codeigniter4
diff --git a/‎.github/workflows/test-phpunit.yml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/test-phpunit.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/Config/Mimes.php
Lines changed: 1 addition & 5 deletions b/‎app/Config/Mimes.php
Lines changed: 1 addition & 5 deletions
diff --git a/‎system/CLI/CLI.php
Lines changed: 5 additions & 5 deletions b/‎system/CLI/CLI.php
Lines changed: 5 additions & 5 deletions
diff --git a/‎system/Database/BaseUtils.php
Lines changed: 7 additions & 34 deletions b/‎system/Database/BaseUtils.php
Lines changed: 7 additions & 34 deletions
diff --git a/‎system/Database/Forge.php
Lines changed: 1 addition & 1 deletion b/‎system/Database/Forge.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎system/Database/Postgre/Connection.php
Lines changed: 5 additions & 2 deletions b/‎system/Database/Postgre/Connection.php
Lines changed: 5 additions & 2 deletions
diff --git a/‎system/Filters/Filters.php
Lines changed: 5 additions & 7 deletions b/‎system/Filters/Filters.php
Lines changed: 5 additions & 7 deletions
diff --git a/‎system/HTTP/CLIRequest.php
Lines changed: 8 additions & 10 deletions b/‎system/HTTP/CLIRequest.php
Lines changed: 8 additions & 10 deletions
@@ -101,6 +101,7 @@ jobs:
 
       - name: Install latest ImageMagick
         run: |
+          sudo apt-get update
           sudo apt-get install --reinstall libgs9-common fonts-noto-mono libgs9:amd64 libijs-0.35:amd64 fonts-urw-base35 ghostscript poppler-data libjbig2dec0:amd64 gsfonts libopenjp2-7:amd64 fonts-droid-fallback ttf-dejavu-core
           sudo apt-get install -y imagemagick
           sudo apt-get install --fix-broken
 
@@ -3,8 +3,6 @@
 namespace Config;
 
 /**
- * Mimes
- *
  * This file contains an array of mime types.  It is used by the
  * Upload class to help identify allowed file types.
  *
@@ -509,15 +507,13 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt
     {
         $type = trim(strtolower($type), '. ');
 
-        $proposedExtension = trim(strtolower($proposedExtension));
+        $proposedExtension = trim(strtolower($proposedExtension ?? ''));
 
         if ($proposedExtension !== '') {
             if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {
-                // The detected mime type matches with the proposed extension.
                 return $proposedExtension;
             }
 
-            // An extension was proposed, but the media type does not match the mime type list.
             return null;
         }
 
 
@@ -865,11 +865,11 @@ public static function getOptionString(bool $useLongOpts = false, bool $trim = f
                 $out .= "-{$name} ";
             }
 
-            // If there's a space, we need to group
-            // so it will pass correctly.
-            if (mb_strpos($value, ' ') !== false) {
-                $out .= '"' . $value . '" ';
-            } elseif ($value !== null) {
+            if ($value === null) {
+                $out .= '';
+            } elseif (mb_strpos($value, ' ') !== false) {
+                $out .= "\"{$value}\" ";
+            } else {
                 $out .= "{$value} ";
             }
         }
 
@@ -13,14 +13,9 @@
 
 use CodeIgniter\Database\Exceptions\DatabaseException;
 
-/**
- * Class BaseUtils
- */
 abstract class BaseUtils
 {
     /**
-     * Database object
-     *
      * @var object
      */
     protected $db;
@@ -46,24 +41,18 @@ abstract class BaseUtils
      */
     protected $repairTable = false;
 
-    /**
-     * Class constructor
-     */
     public function __construct(ConnectionInterface &$db)
     {
         $this->db = &$db;
     }
 
     /**
-     * List databases
-     *
      * @throws DatabaseException
      *
      * @return array|bool
      */
     public function listDatabases()
     {
-        // Is there a cached result?
         if (isset($this->db->dataCache['db_names'])) {
             return $this->db->dataCache['db_names'];
         }
@@ -79,6 +68,7 @@ public function listDatabases()
         $this->db->dataCache['db_names'] = [];
 
         $query = $this->db->query($this->listDatabases);
+
         if ($query === false) {
             return $this->db->dataCache['db_names'];
         }
@@ -90,17 +80,12 @@ public function listDatabases()
         return $this->db->dataCache['db_names'];
     }
 
-    /**
-     * Determine if a particular database exists
-     */
     public function databaseExists(string $databaseName): bool
     {
         return in_array($databaseName, $this->listDatabases(), true);
     }
 
