Merge pull request #9416 from codeigniter4/develop

4.5.8 Ready code

Author: paulbalandan

.github/mergeable.yml

@@ -2,40 +2,33 @@
 
 version: 2
 mergeable:
-  - when: issues.opened
+  - when: issues.opened, issues.reopened
     validate:
-      - do: description
-        and:
-          - must_include:
-              regex: '^### PHP Version'
-          - must_include:
-              regex: '^### CodeIgniter4 Version'
-      - do: author
-        and:
-          - must_exclude:
-              regex: 'kenjis'
-          - must_exclude:
-              regex: 'lonnieezell'
-          - must_exclude:
-              regex: 'MGatner'
-          - must_exclude:
-              regex: 'michalsn'
-          - must_exclude:
-              regex: 'paulbalandan'
-          - must_exclude:
-              regex: 'samsonasik'
+      - do: or
+        validate:
+          - do: and
+            validate:
+              - do: description
+                must_include:
+                  regex: '### PHP Version'
+              - do: description
+                must_include:
+                  regex: '### CodeIgniter4 Version'
+          - do: author
+            must_include:
+              regex: ^kenjis|lonnieezell|MGatner|michalsn|paulbalandan|samsonasik$
     fail:
       - do: comment
-        payload: |
-          Hi there! :wave:
+        payload:
+          body: |
+            Hi there, @@author! :wave:
 
-          It looks like you opened an issue without following the bug report template:
+            It looks like you opened an issue without following the bug report template:
 
-          Bug report ([open an issue](https://github.com/codeigniter4/CodeIgniter4/issues/new?assignees=&labels=bug&projects=&template=bug_report.yml&title=Bug%3A+))
+            * Bug report ([open an issue](https://github.com/codeigniter4/CodeIgniter4/issues/new?assignees=&labels=bug&projects=&template=bug_report.yml&title=Bug%3A+))
+            * For feature request or support question, please use the [forums](https://forum.codeigniter.com/forum-30.html).
 
-          If you are opening a feature request or support question, please do so in the [forums](https://forum.codeigniter.com/forum-30.html).
+            The current issue will be closed. This is a precaution to save maintainers' time, I hope you'll understand.
 
-          The current issue will be closed. This is a precaution to save maintainers' time, I hope you'll understand.
-
-          Sincerely, the mergeable bot 🤖
+            Sincerely, the mergeable bot 🤖
       - do: close

.php-cs-fixer.dist.php

@@ -39,7 +39,9 @@
         __DIR__ . '/spark',
     ]);
 
-$overrides = [];
+$overrides = [
+    'modernize_strpos' => ['modernize_stripos' => true],
+];
 
 $options = [
     'cacheFile'    => 'build/.php-cs-fixer.cache',
@@ -53,5 +55,5 @@
 return Factory::create(new CodeIgniter4(), $overrides, $options)->forLibrary(
     'CodeIgniter 4 framework',
     'CodeIgniter Foundation',
-    '[email protected]'
+    '[email protected]',
 );

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## [v4.5.8](https://github.com/codeigniter4/CodeIgniter4/tree/v4.5.8) (2025-01-19)
+[Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.5.7...v4.5.8)
+
+### Security
+
+* **HTTP** *Validation of header name and value*: Fixed a potential vulnerability on lack of proper header validation
+    for its name and value. See the [security advisory](https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-x5mq-jjr3-vmx6)
+    for more information. Credits to @neznaika0 for reporting.
+* **Security** fix: ensure csrf token is string by @datlechin in https://github.com/codeigniter4/CodeIgniter4/pull/9365
+
+### Fixed Bugs
+
+* fix: gather affected rows after query call failed by @michalsn in https://github.com/codeigniter4/CodeIgniter4/pull/9363
+
+### Refactoring
+
+* refactor: use more strict result check on preg_match_all() result by @samsonasik in https://github.com/codeigniter4/CodeIgniter4/pull/9361
+* refactor: Fix phpstan if.condNotBoolean by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9368
+* refactor: Fix phpstan when delete string key by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9369
+* refactor: Fix phpstan greaterOrEqual.invalid by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9370
+* refactor: Fix phpstan nullCoalesce by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9374
+* refactor: Fix phpstan isset offset by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9383
+* refactor: Fix phpstan return.missing by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9382
+* refactor: Fix phpstan booleanAnd.rightAlwaysTrue by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9367
+* refactor: Fix phpstan codeigniter.configArgumentInstanceof by @neznaika0 in https://github.com/codeigniter4/CodeIgniter4/pull/9390
+* refactor: Use `strtolower` with `str_contains`/`str_**_with` as replacement for `stripos` by @paulbalandan in https://github.com/codeigniter4/CodeIgniter4/pull/9414
+
 ## [v4.5.7](https://github.com/codeigniter4/CodeIgniter4/tree/v4.5.7) (2024-12-31)
 [Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.5.6...v4.5.7)
 

LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2014-2019 British Columbia Institute of Technology
-Copyright (c) 2019-2024 CodeIgniter Foundation
+Copyright (c) 2019-present CodeIgniter Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

admin/create-new-changelog.php

@@ -47,20 +47,20 @@ function replace_file_content(string $path, string $pattern, string $replace): v
 replace_file_content(
     $changelogIndex,
     '/\.\. toctree::\n    :titlesonly:\n/u',
-    ".. toctree::\n    :titlesonly:\n\n    v{$version}"
+    ".. toctree::\n    :titlesonly:\n\n    v{$version}",
 );
 // Replace {version}
 $length    = mb_strlen("Version {$version}");
 $underline = str_repeat('#', $length);
 replace_file_content(
     $changelog,
     '/#################\nVersion {version}\n#################/u',
-    "{$underline}\nVersion {$version}\n{$underline}"
+    "{$underline}\nVersion {$version}\n{$underline}",
 );
 replace_file_content(
     $changelog,
     '/{version}/u',
-    "{$version}"
+    "{$version}",
 );
 
 // Copy upgrading
@@ -72,15 +72,15 @@ function replace_file_content(string $path, string $pattern, string $replace): v
 replace_file_content(
     $upgradingIndex,
     '/    backward_compatibility_notes\n/u',
-    "    backward_compatibility_notes\n\n    upgrade_{$versionWithoutDots}"
+    "    backward_compatibility_notes\n\n    upgrade_{$versionWithoutDots}",
 );
 // Replace {version}
 $length    = mb_strlen("Upgrading from {$versionCurrent} to {$version}");
 $underline = str_repeat('#', $length);
 replace_file_content(
     $upgrading,
     '/##############################\nUpgrading from {version} to {version}\n##############################/u',
-    "{$underline}\nUpgrading from {$versionCurrent} to {$version}\n{$underline}"
+    "{$underline}\nUpgrading from {$versionCurrent} to {$version}\n{$underline}",
 );
 
 // Commits

admin/prepare-release.php

@@ -33,39 +33,39 @@ function replace_file_content(string $path, string $pattern, string $replace): v
 replace_file_content(
     './system/CodeIgniter.php',
     '/public const CI_VERSION = \'.*?\';/u',
-    "public const CI_VERSION = '{$version}';"
+    "public const CI_VERSION = '{$version}';",
 );
 
 // Updates version number in "conf.py".
 replace_file_content(
     './user_guide_src/source/conf.py',
     '/^version = \'.*?\'/mu',
-    "version = '{$minor}'"
+    "version = '{$minor}'",
 );
 replace_file_content(
     './user_guide_src/source/conf.py',
     '/^release = \'.*?\'/mu',
-    "release = '{$version}'"
+    "release = '{$version}'",
 );
 
 // Updates version number in "phpdoc.dist.xml".
 replace_file_content(
     './phpdoc.dist.xml',
     '!<title>CodeIgniter v.*? API</title>!mu',
-    "<title>CodeIgniter v{$minor} API</title>"
+    "<title>CodeIgniter v{$minor} API</title>",
 );
 replace_file_content(
     './phpdoc.dist.xml',
     '/<version number=".*?">/mu',
-    "<version number=\"{$version}\">"
+    "<version number=\"{$version}\">",
 );
 
