diff --git a/LICENSE b/LICENSE index 0119e5f5..148e7f73 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ The MIT License (MIT) Copyright (c) 2014-2019 British Columbia Institute of Technology -Copyright (c) 2019-2023 CodeIgniter Foundation +Copyright (c) 2019-2024 CodeIgniter Foundation Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/app/Config/App.php b/app/Config/App.php index 21b4df20..b761da77 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -59,6 +59,30 @@ class App extends BaseConfig */ public string $uriProtocol = 'REQUEST_URI'; + /* + |-------------------------------------------------------------------------- + | Allowed URL Characters + |-------------------------------------------------------------------------- + | + | This lets you specify which characters are permitted within your URLs. + | When someone tries to submit a URL with disallowed characters they will + | get a warning message. + | + | As a security measure you are STRONGLY encouraged to restrict URLs to + | as few characters as possible. + | + | By default, only these are allowed: `a-z 0-9~%.:_-` + | + | Set an empty string to allow all characters -- but only if you are insane. + | + | The configured value is actually a regular expression character group + | and it will be used as: '/\A[]+\z/iu' + | + | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! + | + */ + public string $permittedURIChars = 'a-z 0-9~%.:_\-'; + /** * -------------------------------------------------------------------------- * Default Locale diff --git a/app/Config/Cache.php b/app/Config/Cache.php index b5b2cdc1..b29c13a9 100644 --- a/app/Config/Cache.php +++ b/app/Config/Cache.php @@ -61,7 +61,7 @@ class Cache extends BaseConfig * ['q'] = Enabled, but only take into account the specified list * of query parameters. * - * @var bool|string[] + * @var bool|list */ public $cacheQueryString = false; diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php index 7799c476..2ac41a70 100644 --- a/app/Config/ContentSecurityPolicy.php +++ b/app/Config/ContentSecurityPolicy.php @@ -45,28 +45,28 @@ class ContentSecurityPolicy extends BaseConfig /** * Will default to self if not overridden * - * @var string|string[]|null + * @var list|string|null */ public $defaultSrc; /** * Lists allowed scripts' URLs. * - * @var string|string[] + * @var list|string */ public $scriptSrc = 'self'; /** * Lists allowed stylesheets' URLs. * - * @var string|string[] + * @var list|string */ public $styleSrc = 'self'; /** * Defines the origins from which images can be loaded. * - * @var string|string[] + * @var list|string */ public $imageSrc = 'self'; @@ -75,14 +75,14 @@ class ContentSecurityPolicy extends BaseConfig * * Will default to self if not overridden * - * @var string|string[]|null + * @var list|string|null */ public $baseURI; /** * Lists the URLs for workers and embedded frame contents * - * @var string|string[] + * @var list|string */ public $childSrc = 'self'; @@ -90,21 +90,21 @@ class ContentSecurityPolicy extends BaseConfig * Limits the origins that you can connect to (via XHR, * WebSockets, and EventSource). * - * @var string|string[] + * @var list|string */ public $connectSrc = 'self'; /** * Specifies the origins that can serve web fonts. * - * @var string|string[] + * @var list|string */ public $fontSrc; /** * Lists valid endpoints for submission from `
` tags. * - * @var string|string[] + * @var list|string */ public $formAction = 'self'; @@ -114,7 +114,7 @@ class ContentSecurityPolicy extends BaseConfig * and `` tags. This directive can't be used in * `` tags and applies only to non-HTML resources. * - * @var string|string[]|null + * @var list|string|null */ public $frameAncestors; @@ -122,40 +122,40 @@ class ContentSecurityPolicy extends BaseConfig * The frame-src directive restricts the URLs which may * be loaded into nested browsing contexts. * - * @var array|string|null + * @var list|string|null */ public $frameSrc; /** * Restricts the origins allowed to deliver