     /**
-     * Optimize Table
-     *
      * @throws DatabaseException
      *
      * @return bool
@@ -121,8 +106,6 @@ public function optimizeTable(string $tableName)
     }
 
     /**
-     * Optimize Database
-     *
      * @throws DatabaseException
      *
      * @return mixed
@@ -145,17 +128,16 @@ public function optimizeDatabase()
                 return $res;
             }
 
-            // Build the result array...
-
             $res = $res->getResultArray();
 
-            // Postgre & SQLite3 returns empty array
             if (empty($res)) {
+                // Postgre & SQLite3 returns empty array
                 $key = $tableName;
             } else {
                 $res  = current($res);
                 $key  = str_replace($this->db->database . '.', '', current($res));
                 $keys = array_keys($res);
+
                 unset($res[$keys[0]]);
             }
 
@@ -166,8 +148,6 @@ public function optimizeDatabase()
     }
 
     /**
-     * Repair Table
-     *
      * @throws DatabaseException
      *
      * @return mixed
@@ -183,6 +163,7 @@ public function repairTable(string $tableName)
         }
 
         $query = $this->db->query(sprintf($this->repairTable, $this->db->escapeIdentifiers($tableName)));
+
         if (is_bool($query)) {
             return $query;
         }
@@ -193,26 +174,23 @@ public function repairTable(string $tableName)
     }
 
     /**
-     * Generate CSV from a query result object
-     *
      * @return string
      */
     public function getCSVFromResult(ResultInterface $query, string $delim = ',', string $newline = "\n", string $enclosure = '"')
     {
         $out = '';
-        // First generate the headings from the table column names
+
         foreach ($query->getFieldNames() as $name) {
             $out .= $enclosure . str_replace($enclosure, $enclosure . $enclosure, $name) . $enclosure . $delim;
         }
 
         $out = substr($out, 0, -strlen($delim)) . $newline;
 
-        // Next blast through the result array and build out the rows
         while ($row = $query->getUnbufferedRow('array')) {
             $line = [];
 
             foreach ($row as $item) {
-                $line[] = $enclosure . str_replace($enclosure, $enclosure . $enclosure, $item) . $enclosure;
+                $line[] = $enclosure . str_replace($enclosure, $enclosure . $enclosure, $item ?? '') . $enclosure;
             }
 
             $out .= implode($delim, $line) . $newline;
@@ -221,9 +199,6 @@ public function getCSVFromResult(ResultInterface $query, string $delim = ',', st
         return $out;
     }
 
-    /**
-     * Generate XML data from a query result object
-     */
     public function getXMLFromResult(ResultInterface $query, array $params = []): string
     {
         foreach (['root' => 'root', 'element' => 'element', 'newline' => "\n", 'tab' => "\t"] as $key => $val) {
@@ -256,8 +231,6 @@ public function getXMLFromResult(ResultInterface $query, array $params = []): st
     }
 
     /**
-     * Database Backup
-     *
      * @param array|string $params
      *
      * @throws DatabaseException
@@ -274,7 +247,7 @@ public function backup($params = [])
             'tables'             => [],
             'ignore'             => [],
             'filename'           => '',
-            'format'             => 'gzip', // gzip, txt
+            'format'             => 'gzip',
             'add_drop'           => true,
             'add_insert'         => true,
             'newline'            => "\n",
 
@@ -462,7 +462,7 @@ public function dropKey(string $table, string $keyName)
     public function dropForeignKey(string $table, string $foreignName)
     {
         $sql = sprintf(
-            $this->dropConstraintStr,
+            (string) $this->dropConstraintStr,
             $this->db->escapeIdentifiers($this->db->DBPrefix . $table),
             $this->db->escapeIdentifiers($this->db->DBPrefix . $foreignName)
         );
 
@@ -433,8 +433,11 @@ protected function buildDSN()
             $this->DSN = "host={$this->hostname} ";
         }
 
-        if (! empty($this->port) && ctype_digit($this->port)) {
-            $this->DSN .= "port={$this->port} ";
+        // ctype_digit only accepts strings
+        $port = (string) $this->port;
+
+        if (! empty($port) && ctype_digit($port)) {
+            $this->DSN .= "port={$port} ";
         }
 
         if ($this->username !== '') {
 
@@ -399,24 +399,22 @@ protected function processGlobals(?string $uri = null)
             return;
         }
 
-        $uri = strtolower(trim($uri, '/ '));
+        $uri = strtolower(trim((string) $uri, '/ '));
 
