Release v4.1.6

LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2014-2019 British Columbia Institute of Technology
-Copyright (c) 2019-2021 CodeIgniter Foundation
+Copyright (c) 2019-2022 CodeIgniter Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/Config/Filters.php

@@ -6,6 +6,8 @@
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
 use CodeIgniter\Filters\Honeypot;
+use CodeIgniter\Filters\InvalidChars;
+use CodeIgniter\Filters\SecureHeaders;
 
 class Filters extends BaseConfig
 {
@@ -16,9 +18,11 @@ class Filters extends BaseConfig
  * @var array
  */
  public $aliases = [
- 'csrf' => CSRF::class,
- 'toolbar' => DebugToolbar::class,
- 'honeypot' => Honeypot::class,
+ 'csrf' => CSRF::class,
+ 'toolbar' => DebugToolbar::class,
+ 'honeypot' => Honeypot::class,
+ 'invalidchars' => InvalidChars::class,
+ 'secureheaders' => SecureHeaders::class,
  ];
 
  /**
@@ -31,10 +35,12 @@ class Filters extends BaseConfig
  'before' => [
  // 'honeypot',
  // 'csrf',
+ // 'invalidchars',
  ],
  'after' => [
  'toolbar',
  // 'honeypot',
+ // 'secureheaders',
  ],
  ];
 

app/Config/Mimes.php

@@ -509,7 +509,7 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt
  {
  $type = trim(strtolower($type), '. ');
 
- $proposedExtension = trim(strtolower($proposedExtension));
+ $proposedExtension = trim(strtolower($proposedExtension ?? ''));
 
  if ($proposedExtension !== '') {
  if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {

app/Config/Security.php

@@ -17,6 +17,17 @@ class Security extends BaseConfig
  */
  public $csrfProtection = 'cookie';
 
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Token Randomization
+ * --------------------------------------------------------------------------
+ *
+ * Randomize the CSRF Token for added security.
+ *
+ * @var bool
+ */
+ public $tokenRandomize = false;
+
  /**
  * --------------------------------------------------------------------------
  * CSRF Token Name

app/Config/Toolbar.php

@@ -44,6 +44,18 @@ class Toolbar extends BaseConfig
  Events::class,
  ];
 
+ /**
+ * --------------------------------------------------------------------------
+ * Collect Var Data
+ * --------------------------------------------------------------------------
+ *
+ * If set to false var data from the views will not be colleted. Usefull to
+ * avoid high memory usage when there are lots of data passed to the view.
+ *
+ * @var bool
+ */
+ public $collectVarData = true;
+
  /**
  * --------------------------------------------------------------------------
  * Max History

app/Views/errors/html/error_exception.php

@@ -195,7 +195,7 @@
  <tbody>
  <tr>
  <td style="width: 10em">Path</td>
- <td><?= esc($request->uri) ?></td>
+ <td><?= esc($request->getUri()) ?></td>
  </tr>
  <tr>
  <td>HTTP Method</td>

env

@@ -111,6 +111,7 @@
 #--------------------------------------------------------------------
 
 # security.csrfProtection = 'cookie'
+# security.tokenRandomize = false
 # security.tokenName = 'csrf_token_name'
 # security.headerName = 'X-CSRF-TOKEN'
 # security.cookieName = 'csrf_cookie_name'

system/Autoloader/Autoloader.php

@@ -114,10 +114,10 @@ public function initialize(Autoload $config, Modules $modules)
  public function register()
  {
  // Prepend the PSR4 autoloader for maximum performance.
- spl_autoload_register([$this, 'loadClass'], true, true); // @phpstan-ignore-line
+ spl_autoload_register([$this, 'loadClass'], true, true);
 
  // Now prepend another loader for the files in our class map.
- spl_autoload_register([$this, 'loadClassmap'], true, true); // @phpstan-ignore-line
+ spl_autoload_register([$this, 'loadClassmap'], true, true);
 
  // Load our non-class files
  foreach ($this->files as $file) {

system/Autoloader/FileLocator.php

@@ -55,6 +55,7 @@ public function locateFile(string $file, ?string $folder = null, string $ext = '
 
  // Standardize slashes to handle nested directories.
  $file = strtr($file, '/', '\\');
+ $file = ltrim($file, '\\');
 
  $segments = explode('\\', $file);
 
@@ -64,23 +65,20 @@ public function locateFile(string $file, ?string $folder = null, string $ext = '
  }
 
  $paths = [];
- $prefix = '';
  $filename = '';
 