video and audio. * - * @var string|string[]|null + * @var list|string|null */ public $mediaSrc; /** * Allows control over Flash and other plugins. * - * @var string|string[] + * @var list|string */ public $objectSrc = 'self'; /** - * @var string|string[]|null + * @var list|string|null */ public $manifestSrc; /** * Limits the kinds of plugins a page may invoke. * - * @var string|string[]|null + * @var list|string|null */ public $pluginTypes; /** * List of actions allowed. * - * @var string|string[]|null + * @var list|string|null */ public $sandbox; diff --git a/app/Config/Database.php b/app/Config/Database.php index e2450ec1..8c823602 100644 --- a/app/Config/Database.php +++ b/app/Config/Database.php @@ -23,6 +23,8 @@ class Database extends Config /** * The default database connection. + * + * @var array */ public array $default = [ 'DSN' => '', @@ -48,6 +50,8 @@ class Database extends Config /** * This database connection is used when * running PHPUnit database tests. + * + * @var array */ public array $tests = [ 'DSN' => '', diff --git a/app/Config/Exceptions.php b/app/Config/Exceptions.php index 4173dcdd..c240675e 100644 --- a/app/Config/Exceptions.php +++ b/app/Config/Exceptions.php @@ -30,6 +30,8 @@ class Exceptions extends BaseConfig * -------------------------------------------------------------------------- * Any status codes here will NOT be logged if logging is turned on. * By default, only 404 (Page Not Found) exceptions are ignored. + * + * @var list */ public array $ignoreCodes = [404]; @@ -51,6 +53,8 @@ class Exceptions extends BaseConfig * Any data that you would like to hide from the debug trace. * In order to specify 2 levels, use "/" to separate. * ex. ['server', 'setup/password', 'secret_token'] + * + * @var list */ public array $sensitiveDataInTrace = []; diff --git a/app/Config/Filters.php b/app/Config/Filters.php index ac37b414..57aaed2e 100644 --- a/app/Config/Filters.php +++ b/app/Config/Filters.php @@ -55,6 +55,8 @@ class Filters extends BaseConfig * If you use this, you should disable auto-routing because auto-routing * permits any HTTP method to access a controller. Accessing the controller * with a method you don't expect could bypass the filter. + * + * @var array> */ public array $methods = []; @@ -64,6 +66,8 @@ class Filters extends BaseConfig * * Example: * 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']] + * + * @var array>> */ public array $filters = []; } diff --git a/app/Config/Format.php b/app/Config/Format.php index 749da3e5..3de98d7a 100644 --- a/app/Config/Format.php +++ b/app/Config/Format.php @@ -22,7 +22,7 @@ class Format extends BaseConfig * These formats are only checked when the data passed to the respond() * method is an array. * - * @var string[] + * @var list */ public array $supportedResponseFormats = [ 'application/json', diff --git a/app/Config/Logger.php b/app/Config/Logger.php index 568c5da6..ab6997e5 100644 --- a/app/Config/Logger.php +++ b/app/Config/Logger.php @@ -36,7 +36,7 @@ class Logger extends BaseConfig * For a live site you'll usually enable Critical or higher (3) to be logged otherwise * your log files will fill up very fast. * - * @var array|int + * @var int|list */ public $threshold = (ENVIRONMENT === 'production') ? 4 : 9; @@ -72,6 +72,8 @@ class Logger extends BaseConfig * * Handlers are executed in the order defined in this array, starting with * the handler on top and continuing down. + * + * @var array|string>> */ public array $handlers = [ /* diff --git a/app/Config/Mimes.php b/app/Config/Mimes.php index d02df1ab..7722444a 100644 --- a/app/Config/Mimes.php +++ b/app/Config/Mimes.php @@ -22,6 +22,8 @@ class Mimes { /** * Map of extensions to mime types. + * + * @var array|string> */ public static array $mimes = [ 'hqx' => [ diff --git a/app/Config/Routing.php b/app/Config/Routing.php index c0234da8..47bf5ff8 100644 --- a/app/Config/Routing.php +++ b/app/Config/Routing.php @@ -24,6 +24,8 @@ class Routing extends BaseRouting * found taking precedence. * * Default: APPPATH . 