Merge branch 'develop' into 4.7

Author: paulbalandan

composer.json

@@ -28,7 +28,7 @@
         "phpunit/phpcov": "^9.0.2 || ^10.0",
         "phpunit/phpunit": "^10.5.16 || ^11.2",
         "predis/predis": "^1.1 || ^2.3",
-        "rector/rector": "2.0.10",
+        "rector/rector": "2.0.11",
         "shipmonk/phpstan-baseline-per-identifier": "^2.0"
     },
     "replace": {

rector.php

@@ -18,7 +18,6 @@
 use Rector\CodeQuality\Rector\FuncCall\ChangeArrayPushToArrayAssignRector;
 use Rector\CodeQuality\Rector\FuncCall\CompactToVariablesRector;
 use Rector\CodeQuality\Rector\FunctionLike\SimplifyUselessVariableRector;
-use Rector\CodeQuality\Rector\Identical\FlipTypeControlToUseExclusiveTypeRector;
 use Rector\CodeQuality\Rector\Ternary\TernaryEmptyArrayArrayDimFetchToCoalesceRector;
 use Rector\CodingStyle\Rector\ClassMethod\FuncGetArgsToVariadicParamRector;
 use Rector\CodingStyle\Rector\ClassMethod\MakeInheritedMethodVisibilitySameAsParentRector;
@@ -36,8 +35,8 @@
 use Rector\Php70\Rector\FuncCall\RandomFunctionRector;
 use Rector\Php80\Rector\Class_\ClassPropertyAssignToConstructorPromotionRector;
 use Rector\Php81\Rector\FuncCall\NullToStrictStringFuncCallArgRector;
+use Rector\PHPUnit\CodeQuality\Rector\Class_\RemoveDataProviderParamKeysRector;
 use Rector\PHPUnit\CodeQuality\Rector\Class_\YieldDataProviderRector;
-use Rector\PHPUnit\CodeQuality\Rector\MethodCall\AssertCountWithZeroToAssertEmptyRector;
 use Rector\Privatization\Rector\Property\PrivatizeFinalClassPropertyRector;
 use Rector\Strict\Rector\Empty_\DisallowedEmptyRuleFixerRector;
 use Rector\Strict\Rector\If_\BooleanInIfConditionRuleFixerRector;
@@ -46,7 +45,6 @@
 use Rector\TypeDeclaration\Rector\ClassMethod\ReturnNeverTypeRector;
 use Rector\TypeDeclaration\Rector\Closure\AddClosureVoidReturnTypeWhereNoReturnRector;
 use Rector\TypeDeclaration\Rector\Closure\ClosureReturnTypeRector;
-use Rector\TypeDeclaration\Rector\Empty_\EmptyOnNullableObjectToInstanceOfRector;
 use Rector\TypeDeclaration\Rector\Function_\AddFunctionVoidReturnTypeWhereNoReturnRector;
 use Rector\TypeDeclaration\Rector\Property\TypedPropertyFromAssignsRector;
 use Rector\TypeDeclaration\Rector\StmtsAwareInterface\DeclareStrictTypesRector;
@@ -170,7 +168,7 @@
 
         CompactToVariablesRector::class,
 
-        AssertCountWithZeroToAssertEmptyRector::class,
+        RemoveDataProviderParamKeysRector::class,
     ])
     // auto import fully qualified class names
     ->withImportNames(removeUnusedImports: true)
@@ -192,7 +190,6 @@
         MakeInheritedMethodVisibilitySameAsParentRector::class,
         SimplifyEmptyCheckOnEmptyArrayRector::class,
         TernaryEmptyArrayArrayDimFetchToCoalesceRector::class,
-        EmptyOnNullableObjectToInstanceOfRector::class,
         DisallowedEmptyRuleFixerRector::class,
         PrivatizeFinalClassPropertyRector::class,
         BooleanInIfConditionRuleFixerRector::class,
@@ -202,7 +199,6 @@
         AddMethodCallBasedStrictParamTypeRector::class,
         TypedPropertyFromAssignsRector::class,
         ClosureReturnTypeRector::class,
-        FlipTypeControlToUseExclusiveTypeRector::class,
         AddArrowFunctionReturnTypeRector::class,
     ])
     ->withConfiguredRule(StringClassNameToClassConstantRector::class, [

system/BaseModel.php

@@ -121,9 +121,13 @@ abstract class BaseModel
     protected ?DataConverter $converter = null;
 
     /**
-     * If this model should use "softDeletes" and
-     * simply set a date when rows are deleted, or
-     * do hard deletes.
+     * Determines whether the model should protect field names during
+     * mass assignment operations such as insert() and update().
+     *
+     * When set to true, only the fields explicitly defined in the $allowedFields
+     * property will be allowed for mass assignment. This helps prevent
+     * unintended modification of database fields and improves security
+     * by avoiding mass assignment vulnerabilities.
      *
      * @var bool
      */

system/Database/OCI8/Builder.php

@@ -48,16 +48,6 @@ class Builder extends BaseBuilder
      */
     protected $countString = 'SELECT COUNT(1) ';
 