 // Updates release date in changelogs.
 $date = date('F j, Y');
 replace_file_content(
     "./user_guide_src/source/changelogs/v{$version}.rst",
     '/^Release Date: .*/mu',
-    "Release Date: {$date}"
+    "Release Date: {$date}",
 );
 
 // Commits

admin/starter/tests/unit/HealthTest.php

@@ -32,7 +32,7 @@ public function testBaseUrlHasBeenSet(): void
             $config = new App();
             $this->assertTrue(
                 $validation->check($config->baseURL, 'valid_url'),
-                'baseURL "' . $config->baseURL . '" in .env is not valid URL'
+                'baseURL "' . $config->baseURL . '" in .env is not valid URL',
             );
         }
 
@@ -43,7 +43,7 @@ public function testBaseUrlHasBeenSet(): void
         // BaseURL in app/Config/App.php is a valid URL?
         $this->assertTrue(
             $validation->check($reader->baseURL, 'valid_url'),
-            'baseURL "' . $reader->baseURL . '" in app/Config/App.php is not valid URL'
+            'baseURL "' . $reader->baseURL . '" in app/Config/App.php is not valid URL',
         );
     }
 }

composer.json

@@ -28,7 +28,7 @@
         "phpunit/phpcov": "^9.0.2 || ^10.0",
         "phpunit/phpunit": "^10.5.16 || ^11.2",
         "predis/predis": "^1.1 || ^2.0",
-        "rector/rector": "2.0.4",
+        "rector/rector": "2.0.6",
         "shipmonk/phpstan-baseline-per-identifier": "^2.0"
     },
     "replace": {

phpdoc.dist.xml

@@ -10,7 +10,7 @@
         <output>api/build/</output>
         <cache>api/cache/</cache>
     </paths>
-    <version number="4.5.7">
+    <version number="4.5.8">
         <api format="php">
             <source dsn=".">
                 <path>system</path>

phpunit.xml.dist

@@ -11,7 +11,6 @@
     failOnWarning="true"
     cacheDirectory="build/.phpunit.cache">
     <coverage
-        includeUncoveredFiles="true"
         pathCoverage="false"
         ignoreDeprecatedCodeUnits="true"
         disableCodeCoverageIgnore="true">

preload.php

@@ -86,7 +86,7 @@ public function load(): void
             $phpFiles  = new RegexIterator(
                 $fullTree,
                 '/.+((?<!Test)+\.php$)/i',
-                RecursiveRegexIterator::GET_MATCH
+                RecursiveRegexIterator::GET_MATCH,
             );
 
             foreach ($phpFiles as $key => $file) {

public/index.php

@@ -11,7 +11,7 @@
     $message = sprintf(
         'Your PHP version must be %s or higher to run CodeIgniter. Current version: %s',
         $minPhpVersion,
-        PHP_VERSION
+        PHP_VERSION,
     );
 
     header('HTTP/1.1 503 Service Unavailable.', true, 503);

rector.php

@@ -62,7 +62,7 @@
     ->withCache(
         // Github action cache or local
         is_dir('/tmp') ? '/tmp/rector' : null,
-        FileCacheStorage::class
+        FileCacheStorage::class,
     )
     // paths to refactor; solid alternative to CLI arguments
     ->withPaths([

spark

@@ -40,7 +40,7 @@ if (version_compare(PHP_VERSION, $minPhpVersion, '<')) {
     $message = sprintf(
         'Your PHP version must be %s or higher to run CodeIgniter. Current version: %s',
         $minPhpVersion,
-        PHP_VERSION
+        PHP_VERSION,
     );
 
     exit($message);

system/API/ResponseTrait.php

@@ -319,7 +319,7 @@ protected function format($data = null)
             $mime = $this->request->negotiate(
                 'media',
                 $format->getConfig()->supportedResponseFormats,
-                false
+                false,
             );
         }
 