'Config/Routes.php' + * + * @var list */ public array $routeFiles = [ APPPATH . 'Config/Routes.php', @@ -106,7 +108,7 @@ class Routing extends BaseRouting * 'blog' => 'Acme\Blog\Controllers', * ] * - * @var array [ uri_segment => namespace ] + * @var array */ public array $moduleRoutes = []; } diff --git a/app/Config/Toolbar.php b/app/Config/Toolbar.php index 97fbda28..5a3e5045 100644 --- a/app/Config/Toolbar.php +++ b/app/Config/Toolbar.php @@ -31,7 +31,7 @@ class Toolbar extends BaseConfig * List of toolbar collectors that will be called when Debug Toolbar * fires up and collects data from. * - * @var string[] + * @var list */ public array $collectors = [ Timers::class, @@ -49,7 +49,7 @@ class Toolbar extends BaseConfig * Collect Var Data * -------------------------------------------------------------------------- * - * If set to false var data from the views will not be colleted. Useful to + * If set to false var data from the views will not be collected. Useful to * avoid high memory usage when there are lots of data passed to the view. */ public bool $collectVarData = true; @@ -99,6 +99,8 @@ class Toolbar extends BaseConfig * We restrict the values to keep performance as high as possible. * * NOTE: The ROOTPATH will be prepended to all values. + * + * @var list */ public array $watchedDirectories = [ 'app', @@ -111,6 +113,8 @@ class Toolbar extends BaseConfig * * Contains an array of file extensions that will be watched for changes and * used to determine if the hot-reload feature should reload the page or not. + * + * @var list */ public array $watchedExtensions = [ 'php', 'css', 'js', 'html', 'svg', 'json', 'env', diff --git a/app/Config/Validation.php b/app/Config/Validation.php index 017dac5a..6342dbbe 100644 --- a/app/Config/Validation.php +++ b/app/Config/Validation.php @@ -18,7 +18,7 @@ class Validation extends BaseConfig * Stores the classes that contain the * rules that are available. * - * @var string[] + * @var list */ public array $ruleSets = [ Rules::class, diff --git a/app/Config/View.php b/app/Config/View.php index cf00863f..cf8dd06f 100644 --- a/app/Config/View.php +++ b/app/Config/View.php @@ -6,8 +6,8 @@ use CodeIgniter\View\ViewDecoratorInterface; /** - * @phpstan-type ParserCallable (callable(mixed): mixed) - * @phpstan-type ParserCallableString (callable(mixed): mixed)&string + * @phpstan-type parser_callable (callable(mixed): mixed) + * @phpstan-type parser_callable_string (callable(mixed): mixed)&string */ class View extends BaseView { @@ -34,8 +34,8 @@ class View extends BaseView * { title|esc(js) } * { created_on|date(Y-m-d)|esc(attr) } * - * @var array - * @phpstan-var array + * @var array + * @phpstan-var array */ public $filters = []; @@ -44,8 +44,8 @@ class View extends BaseView * by the core Parser by creating aliases that will be replaced with * any callable. Can be single or tag pair. * - * @var array|callable|string> - * @phpstan-var array|ParserCallableString|ParserCallable> + * @var array|string> + * @phpstan-var array|parser_callable_string|parser_callable> */ public $plugins = []; @@ -56,7 +56,7 @@ class View extends BaseView * * All classes must implement CodeIgniter\View\ViewDecoratorInterface * - * @var class-string[] + * @var list> */ public array $decorators = []; } diff --git a/app/Controllers/BaseController.php b/app/Controllers/BaseController.php index fb44007e..8b435dab 100644 --- a/app/Controllers/BaseController.php +++ b/app/Controllers/BaseController.php @@ -33,7 +33,7 @@ abstract class BaseController extends Controller * class instantiation. These helpers will be available * to all other controllers that extend BaseController. * - * @var array + * @var list */ protected $helpers = []; diff --git a/app/Views/errors/html/debug.css b/app/Views/errors/html/debug.css index 98f54dbc..6a050c8b 100644 --- a/app/Views/errors/html/debug.css +++ b/app/Views/errors/html/debug.css @@ -19,7 +19,6 @@ body { } h1 { font-weight: lighter; - letter-spacing: 