         // Add any global filters, unless they are excluded for this URI
-        $sets = [
-            'before',
-            'after',
-        ];
+        $sets = ['before', 'after'];
 
         foreach ($sets as $set) {
             if (isset($this->config->globals[$set])) {
+
                 // look at each alias in the group
                 foreach ($this->config->globals[$set] as $alias => $rules) {
                     $keep = true;
+
                     if (is_array($rules)) {
-                        // see if it should be excluded
                         if (isset($rules['except'])) {
-                            // grab the exclusion rules
                             $check = $rules['except'];
+
                             if ($this->pathApplies($uri, $check)) {
                                 $keep = false;
                             }
 
@@ -15,8 +15,6 @@
 use RuntimeException;
 
 /**
- * Class CLIRequest
- *
  * Represents a request from the command-line. Provides additional
  * tools to interact with that request since CLI requests are not
  * static like HTTP requests might be.
@@ -141,11 +139,11 @@ public function getOptionString(bool $useLongOpts = false): string
                 $out .= "-{$name} ";
             }
 
-            // If there's a space, we need to group
-            // so it will pass correctly.
-            if (mb_strpos($value, ' ') !== false) {
-                $out .= '"' . $value . '" ';
-            } elseif ($value !== null) {
+            if ($value === null) {
+                $out .= '';
+            } elseif (mb_strpos($value, ' ') !== false) {
+                $out .= "\"{$value}\" ";
+            } else {
                 $out .= "{$value} ";
             }
         }
@@ -172,17 +170,17 @@ protected function parseCommand()
                 if ($optionValue) {
                     $optionValue = false;
                 } else {
-                    $this->segments[] = filter_var($arg, FILTER_SANITIZE_STRING);
+                    $this->segments[] = esc(strip_tags($arg));
                 }
 
                 continue;
             }
 
-            $arg   = filter_var(ltrim($arg, '-'), FILTER_SANITIZE_STRING);
+            $arg   = esc(strip_tags(ltrim($arg, '-')));
             $value = null;
 
