Merge remote-tracking branch 'upstream/develop' into 4.7

# Conflicts:
#	user_guide_src/source/changelogs/index.rst
#	user_guide_src/source/installation/upgrading.rst

Author: michalsn

admin/framework/composer.json

@@ -24,7 +24,7 @@
         "mikey179/vfsstream": "^1.6.12",
         "nexusphp/cs-config": "^3.6",
         "phpunit/phpunit": "^10.5.16 || ^11.2",
-        "predis/predis": "^1.1 || ^2.3"
+        "predis/predis": "^3.0"
     },
     "suggest": {
         "ext-curl": "If you use CURLRequest class",

composer.json

@@ -27,8 +27,8 @@
         "phpstan/phpstan-strict-rules": "^2.0",
         "phpunit/phpcov": "^9.0.2 || ^10.0",
         "phpunit/phpunit": "^10.5.16 || ^11.2",
-        "predis/predis": "^1.1 || ^2.3",
-        "rector/rector": "2.0.14",
+        "predis/predis": "^3.0",
+        "rector/rector": "2.0.15",
         "shipmonk/phpstan-baseline-per-identifier": "^2.0"
     },
     "replace": {

system/ThirdParty/Escaper/Escaper.php

@@ -30,7 +30,7 @@
  *
  * @final
  */
-class Escaper
+class Escaper implements EscaperInterface
 {
     /**
      * Entity Map mapping Unicode codepoints to any available named HTML entities.
@@ -183,24 +183,13 @@ public function getEncoding()
         return $this->encoding;
     }
 
-    /**
-     * Escape a string for the HTML Body context where there are very few characters
-     * of special meaning. Internally this will use htmlspecialchars().
-     *
-     * @return ($string is non-empty-string ? non-empty-string : string)
-     */
+    /** @inheritDoc */
     public function escapeHtml(string $string)
     {
         return htmlspecialchars($string, $this->htmlSpecialCharsFlags, $this->encoding);
     }
 
-    /**
-     * Escape a string for the HTML Attribute context. We use an extended set of characters
-     * to escape that are not covered by htmlspecialchars() to cover cases where an attribute
-     * might be unquoted or quoted illegally (e.g. backticks are valid quotes for IE).
-     *
-     * @return ($string is non-empty-string ? non-empty-string : string)
-     */
+    /** @inheritDoc */
     public function escapeHtmlAttr(string $string)
     {
         $string = $this->toUtf8($string);
@@ -214,17 +203,7 @@ public function escapeHtmlAttr(string $string)
         return $this->fromUtf8($result);
     }
 
-    /**
-     * Escape a string for the Javascript context. This does not use json_encode(). An extended
-     * set of characters are escaped beyond ECMAScript's rules for Javascript literal string
-     * escaping in order to prevent misinterpretation of Javascript as HTML leading to the
-     * injection of special characters and entities. The escaping used should be tolerant
-     * of cases where HTML escaping was not applied on top of Javascript escaping correctly.
-     * Backslash escaping is not used as it still leaves the escaped character as-is and so
-     * is not useful in a HTML context.
-     *
-     * @return ($string is non-empty-string ? non-empty-string : string)
-     */
+    /** @inheritDoc */
     public function escapeJs(string $string)
     {
         $string = $this->toUtf8($string);
@@ -238,24 +217,13 @@ public function escapeJs(string $string)
         return $this->fromUtf8($result);
     }
 
-    /**
-     * Escape a string for the URI or Parameter contexts. This should not be used to escape
-     * an entire URI - only a subcomponent being inserted. The function is a simple proxy
-     * to rawurlencode() which now implements RFC 3986 since PHP 5.3 completely.
-     *
-     * @return ($string is non-empty-string ? non-empty-string : string)
-     */
+    /** @inheritDoc */
     public function escapeUrl(string $string)
     {
         return rawurlencode($string);
     }
 