0.8; font-size: 3rem; color: var(--dark-text-color); margin: 0; @@ -44,7 +43,7 @@ p.lead { color: var(--dark-text-color); } .header .container { - padding: 1rem 1.75rem 1.75rem 1.75rem; + padding: 1rem; } .header h1 { font-size: 2.5rem; @@ -65,14 +64,11 @@ p.lead { display: inline; } -.footer { +.environment { background: var(--dark-bg-color); color: var(--light-text-color); -} -.footer .container { - border-top: 1px solid #e7e7e7; - margin-top: 1rem; text-align: center; + padding: 0.2rem; } .source { @@ -112,7 +108,7 @@ p.lead { } .tabs a:link, .tabs a:visited { - padding: 0rem 1rem; + padding: 0 1rem; line-height: 2.7; text-decoration: none; color: var(--dark-text-color); @@ -152,9 +148,6 @@ p.lead { border-radius: 5px; color: #31708f; } -ul, ol { - line-height: 1.8; -} table { width: 100%; diff --git a/app/Views/errors/html/error_exception.php b/app/Views/errors/html/error_exception.php index 406b48ec..047c2f4c 100644 --- a/app/Views/errors/html/error_exception.php +++ b/app/Views/errors/html/error_exception.php @@ -23,6 +23,12 @@
+
+ Displayed at — + PHP: — + CodeIgniter: -- + Environment: +

getCode() ? ' #' . $exception->getCode() : '') ?>

@@ -401,18 +407,5 @@

-
-
- -

- Displayed at — - PHP: — - CodeIgniter: -- - Environment: -

- -
-
- diff --git a/tests/_support/Database/Migrations/2020-02-22-222222_example_migration.php b/tests/_support/Database/Migrations/2020-02-22-222222_example_migration.php index 2bbdcfe5..a73356d3 100644 --- a/tests/_support/Database/Migrations/2020-02-22-222222_example_migration.php +++ b/tests/_support/Database/Migrations/2020-02-22-222222_example_migration.php @@ -8,7 +8,7 @@ class ExampleMigration extends Migration { protected $DBGroup = 'tests'; - public function up() + public function up(): void { $this->forge->addField('id'); $this->forge->addField([ @@ -30,7 +30,7 @@ public function up() $this->forge->createTable('factories'); } - public function down() + public function down(): void { $this->forge->dropTable('factories'); } diff --git a/tests/_support/Database/Seeds/ExampleSeeder.php b/tests/_support/Database/Seeds/ExampleSeeder.php index f67bf8fb..619fc27a 100644 --- a/tests/_support/Database/Seeds/ExampleSeeder.php +++ b/tests/_support/Database/Seeds/ExampleSeeder.php @@ -6,7 +6,7 @@ class ExampleSeeder extends Seeder { - public function run() + public function run(): void { $factories = [ [ diff --git a/tests/database/ExampleDatabaseTest.php b/tests/database/ExampleDatabaseTest.php index 400fd241..d6c3bb9e 100644 --- a/tests/database/ExampleDatabaseTest.php +++ b/tests/database/ExampleDatabaseTest.php @@ -14,7 +14,7 @@ final class ExampleDatabaseTest extends CIUnitTestCase protected $seed = ExampleSeeder::class; - public function testModelFindAll() + public function testModelFindAll(): void { $model = new ExampleModel(); @@ -25,7 +25,7 @@ public function testModelFindAll() $this->assertCount(3, $objects); } - public function testSoftDeleteLeavesRow() + public function testSoftDeleteLeavesRow(): void { $model = new ExampleModel(); $this->setPrivateProperty($model, 'useSoftDeletes', true); diff --git a/tests/session/ExampleSessionTest.php b/tests/session/ExampleSessionTest.php index 98fe7afa..6ada0c56 100644 --- a/tests/session/ExampleSessionTest.php +++ b/tests/session/ExampleSessionTest.php @@ -8,7 +8,7 @@ */ final class ExampleSessionTest extends CIUnitTestCase { - public function testSessionSimple() + public function testSessionSimple(): void { $session = Services::session(); diff --git a/tests/unit/HealthTest.php b/tests/unit/HealthTest.php index ab3e2aa1..25f229b0 100644 --- a/tests/unit/HealthTest.php +++ b/tests/unit/HealthTest.php @@ -10,12 +10,12 @@ */ final class HealthTest extends CIUnitTestCase { - public function testIsDefinedAppPath() + public function testIsDefinedAppPath(): void { $this->assertTrue(defined('APPPATH')); } - public function testBaseUrlHasBeenSet() + public function testBaseUrlHasBeenSet(): void { $validation = Services::validation();