From 87796a09799b0bfa37ec52475c25cbb5c5b46349 Mon Sep 17 00:00:00 2001
From: Paulo Esteves <pjesteves@outlook.pt>
Date: Tue, 26 Sep 2023 10:37:47 +0100
Subject: [PATCH 1/4] remove $_SESSION from methods and functions

---
 system/CodeIgniter.php          |  4 ++--
 system/HTTP/IncomingRequest.php | 29 ++++++++++++++++++-----------
 system/Helpers/form_helper.php  |  6 +++---
 system/Helpers/url_helper.php   |  6 +++++-
 4 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/system/CodeIgniter.php b/system/CodeIgniter.php
index 4bde1c042b6d..dd00746bf567 100644
--- a/system/CodeIgniter.php
+++ b/system/CodeIgniter.php
@@ -1064,13 +1064,13 @@ public function storePreviousURL($uri)
         }
 
         if (isset($_SESSION)) {
-            $_SESSION['_ci_previous_url'] = URI::createURIString(
+            session()->set('_ci_previous_url', URI::createURIString(
                 $uri->getScheme(),
                 $uri->getAuthority(),
                 $uri->getPath(),
                 $uri->getQuery(),
                 $uri->getFragment()
-            );
+            ));
         }
     }
 
diff --git a/system/HTTP/IncomingRequest.php b/system/HTTP/IncomingRequest.php
index 458e8ef88043..079a3b69d02f 100755
--- a/system/HTTP/IncomingRequest.php
+++ b/system/HTTP/IncomingRequest.php
@@ -827,35 +827,42 @@ public function getUserAgent()
      */
     public function getOldInput(string $key)
     {
-        // If the session hasn't been started, or no
-        // data was previously saved, we're done.
-        if (empty($_SESSION['_ci_old_input'])) {
+        // If the session hasn't been started, we're done.
+        if (! isset($_SESSION)) {
+            return null;
+        }
+
+        // Get previously saved in session
+        $old = session('_ci_old_input');
+
+        // If no data was previously saved, we're done.
+        if ($old === null) {
             return null;
         }
 
         // Check for the value in the POST array first.
-        if (isset($_SESSION['_ci_old_input']['post'][$key])) {
-            return $_SESSION['_ci_old_input']['post'][$key];
+        if (isset($old['post'][$key])) {
+            return $old['post'][$key];
         }
 
         // Next check in the GET array.
-        if (isset($_SESSION['_ci_old_input']['get'][$key])) {
-            return $_SESSION['_ci_old_input']['get'][$key];
+        if (isset($old['get'][$key])) {
+            return $old['get'][$key];
         }
 
         helper('array');
 
         // Check for an array value in POST.
-        if (isset($_SESSION['_ci_old_input']['post'])) {
-            $value = dot_array_search($key, $_SESSION['_ci_old_input']['post']);
+        if (isset($old['post'])) {
+            $value = dot_array_search($key, $old['post']);
             if ($value !== null) {
                 return $value;
             }
         }
 
         // Check for an array value in GET.
-        if (isset($_SESSION['_ci_old_input']['get'])) {
-            $value = dot_array_search($key, $_SESSION['_ci_old_input']['get']);
+        if (isset($old['get'])) {
+            $value = dot_array_search($key, $old['get']);
             if ($value !== null) {
                 return $value;
             }
diff --git a/system/Helpers/form_helper.php b/system/Helpers/form_helper.php
index 7f8f191a3a6f..7edb05cf1de3 100644
--- a/system/Helpers/form_helper.php
+++ b/system/Helpers/form_helper.php
@@ -701,12 +701,12 @@ function set_radio(string $field, string $value = '', bool $default = false): st
      */
     function validation_errors()
     {
-        session();
+        $errors = session('_ci_validation_errors');
 
         // Check the session to see if any were
         // passed along from a redirect withErrors() request.
-        if (isset($_SESSION['_ci_validation_errors']) && (ENVIRONMENT === 'testing' || ! is_cli())) {
-            return $_SESSION['_ci_validation_errors'];
+        if ($errors !== null && (ENVIRONMENT === 'testing' || ! is_cli())) {
+            return $errors;
         }
 
         $validation = Services::validation();
diff --git a/system/Helpers/url_helper.php b/system/Helpers/url_helper.php
index a74fe944f148..dce4b26a0b50 100644
--- a/system/Helpers/url_helper.php
+++ b/system/Helpers/url_helper.php
@@ -88,8 +88,12 @@ function previous_url(bool $returnObject = false)
     {
         // Grab from the session first, if we have it,
         // since it's more reliable and safer.
+        if (isset($_SESSION)) {
+            $referer = session('_ci_previous_url');
+        }
+
         // Otherwise, grab a sanitized version from $_SERVER.
-        $referer = $_SESSION['_ci_previous_url'] ?? Services::request()->getServer('HTTP_REFERER', FILTER_SANITIZE_URL);
+        $referer ??= Services::request()->getServer('HTTP_REFERER', FILTER_SANITIZE_URL);
 
         $referer ??= site_url('/');
 

From 88a842f9ec32f366b042cd91577022082efcee92 Mon Sep 17 00:00:00 2001
From: Paulo Esteves <pjesteves@outlook.pt>
Date: Tue, 26 Sep 2023 10:55:59 +0100
Subject: [PATCH 2/4] update phpstan-baseline.php