-    /**
-     * Escape a string for the CSS context. CSS escaping can be applied to any string being
-     * inserted into CSS and escapes everything except alphanumerics.
-     *
-     * @return ($string is non-empty-string ? non-empty-string : string)
-     */
+    /** @inheritDoc */
     public function escapeCss(string $string)
     {
         $string = $this->toUtf8($string);

system/ThirdParty/Escaper/EscaperInterface.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Laminas\Escaper;
+
+/**
+ * Interface for context specific methods for use in secure output escaping
+ */
+interface EscaperInterface
+{
+    /**
+     * Escape a string for the HTML Body context where there are very few characters
+     * of special meaning. Internally this will use htmlspecialchars().
+     *
+     * @return ($string is non-empty-string ? non-empty-string : string)
+     */
+    public function escapeHtml(string $string);
+
+    /**
+     * Escape a string for the HTML Attribute context. We use an extended set of characters
+     * to escape that are not covered by htmlspecialchars() to cover cases where an attribute
+     * might be unquoted or quoted illegally (e.g. backticks are valid quotes for IE).
+     *
+     * @return ($string is non-empty-string ? non-empty-string : string)
+     */
+    public function escapeHtmlAttr(string $string);
+
+    /**
+     * Escape a string for the Javascript context. This does not use json_encode(). An extended
+     * set of characters are escaped beyond ECMAScript's rules for Javascript literal string
+     * escaping in order to prevent misinterpretation of Javascript as HTML leading to the
+     * injection of special characters and entities. The escaping used should be tolerant
+     * of cases where HTML escaping was not applied on top of Javascript escaping correctly.
+     * Backslash escaping is not used as it still leaves the escaped character as-is and so
+     * is not useful in a HTML context.
+     *
+     * @return ($string is non-empty-string ? non-empty-string : string)
+     */
+    public function escapeJs(string $string);
+
+    /**
+     * Escape a string for the URI or Parameter contexts. This should not be used to escape
+     * an entire URI - only a subcomponent being inserted. The function is a simple proxy
+     * to rawurlencode() which now implements RFC 3986 since PHP 5.3 completely.
+     *
+     * @return ($string is non-empty-string ? non-empty-string : string)
+     */
+    public function escapeUrl(string $string);
+
+    /**
+     * Escape a string for the CSS context. CSS escaping can be applied to any string being
+     * inserted into CSS and escapes everything except alphanumerics.
+     *
+     * @return ($string is non-empty-string ? non-empty-string : string)
+     */
+    public function escapeCss(string $string);
+}

user_guide_src/source/changelogs/index.rst

@@ -13,6 +13,7 @@ See all the changes.
     :titlesonly:
 
     v4.7.0
+    v4.6.2
     v4.6.1
     v4.6.0
     v4.5.8

user_guide_src/source/changelogs/v4.6.2.rst

@@ -0,0 +1,35 @@
+#############
+Version 4.6.2
+#############
+
+Release Date: Unreleased
+
+**4.6.2 release of CodeIgniter4**
+
+.. contents::
+    :local:
+    :depth: 3
+
+********
+BREAKING
+********
+
+***************
+Message Changes
+***************
+
+*******
+Changes
+*******
+
+************
+Deprecations
+************
+
+**********
+Bugs Fixed
+**********
+
+See the repo's
+`CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_
+for a complete list of bugs fixed.

user_guide_src/source/installation/upgrade_462.rst

@@ -0,0 +1,55 @@
+#############################
+Upgrading from 4.6.1 to 4.6.2
+#############################
+
+Please refer to the upgrade instructions corresponding to your installation method.
+
+- :ref:`Composer Installation App Starter Upgrading <app-starter-upgrading>`
+- :ref:`Composer Installation Adding CodeIgniter4 to an Existing Project Upgrading <adding-codeigniter4-upgrading>`
+- :ref:`Manual Installation Upgrading <installing-manual-upgrading>`
+
+.. contents::
+    :local:
+    :depth: 2
+
+**********************
+Mandatory File Changes
+**********************
+
+****************
+Breaking Changes
+****************
+
+*********************
+Breaking Enhancements
+*********************
+
+*************
+Project Files
+*************
+
+Some files in the **project space** (root, app, public, writable) received updates. Due to
+these files being outside of the **system** scope they will not be changed without your intervention.
+
+.. note:: There are some third-party CodeIgniter modules available to assist
+    with merging changes to the project space:
+    `Explore on Packagist <https://packagist.org/explore/?query=codeigniter4%20updates>`_.
+
+Content Changes
+===============
+
+The following files received significant changes (including deprecations or visual adjustments)
+and it is recommended that you merge the updated versions with your application:
+
+Config
+------
+
+- @TODO
+
+All Changes
+===========
+
+This is a list of all files in the **project space** that received changes;
+many will be simple comments or formatting that have no effect on the runtime:
+
+- @TODO

user_guide_src/source/installation/upgrading.rst

@@ -17,6 +17,7 @@ See also :doc:`./backward_compatibility_notes`.
     backward_compatibility_notes
 
     upgrade_470
+    upgrade_462
     upgrade_461
     upgrade_460
     upgrade_458