             if (isset($args[$i + 1]) && mb_strpos($args[$i + 1], '-') !== 0) {
-                $value       = filter_var($args[$i + 1], FILTER_SANITIZE_STRING);
+                $value       = esc(strip_tags($args[$i + 1]));
                 $optionValue = true;
             }
Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,6 @@`
`3`	`3`	`namespace Config;`
`4`	`4`
`5`	`5`	`/**`
`6`		`- * Mimes`
`7`		`- *`
`8`	`6`	`* This file contains an array of mime types. It is used by the`
`9`	`7`	`* Upload class to help identify allowed file types.`
`10`	`8`	`*`
`@@ -509,15 +507,13 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt`
`509`	`507`	`{`
`510`	`508`	`$type = trim(strtolower($type), '. ');`
`511`	`509`
`512`		`- $proposedExtension = trim(strtolower($proposedExtension));`
	`510`	`+ $proposedExtension = trim(strtolower($proposedExtension ?? ''));`
`513`	`511`
`514`	`512`	`if ($proposedExtension !== '') {`
`515`	`513`	`if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {`
`516`		`- // The detected mime type matches with the proposed extension.`
`517`	`514`	`return $proposedExtension;`
`518`	`515`	`}`
`519`	`516`
`520`		`- // An extension was proposed, but the media type does not match the mime type list.`
`521`	`517`	`return null;`
`522`	`518`	`}`
`523`	`519`
Original file line number	Diff line number	Diff line change
`@@ -865,11 +865,11 @@ public static function getOptionString(bool $useLongOpts = false, bool $trim = f`
`865`	`865`	`$out .= "-{$name} ";`
`866`	`866`	`}`
`867`	`867`
`868`		`- // If there's a space, we need to group`
`869`		`- // so it will pass correctly.`
`870`		`- if (mb_strpos($value, ' ') !== false) {`
`871`		`- $out .= '"' . $value . '" ';`
`872`		`- } elseif ($value !== null) {`
	`868`	`+ if ($value === null) {`
	`869`	`+ $out .= '';`
	`870`	`+ } elseif (mb_strpos($value, ' ') !== false) {`
	`871`	`+ $out .= "\"{$value}\" ";`
	`872`	`+ } else {`
`873`	`873`	`$out .= "{$value} ";`
`874`	`874`	`}`
`875`	`875`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,14 +13,9 @@`
`13`	`13`
`14`	`14`	`use CodeIgniter\Database\Exceptions\DatabaseException;`
`15`	`15`
`16`		`-/**`
`17`		`- * Class BaseUtils`
`18`		`- */`
`19`	`16`	`abstract class BaseUtils`
`20`	`17`	`{`
`21`	`18`	`/**`
`22`		`- * Database object`
`23`		`- *`
`24`	`19`	`* @var object`
`25`	`20`	`*/`
`26`	`21`	`protected $db;`
`@@ -46,24 +41,18 @@ abstract class BaseUtils`
`46`	`41`	`*/`
`47`	`42`	`protected $repairTable = false;`
`48`	`43`
`49`		`- /**`
`50`		`- * Class constructor`
`51`		`- */`
`52`	`44`	`public function __construct(ConnectionInterface &$db)`
`53`	`45`	`{`
`54`	`46`	`$this->db = &$db;`
`55`	`47`	`}`
`56`	`48`
`57`	`49`	`/**`
`58`		`- * List databases`
`59`		`- *`
`60`	`50`	`* @throws DatabaseException`
`61`	`51`	`*`
`62`	`52`	`* @return array\|bool`
`63`	`53`	`*/`
`64`	`54`	`public function listDatabases()`
`65`	`55`	`{`
`66`		`- // Is there a cached result?`
`67`	`56`	`if (isset($this->db->dataCache['db_names'])) {`
`68`	`57`	`return $this->db->dataCache['db_names'];`
`69`	`58`	`}`
`@@ -79,6 +68,7 @@ public function listDatabases()`
`79`	`68`	`$this->db->dataCache['db_names'] = [];`
`80`	`69`
`81`	`70`	`$query = $this->db->query($this->listDatabases);`
	`71`	`+`
`82`	`72`	`if ($query === false) {`
`83`	`73`	`return $this->db->dataCache['db_names'];`
`84`	`74`	`}`
`@@ -90,17 +80,12 @@ public function listDatabases()`
`90`	`80`	`return $this->db->dataCache['db_names'];`
`91`	`81`	`}`
`92`	`82`
`93`		`- /**`
`94`		`- * Determine if a particular database exists`
`95`		`- */`
`96`	`83`	`public function databaseExists(string $databaseName): bool`
`97`	`84`	`{`
`98`	`85`	`return in_array($databaseName, $this->listDatabases(), true);`
`99`	`86`	`}`
`100`	`87`
`101`	`88`	`/**`
`102`		`- * Optimize Table`
`103`		`- *`
`104`	`89`	`* @throws DatabaseException`
`105`	`90`	`*`
`106`	`91`	`* @return bool`
`@@ -121,8 +106,6 @@ public function optimizeTable(string $tableName)`
`121`	`106`	`}`
`122`	`107`
`123`	`108`	`/**`
`124`		`- * Optimize Database`
`125`		`- *`
`126`	`109`	`* @throws DatabaseException`
`127`	`110`	`*`
`128`	`111`	`* @return mixed`
`@@ -145,17 +128,16 @@ public function optimizeDatabase()`
`145`	`128`	`return $res;`
`146`	`129`	`}`
`147`	`130`
`148`		`- // Build the result array...`
`149`		`-`
`150`	`131`	`$res = $res->getResultArray();`
`151`	`132`
`152`		`- // Postgre & SQLite3 returns empty array`
