Merge pull request #9416 from codeigniter4/develop

4.5.8 Ready code

Author: paulbalandan

.github/mergeable.yml

@@ -2,40 +2,33 @@
 
 version: 2
 mergeable:
-  - when: issues.opened
+  - when: issues.opened, issues.reopened
     validate:
-      - do: description
-        and:
-          - must_include:
-              regex: '^### PHP Version'
-          - must_include:
-              regex: '^### CodeIgniter4 Version'
-      - do: author
-        and:
-          - must_exclude:
-              regex: 'kenjis'
-          - must_exclude:
-              regex: 'lonnieezell'
-          - must_exclude:
-              regex: 'MGatner'
-          - must_exclude:
-              regex: 'michalsn'
-          - must_exclude:
-              regex: 'paulbalandan'
-          - must_exclude:
-              regex: 'samsonasik'
+      - do: or
+        validate:
+          - do: and
+            validate:
+              - do: description
+                must_include:
+                  regex: '### PHP Version'
+              - do: description
+                must_include:
+                  regex: '### CodeIgniter4 Version'
+          - do: author
+            must_include:
+              regex: ^kenjis|lonnieezell|MGatner|michalsn|paulbalandan|samsonasik$
     fail:
       - do: comment
-        payload: |
-          Hi there! :wave:
+        payload:
+          body: |
+            Hi there, @@author! :wave:
 
-          It looks like you opened an issue without following the bug report template:
+            It looks like you opened an issue without following the bug report template:
 
-          Bug report ([open an issue](https://github.com/codeigniter4/CodeIgniter4/issues/new?assignees=&labels=bug&projects=&template=bug_report.yml&title=Bug%3A+))
+            * Bug report ([open an issue](https://github.com/codeigniter4/CodeIgniter4/issues/new?assignees=&labels=bug&projects=&template=bug_report.yml&title=Bug%3A+))
+            * For feature request or support question, please use the [forums](https://forum.codeigniter.com/forum-30.html).
 
-          If you are opening a feature request or support question, please do so in the [forums](https://forum.codeigniter.com/forum-30.html).
+            The current issue will be closed. This is a precaution to save maintainers' time, I hope you'll understand.
 
-          The current issue will be closed. This is a precaution to save maintainers' time, I hope you'll understand.
-
-          Sincerely, the mergeable bot 🤖
+            Sincerely, the mergeable bot 🤖
       - do: close

.php-cs-fixer.dist.php

@@ -39,7 +39,9 @@
         __DIR__ . '/spark',
     ]);
 
-$overrides = [];
+$overrides = [
+    'modernize_strpos' => ['modernize_stripos' => true],
+];
 
 $options = [
     'cacheFile'    => 'build/.php-cs-fixer.cache',
@@ -53,5 +55,5 @@
 return Factory::create(new CodeIgniter4(), $overrides, $options)->forLibrary(
     'CodeIgniter 4 framework',
     'CodeIgniter Foundation',
-    '[email protected]'
+    '[email protected]',
 );

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## [v4.5.8](https://github.com/codeigniter4/CodeIgniter4/tree/v4.5.8) (2025-01-19)
+[Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.5.7...v4.5.8)
+
+### Security
+
+* **HTTP** *Validation of header name and value*: Fixed a potential vulnerability on lack of proper header validation
+    for its name and value. See the [security advisory](https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-x5mq-jjr3-vmx6)
+    for more information. Credits to @neznaika0 for reporting.
+* **Security** fix: ensure csrf token is string by @datlechin in https://github.com/codeigniter4/CodeIgniter4/pull/9365
+
+### Fixed Bugs
+
+* fix: gather affected rows after query call failed by @michalsn in https://github.com/codeigniter4/CodeIgniter4/pull/9363
+
+### Refactoring
+
+* refactor: use more strict result check on preg_match_all() result by @samsonasik in https://github.com/codeigniter4/CodeIgniter4/pull/9361
+* refactor: Fix phpstan if.condNotBoolean by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9368
+* refactor: Fix phpstan when delete string key by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9369
+* refactor: Fix phpstan greaterOrEqual.invalid by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9370
+* refactor: Fix phpstan nullCoalesce by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9374
+* refactor: Fix phpstan isset offset by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9383
+* refactor: Fix phpstan return.missing by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9382
+* refactor: Fix phpstan booleanAnd.rightAlwaysTrue by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9367
+* refactor: Fix phpstan codeigniter.configArgumentInstanceof by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9390
+* refactor: Use `strtolower` with `str_contains`/`str_**_with` as replacement for `stripos` by @paulbalandan in https://github.com/codeigniter4/CodeIgniter4/pull/9414
+
 ## [v4.5.7](https://github.com/codeigniter4/CodeIgniter4/tree/v4.5.7) (2024-12-31)
 [Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.5.6...v4.5.7)
 

LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2014-2019 British Columbia Institute of Technology
-Copyright (c) 2019-2024 CodeIgniter Foundation
+Copyright (c) 2019-present CodeIgniter Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

admin/create-new-changelog.php

@@ -47,20 +47,20 @@ function replace_file_content(string $path, string $pattern, string $replace): v
 replace_file_content(
     $changelogIndex,
     '/\.\. toctree::\n    :titlesonly:\n/u',
-    ".. toctree::\n    :titlesonly:\n\n    v{$version}"
+    ".. toctree::\n    :titlesonly:\n\n    v{$version}",
 );
 // Replace {version}
 $length    = mb_strlen("Version {$version}");
 $underline = str_repeat('#', $length);
 replace_file_content(
     $changelog,
     '/#################\nVersion {version}\n#################/u',
-    "{$underline}\nVersion {$version}\n{$underline}"
+    "{$underline}\nVersion {$version}\n{$underline}",
 );
 replace_file_content(
     $changelog,
     '/{version}/u',
-    "{$version}"
+    "{$version}",
 );
 
 // Copy upgrading
@@ -72,15 +72,15 @@ function replace_file_content(string $path, string $pattern, string $replace): v
 replace_file_content(
     $upgradingIndex,
     '/    backward_compatibility_notes\n/u',
-    "    backward_compatibility_notes\n\n    upgrade_{$versionWithoutDots}"
+    "    backward_compatibility_notes\n\n    upgrade_{$versionWithoutDots}",
 );
 // Replace {version}
 $length    = mb_strlen("Upgrading from {$versionCurrent} to {$version}");
 $underline = str_repeat('#', $length);
 replace_file_content(
     $upgrading,
     '/##############################\nUpgrading from {version} to {version}\n##############################/u',
-    "{$underline}\nUpgrading from {$versionCurrent} to {$version}\n{$underline}"
+    "{$underline}\nUpgrading from {$versionCurrent} to {$version}\n{$underline}",
 );
 
 // Commits

admin/prepare-release.php

@@ -33,39 +33,39 @@ function replace_file_content(string $path, string $pattern, string $replace): v
 replace_file_content(
     './system/CodeIgniter.php',
     '/public const CI_VERSION = \'.*?\';/u',
-    "public const CI_VERSION = '{$version}';"
+    "public const CI_VERSION = '{$version}';",
 );
 
 // Updates version number in "conf.py".
 replace_file_content(
     './user_guide_src/source/conf.py',
     '/^version = \'.*?\'/mu',
-    "version = '{$minor}'"
+    "version = '{$minor}'",
 );
 replace_file_content(
     './user_guide_src/source/conf.py',
     '/^release = \'.*?\'/mu',
-    "release = '{$version}'"
+    "release = '{$version}'",
 );
 
 // Updates version number in "phpdoc.dist.xml".
 replace_file_content(
     './phpdoc.dist.xml',
     '!<title>CodeIgniter v.*? API</title>!mu',
-    "<title>CodeIgniter v{$minor} API</title>"
+    "<title>CodeIgniter v{$minor} API</title>",
 );
 replace_file_content(
     './phpdoc.dist.xml',
     '/<version number=".*?">/mu',
-    "<version number=\"{$version}\">"
+    "<version number=\"{$version}\">",
 );
 
 // Updates release date in changelogs.
 $date = date('F j, Y');
 replace_file_content(
     "./user_guide_src/source/changelogs/v{$version}.rst",
     '/^Release Date: .*/mu',
-    "Release Date: {$date}"
+    "Release Date: {$date}",
 );
 
 // Commits

admin/starter/tests/unit/HealthTest.php

@@ -32,7 +32,7 @@ public function testBaseUrlHasBeenSet(): void
             $config = new App();
             $this->assertTrue(
                 $validation->check($config->baseURL, 'valid_url'),
-                'baseURL "' . $config->baseURL . '" in .env is not valid URL'
+                'baseURL "' . $config->baseURL . '" in .env is not valid URL',
             );
         }
 
@@ -43,7 +43,7 @@ public function testBaseUrlHasBeenSet(): void
         // BaseURL in app/Config/App.php is a valid URL?
         $this->assertTrue(
             $validation->check($reader->baseURL, 'valid_url'),
-            'baseURL "' . $reader->baseURL . '" in app/Config/App.php is not valid URL'
+            'baseURL "' . $reader->baseURL . '" in app/Config/App.php is not valid URL',
         );
     }
 }

composer.json

@@ -28,7 +28,7 @@
         "phpunit/phpcov": "^9.0.2 || ^10.0",
         "phpunit/phpunit": "^10.5.16 || ^11.2",
         "predis/predis": "^1.1 || ^2.0",
-        "rector/rector": "2.0.4",
+        "rector/rector": "2.0.6",
         "shipmonk/phpstan-baseline-per-identifier": "^2.0"
     },
     "replace": {

phpdoc.dist.xml

@@ -10,7 +10,7 @@
         <output>api/build/</output>
         <cache>api/cache/</cache>
     </paths>
-    <version number="4.5.7">
+    <version number="4.5.8">
         <api format="php">
             <source dsn=".">
                 <path>system</path>

phpunit.xml.dist

@@ -11,7 +11,6 @@
     failOnWarning="true"
     cacheDirectory="build/.phpunit.cache">
     <coverage
-        includeUncoveredFiles="true"
         pathCoverage="false"
         ignoreDeprecatedCodeUnits="true"
         disableCodeCoverageIgnore="true">