Release v4.1.6

codeigniter4 · Jan 4, 2022 · 65ab17d · 65ab17d
1 parent 3216a21
commit 65ab17d
Show file tree

Hide file tree

Showing 9 changed files with 44 additions and 8 deletions.
diff --git a/LICENSE b/LICENSE
@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2014-2019 British Columbia Institute of Technology
-Copyright (c) 2019-2021 CodeIgniter Foundation
+Copyright (c) 2019-2022 CodeIgniter Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/app/Config/Filters.php b/app/Config/Filters.php
@@ -6,6 +6,8 @@
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
 use CodeIgniter\Filters\Honeypot;
+use CodeIgniter\Filters\InvalidChars;
+use CodeIgniter\Filters\SecureHeaders;
 
 class Filters extends BaseConfig
 {
@@ -16,9 +18,11 @@ class Filters extends BaseConfig
      * @var array
      */
     public $aliases = [
-        'csrf'     => CSRF::class,
-        'toolbar'  => DebugToolbar::class,
-        'honeypot' => Honeypot::class,
+        'csrf'          => CSRF::class,
+        'toolbar'       => DebugToolbar::class,
+        'honeypot'      => Honeypot::class,
+        'invalidchars'  => InvalidChars::class,
+        'secureheaders' => SecureHeaders::class,
     ];
 
     /**
@@ -31,10 +35,12 @@ class Filters extends BaseConfig
         'before' => [
             // 'honeypot',
             // 'csrf',
+            // 'invalidchars',
         ],
         'after' => [
             'toolbar',
             // 'honeypot',
+            // 'secureheaders',
         ],
     ];
 

diff --git a/app/Config/Mimes.php b/app/Config/Mimes.php
@@ -509,7 +509,7 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt
     {
         $type = trim(strtolower($type), '. ');
 
-        $proposedExtension = trim(strtolower($proposedExtension));
+        $proposedExtension = trim(strtolower($proposedExtension ?? ''));
 
         if ($proposedExtension !== '') {
             if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {

diff --git a/app/Config/Security.php b/app/Config/Security.php
@@ -17,6 +17,17 @@ class Security extends BaseConfig
      */
     public $csrfProtection = 'cookie';
 
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Token Randomization
+     * --------------------------------------------------------------------------
+     *
+     * Randomize the CSRF Token for added security.
+     *
+     * @var bool
+     */
+    public $tokenRandomize = false;
+
     /**
      * --------------------------------------------------------------------------
      * CSRF Token Name

diff --git a/app/Config/Toolbar.php b/app/Config/Toolbar.php
@@ -44,6 +44,18 @@ class Toolbar extends BaseConfig
         Events::class,
     ];
 
+    /**
+     * --------------------------------------------------------------------------
+     * Collect Var Data
+     * --------------------------------------------------------------------------
+     *
+     * If set to false var data from the views will not be colleted. Usefull to
+     * avoid high memory usage when there are lots of data passed to the view.
+     *
+     * @var bool
+     */
+    public $collectVarData = true;
+
     /**
      * --------------------------------------------------------------------------
      * Max History

diff --git a/app/Views/errors/html/error_exception.php b/app/Views/errors/html/error_exception.php
@@ -195,7 +195,7 @@
 					<tbody>
 						<tr>
 							<td style="width: 10em">Path</td>
-							<td><?= esc($request->uri) ?></td>
+							<td><?= esc($request->getUri()) ?></td>
 						</tr>
 						<tr>
 							<td>HTTP Method</td>

diff --git a/env b/env
@@ -111,6 +111,7 @@
 #--------------------------------------------------------------------
 
 # security.csrfProtection = 'cookie'
+# security.tokenRandomize = false
 # security.tokenName = 'csrf_token_name'
 # security.headerName = 'X-CSRF-TOKEN'
 # security.cookieName = 'csrf_cookie_name'

diff --git a/tests/database/ExampleDatabaseTest.php b/tests/database/ExampleDatabaseTest.php
@@ -2,6 +2,7 @@
 
 use CodeIgniter\Test\CIUnitTestCase;
 use CodeIgniter\Test\DatabaseTestTrait;
+use Tests\Support\Database\Seeds\ExampleSeeder;
 use Tests\Support\Models\ExampleModel;
 
 /**
@@ -11,6 +12,8 @@ final class ExampleDatabaseTest extends CIUnitTestCase
 {
     use DatabaseTestTrait;
 
+    protected $seed = ExampleSeeder::class;
+
     public function testModelFindAll()
     {
         $model = new ExampleModel();

diff --git a/tests/session/ExampleSessionTest.php b/tests/session/ExampleSessionTest.php
@@ -1,6 +1,7 @@
 <?php
 
 use CodeIgniter\Test\CIUnitTestCase;
+use Config\Services;
 
 /**
  * @internal
@@ -9,7 +10,9 @@ final class ExampleSessionTest extends CIUnitTestCase
 {
     public function testSessionSimple()
     {
-        $this->session->set('logged_in', 123);
-        $this->assertSame(123, $this->session->get('logged_in'));
+        $session = Services::session();
+
+        $session->set('logged_in', 123);
+        $this->assertSame(123, $session->get('logged_in'));
     }
 }