Patch framework to 4.2.0

Author: MGatner

app/Config/App.php

@@ -3,6 +3,7 @@
 namespace Config;
 
 use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Session\Handlers\FileHandler;
 
 class App extends BaseConfig
 {
@@ -151,7 +152,7 @@ class App extends BaseConfig
      *
      * @var string
      */
-    public $sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler';
+    public $sessionDriver = FileHandler::class;
 
     /**
      * --------------------------------------------------------------------------
@@ -318,7 +319,7 @@ class App extends BaseConfig
      * (empty string) means default SameSite attribute set by browsers (`Lax`)
      * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
      *
-     * @var string
+     * @var string|null
      *
      * @deprecated use Config\Cookie::$samesite property instead.
      */
@@ -436,7 +437,7 @@ class App extends BaseConfig
      * Defaults to `Lax` as recommended in this link:
      *
      * @see https://portswigger.net/web-security/csrf/samesite-cookies
-     * @deprecated Use `Config\Security` $samesite property instead of using this property.
+     * @deprecated `Config\Cookie` $samesite property is used.
      *
      * @var string
      */

app/Config/Constants.php

@@ -77,3 +77,18 @@
 defined('EXIT_DATABASE')       || define('EXIT_DATABASE', 8); // database error
 defined('EXIT__AUTO_MIN')      || define('EXIT__AUTO_MIN', 9); // lowest automatically-assigned error code
 defined('EXIT__AUTO_MAX')      || define('EXIT__AUTO_MAX', 125); // highest automatically-assigned error code
+
+/**
+ * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_LOW instead.
+ */
+define('EVENT_PRIORITY_LOW', 200);
+
+/**
+ * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_NORMAL instead.
+ */
+define('EVENT_PRIORITY_NORMAL', 100);
+
+/**
+ * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_HIGH instead.
+ */
+define('EVENT_PRIORITY_HIGH', 10);

app/Config/ContentSecurityPolicy.php

@@ -164,4 +164,25 @@ class ContentSecurityPolicy extends BaseConfig
      * @var string|string[]|null
      */
     public $sandbox;
+
+    /**
+     * Nonce tag for style
+     *
+     * @var string
+     */
+    public $styleNonceTag = '{csp-style-nonce}';
+
+    /**
+     * Nonce tag for script
+     *
+     * @var string
+     */
+    public $scriptNonceTag = '{csp-script-nonce}';
+
+    /**
+     * Replace nonce tag automatically
+     *
+     * @var bool
+     */
+    public $autoNonce = true;
 }

app/Config/Database.php

@@ -57,23 +57,24 @@ class Database extends Config
      * @var array
      */
     public $tests = [
-        'DSN'      => '',
-        'hostname' => '127.0.0.1',
-        'username' => '',
-        'password' => '',
-        'database' => ':memory:',
-        'DBDriver' => 'SQLite3',
-        'DBPrefix' => 'db_',  // Needed to ensure we're working correctly with prefixes live. DO NOT REMOVE FOR CI DEVS
-        'pConnect' => false,
-        'DBDebug'  => (ENVIRONMENT !== 'production'),
-        'charset'  => 'utf8',
-        'DBCollat' => 'utf8_general_ci',
-        'swapPre'  => '',
-        'encrypt'  => false,
-        'compress' => false,
-        'strictOn' => false,
-        'failover' => [],
-        'port'     => 3306,
+        'DSN'         => '',
+        'hostname'    => '127.0.0.1',
+        'username'    => '',
+        'password'    => '',
+        'database'    => ':memory:',
+        'DBDriver'    => 'SQLite3',
+        'DBPrefix'    => 'db_',  // Needed to ensure we're working correctly with prefixes live. DO NOT REMOVE FOR CI DEVS
+        'pConnect'    => false,
+        'DBDebug'     => (ENVIRONMENT !== 'production'),
+        'charset'     => 'utf8',
+        'DBCollat'    => 'utf8_general_ci',
+        'swapPre'     => '',
+        'encrypt'     => false,
+        'compress'    => false,
+        'strictOn'    => false,
+        'failover'    => [],
+        'port'        => 3306,
+        'foreignKeys' => true,
     ];
 
     public function __construct()

app/Config/Feature.php

@@ -10,7 +10,7 @@
 class Feature extends BaseConfig
 {
     /**
-     * Enable multiple filters for a route or not
+     * Enable multiple filters for a route or not.
      *
      * If you enable this:
      *   - CodeIgniter\CodeIgniter::handleRequest() uses:
@@ -24,4 +24,9 @@ class Feature extends BaseConfig
      * @var bool
      */
     public $multipleFilters = false;
+
+    /**
+     * Use improved new auto routing instead of the default legacy version.
+     */
+    public bool $autoRoutesImproved = false;
 }

app/Config/Filters.php

@@ -49,7 +49,11 @@ class Filters extends BaseConfig
      * particular HTTP method (GET, POST, etc.).
      *
      * Example:
-     * 'post' => ['csrf', 'throttle']
+     * 'post' => ['foo', 'bar']
+     *
+     * If you use this, you should disable auto-routing because auto-routing
+     * permits any HTTP method to access a controller. Accessing the controller
+     * with a method you don’t expect could bypass the filter.
      *
      * @var array
      */

app/Config/Format.php

@@ -4,6 +4,8 @@
 
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Format\FormatterInterface;
+use CodeIgniter\Format\JSONFormatter;
+use CodeIgniter\Format\XMLFormatter;
 
 class Format extends BaseConfig
 {
@@ -40,9 +42,9 @@ class Format extends BaseConfig
      * @var array<string, string>
      */
     public $formatters = [
-        'application/json' => 'CodeIgniter\Format\JSONFormatter',
-        'application/xml'  => 'CodeIgniter\Format\XMLFormatter',
-        'text/xml'         => 'CodeIgniter\Format\XMLFormatter',
+        'application/json' => JSONFormatter::class,
+        'application/xml'  => XMLFormatter::class,
+        'text/xml'         => XMLFormatter::class,
     ];
 
     /**

app/Config/Logger.php

@@ -2,6 +2,7 @@
 
 namespace Config;
 
+use CodeIgniter\Log\Handlers\FileHandler;
 use CodeIgniter\Config\BaseConfig;
 
 class Logger extends BaseConfig
@@ -83,7 +84,7 @@ class Logger extends BaseConfig
          * File Handler
          * --------------------------------------------------------------------
          */
-        'CodeIgniter\Log\Handlers\FileHandler' => [
+        FileHandler::class => [
 
             // The log levels that this handler will handle.
             'handles' => [

app/Config/Mimes.php

@@ -260,6 +260,7 @@ class Mimes
             'image/png',
             'image/x-png',
         ],
+        'webp' => 'image/webp',
         'tif'  => 'image/tiff',
         'tiff' => 'image/tiff',
         'css'  => [

app/Config/Publisher.php

@@ -23,6 +23,6 @@ class Publisher extends BasePublisher
      */
     public $restrictions = [
         ROOTPATH => '*',
-        FCPATH   => '#\.(?css|js|map|htm?|xml|json|webmanifest|tff|eot|woff?|gif|jpe?g|tiff?|png|webp|bmp|ico|svg)$#i',
+        FCPATH   => '#\.(s?css|js|map|html?|xml|json|webmanifest|ttf|eot|woff2?|gif|jpe?g|tiff?|png|webp|bmp|ico|svg)$#i',
     ];
 }