-    /**
-     * Limit used flag
-     *
-     * If we use LIMIT, we'll add a field that will
-     * throw off num_fields later.
-     *
-     * @var bool
-     */
-    protected $limitUsed = false;
-
     /**
      * A reference to the database connection.
      *
@@ -214,28 +204,13 @@ protected function _update(string $table, array $values): string
     protected function _limit(string $sql, bool $offsetIgnore = false): string
     {
         $offset = (int) ($offsetIgnore === false ? $this->QBOffset : 0);
-        if (version_compare($this->db->getVersion(), '12.1', '>=')) {
-            // OFFSET-FETCH can be used only with the ORDER BY clause
-            if (empty($this->QBOrderBy)) {
-                $sql .= ' ORDER BY 1';
-            }
 
-            return $sql . ' OFFSET ' . $offset . ' ROWS FETCH NEXT ' . $this->QBLimit . ' ROWS ONLY';
+        // OFFSET-FETCH can be used only with the ORDER BY clause
+        if (empty($this->QBOrderBy)) {
+            $sql .= ' ORDER BY 1';
         }
 
-        $this->limitUsed    = true;
-        $limitTemplateQuery = 'SELECT * FROM (SELECT INNER_QUERY.*, ROWNUM RNUM FROM (%s) INNER_QUERY WHERE ROWNUM < %d)' . ($offset !== 0 ? ' WHERE RNUM >= %d' : '');
-
-        return sprintf($limitTemplateQuery, $sql, $offset + $this->QBLimit + 1, $offset);
-    }
-
-    /**
-     * Resets the query builder values.  Called by the get() function
-     */
-    protected function resetSelect()
-    {
-        $this->limitUsed = false;
-        parent::resetSelect();
+        return $sql . ' OFFSET ' . $offset . ' ROWS FETCH NEXT ' . $this->QBLimit . ' ROWS ONLY';
     }
 
     /**

system/Debug/Toolbar.php

@@ -512,7 +512,7 @@ protected function format(string $data, string $format = 'html'): string
     {
         $data = json_decode($data, true);
 
-        if ($this->config->maxHistory !== 0 && preg_match('/\d+\.\d{6}/s', (string) service('request')->getGet('debugbar_time'), $debugbarTime)) {
+        if (preg_match('/\d+\.\d{6}/s', (string) service('request')->getGet('debugbar_time'), $debugbarTime)) {
             $history = new History();
             $history->setFiles(
                 $debugbarTime[0],

system/Debug/Toolbar/Views/toolbar.js

@@ -27,22 +27,25 @@ var ciDebugBar = {
             .getElementById("debug-icon-link")
             .addEventListener("click", ciDebugBar.toggleToolbar, true);
 
-        // Allows to highlight the row of the current history request
-        var btn = this.toolbar.querySelector(
-            'button[data-time="' + localStorage.getItem("debugbar-time") + '"]'
-        );
-        ciDebugBar.addClass(btn.parentNode.parentNode, "current");
-
         historyLoad = this.toolbar.getElementsByClassName("ci-history-load");
 
-        for (var i = 0; i < historyLoad.length; i++) {
-            historyLoad[i].addEventListener(
-                "click",
-                function () {
-                    loadDoc(this.getAttribute("data-time"));
-                },
-                true
+        if (historyLoad.length) {
+            // Allows highlighting the row of the current history request
+            var btn = this.toolbar.querySelector(
+                'button[data-time="' + localStorage.getItem("debugbar-time-new") + '"]'
             );
+            ciDebugBar.addClass(btn.parentNode.parentNode, "current");
+
+
+            for (var i = 0; i < historyLoad.length; i++) {
+                historyLoad[i].addEventListener(
+                    "click",
+                    function () {
+                        loadDoc(this.getAttribute("data-time"));
+                    },
+                    true
+                );
+            }
         }
 
         // Display the active Tab on page load
@@ -77,14 +80,14 @@ var ciDebugBar = {
                 links[i].addEventListener("click", function() {
                     ciDebugBar.toggleDataTable(datatable)
                 }, true);
-               
+
             } else if (toggleData === "childrows") {
 
                 let child = links[i].getAttribute("data-child");
                 links[i].addEventListener("click", function() {
                     ciDebugBar.toggleChildRows(child)
                 }, true);
-                
+
             } else {
                 links[i].addEventListener("click", ciDebugBar.toggleRows, true);
             }
@@ -174,10 +177,10 @@ var ciDebugBar = {
             );
 
             if (target.classList.contains("debug-bar-ndisplay")) {
-                ciDebugBar.switchClass(target, "debug-bar-ndisplay", "debug-bar-dtableRow");   
+                ciDebugBar.switchClass(target, "debug-bar-ndisplay", "debug-bar-dtableRow");
             } else {
                 ciDebugBar.switchClass(target, "debug-bar-dtableRow", "debug-bar-ndisplay");
-            } 
+            }
         }
     },
 
