Release v4.5.5

composer.json

@@ -23,7 +23,7 @@
         "kint-php/kint": "^5.0.4",
         "mikey179/vfsstream": "^1.6",
         "nexusphp/cs-config": "^3.6",
-        "phpunit/phpunit": "^10.5.16",
+        "phpunit/phpunit": "^10.5.16 || ^11.2",
         "predis/predis": "^1.1 || ^2.0"
     },
     "suggest": {

preload.php

@@ -38,23 +38,25 @@ class preload
         [
             'include' => __DIR__ . '/vendor/codeigniter4/framework/system', // Change this path if using manual installation
             'exclude' => [
-                '/system/bootstrap.php',
                 // Not needed if you don't use them.
                 '/system/Database/OCI8/',
                 '/system/Database/Postgre/',
                 '/system/Database/SQLite3/',
                 '/system/Database/SQLSRV/',
-                // Not needed.
+                // Not needed for web apps.
                 '/system/Database/Seeder.php',
                 '/system/Test/',
-                '/system/Language/',
                 '/system/CLI/',
                 '/system/Commands/',
                 '/system/Publisher/',
                 '/system/ComposerScripts.php',
+                // Not Class/Function files.
+                '/system/Config/Routes.php',
+                '/system/Language/',
+                '/system/bootstrap.php',
+                '/system/rewrite.php',
                 '/Views/',
                 // Errors occur.
-                '/system/Config/Routes.php',
                 '/system/ThirdParty/',
             ],
         ],

system/BaseModel.php

@@ -541,7 +541,7 @@ abstract protected function doReplace(?array $row = null, bool $returnSQL = fals
      * Grabs the last error(s) that occurred from the Database connection.
      * This method works only with dbCalls.
      *
-     * @return array|null
+     * @return array<string, string>
      */
     abstract protected function doErrors();
 
@@ -1242,7 +1242,7 @@ public function replace(?array $row = null, bool $returnSQL = false)
      *
      * @param bool $forceDB Always grab the db error, not validation
      *
-     * @return array<string,string>
+     * @return array<string, string>
      */
     public function errors(bool $forceDB = false)
     {

system/CodeIgniter.php

@@ -56,7 +56,7 @@ class CodeIgniter
     /**
      * The current version of CodeIgniter Framework
      */
-    public const CI_VERSION = '4.5.4';
+    public const CI_VERSION = '4.5.5';
 
     /**
      * App startup time.

system/Common.php

@@ -28,6 +28,7 @@
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
+use CodeIgniter\Language\Language;
 use CodeIgniter\Model;
 use CodeIgniter\Session\Session;
 use CodeIgniter\Test\TestLogger;
@@ -732,6 +733,7 @@ function is_windows(?bool $mock = null): bool
      */
     function lang(string $line, array $args = [], ?string $locale = null)
     {
+        /** @var Language $language */
         $language = service('language');
 
         // Get active locale

system/Database/BaseBuilder.php

@@ -3164,21 +3164,27 @@ protected function compileWhereHaving(string $qbKey): string
                 );
 
                 foreach ($conditions as &$condition) {
-                    if (($op = $this->getOperator($condition)) === false
-                        || ! preg_match('/^(\(?)(.*)(' . preg_quote($op, '/') . ')\s*(.*(?<!\)))?(\)?)$/i', $condition, $matches)
+                    $op = $this->getOperator($condition);
+                    if (
+                        $op === false
+                        || ! preg_match(
+                            '/^(\(?)(.*)(' . preg_quote($op, '/') . ')\s*(.*(?<!\)))?(\)?)$/i',
+                            $condition,
+                            $matches
+                        )
                     ) {
                         continue;
                     }
-                    // $matches = array(
-                    //	0 => '(test <= foo)',	/* the whole thing */
-                    //	1 => '(',		/* optional */
-                    //	2 => 'test',		/* the field name */
-                    //	3 => ' <= ',		/* $op */
-                    //	4 => 'foo',		/* optional, if $op is e.g. 'IS NULL' */
-                    //	5 => ')'		/* optional */
-                    // );
-
-                    if (! empty($matches[4])) {
+                    // $matches = [
+                    //  0 => '(test <= foo)',   /* the whole thing */
+                    //  1 => '(',               /* optional */
+                    //  2 => 'test',            /* the field name */
+                    //  3 => ' <= ',            /* $op */
+                    //  4 => 'foo',	            /* optional, if $op is e.g. 'IS NULL' */
+                    //  5 => ')'                /* optional */
+                    // ];
+
+                    if (isset($matches[4]) && $matches[4] !== '') {
                         $protectIdentifiers = false;
                         if (str_contains($matches[4], '.')) {
                             $protectIdentifiers = true;

system/Database/BaseConnection.php

@@ -784,9 +784,9 @@ public function transStart(bool $testMode = false): bool
      *
      * @return $this
      */
-    public function transException(bool $transExcetion)
+    public function transException(bool $transException)
     {
-        $this->transException = $transExcetion;
+        $this->transException = $transException;
 
         return $this;
     }

system/Database/Database.php

@@ -13,6 +13,8 @@
 
 namespace CodeIgniter\Database;
 
+use CodeIgniter\Exceptions\ConfigException;
+use CodeIgniter\Exceptions\CriticalError;
 use InvalidArgumentException;
 
 /**
@@ -54,6 +56,8 @@ public function load(array $params = [], string $alias = '')
             throw new InvalidArgumentException('You have not selected a database type to connect to.');
         }
 
