Release v4.2.8

.gitattributes

@@ -0,0 +1,3 @@
+/.github export-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore

app/Config/Logger.php

@@ -2,8 +2,8 @@
 
 namespace Config;
 
-use CodeIgniter\Log\Handlers\FileHandler;
 use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Log\Handlers\FileHandler;
 
 class Logger extends BaseConfig
 {

app/Views/errors/html/error_exception.php

@@ -270,7 +270,7 @@
 
                 <?php endif; ?>
 
-                <?php $headers = $request->getHeaders(); ?>
+                <?php $headers = $request->headers(); ?>
                 <?php if (! empty($headers)) : ?>
 
                     <h3>Headers</h3>
@@ -318,7 +318,7 @@
                     </tr>
                 </table>
 
-                <?php $headers = $response->getHeaders(); ?>
+                <?php $headers = $response->headers(); ?>
                 <?php if (! empty($headers)) : ?>
                     <?php natsort($headers) ?>
 

composer.json

@@ -17,14 +17,16 @@
     "require-dev": {
         "codeigniter/coding-standard": "^1.5",
         "fakerphp/faker": "^1.9",
-        "friendsofphp/php-cs-fixer": "~3.11.0",
+        "friendsofphp/php-cs-fixer": "~3.12.0",
         "mikey179/vfsstream": "^1.6",
         "nexusphp/cs-config": "^3.6",
         "phpunit/phpunit": "^9.1",
         "predis/predis": "^1.1 || ^2.0"
     },
     "suggest": {
         "ext-imagick": "If you use Image class ImageMagickHandler",
+        "ext-gd": "If you use Image class GDHandler",
+        "ext-exif": "If you run Image class tests",
         "ext-simplexml": "If you format XML",
         "ext-mysqli": "If you use MySQL",
         "ext-oci8": "If you use Oracle Database",
@@ -34,6 +36,8 @@
         "ext-memcache": "If you use Cache class MemcachedHandler with Memcache",
         "ext-memcached": "If you use Cache class MemcachedHandler with Memcached",
         "ext-redis": "If you use Cache class RedisHandler",
+        "ext-dom": "If you use TestResponse",
+        "ext-libxml": "If you use TestResponse",
         "ext-fileinfo": "Improves mime type detection for files",
         "ext-readline": "Improves CLI::input() usability"
     },

system/BaseModel.php

@@ -64,6 +64,7 @@ abstract class BaseModel
      * should be instantiated.
      *
      * @var string
+     * @phpstan-var non-empty-string
      */
     protected $DBGroup;
 
@@ -416,7 +417,7 @@ abstract protected function doDelete($id = null, bool $purge = false);
      * through soft deletes (deleted = 1)
      * This methods works only with dbCalls
      *
-     * @return bool|mixed
+     * @return bool|string Returns a string if in test mode.
      */
     abstract protected function doPurgeDeleted();
 

system/CLI/BaseCommand.php

@@ -119,8 +119,9 @@ protected function showError(Throwable $e)
     {
         $exception = $e;
         $message   = $e->getMessage();
+        $config    = config('Exceptions');
 
-        require APPPATH . 'Views/errors/cli/error_exception.php';
+        require $config->errorViewPath . '/cli/error_exception.php';
     }
 
     /**

system/CodeIgniter.php

@@ -47,7 +47,7 @@ class CodeIgniter
     /**
      * The current version of CodeIgniter Framework
      */
-    public const CI_VERSION = '4.2.7';
+    public const CI_VERSION = '4.2.8';
 
     /**
      * App startup time.
@@ -151,6 +151,11 @@ class CodeIgniter
      */
     protected ?string $context = null;
 
+    /**
+     * Whether to return Response object or send response.
+     */
+    protected bool $returnResponse = false;
+
     /**
      * Constructor.
      */
@@ -291,6 +296,8 @@ protected function initializeKint()
      */
     public function run(?RouteCollectionInterface $routes = null, bool $returnResponse = false)
     {
+        $this->returnResponse = $returnResponse;
+
         if ($this->context === null) {
             throw new LogicException('Context must be set before run() is called. If you are upgrading from 4.1.x, you need to merge `public/index.php` and `spark` file from `vendor/codeigniter4/framework`.');
         }
@@ -309,6 +316,10 @@ public function run(?RouteCollectionInterface $routes = null, bool $returnRespon
         if ($this->request instanceof IncomingRequest && strtolower($this->request->getMethod()) === 'cli') {
             $this->response->setStatusCode(405)->setBody('Method Not Allowed');
 
