Release v4.1.5

codeigniter4 · Nov 8, 2021 · 27eb447 · 27eb447
1 parent b0868b9
commit 27eb447
Show file tree

Hide file tree

Showing 98 changed files with 2,931 additions and 818 deletions.
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@ framework are exposed.
 
 ## Repository Management
 
-We use Github issues, in our main repository, to track **BUGS** and to track approved **DEVELOPMENT** work packages.
+We use GitHub issues, in our main repository, to track **BUGS** and to track approved **DEVELOPMENT** work packages.
 We use our [forum](http://forum.codeigniter.com) to provide SUPPORT and to discuss
 FEATURE REQUESTS.
 

diff --git a/app/Config/CURLRequest.php b/app/Config/CURLRequest.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class CURLRequest extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * CURLRequest Share Options
+     * --------------------------------------------------------------------------
+     *
+     * Whether share options between requests or not.
+     *
+     * If true, all the options won't be reset between requests.
+     * It may cause an error request with unnecessary headers.
+     *
+     * @var bool
+     */
+    public $shareOptions = true;
+}
diff --git a/app/Config/Cache.php b/app/Config/Cache.php
@@ -97,6 +97,20 @@ class Cache extends BaseConfig
      */
     public $ttl = 60;
 
+    /**
+     * --------------------------------------------------------------------------
+     * Reserved Characters
+     * --------------------------------------------------------------------------
+     *
+     * A string of reserved characters that will not be allowed in keys or tags.
+     * Strings that violate this restriction will cause handlers to throw.
+     * Default: {}()/\@:
+     * Note: The default set is required for PSR-6 compliance.
+     *
+     * @var string
+     */
+    public $reservedCharacters = '{}()/\@:';
+
     /**
      * --------------------------------------------------------------------------
      * File settings

diff --git a/app/Config/Feature.php b/app/Config/Feature.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * Enable/disable backward compatibility breaking features.
+ */
+class Feature extends BaseConfig
+{
+    /**
+     * Enable multiple filters for a route or not
+     *
+     * If you enable this:
+     *   - CodeIgniter\CodeIgniter::handleRequest() uses:
+     *     - CodeIgniter\Filters\Filters::enableFilters(), instead of enableFilter()
+     *   - CodeIgniter\CodeIgniter::tryToRouteIt() uses:
+     *     - CodeIgniter\Router\Router::getFilters(), instead of getFilter()
+     *   - CodeIgniter\Router\Router::handle() uses:
+     *     - property $filtersInfo, instead of $filterInfo
+     *     - CodeIgniter\Router\RouteCollection::getFiltersForRoute(), instead of getFilterForRoute()
+     *
+     * @var bool
+     */
+    public $multipleFilters = false;
+}
diff --git a/app/Config/Generators.php b/app/Config/Generators.php
@@ -27,6 +27,7 @@ class Generators extends BaseConfig
      */
     public $views = [
         'make:command'      => 'CodeIgniter\Commands\Generators\Views\command.tpl.php',
+        'make:config'       => 'CodeIgniter\Commands\Generators\Views\config.tpl.php',
         'make:controller'   => 'CodeIgniter\Commands\Generators\Views\controller.tpl.php',
         'make:entity'       => 'CodeIgniter\Commands\Generators\Views\entity.tpl.php',
         'make:filter'       => 'CodeIgniter\Commands\Generators\Views\filter.tpl.php',

diff --git a/app/Config/Kint.php b/app/Config/Kint.php
@@ -24,38 +24,28 @@ class Kint extends BaseConfig
     */
 
     public $plugins;
-
-    public $maxDepth = 6;
-
+    public $maxDepth          = 6;
     public $displayCalledFrom = true;
-
-    public $expanded = false;
+    public $expanded          = false;
 
     /*
     |--------------------------------------------------------------------------
     | RichRenderer Settings
     |--------------------------------------------------------------------------
     */
-    public $richTheme = 'aante-light.css';
-
+    public $richTheme  = 'aante-light.css';
     public $richFolder = false;
-
-    public $richSort = Renderer::SORT_FULL;
-
+    public $richSort   = Renderer::SORT_FULL;
     public $richObjectPlugins;
-
     public $richTabPlugins;
 
