Release v4.1.6

Author: actions-user

LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2014-2019 British Columbia Institute of Technology
-Copyright (c) 2019-2021 CodeIgniter Foundation
+Copyright (c) 2019-2022 CodeIgniter Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/Config/Filters.php

@@ -6,6 +6,8 @@
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
 use CodeIgniter\Filters\Honeypot;
+use CodeIgniter\Filters\InvalidChars;
+use CodeIgniter\Filters\SecureHeaders;
 
 class Filters extends BaseConfig
 {
@@ -16,9 +18,11 @@ class Filters extends BaseConfig
      * @var array
      */
     public $aliases = [
-        'csrf'     => CSRF::class,
-        'toolbar'  => DebugToolbar::class,
-        'honeypot' => Honeypot::class,
+        'csrf'          => CSRF::class,
+        'toolbar'       => DebugToolbar::class,
+        'honeypot'      => Honeypot::class,
+        'invalidchars'  => InvalidChars::class,
+        'secureheaders' => SecureHeaders::class,
     ];
 
     /**
@@ -31,10 +35,12 @@ class Filters extends BaseConfig
         'before' => [
             // 'honeypot',
             // 'csrf',
+            // 'invalidchars',
         ],
         'after' => [
             'toolbar',
             // 'honeypot',
+            // 'secureheaders',
         ],
     ];
 

app/Config/Mimes.php

@@ -509,7 +509,7 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt
     {
         $type = trim(strtolower($type), '. ');
 
-        $proposedExtension = trim(strtolower($proposedExtension));
+        $proposedExtension = trim(strtolower($proposedExtension ?? ''));
 
         if ($proposedExtension !== '') {
             if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {

app/Config/Security.php

@@ -17,6 +17,17 @@ class Security extends BaseConfig
      */
     public $csrfProtection = 'cookie';
 
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Token Randomization
+     * --------------------------------------------------------------------------
+     *
+     * Randomize the CSRF Token for added security.
+     *
+     * @var bool
+     */
+    public $tokenRandomize = false;
+
     /**
      * --------------------------------------------------------------------------
      * CSRF Token Name

app/Config/Toolbar.php

@@ -44,6 +44,18 @@ class Toolbar extends BaseConfig
         Events::class,
     ];
 
+    /**
+     * --------------------------------------------------------------------------
+     * Collect Var Data
+     * --------------------------------------------------------------------------
+     *
+     * If set to false var data from the views will not be colleted. Usefull to
+     * avoid high memory usage when there are lots of data passed to the view.
+     *
+     * @var bool
+     */
+    public $collectVarData = true;
+
     /**
      * --------------------------------------------------------------------------
      * Max History

app/Views/errors/html/error_exception.php

@@ -195,7 +195,7 @@
 					<tbody>
 						<tr>
 							<td style="width: 10em">Path</td>
-							<td><?= esc($request->uri) ?></td>
+							<td><?= esc($request->getUri()) ?></td>
 						</tr>
 						<tr>
 							<td>HTTP Method</td>

env

@@ -111,6 +111,7 @@
 #--------------------------------------------------------------------
 
 # security.csrfProtection = 'cookie'
+# security.tokenRandomize = false
 # security.tokenName = 'csrf_token_name'
 # security.headerName = 'X-CSRF-TOKEN'
 # security.cookieName = 'csrf_cookie_name'

system/Autoloader/Autoloader.php

@@ -114,10 +114,10 @@ public function initialize(Autoload $config, Modules $modules)
     public function register()
     {
         // Prepend the PSR4  autoloader for maximum performance.
-        spl_autoload_register([$this, 'loadClass'], true, true); // @phpstan-ignore-line
+        spl_autoload_register([$this, 'loadClass'], true, true);
 
         // Now prepend another loader for the files in our class map.
-        spl_autoload_register([$this, 'loadClassmap'], true, true); // @phpstan-ignore-line
+        spl_autoload_register([$this, 'loadClassmap'], true, true);
 
         // Load our non-class files
         foreach ($this->files as $file) {

system/Autoloader/FileLocator.php

@@ -55,6 +55,7 @@ public function locateFile(string $file, ?string $folder = null, string $ext = '
 
         // Standardize slashes to handle nested directories.
         $file = strtr($file, '/', '\\');
+        $file = ltrim($file, '\\');
 
         $segments = explode('\\', $file);
 
@@ -64,23 +65,20 @@ public function locateFile(string $file, ?string $folder = null, string $ext = '
         }
 
         $paths    = [];
-        $prefix   = '';
         $filename = '';
 