---
 phpstan-baseline.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpstan-baseline.php b/phpstan-baseline.php
index 8a3e75dfb0ce..f538808f40c4 100644
--- a/phpstan-baseline.php
+++ b/phpstan-baseline.php
@@ -2313,7 +2313,7 @@
 ];
 $ignoreErrors[] = [
 	'message' => '#^Construct empty\\(\\) is not allowed\\. Use more strict comparison\\.$#',
-	'count' => 7,
+	'count' => 6,
 	'path' => __DIR__ . '/system/HTTP/IncomingRequest.php',
 ];
 $ignoreErrors[] = [

From b357e471989d9d1f00f14ef7cd0ff7e169ae8700 Mon Sep 17 00:00:00 2001
From: Paulo Esteves <pjesteves@outlook.pt>
Date: Thu, 28 Sep 2023 11:09:10 +0100
Subject: [PATCH 3/4] update tests

---
 tests/system/CodeIgniterTest.php               |  2 ++
 tests/system/Helpers/URLHelper/MiscUrlTest.php | 16 ++++++++++++++--
 tests/system/View/ParserPluginTest.php         |  8 +++++++-
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/tests/system/CodeIgniterTest.php b/tests/system/CodeIgniterTest.php
index 5fae784b51c5..54ea3d10445c 100644
--- a/tests/system/CodeIgniterTest.php
+++ b/tests/system/CodeIgniterTest.php
@@ -27,6 +27,8 @@
 use Tests\Support\Filters\Customfilter;
 
 /**
+ * @runTestsInSeparateProcesses
+ *
  * @backupGlobals enabled
  *
  * @internal
diff --git a/tests/system/Helpers/URLHelper/MiscUrlTest.php b/tests/system/Helpers/URLHelper/MiscUrlTest.php
index 4767dbf0cbfd..73ce680ea757 100644
--- a/tests/system/Helpers/URLHelper/MiscUrlTest.php
+++ b/tests/system/Helpers/URLHelper/MiscUrlTest.php
@@ -52,13 +52,19 @@ protected function tearDown(): void
         $_SERVER = [];
     }
 
+    /**
+     * @runInSeparateProcess
+     * @preserveGlobalState disabled
+     *
+     * @group SeparateProcess
+     */
     public function testPreviousURLUsesSessionFirst(): void
     {
         $uri1 = 'http://example.com/one?two';
         $uri2 = 'http://example.com/two?foo';
 
-        $_SERVER['HTTP_REFERER']      = $uri1;
-        $_SESSION['_ci_previous_url'] = $uri2;
+        $_SERVER['HTTP_REFERER'] = $uri1;
+        session()->set('_ci_previous_url', $uri2);
 
         $this->config->baseURL = 'http://example.com/public';
 
@@ -80,6 +86,12 @@ private function createRequest(string $uri): void
         Factories::injectMock('config', 'App', $this->config);
     }
 
+    /**
+     * @runInSeparateProcess
+     * @preserveGlobalState disabled
+     *
+     * @group SeparateProcess
+     */
     public function testPreviousURLUsesRefererIfNeeded(): void
     {
         $uri1 = 'http://example.com/one?two';
diff --git a/tests/system/View/ParserPluginTest.php b/tests/system/View/ParserPluginTest.php
index 53caa6389213..b5e4c9047297 100644
--- a/tests/system/View/ParserPluginTest.php
+++ b/tests/system/View/ParserPluginTest.php
@@ -42,12 +42,18 @@ public function testCurrentURL(): void
         $this->assertSame(current_url(), $this->parser->renderString($template));
     }
 
+    /**
+     * @runInSeparateProcess
+     * @preserveGlobalState disabled
+     *
+     * @group SeparateProcess
+     */
     public function testPreviousURL(): void
     {
         $template = '{+ previous_url +}';
 
         // Ensure a previous URL exists to work with.
-        $_SESSION['_ci_previous_url'] = 'http://example.com/foo';
+        session()->set('_ci_previous_url', 'http://example.com/foo');
 
         $this->assertSame(previous_url(), $this->parser->renderString($template));
     }

From b5d123abbd3eab20ddd17be122bacfca8203654f Mon Sep 17 00:00:00 2001
From: Paulo Esteves <pjesteves@outlook.pt>
Date: Sun, 1 Oct 2023 18:31:04 +0100
Subject: [PATCH 4/4] reduce code as suggested

Co-authored-by: Mostafa Khudair <59371810+mostafakhudair@users.noreply.github.com>
---
 system/Helpers/url_helper.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/system/Helpers/url_helper.php b/system/Helpers/url_helper.php
index dce4b26a0b50..27e3ce1d079f 100644
--- a/system/Helpers/url_helper.php
+++ b/system/Helpers/url_helper.php
@@ -93,9 +93,7 @@ function previous_url(bool $returnObject = false)
         }
 
         // Otherwise, grab a sanitized version from $_SERVER.
-        $referer ??= Services::request()->getServer('HTTP_REFERER', FILTER_SANITIZE_URL);
-
-        $referer ??= site_url('/');
+        $referer ??= request()->getServer('HTTP_REFERER', FILTER_SANITIZE_URL) ?? site_url('/');
 
         return $returnObject ? new URI($referer) : $referer;
     }