`153`	`133`	`if (empty($res)) {`
	`134`	`+ // Postgre & SQLite3 returns empty array`
`154`	`135`	`$key = $tableName;`
`155`	`136`	`} else {`
`156`	`137`	`$res = current($res);`
`157`	`138`	`$key = str_replace($this->db->database . '.', '', current($res));`
`158`	`139`	`$keys = array_keys($res);`
	`140`	`+`
`159`	`141`	`unset($res[$keys[0]]);`
`160`	`142`	`}`
`161`	`143`
`@@ -166,8 +148,6 @@ public function optimizeDatabase()`
`166`	`148`	`}`
`167`	`149`
`168`	`150`	`/**`
`169`		`- * Repair Table`
`170`		`- *`
`171`	`151`	`* @throws DatabaseException`
`172`	`152`	`*`
`173`	`153`	`* @return mixed`
`@@ -183,6 +163,7 @@ public function repairTable(string $tableName)`
`183`	`163`	`}`
`184`	`164`
`185`	`165`	`$query = $this->db->query(sprintf($this->repairTable, $this->db->escapeIdentifiers($tableName)));`
	`166`	`+`
`186`	`167`	`if (is_bool($query)) {`
`187`	`168`	`return $query;`
`188`	`169`	`}`
`@@ -193,26 +174,23 @@ public function repairTable(string $tableName)`
`193`	`174`	`}`
`194`	`175`
`195`	`176`	`/**`
`196`		`- * Generate CSV from a query result object`
`197`		`- *`
`198`	`177`	`* @return string`
`199`	`178`	`*/`
`200`	`179`	`public function getCSVFromResult(ResultInterface $query, string $delim = ',', string $newline = "\n", string $enclosure = '"')`
`201`	`180`	`{`
`202`	`181`	`$out = '';`
`203`		`- // First generate the headings from the table column names`
	`182`	`+`
`204`	`183`	`foreach ($query->getFieldNames() as $name) {`
`205`	`184`	`$out .= $enclosure . str_replace($enclosure, $enclosure . $enclosure, $name) . $enclosure . $delim;`
`206`	`185`	`}`
`207`	`186`
`208`	`187`	`$out = substr($out, 0, -strlen($delim)) . $newline;`
`209`	`188`
`210`		`- // Next blast through the result array and build out the rows`
`211`	`189`	`while ($row = $query->getUnbufferedRow('array')) {`
`212`	`190`	`$line = [];`
`213`	`191`
`214`	`192`	`foreach ($row as $item) {`
`215`		`- $line[] = $enclosure . str_replace($enclosure, $enclosure . $enclosure, $item) . $enclosure;`
	`193`	`+ $line[] = $enclosure . str_replace($enclosure, $enclosure . $enclosure, $item ?? '') . $enclosure;`
`216`	`194`	`}`
`217`	`195`
`218`	`196`	`$out .= implode($delim, $line) . $newline;`
`@@ -221,9 +199,6 @@ public function getCSVFromResult(ResultInterface $query, string $delim = ',', st`
`221`	`199`	`return $out;`
`222`	`200`	`}`
`223`	`201`
`224`		`- /**`
`225`		`- * Generate XML data from a query result object`
`226`		`- */`
`227`	`202`	`public function getXMLFromResult(ResultInterface $query, array $params = []): string`
`228`	`203`	`{`
`229`	`204`	`foreach (['root' => 'root', 'element' => 'element', 'newline' => "\n", 'tab' => "\t"] as $key => $val) {`
`@@ -256,8 +231,6 @@ public function getXMLFromResult(ResultInterface $query, array $params = []): st`
`256`	`231`	`}`
`257`	`232`
`258`	`233`	`/**`
`259`		`- * Database Backup`
`260`		`- *`
`261`	`234`	`* @param array\|string $params`
`262`	`235`	`*`
`263`	`236`	`* @throws DatabaseException`
`@@ -274,7 +247,7 @@ public function backup($params = [])`
`274`	`247`	`'tables' => [],`
`275`	`248`	`'ignore' => [],`
`276`	`249`	`'filename' => '',`
`277`		`- 'format' => 'gzip', // gzip, txt`
	`250`	`+ 'format' => 'gzip',`
`278`	`251`	`'add_drop' => true,`
`279`	`252`	`'add_insert' => true,`
`280`	`253`	`'newline' => "\n",`
Original file line number	Diff line number	Diff line change
`@@ -462,7 +462,7 @@ public function dropKey(string $table, string $keyName)`
`462`	`462`	`public function dropForeignKey(string $table, string $foreignName)`
`463`	`463`	`{`
`464`	`464`	`$sql = sprintf(`
`465`		`- $this->dropConstraintStr,`
	`465`	`+ (string) $this->dropConstraintStr,`
`466`	`466`	`$this->db->escapeIdentifiers($this->db->DBPrefix . $table),`
`467`	`467`	`$this->db->escapeIdentifiers($this->db->DBPrefix . $foreignName)`
`468`	`468`	`);`
Original file line number	Diff line number	Diff line change
`@@ -433,8 +433,11 @@ protected function buildDSN()`
`433`	`433`	`$this->DSN = "host={$this->hostname} ";`
`434`	`434`	`}`
`435`	`435`
`436`		`- if (! empty($this->port) && ctype_digit($this->port)) {`
`437`		`- $this->DSN .= "port={$this->port} ";`
	`436`	`+ // ctype_digit only accepts strings`
	`437`	`+ $port = (string) $this->port;`
	`438`	`+`
	`439`	`+ if (! empty($port) && ctype_digit($port)) {`
	`440`	`+ $this->DSN .= "port={$port} ";`
`438`	`441`	`}`
`439`	`442`
`440`	`443`	`if ($this->username !== '') {`