         // Namespaces always comes with arrays of paths
         $namespaces = $this->autoloader->getNamespace();
 
-        while (! empty($segments)) {
-            $prefix .= empty($prefix) ? array_shift($segments) : '\\' . array_shift($segments);
+        foreach (array_keys($namespaces) as $namespace) {
+            if (substr($file, 0, strlen($namespace)) === $namespace) {
+                // There may be sub-namespaces of the same vendor,
+                // so overwrite them with namespaces found later.
+                $paths = $namespaces[$namespace];
 
-            if (empty($namespaces[$prefix])) {
-                continue;
+                $fileWithoutNamespace = substr($file, strlen($namespace));
+                $filename             = ltrim(str_replace('\\', '/', $fileWithoutNamespace), '/');
             }
-
-            $paths = $namespaces[$prefix];
-
-            $filename = implode('/', $segments);
-            break;
         }
 
         // if no namespaces matched then quit

system/BaseModel.php

@@ -1578,7 +1578,7 @@ protected function transformDataToArray($data, string $type): array
         // properties representing the collection elements, we need to grab
         // them as an array.
         if (is_object($data) && ! $data instanceof stdClass) {
-            $data = $this->objectToArray($data, true, true);
+            $data = $this->objectToArray($data, ($type === 'update'), true);
         }
 
         // If it's still a stdClass, go ahead and convert to

system/CLI/CLI.php

@@ -865,10 +865,12 @@ public static function getOptionString(bool $useLongOpts = false, bool $trim = f
                 $out .= "-{$name} ";
             }
 
-            // If there's a space, we need to group
-            // so it will pass correctly.
+            if ($value === null) {
+                continue;
+            }
+
             if (mb_strpos($value, ' ') !== false) {
-                $out .= '"' . $value . '" ';
+                $out .= "\"{$value}\" ";
             } elseif ($value !== null) {
                 $out .= "{$value} ";
             }

system/Cache/Handlers/FileHandler.php

@@ -241,7 +241,6 @@ protected function getItem(string $filename)
             return false;
         }
 
-        // @phpstan-ignore-next-line
         if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl']) {
             // If the file is still there then try to remove it
             if (is_file($this->path . $filename)) {

system/Cache/Handlers/MemcachedHandler.php

@@ -146,7 +146,7 @@ public function get(string $key)
             }
         }
 
-        return is_array($data) ? $data[0] : $data; // @phpstan-ignore-line
+        return is_array($data) ? $data[0] : $data;
     }
 
     /**
@@ -172,7 +172,6 @@ public function save(string $key, $value, int $ttl = 60)
             return $this->memcached->set($key, $value, 0, $ttl);
         }
 
-        // @phpstan-ignore-next-line
         return false;
     }
 
@@ -205,7 +204,6 @@ public function increment(string $key, int $offset = 1)
 
         $key = static::validateKey($key, $this->prefix);
 
-        // @phpstan-ignore-next-line
         return $this->memcached->increment($key, $offset, $offset, 60);
     }
 
@@ -221,7 +219,7 @@ public function decrement(string $key, int $offset = 1)
         $key = static::validateKey($key, $this->prefix);
 
         // FIXME: third parameter isn't other handler actions.
-        // @phpstan-ignore-next-line
+
         return $this->memcached->decrement($key, $offset, $offset, 60);
     }
 

system/CodeIgniter.php

@@ -12,6 +12,7 @@
 namespace CodeIgniter;
 
 use Closure;
+use CodeIgniter\Debug\Kint\RichRenderer;
 use CodeIgniter\Debug\Timer;
 use CodeIgniter\Events\Events;
 use CodeIgniter\Exceptions\FrameworkException;
@@ -33,7 +34,6 @@
 use Exception;
 use Kint;
 use Kint\Renderer\CliRenderer;
-use Kint\Renderer\RichRenderer;
 
 /**
  * This class is the core of the framework, and will analyse the
@@ -45,7 +45,7 @@ class CodeIgniter
     /**
      * The current version of CodeIgniter Framework
      */
-    public const CI_VERSION = '4.1.5';
+    public const CI_VERSION = '4.1.6';
 
     private const MIN_PHP_VERSION = '7.3';
 
@@ -249,19 +249,21 @@ protected function initializeKint()
          */
         $config = config('Config\Kint');
 
-        Kint::$max_depth           = $config->maxDepth;
+        Kint::$depth_limit         = $config->maxDepth;
         Kint::$display_called_from = $config->displayCalledFrom;
         Kint::$expanded            = $config->expanded;
 
         if (! empty($config->plugins) && is_array($config->plugins)) {
             Kint::$plugins = $config->plugins;
         }
 
