Merge branch 'hotfix' into develop

CHANGELOG.md

@@ -37,12 +37,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [v4.2.3]
 
 ### Added
-- Config to set Domain of RememberMe Cookie ([#990]; [#991]; Thanks @xrobau!)
+- Config to set Domain of RememberMe Cookie ([#990], [#991]; Thanks @xrobau !)
 - Config settings for password min/max length ([#993])
 
 ### Fixed
-- [PHPMailer] Turn off opportunistic TLS when disabled ([#986]; [#987])
-- Migrator now ignore files that don't end in `.php` ([#965]; Temporary fix for [#998])
+- [PHPMailer] Turn off opportunistic TLS when disabled ([#986], [#987])
+- Migrator now ignore files that don't end in `.php` ([#965], [#998])
+- Respects CSRF_ENABLED environment variable ([#976]; Thanks @Poldovico !)
 
 ## [v4.2.2]
 
@@ -796,6 +797,7 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#963]: https://github.com/userfrosting/UserFrosting/issues/963
 [#965]: https://github.com/userfrosting/UserFrosting/issues/965
 [#968]: https://github.com/userfrosting/UserFrosting/issues/968
+[#976]: https://github.com/userfrosting/UserFrosting/issues/976
 [#981]: https://github.com/userfrosting/UserFrosting/issues/981
 [#983]: https://github.com/userfrosting/UserFrosting/issues/983
 [#986]: https://github.com/userfrosting/UserFrosting/issues/986

app/sprinkles/core/config/default.php

@@ -97,7 +97,7 @@
         * Note : CSRF Middleware should only be disabled for dev or debug purposes.
         */
         'csrf' => [
-            'enabled'          => getenv('CSRF_ENABLED') ?: true,
+            'enabled'          => (getenv('CSRF_ENABLED') !== false) ? getenv('CSRF_ENABLED') : true,
             'name'             => 'csrf',
             'storage_limit'    => 200,
             'strength'         => 16,

app/sprinkles/core/src/Database/Migrator/MigrationLocator.php

@@ -56,7 +56,7 @@ public function getMigrations()
         foreach ($migrationFiles as $migrationFile) {
             // Note that PSR4 insists that all php files must end in PHP, so ignore all
             // files that don't end in PHP.
-            if (preg_match('/php$/', $migrationFile)) {
+            if ($migrationFile->getExtension() == 'php') {
                 $migrations[] = $this->getMigrationDetails($migrationFile);
             }
         }

app/sprinkles/core/tests/Integration/Database/Migrator/MigrationLocatorTest.php

@@ -90,7 +90,13 @@ public function testGetMigrations()
             new Resource($resourceStream, $resourceAccountLocation, 'one/CreatePasswordResetsTable.php'),
             new Resource($resourceStream, $resourceAccountLocation, 'two/CreateFlightsTable.php'),
             new Resource($resourceStream, $resourceAccountLocation, 'CreateMainTable.php'),
-            new Resource($resourceStream, $resourceAccountLocation, 'README.md'), // This shoudn't be returned by the migrator
+
+            // Theses shoudn't be returned by the migrator
+            new Resource($resourceStream, $resourceAccountLocation, 'README.md'),
+            new Resource($resourceStream, $resourceAccountLocation, 'php.md'),
+            new Resource($resourceStream, $resourceAccountLocation, 'foo.foophp'),
+            new Resource($resourceStream, $resourceAccountLocation, 'blah.phpphp'),
+            new Resource($resourceStream, $resourceAccountLocation, 'bar.phpbar'),
         ]);
 
         // Create a new MigrationLocator instance with our simulated ResourceLocation