.4.2) (2023-10-19)
 [Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.4.1...v4.4.2)
 
 ### Fixed Bugs

app/Config/Boot/development.php

@@ -7,6 +7,8 @@
  | In development, we want to show as many errors as possible to help
  | make sure they don't make it to production. And save us hours of
  | painful debugging.
+ |
+ | If you set 'display_errors' to '1', CI4's detailed error report will show.
  */
 error_reporting(-1);
 ini_set('display_errors', '1');

app/Config/Boot/production.php

@@ -6,6 +6,8 @@
  |--------------------------------------------------------------------------
  | Don't show ANY in production environments. Instead, let the system catch
  | it and display a generic error message.
+ |
+ | If you set 'display_errors' to '1', CI4's detailed error report will show.
  */
 ini_set('display_errors', '0');
 error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);

app/Config/Boot/testing.php

@@ -1,5 +1,11 @@
 <?php
 
+/*
+ * The environment testing is reserved for PHPUnit testing. It has special
+ * conditions built into the framework at various places to assist with that.
+ * You can’t use it for your development.
+ */
+
 /*
  |--------------------------------------------------------------------------
  | ERROR DISPLAY

app/Views/errors/html/error_404.php

@@ -77,7 +77,7 @@
                 <?= nl2br(esc($message)) ?>
             <?php else : ?>
                 <?= lang('Errors.sorryCannotFind') ?>
-            <?php endif ?>
+            <?php endif; ?>
         </p>
     </div>
 </body>

app/Views/errors/html/error_exception.php

@@ -44,6 +44,7 @@
         <?php endif; ?>
     </div>
 
+    <?php if (defined('SHOW_DEBUG_BACKTRACE') && SHOW_DEBUG_BACKTRACE) : ?>
     <div class="container">
 
         <ul class="tabs" id="tabs">
@@ -66,7 +67,7 @@
                     <li>
                         <p>
                             <!-- Trace info -->
-                            <?php if (isset($row['file']) && is_file($row['file'])) :?>
+                            <?php if (isset($row['file']) && is_file($row['file'])) : ?>
                                 <?php
                                 if (isset($row['function']) && in_array($row['function'], ['include', 'include_once', 'require', 'require_once'], true)) {
                                     echo esc($row['function'] . ' ' . clean_path($row['file']));
@@ -375,14 +376,16 @@
         </div>  <!-- /tab-content -->
 
     </div> <!-- /container -->
+    <?php endif; ?>
 
     <div class="footer">
         <div class="container">
 
             <p>
                 Displayed at <?= esc(date('H:i:sa')) ?> &mdash;
                 PHP: <?= esc(PHP_VERSION) ?>  &mdash;
-                CodeIgniter: <?= esc(CodeIgniter::CI_VERSION) ?>
+                CodeIgniter: <?= esc(CodeIgniter::CI_VERSION) ?> --
+                Environment: <?= ENVIRONMENT ?>
             </p>
 
         </div>

system/CodeIgniter.php

@@ -54,7 +54,7 @@ class CodeIgniter
     /**
      * The current version of CodeIgniter Framework
      */
-    public const CI_VERSION = '4.4.2';
+    public const CI_VERSION = '4.4.3';
 
     /**
      * App startup time.

system/Config/BaseConfig.php

@@ -83,6 +83,18 @@ public static function setModules(Modules $modules): void
         static::$moduleConfig = $modules;
     }
 
+    /**
+     * @internal For testing purposes only.
+     * @testTag
+     */
+    public static function reset(): void
+    {
+        static::$registrars   = [];
+        static::$override     = true;
+        static::$didDiscovery = false;
+        static::$moduleConfig = null;
+    }
+
     /**
      * Will attempt to get environment variables with names
      * that match the properties of the child class.

system/Debug/ExceptionHandler.php

@@ -129,7 +129,13 @@ protected function determineView(Throwable $exception, string $templatePath): st
         // Production environments should have a custom exception file.
         $view = 'production.php';
 