+        Kint::$renderers[Kint::MODE_RICH] = RichRenderer::class;
+
         RichRenderer::$theme  = $config->richTheme;
         RichRenderer::$folder = $config->richFolder;
         RichRenderer::$sort   = $config->richSort;
         if (! empty($config->richObjectPlugins) && is_array($config->richObjectPlugins)) {
-            RichRenderer::$object_plugins = $config->richObjectPlugins;
+            RichRenderer::$value_plugins = $config->richObjectPlugins;
         }
         if (! empty($config->richTabPlugins) && is_array($config->richTabPlugins)) {
             RichRenderer::$tab_plugins = $config->richTabPlugins;
@@ -537,7 +539,6 @@ protected function getRequestObject()
             return;
         }
 
-        // @phpstan-ignore-next-line
         if (is_cli() && ENVIRONMENT !== 'testing') {
             // @codeCoverageIgnoreStart
             $this->request = Services::clirequest($this->config);
@@ -721,7 +722,7 @@ protected function tryToRouteIt(?RouteCollectionInterface $routes = null)
         // If a {locale} segment was matched in the final route,
         // then we need to set the correct locale on our Request.
         if ($this->router->hasLocale()) {
-            $this->request->setLocale($this->router->getLocale()); // @phpstan-ignore-line
+            $this->request->setLocale($this->router->getLocale());
         }
 
         $this->benchmark->stop('routing');
@@ -816,7 +817,7 @@ protected function createController()
     protected function runController($class)
     {
         // If this is a console request then use the input segments as parameters
-        $params = defined('SPARKED') ? $this->request->getSegments() : $this->router->params(); // @phpstan-ignore-line
+        $params = defined('SPARKED') ? $this->request->getSegments() : $this->router->params();
 
         if (method_exists($class, '_remap')) {
             $output = $class->_remap($this->method, ...$params);
@@ -969,7 +970,7 @@ public function spoofRequestMethod()
             return;
         }
 
-        $method = $this->request->getPost('_method'); // @phpstan-ignore-line
+        $method = $this->request->getPost('_method');
 
         if (empty($method)) {
             return;

system/Common.php

@@ -380,7 +380,7 @@ function env(string $key, $default = null)
      * If $data is an array, then it loops over it, escaping each
      * 'value' of the key/value pairs.
      *
-     * Valid context values: html, js, css, url, attr, raw, null
+     * Valid context values: html, js, css, url, attr, raw
      *
      * @param array|string $data
      * @param string       $encoding
@@ -480,9 +480,9 @@ function force_https(int $duration = 31536000, ?RequestInterface $request = null
         $uri = URI::createURIString(
             'https',
             $baseURL,
-            $request->uri->getPath(), // Absolute URIs should use a "/" for an empty path
-            $request->uri->getQuery(),
-            $request->uri->getFragment()
+            $request->getUri()->getPath(), // Absolute URIs should use a "/" for an empty path
+            $request->getUri()->getQuery(),
+            $request->getUri()->getFragment()
         );
 
         // Set an HSTS header
@@ -643,16 +643,13 @@ function helper($filenames)
      */
     function is_cli(): bool
     {
-        if (defined('STDIN')) {
+        if (in_array(PHP_SAPI, ['cli', 'phpdbg'], true)) {
             return true;
         }
 
-        if (! isset($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']) && isset($_SERVER['argv']) && count($_SERVER['argv']) > 0) {
-            return true;
-        }
-
-        // if source of request is from CLI, the `$_SERVER` array will not populate this key
-        return ! isset($_SERVER['REQUEST_METHOD']);
+        // PHP_SAPI could be 'cgi-fcgi', 'fpm-fcgi'.
+        // See https://github.com/codeigniter4/CodeIgniter4/pull/5393
+        return ! isset($_SERVER['REMOTE_ADDR']) && ! isset($_SERVER['REQUEST_METHOD']);
     }
 }
 
@@ -813,11 +810,6 @@ function old(string $key, $default = null, $escape = 'html')
             return $default;
         }
 
-        // If the result was serialized array or string, then unserialize it for use...
-        if (is_string($value) && (strpos($value, 'a:') === 0 || strpos($value, 's:') === 0)) {
-            $value = unserialize($value);
-        }
-
         return $escape === false ? $value : esc($value, $escape);
     }
 }
@@ -1156,7 +1148,6 @@ function class_uses_recursive($class)
 
         $results = [];
 
-        // @phpstan-ignore-next-line
         foreach (array_reverse(class_parents($class)) + [$class => $class] as $class) {
             $results += trait_uses_recursive($class);
         }