@@ -261,7 +264,7 @@ var ciDebugBar = {
         } else {
             ciDebugBar.switchClass(ciDebugBar.icon, "debug-bar-dinlineBlock", "debug-bar-ndisplay");
             ciDebugBar.switchClass(ciDebugBar.toolbar, "debug-bar-ndisplay", "debug-bar-dinlineBlock");
-        } 
+        }
     },
 
     toggleViewsHints: function () {

system/HTTP/UserAgent.php

@@ -278,7 +278,7 @@ protected function compileData()
         $this->setPlatform();
 
         foreach (['setRobot', 'setBrowser', 'setMobile'] as $function) {
-            if ($this->{$function}() === true) {
+            if ($this->{$function}()) {
                 break;
             }
         }

system/Log/Logger.php

@@ -341,7 +341,7 @@ protected function interpolate($message, array $context = [])
         $replace['{env}']       = ENVIRONMENT;
 
         // Allow us to log the file/line that we are logging from
-        if (str_contains($message, '{file}')) {
+        if (str_contains($message, '{file}') || str_contains($message, '{line}')) {
             [$file, $line] = $this->determineFile();
 
             $replace['{file}'] = $file;

system/Security/CheckPhpIni.php

@@ -135,7 +135,7 @@ public static function checkIni(?string $argument = null): array
             'date.timezone'           => ['recommended' => 'UTC'],
             'mbstring.language'       => ['recommended' => 'neutral'],
             'opcache.enable'          => ['recommended' => '1'],
-            'opcache.enable_cli'      => ['recommended' => '1'],
+            'opcache.enable_cli'      => ['recommended' => '0', 'remark' => 'Enable when you are using queues or running repetitive CLI tasks'],
             'opcache.jit'             => ['recommended' => 'tracing'],
             'opcache.jit_buffer_size' => ['recommended' => '128', 'remark' => 'Adjust with your free space of memory'],
             'zend.assertions'         => ['recommended' => '-1'],
@@ -144,7 +144,7 @@ public static function checkIni(?string $argument = null): array
         if ($argument === 'opcache') {
             $items = [
                 'opcache.enable'                  => ['recommended' => '1'],
-                'opcache.enable_cli'              => ['recommended' => '0', 'remark' => 'Enable when you using CLI'],
+                'opcache.enable_cli'              => ['recommended' => '0', 'remark' => 'Enable when you are using queues or running repetitive CLI tasks'],
                 'opcache.jit'                     => ['recommended' => 'tracing', 'remark' => 'Disable when you used third-party extensions'],
                 'opcache.jit_buffer_size'         => ['recommended' => '128', 'remark' => 'Adjust with your free space of memory'],
                 'opcache.memory_consumption'      => ['recommended' => '128', 'remark' => 'Adjust with your free space of memory'],

tests/system/CodeIgniterTest.php

@@ -19,6 +19,7 @@
 use CodeIgniter\Exceptions\PageNotFoundException;
 use CodeIgniter\HTTP\Method;
 use CodeIgniter\HTTP\Response;
+use CodeIgniter\HTTP\ResponseInterface;
 use CodeIgniter\Router\RouteCollection;
 use CodeIgniter\Test\CIUnitTestCase;
 use CodeIgniter\Test\Filters\CITestStreamFilter;
@@ -95,6 +96,7 @@ public function testRunEmptyDefaultRouteReturnResponse(): void
         $_SERVER['argc'] = 1;
 
         $response = $this->codeigniter->run(null, true);
+        $this->assertInstanceOf(ResponseInterface::class, $response);
 
         $this->assertStringContainsString('Welcome to CodeIgniter', $response->getBody());
     }
@@ -159,6 +161,7 @@ public function testRun404OverrideControllerReturnsResponse(): void
         Services::injectMock('router', $router);
 
         $response = $this->codeigniter->run($routes, true);
+        $this->assertInstanceOf(ResponseInterface::class, $response);
 
         $this->assertStringContainsString('Oops', $response->getBody());
         $this->assertSame(567, $response->getStatusCode());
@@ -177,6 +180,7 @@ public function testRun404OverrideReturnResponse(): void
         Services::injectMock('router', $router);
 
         $response = $this->codeigniter->run($routes, true);
+        $this->assertInstanceOf(ResponseInterface::class, $response);
 
         $this->assertStringContainsString('Oops', $response->getBody());
     }
@@ -467,6 +471,7 @@ public function testRunForceSecure(): void
         $this->assertNull($response->header('Location'));
 
         $response = $codeigniter->run(null, true);
+        $this->assertInstanceOf(ResponseInterface::class, $response);
 
         $this->assertSame('https://example.com/index.php/', $response->header('Location')->getValue());
     }