  // Namespaces always comes with arrays of paths
  $namespaces = $this->autoloader->getNamespace();
 
- while (! empty($segments)) {
- $prefix .= empty($prefix) ? array_shift($segments) : '\\' . array_shift($segments);
+ foreach (array_keys($namespaces) as $namespace) {
+ if (substr($file, 0, strlen($namespace)) === $namespace) {
+ // There may be sub-namespaces of the same vendor,
+ // so overwrite them with namespaces found later.
+ $paths = $namespaces[$namespace];
 
- if (empty($namespaces[$prefix])) {
- continue;
+  $fileWithoutNamespace = substr($file, strlen($namespace));
+ $filename = ltrim(str_replace('\\', '/', $fileWithoutNamespace), '/');
  }
-
- $paths = $namespaces[$prefix];
-
- $filename = implode('/', $segments);
- break;
  }
 
  // if no namespaces matched then quit

system/BaseModel.php

@@ -1578,7 +1578,7 @@ protected function transformDataToArray($data, string $type): array
  // properties representing the collection elements, we need to grab
  // them as an array.
  if (is_object($data) && ! $data instanceof stdClass) {
- $data = $this->objectToArray($data, true, true);
+ $data = $this->objectToArray($data, ($type === 'update'), true);
  }
 
  // If it's still a stdClass, go ahead and convert to

system/CLI/CLI.php

@@ -865,10 +865,12 @@ public static function getOptionString(bool $useLongOpts = false, bool $trim = f
  $out .= "-{$name} ";
  }
 
- // If there's a space, we need to group
- // so it will pass correctly.
+ if ($value === null) {
+ continue;
+ }
+
  if (mb_strpos($value, ' ') !== false) {
- $out .= '"' . $value . '" ';
+ $out .= "\"{$value}\" ";
  } elseif ($value !== null) {
  $out .= "{$value} ";
  }

system/Cache/Handlers/FileHandler.php

@@ -241,7 +241,6 @@ protected function getItem(string $filename)
  return false;
  }
 
- // @phpstan-ignore-next-line
  if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl']) {
  // If the file is still there then try to remove it
  if (is_file($this->path . $filename)) {

system/Cache/Handlers/MemcachedHandler.php

@@ -146,7 +146,7 @@ public function get(string $key)
  }
  }
 
- return is_array($data) ? $data[0] : $data; // @phpstan-ignore-line
+ return is_array($data) ? $data[0] : $data;
  }
 
  /**
@@ -172,7 +172,6 @@ public function save(string $key, $value, int $ttl = 60)
  return $this->memcached->set($key, $value, 0, $ttl);
  }
 
- // @phpstan-ignore-next-line
  return false;
  }
 
@@ -205,7 +204,6 @@ public function increment(string $key, int $offset = 1)
 
  $key = static::validateKey($key, $this->prefix);
 
- // @phpstan-ignore-next-line
  return $this->memcached->increment($key, $offset, $offset, 60);
  }
 
@@ -221,7 +219,7 @@ public function decrement(string $key, int $offset = 1)
  $key = static::validateKey($key, $this->prefix);
 
  // FIXME: third parameter isn't other handler actions.
- // @phpstan-ignore-next-line
+
  return $this->memcached->decrement($key, $offset, $offset, 60);
  }
 

system/CodeIgniter.php

@@ -12,6 +12,7 @@
 namespace CodeIgniter;
 
 use Closure;
+use CodeIgniter\Debug\Kint\RichRenderer;
 use CodeIgniter\Debug\Timer;
 use CodeIgniter\Events\Events;
 use CodeIgniter\Exceptions\FrameworkException;
@@ -33,7 +34,6 @@
 use Exception;
 use Kint;
 use Kint\Renderer\CliRenderer;
-use Kint\Renderer\RichRenderer;
 
 /**
  * This class is the core of the framework, and will analyse the
@@ -45,7 +45,7 @@ class CodeIgniter
  /**
  * The current version of CodeIgniter Framework
  */
- public const CI_VERSION = '4.1.5';
+ public const CI_VERSION = '4.1.6';
 
  private const MIN_PHP_VERSION = '7.3';
 
@@ -249,19 +249,21 @@ protected function initializeKint()
  */
  $config = config('Config\Kint');
 
- Kint::$max_depth  = $config->maxDepth;
+ Kint::$depth_limit = $config->maxDepth;
  Kint::$display_called_from = $config->displayCalledFrom;
  Kint::$expanded = $config->expanded;
 
  if (! empty($config->plugins) && is_array($config->plugins)) {
  Kint::$plugins = $config->plugins;
  }
 
