Release v4.1.6

Author: actions-user

LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2014-2019 British Columbia Institute of Technology
-Copyright (c) 2019-2021 CodeIgniter Foundation
+Copyright (c) 2019-2022 CodeIgniter Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/Config/Filters.php

@@ -6,6 +6,8 @@
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
 use CodeIgniter\Filters\Honeypot;
+use CodeIgniter\Filters\InvalidChars;
+use CodeIgniter\Filters\SecureHeaders;
 
 class Filters extends BaseConfig
 {
@@ -16,9 +18,11 @@ class Filters extends BaseConfig
      * @var array
      */
     public $aliases = [
-        'csrf'     => CSRF::class,
-        'toolbar'  => DebugToolbar::class,
-        'honeypot' => Honeypot::class,
+        'csrf'          => CSRF::class,
+        'toolbar'       => DebugToolbar::class,
+        'honeypot'      => Honeypot::class,
+        'invalidchars'  => InvalidChars::class,
+        'secureheaders' => SecureHeaders::class,
     ];
 
     /**
@@ -31,10 +35,12 @@ class Filters extends BaseConfig
         'before' => [
             // 'honeypot',
             // 'csrf',
+            // 'invalidchars',
         ],
         'after' => [
             'toolbar',
             // 'honeypot',
+            // 'secureheaders',
         ],
     ];
 

app/Config/Mimes.php

@@ -509,7 +509,7 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt
     {
         $type = trim(strtolower($type), '. ');
 
-        $proposedExtension = trim(strtolower($proposedExtension));
+        $proposedExtension = trim(strtolower($proposedExtension ?? ''));
 
         if ($proposedExtension !== '') {
             if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {

app/Config/Security.php

@@ -17,6 +17,17 @@ class Security extends BaseConfig
      */
     public $csrfProtection = 'cookie';
 
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Token Randomization
+     * --------------------------------------------------------------------------
+     *
+     * Randomize the CSRF Token for added security.
+     *
+     * @var bool
+     */
+    public $tokenRandomize = false;
+
     /**
      * --------------------------------------------------------------------------
      * CSRF Token Name

app/Config/Toolbar.php

@@ -44,6 +44,18 @@ class Toolbar extends BaseConfig
         Events::class,
     ];
 
+    /**
+     * --------------------------------------------------------------------------
+     * Collect Var Data
+     * --------------------------------------------------------------------------
+     *
+     * If set to false var data from the views will not be colleted. Usefull to
+     * avoid high memory usage when there are lots of data passed to the view.
+     *
+     * @var bool
+     */
+    public $collectVarData = true;
+
     /**
      * --------------------------------------------------------------------------
      * Max History

app/Views/errors/html/error_exception.php

@@ -195,7 +195,7 @@
 					<tbody>
 						<tr>
 							<td style="width: 10em">Path</td>
-							<td><?= esc($request->uri) ?></td>
+							<td><?= esc($request->getUri()) ?></td>
 						</tr>
 						<tr>
 							<td>HTTP Method</td>

env

@@ -111,6 +111,7 @@
 #--------------------------------------------------------------------
 
 # security.csrfProtection = 'cookie'
+# security.tokenRandomize = false
 # security.tokenName = 'csrf_token_name'
 # security.headerName = 'X-CSRF-TOKEN'
 # security.cookieName = 'csrf_cookie_name'

system/Autoloader/Autoloader.php

@@ -114,10 +114,10 @@ public function initialize(Autoload $config, Modules $modules)
     public function register()
     {
         // Prepend the PSR4  autoloader for maximum performance.
-        spl_autoload_register([$this, 'loadClass'], true, true); // @phpstan-ignore-line
+        spl_autoload_register([$this, 'loadClass'], true, true);
 
         // Now prepend another loader for the files in our class map.
-        spl_autoload_register([$this, 'loadClassmap'], true, true); // @phpstan-ignore-line
+        spl_autoload_register([$this, 'loadClassmap'], true, true);
 
         // Load our non-class files
         foreach ($this->files as $file) {

system/Autoloader/FileLocator.php

@@ -55,6 +55,7 @@ public function locateFile(string $file, ?string $folder = null, string $ext = '
 
         // Standardize slashes to handle nested directories.
         $file = strtr($file, '/', '\\');
+        $file = ltrim($file, '\\');
 
         $segments = explode('\\', $file);
 
@@ -64,23 +65,20 @@ public function locateFile(string $file, ?string $folder = null, string $ext = '
         }
 
         $paths    = [];
-        $prefix   = '';
         $filename = '';
 
         // Namespaces always comes with arrays of paths
         $namespaces = $this->autoloader->getNamespace();
 
-        while (! empty($segments)) {
-            $prefix .= empty($prefix) ? array_shift($segments) : '\\' . array_shift($segments);
+        foreach (array_keys($namespaces) as $namespace) {
+            if (substr($file, 0, strlen($namespace)) === $namespace) {
+                // There may be sub-namespaces of the same vendor,
+                // so overwrite them with namespaces found later.
+                $paths = $namespaces[$namespace];
 
-            if (empty($namespaces[$prefix])) {
-                continue;
+                $fileWithoutNamespace = substr($file, strlen($namespace));
+                $filename             = ltrim(str_replace('\\', '/', $fileWithoutNamespace), '/');
             }
-
-            $paths = $namespaces[$prefix];
-
-            $filename = implode('/', $segments);
-            break;
         }
 
         // if no namespaces matched then quit

system/BaseModel.php

@@ -1578,7 +1578,7 @@ protected function transformDataToArray($data, string $type): array
         // properties representing the collection elements, we need to grab
         // them as an array.
         if (is_object($data) && ! $data instanceof stdClass) {
-            $data = $this->objectToArray($data, true, true);
+            $data = $this->objectToArray($data, ($type === 'update'), true);
         }
 
         // If it's still a stdClass, go ahead and convert to