+            if ($this->returnResponse) {
+                return $this->response;
+            }
+
             $this->sendResponse();
 
             return;
@@ -345,13 +356,22 @@ public function run(?RouteCollectionInterface $routes = null, bool $returnRespon
             // If the route is a 'redirect' route, it throws
             // the exception with the $to as the message
             $this->response->redirect(base_url($e->getMessage()), 'auto', $e->getCode());
+
+            if ($this->returnResponse) {
+                return $this->response;
+            }
+
             $this->sendResponse();
 
             $this->callExit(EXIT_SUCCESS);
 
             return;
         } catch (PageNotFoundException $e) {
-            $this->display404errors($e);
+            $return = $this->display404errors($e);
+
+            if ($return instanceof ResponseInterface) {
+                return $return;
+            }
         }
     }
 
@@ -400,9 +420,13 @@ private function isWeb(): bool
      *
      * @throws PageNotFoundException
      * @throws RedirectException
+     *
+     * @deprecated $returnResponse is deprecated.
      */
     protected function handleRequest(?RouteCollectionInterface $routes, Cache $cacheConfig, bool $returnResponse = false)
     {
+        $this->returnResponse = $returnResponse;
+
         $routeFilter = $this->tryToRouteIt($routes);
 
         $uri = $this->determinePath();
@@ -433,7 +457,8 @@ protected function handleRequest(?RouteCollectionInterface $routes, Cache $cache
 
             // If a ResponseInterface instance is returned then send it back to the client and stop
             if ($possibleResponse instanceof ResponseInterface) {
-                return $returnResponse ? $possibleResponse : $possibleResponse->pretend($this->useSafeOutput)->send();
+                return $this->returnResponse ? $possibleResponse
+                    : $possibleResponse->pretend($this->useSafeOutput)->send();
             }
 
             if ($possibleResponse instanceof Request) {
@@ -512,7 +537,7 @@ protected function handleRequest(?RouteCollectionInterface $routes, Cache $cache
 
         unset($uri);
 
-        if (! $returnResponse) {
+        if (! $this->returnResponse) {
             $this->sendResponse();
         }
 
@@ -910,6 +935,8 @@ protected function runController($class)
     /**
      * Displays a 404 Page Not Found error. If set, will try to
      * call the 404Override controller/method that was set in routing config.
+     *
+     * @return ResponseInterface|void
      */
     protected function display404errors(PageNotFoundException $e)
     {
@@ -934,6 +961,10 @@ protected function display404errors(PageNotFoundException $e)
 
             $cacheConfig = new Cache();
             $this->gatherOutput($cacheConfig, $returned);
+            if ($this->returnResponse) {
+                return $this->response;
+            }
+
             $this->sendResponse();
 
             return;

system/Common.php

@@ -145,7 +145,10 @@ function command(string $command)
                 $args[] = stripcslashes($match[1]);
             } else {
                 // @codeCoverageIgnoreStart
-                throw new InvalidArgumentException(sprintf('Unable to parse input near "... %s ...".', substr($command, $cursor, 10)));
+                throw new InvalidArgumentException(sprintf(
+                    'Unable to parse input near "... %s ...".',
+                    substr($command, $cursor, 10)
+                ));
                 // @codeCoverageIgnoreEnd
             }
 
@@ -357,12 +360,10 @@ function db_connect($db = null, bool $getShared = true)
      */
     function dd(...$vars)
     {
-        // @codeCoverageIgnoreStart
         Kint::$aliases[] = 'dd';
         Kint::dump(...$vars);
 
         exit;
-        // @codeCoverageIgnoreEnd
     }
 }
 
@@ -414,10 +415,11 @@ function env(string $key, $default = null)
      * If $data is an array, then it loops over it, escaping each
      * 'value' of the key/value pairs.
      *
-     * Valid context values: html, js, css, url, attr, raw
-     *
      * @param array|string $data
-     * @param string       $encoding
+     * @phpstan-param 'html'|'js'|'css'|'url'|'attr'|'raw' $context
+     * @param string|null $encoding Current encoding for escaping.
+     *                              If not UTF-8, we convert strings from this encoding
+     *                              pre-escaping and back to this encoding post-escaping.
      *
      * @return array|string
      *
@@ -437,7 +439,7 @@ function esc($data, string $context = 'html', ?string $encoding = null)
             // Provide a way to NOT escape data since
             // this could be called automatically by
             // the View library.
-            if (empty($context) || $context === 'raw') {
+            if ($context === 'raw') {
                 return $data;
             }
 