-        if (str_ireplace(['off', 'none', 'no', 'false', 'null'], '', ini_get('display_errors')) !== '') {
+        if (
+            in_array(
+                strtolower(ini_get('display_errors')),
+                ['1', 'true', 'on', 'yes'],
+                true
+            )
+        ) {
             $view = 'error_exception.php';
         }
 

system/Debug/Exceptions.php

@@ -253,7 +253,13 @@ protected function determineView(Throwable $exception, string $templatePath): st
         $view         = 'production.php';
         $templatePath = rtrim($templatePath, '\\/ ') . DIRECTORY_SEPARATOR;
 
-        if (str_ireplace(['off', 'none', 'no', 'false', 'null'], '', ini_get('display_errors')) !== '') {
+        if (
+            in_array(
+                strtolower(ini_get('display_errors')),
+                ['1', 'true', 'on', 'yes'],
+                true
+            )
+        ) {
             $view = 'error_exception.php';
         }
 

system/View/Table.php

@@ -265,7 +265,7 @@ protected function _prepArgs(array $args)
         // If there is no $args[0], skip this and treat as an associative array
         // This can happen if there is only a single key, for example this is passed to table->generate
         // array(array('foo'=>'bar'))
-        if (isset($args[0]) && count($args) === 1 && is_array($args[0]) && ! isset($args[0]['data'])) {
+        if (isset($args[0]) && count($args) === 1 && is_array($args[0])) {
             $args = $args[0];
         }
 

tests/system/Config/BaseConfigTest.php

@@ -49,8 +49,17 @@ protected function setUp(): void
             require $this->fixturesFolder . '/Encryption.php';
         }
 
-        BaseConfig::$registrars = [];
-        BaseConfig::setModules(new Modules()); // reset to clean copy of Modules
+        BaseConfig::reset();
+    }
+
+    protected function tearDown(): void
+    {
+        parent::tearDown();
+
+        // This test modifies BaseConfig::$modules, so should reset.
+        BaseConfig::reset();
+        // This test modifies Services locator, so should reset.
+        $this->resetServices();
     }
 
     public function testBasicValues(): void
@@ -271,18 +280,24 @@ public function testBadRegistrar(): void
         $this->assertSame('bar', $config->foo);
     }
 
+    /**
+     * @psalm-suppress UndefinedClass
+     */
     public function testDiscoveryNotEnabledWillNotPopulateRegistrarsArray(): void
     {
         /** @var MockObject&Modules $modules */
         $modules = $this->createMock(Modules::class);
         $modules->method('shouldDiscover')->with('registrars')->willReturn(false);
-
         RegistrarConfig::setModules($modules);
+
         $config = new RegistrarConfig();
 
         $this->assertSame([], $config::$registrars);
     }
 
+    /**
+     * @psalm-suppress UndefinedClass
+     */
     public function testRedoingDiscoveryWillStillSetDidDiscoveryPropertyToTrue(): void
     {
         /** @var FileLocator&MockObject $locator */

tests/system/Debug/ExceptionHandlerTest.php

@@ -70,6 +70,21 @@ public function testDetermineViewsRuntimeExceptionCode404(): void
         $this->assertSame('error_404.php', $viewFile);
     }
 
+    public function testDetermineViewsDisplayErrorsOffRuntimeException(): void
+    {
+        ini_set('display_errors', '0');
+
+        $determineView = $this->getPrivateMethodInvoker($this->handler, 'determineView');
+
+        $exception    = new RuntimeException('Exception');
+        $templatePath = APPPATH . 'Views/errors/html';
+        $viewFile     = $determineView($exception, $templatePath);
+
+        $this->assertSame('production.php', $viewFile);
+
+        ini_set('display_errors', '1');
+    }
+
     public function testCollectVars(): void
     {
         $collectVars = $this->getPrivateMethodInvoker($this->handler, 'collectVars');