     /*
     |--------------------------------------------------------------------------
     | CLI Settings
     |--------------------------------------------------------------------------
     */
-    public $cliColors = true;
-
-    public $cliForceUTF8 = false;
-
+    public $cliColors      = true;
+    public $cliForceUTF8   = false;
     public $cliDetectWidth = true;
-
-    public $cliMinWidth = 40;
+    public $cliMinWidth    = 40;
 }
diff --git a/app/Config/Publisher.php b/app/Config/Publisher.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\Publisher as BasePublisher;
+
+/**
+ * Publisher Configuration
+ *
+ * Defines basic security restrictions for the Publisher class
+ * to prevent abuse by injecting malicious files into a project.
+ */
+class Publisher extends BasePublisher
+{
+    /**
+     * A list of allowed destinations with a (pseudo-)regex
+     * of allowed files for each destination.
+     * Attempts to publish to directories not in this list will
+     * result in a PublisherException. Files that do no fit the
+     * pattern will cause copy/merge to fail.
+     *
+     * @var array<string,string>
+     */
+    public $restrictions = [
+        ROOTPATH => '*',
+        FCPATH   => '#\.(?css|js|map|htm?|xml|json|webmanifest|tff|eot|woff?|gif|jpe?g|tiff?|png|webp|bmp|ico|svg)$#i',
+    ];
+}
diff --git a/app/Config/Security.php b/app/Config/Security.php
@@ -6,12 +6,23 @@
 
 class Security extends BaseConfig
 {
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Protection Method
+     * --------------------------------------------------------------------------
+     *
+     * Protection Method for Cross Site Request Forgery protection.
+     *
+     * @var string 'cookie' or 'session'
+     */
+    public $csrfProtection = 'cookie';
+
     /**
      * --------------------------------------------------------------------------
      * CSRF Token Name
      * --------------------------------------------------------------------------
      *
-     * Token name for Cross Site Request Forgery protection cookie.
+     * Token name for Cross Site Request Forgery protection.
      *
      * @var string
      */
@@ -22,7 +33,7 @@ class Security extends BaseConfig
      * CSRF Header Name
      * --------------------------------------------------------------------------
      *
-     * Token name for Cross Site Request Forgery protection cookie.
+     * Header name for Cross Site Request Forgery protection.
      *
      * @var string
      */
@@ -33,7 +44,7 @@ class Security extends BaseConfig
      * CSRF Cookie Name
      * --------------------------------------------------------------------------
      *
-     * Cookie name for Cross Site Request Forgery protection cookie.
+     * Cookie name for Cross Site Request Forgery protection.
      *
      * @var string
      */
@@ -57,7 +68,7 @@ class Security extends BaseConfig
      * CSRF Regenerate
      * --------------------------------------------------------------------------
      *
-     * Regenerate CSRF Token on every request.
+     * Regenerate CSRF Token on every submission.
      *
      * @var bool
      */

diff --git a/app/Views/welcome_message.php b/app/Views/welcome_message.php
@@ -163,7 +163,7 @@
 			color: rgba(200, 200, 200, 1);
 			padding: .25rem 1.75rem;
 		}
-		@media (max-width: 559px) {
+		@media (max-width: 629px) {
 			header ul {
 				padding: 0;
 			}

diff --git a/composer.json b/composer.json
@@ -11,7 +11,7 @@
         "ext-json": "*",
         "ext-mbstring": "*",
         "kint-php/kint": "^3.3",
-        "laminas/laminas-escaper": "^2.8",
+        "laminas/laminas-escaper": "^2.9",
         "psr/log": "^1.1"
     },
     "require-dev": {

diff --git a/env b/env
@@ -110,6 +110,7 @@
 # SECURITY
 #--------------------------------------------------------------------
 
+# security.csrfProtection = 'cookie'
 # security.tokenName = 'csrf_token_name'
 # security.headerName = 'X-CSRF-TOKEN'
 # security.cookieName = 'csrf_cookie_name'
@@ -123,3 +124,9 @@
 #--------------------------------------------------------------------
 
 # logger.threshold = 4
+
+#--------------------------------------------------------------------
+# CURLRequest
+#--------------------------------------------------------------------
+
+# curlrequest.shareOptions = true
diff --git a/system/BaseModel.php b/system/BaseModel.php
@@ -366,7 +366,7 @@ abstract protected function doInsert(array $data);
      * This methods works only with dbCalls
      *
      * @param array|null $set       An associative array of insert values
-     * @param bool|null  $escape    Whether to escape values and identifiers
+     * @param bool|null  $escape    Whether to escape values
      * @param int        $batchSize The size of the batch to run
      * @param bool       $testing   True means only number of records is returned, false will execute the query
      *
@@ -763,7 +763,7 @@ public function insert($data = null, bool $returnID = true)
      * Compiles batch insert runs the queries, validating each row prior.
      *
      * @param array|null $set       an associative array of insert values
-     * @param bool|null  $escape    Whether to escape values and identifiers
+     * @param bool|null  $escape    Whether to escape values
      * @param int        $batchSize The size of the batch to run
      * @param bool       $testing   True means only number of records is returned, false will execute the query
      *
@@ -1031,6 +1031,10 @@ public function replace(?array $data = null, bool $returnSQL = false)
             return false;
         }
 
+        if ($this->useTimestamps && $this->updatedField && ! array_key_exists($this->updatedField, (array) $data)) {
+            $data[$this->updatedField] = $this->setDate();
+        }
+
         return $this->doReplace($data, $returnSQL);
     }
 
