Release v4.1.9

Author: actions-user

system/CodeIgniter.php

@@ -45,7 +45,7 @@ class CodeIgniter
     /**
      * The current version of CodeIgniter Framework
      */
-    public const CI_VERSION = '4.1.8';
+    public const CI_VERSION = '4.1.9';
 
     private const MIN_PHP_VERSION = '7.3';
 
@@ -299,6 +299,12 @@ public function run(?RouteCollectionInterface $routes = null, bool $returnRespon
 
         $this->spoofRequestMethod();
 
+        if ($this->request instanceof IncomingRequest && $this->request->getMethod() === 'cli') {
+            $this->response->setStatusCode(405)->setBody('Method Not Allowed');
+
+            return $this->sendResponse();
+        }
+
         Events::trigger('pre_system');
 
         // Check for a cached page. Execution will stop
@@ -352,6 +358,7 @@ public function useSafeOutput(bool $safe = true)
     /**
      * Handles the main request logic and fires the controller.
      *
+     * @throws PageNotFoundException
      * @throws RedirectException
      *
      * @return mixed|RequestInterface|ResponseInterface
@@ -976,7 +983,10 @@ public function spoofRequestMethod()
             return;
         }
 
-        $this->request = $this->request->setMethod($method);
+        // Only allows PUT, PATCH, DELETE
+        if (in_array(strtoupper($method), ['PUT', 'PATCH', 'DELETE'], true)) {
+            $this->request = $this->request->setMethod($method);
+        }
     }
 
     /**