@@ -493,18 +495,13 @@ function force_https(int $duration = 31_536_000, ?RequestInterface $request = nu
         }
 
         if ((ENVIRONMENT !== 'testing' && (is_cli() || $request->isSecure())) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'test')) {
-            // @codeCoverageIgnoreStart
-            return;
-            // @codeCoverageIgnoreEnd
+            return; // @codeCoverageIgnore
         }
 
         // If the session status is active, we should regenerate
         // the session ID for safety sake.
         if (ENVIRONMENT !== 'testing' && session_status() === PHP_SESSION_ACTIVE) {
-            // @codeCoverageIgnoreStart
-            Services::session(null, true)
-                ->regenerate();
-            // @codeCoverageIgnoreEnd
+            Services::session(null, true)->regenerate(); // @codeCoverageIgnore
         }
 
         $baseURL = config(App::class)->baseURL;
@@ -529,9 +526,7 @@ function force_https(int $duration = 31_536_000, ?RequestInterface $request = nu
         $response->sendHeaders();
 
         if (ENVIRONMENT !== 'testing') {
-            // @codeCoverageIgnoreStart
-            exit();
-            // @codeCoverageIgnoreEnd
+            exit(); // @codeCoverageIgnore
         }
     }
 }
@@ -782,7 +777,7 @@ function lang(string $line, array $args = [], ?string $locale = null)
      *  - info
      *  - debug
      *
-     * @return mixed
+     * @return bool
      */
     function log_message(string $level, string $message, array $context = [])
     {
@@ -795,10 +790,7 @@ function log_message(string $level, string $message, array $context = [])
             return $logger->log($level, $message, $context);
         }
 
-        // @codeCoverageIgnoreStart
-        return Services::logger(true)
-            ->log($level, $message, $context);
-        // @codeCoverageIgnoreEnd
+        return Services::logger(true)->log($level, $message, $context); // @codeCoverageIgnore
     }
 }
 
@@ -823,18 +815,17 @@ function model(string $name, bool $getShared = true, ?ConnectionInterface &$conn
      * Provides access to "old input" that was set in the session
      * during a redirect()->withInput().
      *
-     * @param null        $default
-     * @param bool|string $escape
+     * @param string|null  $default
+     * @param false|string $escape
+     * @phpstan-param false|'attr'|'css'|'html'|'js'|'raw'|'url' $escape
      *
-     * @return mixed|null
+     * @return array|string|null
      */
     function old(string $key, $default = null, $escape = 'html')
     {
         // Ensure the session is loaded
         if (session_status() === PHP_SESSION_NONE && ENVIRONMENT !== 'testing') {
-            // @codeCoverageIgnoreStart
-            session();
-            // @codeCoverageIgnoreEnd
+            session(); // @codeCoverageIgnore
         }
 
         $request = Services::request();
@@ -932,7 +923,8 @@ function route_to(string $method, ...$params)
      *
      * @param string $val
      *
-     * @return mixed|Session|null
+     * @return array|bool|float|int|object|Session|string|null
+     * @phpstan-return ($val is null ? Session : array|bool|float|int|object|string|null)
      */
     function session(?string $val = null)
     {
@@ -1054,7 +1046,7 @@ function slash_item(string $item): ?string
      * Helper function used to convert a string, array, or object
      * of attributes to a string.
      *
-     * @param mixed $attributes string, array, object
+     * @param array|object|string $attributes string, array, object that can be cast to array
      */
     function stringify_attributes($attributes, bool $js = false): string
     {

system/Config/DotEnv.php

@@ -116,7 +116,8 @@ public function normaliseVariable(string $name, string $value = ''): array
         $value = trim($value);
 
         // Sanitize the name
-        $name = str_replace(['export', '\'', '"'], '', $name);
+        $name = preg_replace('/^export[ \t]++(\S+)/', '$1', $name);
+        $name = str_replace(['\'', '"'], '', $name);
 
         // Sanitize the value
         $value = $this->sanitizeValue($value);

system/Database/BaseBuilder.php

@@ -1179,7 +1179,7 @@ public function unionAll($union)
      */
     protected function addUnionStatement($union, bool $all = false)
     {
-        $this->QBUnion[] = "\n" . 'UNION '
+        $this->QBUnion[] = "\nUNION "
             . ($all ? 'ALL ' : '')
             . 'SELECT * FROM '
             . $this->buildSubquery($union, true, 'uwrp' . (count($this->QBUnion) + 1));
@@ -2350,7 +2350,7 @@ public function getCompiledDelete(bool $reset = true): string
      *
      * @param mixed $where
      *
-     * @return bool|string
+     * @return bool|string Returns a string if in test mode.
      *
      * @throws DatabaseException
      */