@@ -1079,7 +1083,7 @@ public function paginate(?int $perPage = null, string $group = 'default', ?int $
         // Store it in the Pager library, so it can be paginated in the views.
         $this->pager = $pager->store($group, $page, $perPage, $this->countAllResults(false), $segment);
         $perPage     = $this->pager->getPerPage($group);
-        $offset      = ($page - 1) * $perPage;
+        $offset      = ($pager->getCurrentPage($group) - 1) * $perPage;
 
         return $this->findAll($perPage, $offset);
     }

diff --git a/system/CLI/CLI.php b/system/CLI/CLI.php
@@ -228,38 +228,77 @@ public static function prompt(string $field, $options = null, $validation = null
         }
 
         if (is_string($options)) {
-            $extraOutput = ' [' . static::color($options, 'white') . ']';
+            $extraOutput = ' [' . static::color($options, 'green') . ']';
             $default     = $options;
         }
 
         if (is_array($options) && $options) {
             $opts               = $options;
-            $extraOutputDefault = static::color($opts[0], 'white');
+            $extraOutputDefault = static::color($opts[0], 'green');
 
             unset($opts[0]);
 
             if (empty($opts)) {
                 $extraOutput = $extraOutputDefault;
             } else {
-                $extraOutput  = ' [' . $extraOutputDefault . ', ' . implode(', ', $opts) . ']';
-                $validation[] = 'in_list[' . implode(',', $options) . ']';
+                $extraOutput  = '[' . $extraOutputDefault . ', ' . implode(', ', $opts) . ']';
+                $validation[] = 'in_list[' . implode(', ', $options) . ']';
             }
 
             $default = $options[0];
         }
 
-        static::fwrite(STDOUT, $field . $extraOutput . ': ');
+        static::fwrite(STDOUT, $field . (trim($field) ? ' ' : '') . $extraOutput . ': ');
 
         // Read the input from keyboard.
         $input = trim(static::input()) ?: $default;
 
         if ($validation) {
-            while (! static::validate($field, $input, $validation)) {
+            while (! static::validate(trim($field), $input, $validation)) {
                 $input = static::prompt($field, $options, $validation);
             }
         }
 
-        return empty($input) ? '' : $input;
+        return $input;
+    }
+
+    /**
+     * prompt(), but based on the option's key
+     *
+     * @param array|string      $text       Output "field" text or an one or two value array where the first value is the text before listing the options
+     *                                      and the second value the text before asking to select one option. Provide empty string to omit
+     * @param array             $options    A list of options (array(key => description)), the first option will be the default value
+     * @param array|string|null $validation Validation rules
+     *
+     * @return string The selected key of $options
+     *
+     * @codeCoverageIgnore
+     */
+    public static function promptByKey($text, array $options, $validation = null): string
+    {
+        if (is_string($text)) {
+            $text = [$text];
+        } elseif (! is_array($text)) {
+            throw new InvalidArgumentException('$text can only be of type string|array');
+        }
+
+        if (! $options) {
+            throw new InvalidArgumentException('No options to select from were provided');
+        }
+
+        if ($line = array_shift($text)) {
+            CLI::write($line);
+        }
+
+        // +2 for the square brackets around the key
+        $keyMaxLength = max(array_map('mb_strwidth', array_keys($options))) + 2;
+
+        foreach ($options as $key => $description) {
+            $name = str_pad('  [' . $key . ']  ', $keyMaxLength + 4, ' ');
+            CLI::write(CLI::color($name, 'green') . CLI::wrap($description, 125, $keyMaxLength + 4));
+        }
+
+        return static::prompt(PHP_EOL . array_shift($text), array_keys($options), $validation);
     }
 
     /**

diff --git a/system/CLI/GeneratorTrait.php b/system/CLI/GeneratorTrait.php
@@ -215,14 +215,14 @@ protected function qualifyClassName(): string
         // Trims input, normalize separators, and ensure that all paths are in Pascalcase.
         $class = ltrim(implode('\\', array_map('pascalize', explode('\\', str_replace('/', '\\', trim($class))))), '\\/');
 
-        // Gets the namespace from input.
-        $namespace = trim(str_replace('/', '\\', $this->getOption('namespace') ?? APP_NAMESPACE), '\\');
+        // Gets the namespace from input. Don't forget the ending backslash!
+        $namespace = trim(str_replace('/', '\\', $this->getOption('namespace') ?? APP_NAMESPACE), '\\') . '\\';
 
         if (strncmp($class, $namespace, strlen($namespace)) === 0) {
             return $class; // @codeCoverageIgnore
         }
 
-        return $namespace . '\\' . $this->directory . '\\' . str_replace('/', '\\', $class);
+        return $namespace . $this->directory . '\\' . str_replace('/', '\\', $class);
     }
 
     /**