tests/system/View/TableTest.php

@@ -816,6 +816,64 @@ public static function orderedColumnUsecases(): iterable
             ],
         ];
     }
+
+    /**
+     * @see https://github.com/codeigniter4/CodeIgniter4/issues/8051
+     */
+    public function testGenerateTableWithHeadingContainFieldNamedData(): void
+    {
+        $table = new Table();
+        $table->setHeading([
+            'codigo'         => 'Codigo Orçamento',
+            'data'           => 'Data do Orçamento',
+            'tipo_desconto'  => 'Tipo de Desconto',
+            'valor_desconto' => 'Valor do Desconto',
+        ])->setSyncRowsWithHeading(true);
+
+        $sampleData = [
+            [
+                'id'             => 1,
+                'id_cliente'     => 1,
+                'codigo'         => 'codigo1',
+                'data'           => '2023-10-16 21:53:25',
+                'tipo_desconto'  => 'NENHUM',
+                'valor_desconto' => '',
+                'created_at'     => '2023-10-16 21:53:25',
+                'updated_at'     => '2023-10-16 21:53:25',
+                'deleted_at'     => '',
+            ],
+            [
+                'id'             => 2,
+                'id_cliente'     => 2,
+                'codigo'         => 'codigo2',
+                'data'           => '2023-10-16 21:53:25',
+                'tipo_desconto'  => 'REAL',
+                'valor_desconto' => 10.00,
+                'created_at'     => '2023-10-16 21:53:25',
+                'updated_at'     => '2023-10-16 21:53:25',
+                'deleted_at'     => '',
+            ],
+            [
+                'id'             => 3,
+                'id_cliente'     => 3,
+                'codigo'         => 'codigo3',
+                'data'           => '2023-10-16 21:53:25',
+                'tipo_desconto'  => 'PERCENTUAL',
+                'valor_desconto' => 10.00,
+                'created_at'     => '2023-10-16 21:53:25',
+                'updated_at'     => '2023-10-16 21:53:25',
+                'deleted_at'     => '',
+            ],
+        ];
+
+        $generated = $table->generate($sampleData);
+
+        $this->assertStringContainsString('<th>Codigo Orçamento</th><th>Data do Orçamento</th><th>Tipo de Desconto</th><th>Valor do Desconto</th>', $generated);
+
+        $this->assertStringContainsString('<td>codigo1</td><td>2023-10-16 21:53:25</td><td>NENHUM</td><td></td>', $generated);
+        $this->assertStringContainsString('<td>codigo2</td><td>2023-10-16 21:53:25</td><td>REAL</td><td>10</td>', $generated);
+        $this->assertStringContainsString('<td>codigo3</td><td>2023-10-16 21:53:25</td><td>PERCENTUAL</td><td>10</td>', $generated);
+    }
 }
 
 // We need this for the _set_from_db_result() test

user_guide_src/source/changelogs/v4.4.3.rst

@@ -1,25 +1,20 @@
 Version 4.4.3
 #############
 
-Release Date: Unreleased
+Release Date: October 26, 2023
 
 **4.4.3 release of CodeIgniter4**
 
 .. contents::
     :local:
     :depth: 3
 
-BREAKING
+SECURITY
 ********
 
-Message Changes
-***************
-
-Changes
-*******
-
-Deprecations
-************
+- *Detailed Error Report is Displayed in Production Environment* was fixed.
+  See the `Security advisory GHSA-hwxf-qxj7-7rfj <https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj>`_
+  for more information.
 
 Bugs Fixed
 **********

user_guide_src/source/conf.py

@@ -26,7 +26,7 @@
 version = '4.4'
 
 # The full version, including alpha/beta/rc tags.
-release = '4.4.2'
+release = '4.4.3'
 
 # -- General configuration ---------------------------------------------------
 

user_guide_src/source/general/environments.rst

@@ -30,6 +30,8 @@ By default, CodeIgniter has three environments defined.
 If you want another environment, e.g., for staging, you can add custom environments.
 See `Adding Environments`_.
 
+.. _setting-environment:
+
 *******************
 Setting Environment
 *******************

user_guide_src/source/general/errors.rst

@@ -49,8 +49,12 @@ Error Reporting
 ---------------
 
 By default, CodeIgniter will display a detailed error report with all errors in the ``development`` and ``testing`` environments, and will not
-display any errors in the ``production`` environment. You can change this by setting the ``CI_ENVIRONMENT`` variable
-in the :ref:`.env <dotenv-file>` file.
+display any errors in the ``production`` environment.
+
+.. image:: ../images/error.png
+
+You can change your environment by setting the ``CI_ENVIRONMENT`` variable.
+See :ref:`setting-environment`.
 
 .. important:: Disabling error reporting DOES NOT stop logs from being written if there are errors.