+ Kint::$renderers[Kint::MODE_RICH] = RichRenderer::class;
+
  RichRenderer::$theme = $config->richTheme;
  RichRenderer::$folder = $config->richFolder;
  RichRenderer::$sort = $config->richSort;
  if (! empty($config->richObjectPlugins) && is_array($config->richObjectPlugins)) {
- RichRenderer::$object_plugins = $config->richObjectPlugins;
+ RichRenderer::$value_plugins = $config->richObjectPlugins;
  }
  if (! empty($config->richTabPlugins) && is_array($config->richTabPlugins)) {
  RichRenderer::$tab_plugins = $config->richTabPlugins;
@@ -537,7 +539,6 @@ protected function getRequestObject()
  return;
  }
 
- // @phpstan-ignore-next-line
  if (is_cli() && ENVIRONMENT !== 'testing') {
  // @codeCoverageIgnoreStart
  $this->request = Services::clirequest($this->config);
@@ -721,7 +722,7 @@ protected function tryToRouteIt(?RouteCollectionInterface $routes = null)
  // If a {locale} segment was matched in the final route,
  // then we need to set the correct locale on our Request.
  if ($this->router->hasLocale()) {
- $this->request->setLocale($this->router->getLocale()); // @phpstan-ignore-line
+ $this->request->setLocale($this->router->getLocale());
  }
 
  $this->benchmark->stop('routing');
@@ -816,7 +817,7 @@ protected function createController()
  protected function runController($class)
  {
  // If this is a console request then use the input segments as parameters
- $params = defined('SPARKED') ? $this->request->getSegments() : $this->router->params(); // @phpstan-ignore-line
+ $params = defined('SPARKED') ? $this->request->getSegments() : $this->router->params();
 
  if (method_exists($class, '_remap')) {
  $output = $class->_remap($this->method, ...$params);
@@ -969,7 +970,7 @@ public function spoofRequestMethod()
  return;
  }
 
- $method = $this->request->getPost('_method'); // @phpstan-ignore-line
+ $method = $this->request->getPost('_method');
 
  if (empty($method)) {
  return;

system/Common.php

@@ -380,7 +380,7 @@ function env(string $key, $default = null)
  * If $data is an array, then it loops over it, escaping each
  * 'value' of the key/value pairs.
  *
- * Valid context values: html, js, css, url, attr, raw, null
+ * Valid context values: html, js, css, url, attr, raw
  *
  * @param array|string $data
  * @param string $encoding
@@ -480,9 +480,9 @@ function force_https(int $duration = 31536000, ?RequestInterface $request = null
  $uri = URI::createURIString(
  'https',
  $baseURL,
- $request->uri->getPath(), // Absolute URIs should use a "/" for an empty path
- $request->uri->getQuery(),
- $request->uri->getFragment()
+ $request->getUri()->getPath(), // Absolute URIs should use a "/" for an empty path
+ $request->getUri()->getQuery(),
+ $request->getUri()->getFragment()
  );
 
  // Set an HSTS header
@@ -643,16 +643,13 @@ function helper($filenames)
  */
  function is_cli(): bool
  {
- if (defined('STDIN')) {
+ if (in_array(PHP_SAPI, ['cli', 'phpdbg'], true)) {
  return true;
  }
 
- if (! isset($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']) && isset($_SERVER['argv']) && count($_SERVER['argv']) > 0) {
- return true;
- }
-
- // if source of request is from CLI, the `$_SERVER` array will not populate this key
- return ! isset($_SERVER['REQUEST_METHOD']);
+ // PHP_SAPI could be 'cgi-fcgi', 'fpm-fcgi'.
+ // See https://github.com/codeigniter4/CodeIgniter4/pull/5393
+ return ! isset($_SERVER['REMOTE_ADDR']) && ! isset($_SERVER['REQUEST_METHOD']);
  }
 }
 
@@ -813,11 +810,6 @@ function old(string $key, $default = null, $escape = 'html')
  return $default;
  }
 
- // If the result was serialized array or string, then unserialize it for use...
- if (is_string($value) && (strpos($value, 'a:') === 0 || strpos($value, 's:') === 0)) {
- $value = unserialize($value);
- }
-
  return $escape === false ? $value : esc($value, $escape);
  }
 }
@@ -1156,7 +1148,6 @@ function class_uses_recursive($class)
 
  $results = [];
 
- // @phpstan-ignore-next-line
  foreach (array_reverse(class_parents($class)) + [$class => $class] as $class) {
  $results += trait_uses_recursive($class);
  }