system/Autoloader/Autoloader.php

@@ -347,7 +347,7 @@ public function sanitizeFilename(string $filename): string
 
             throw new InvalidArgumentException(
                 'The file path contains special characters "' . $chars
-                . '" that are not allowed: "' . $filename . '"'
+                . '" that are not allowed: "' . $filename . '"',
             );
         }
         if ($result === false) {
@@ -386,7 +386,7 @@ private function loadComposerNamespaces(ClassLoader $composer, array $composerPa
             throw new RuntimeException(
                 'Your Composer version is too old.'
                 . ' Please update Composer (run `composer self-update`) to v2.0.14 or later'
-                . ' and remove your vendor/ directory, and run `composer update`.'
+                . ' and remove your vendor/ directory, and run `composer update`.',
             );
         }
         // This method requires Composer 2.0.14 or later.

system/Autoloader/FileLocator.php

@@ -295,9 +295,9 @@ public function findQualifiedNameFromPath(string $path)
                         str_replace(
                             '/',
                             '\\',
-                            mb_substr($path, mb_strlen($namespace['path']))
+                            mb_substr($path, mb_strlen($namespace['path'])),
                         ),
-                        '\\'
+                        '\\',
                     );
                 // Remove the file extension (.php)
                 $className = mb_substr($className, 0, -4);

system/BaseModel.php

@@ -379,7 +379,7 @@ protected function createDataConverter(): void
             $this->converter = new DataConverter(
                 $this->casts,
                 $this->castHandlers,
-                $this->db
+                $this->db,
             );
         }
     }
@@ -1081,7 +1081,7 @@ public function updateBatch(?array $set = null, ?string $index = null, int $batc
                 if ($updateIndex === null) {
                     throw new InvalidArgumentException(
                         'The index ("' . $index . '") for updateBatch() is missing in the data: '
-                        . json_encode($row)
+                        . json_encode($row),
                     );
                 }
 

system/Boot.php

@@ -288,7 +288,7 @@ protected static function checkMissingExtensions(): void
 
         $message = sprintf(
             'The framework needs the following extension(s) installed and loaded: %s.',
-            implode(', ', $missingExtensions)
+            implode(', ', $missingExtensions),
         );
 
         header('HTTP/1.1 503 Service Unavailable.', true, 503);

system/CLI/CLI.php

@@ -289,7 +289,7 @@ public static function promptByKey($text, array $options, $validation = null): s
 
         CLI::isZeroOptions($options);
 
-        if ($line = array_shift($text)) {
+        if (($line = array_shift($text)) !== null) {
             CLI::write($line);
         }
 
@@ -348,7 +348,7 @@ public static function promptByMultipleKeys(string $text, array $options): array
             // return the prompt again if $input contain(s) non-numeric character, except a comma.
             // And if max from $options less than max from input,
             // it means user tried to access null value in $options
-            if ($pattern === 0 || $maxOptions < $maxInput) {
+            if ($pattern < 1 || $maxOptions < $maxInput) {
                 static::error('Please select correctly.');
                 CLI::newLine();
 
@@ -610,11 +610,11 @@ public static function color(string $text, string $foreground, ?string $backgrou
             $nonColoredText = preg_replace(
                 $pattern,
                 '<<__colored_string__>>',
-                $text
+                $text,
             );
             $nonColoredChunks = preg_split(
                 '/<<__colored_string__>>/u',
-                $nonColoredText
+                $nonColoredText,
             );
 
             foreach ($nonColoredChunks as $i => $chunk) {

system/CLI/Console.php

@@ -63,7 +63,7 @@ public function showHeader(bool $suppress = false)
             'CodeIgniter v%s Command Line Tool - Server Time: %s UTC%s',
             CodeIgniter::CI_VERSION,
             date('Y-m-d H:i:s'),
-            date('P')
+            date('P'),
         ), 'green');
         CLI::newLine();
     }