+        assert($this->checkDbExtension($params['DBDriver']));
+
         $this->connections[$alias] = $this->initDriver($params['DBDriver'], 'Connection', $params);
 
         return $this->connections[$alias];
@@ -124,9 +128,9 @@ protected function parseDSN(array $params): array
     /**
      * Creates a database object.
      *
-     * @param string       $driver   Driver name. FQCN can be used.
-     * @param string       $class    'Connection'|'Forge'|'Utils'
-     * @param array|object $argument The constructor parameter.
+     * @param string                    $driver   Driver name. FQCN can be used.
+     * @param string                    $class    'Connection'|'Forge'|'Utils'
+     * @param array|ConnectionInterface $argument The constructor parameter or DB connection
      *
      * @return BaseConnection|BaseUtils|Forge
      */
@@ -138,4 +142,43 @@ protected function initDriver(string $driver, string $class, $argument): object
 
         return new $classname($argument);
     }
+
+    /**
+     * Check the PHP database extension is loaded.
+     *
+     * @param string $driver DB driver or FQCN for custom driver
+     */
+    private function checkDbExtension(string $driver): bool
+    {
+        if (str_contains($driver, '\\')) {
+            // Cannot check a fully qualified classname for a custom driver.
+            return true;
+        }
+
+        $extensionMap = [
+            // DBDriver => PHP extension
+            'MySQLi'  => 'mysqli',
+            'SQLite3' => 'sqlite3',
+            'Postgre' => 'pgsql',
+            'SQLSRV'  => 'sqlsrv',
+            'OCI8'    => 'oci8',
+        ];
+
+        $extension = $extensionMap[$driver] ?? '';
+
+        if ($extension === '') {
+            $message = 'Invalid DBDriver name: "' . $driver . '"';
+
+            throw new ConfigException($message);
+        }
+
+        if (extension_loaded($extension)) {
+            return true;
+        }
+
+        $message = 'The required PHP extension "' . $extension . '" is not loaded.'
+            . ' Install and enable it to use "' . $driver . '" driver.';
+
+        throw new CriticalError($message);
+    }
 }

system/Database/Postgre/Builder.php

@@ -411,10 +411,8 @@ static function ($key, $value) use ($table, $alias, $that) {
      * Returns cast expression.
      *
      * @TODO move this to BaseBuilder in 4.5.0
-     *
-     * @param float|int|string $expression
      */
-    private function cast($expression, ?string $type): string
+    private function cast(string $expression, ?string $type): string
     {
         return ($type === null) ? $expression : 'CAST(' . $expression . ' AS ' . strtoupper($type) . ')';
     }

system/Entity/Entity.php

@@ -106,7 +106,7 @@ class Entity implements JsonSerializable
     /**
      * Holds the current values of all class vars.
      *
-     * @var array
+     * @var array<string, mixed>
      */
     protected $attributes = [];
 
@@ -115,7 +115,7 @@ class Entity implements JsonSerializable
      * what's actually been changed and not accidentally write
      * nulls where we shouldn't.
      *
-     * @var array
+     * @var array<string, mixed>
      */
     protected $original = [];
 

system/Filters/CSRF.php

@@ -18,6 +18,7 @@
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
 use CodeIgniter\Security\Exceptions\SecurityException;
+use CodeIgniter\Security\Security;
 
 /**
  * CSRF filter.
@@ -30,14 +31,7 @@
 class CSRF implements FilterInterface
 {
     /**
-     * Do whatever processing this filter needs to do.
-     * By default it should not return anything during
-     * normal execution. However, when an abnormal state
-     * is found, it should return an instance of
-     * CodeIgniter\HTTP\Response. If it does, script
-     * execution will end and that Response will be
-     * sent back to the client, allowing for error pages,
-     * redirects, etc.
+     * CSRF verification.
      *
      * @param list<string>|null $arguments
      *
@@ -51,6 +45,7 @@ public function before(RequestInterface $request, $arguments = null)
             return;
         }
 
+        /** @var Security $security */
         $security = service('security');
 
         try {

system/HTTP/ContentSecurityPolicy.php

@@ -31,7 +31,7 @@ class ContentSecurityPolicy
     /**
      * CSP directives
      *
-     * @var array<string, string>
+     * @var array<string, string> [name => property]
      */
     protected array $directives = [
         'base-uri'        => 'baseURI',
@@ -166,7 +166,8 @@ class ContentSecurityPolicy
     protected $sandbox = [];
 
     /**
-     * Used for security enforcement
+     * A set of endpoints to which csp violation reports will be sent when
+     * particular behaviors are prevented.
      *
      * @var string|null
      */
@@ -189,7 +190,7 @@ class ContentSecurityPolicy
     /**
      * Used for security enforcement
      *
-     * @var array
+     * @var list<string>
      */
     protected $validSources = [
         'self',
@@ -242,7 +243,7 @@ class ContentSecurityPolicy
 
     /**
      * An array of header info since we have
-     * to build ourself before passing to Response.
+     * to build ourselves before passing to Response.
      *
      * @var array
      */
@@ -594,6 +595,9 @@ public function addPluginType($mime, ?bool $explicitReporting = null)
      *
      * @see http://www.w3.org/TR/CSP/#directive-report-uri
      *
+     * @param string $uri URL to send reports. Set `''` if you want to remove
+     *                    this directive at runtime.
+     *
      * @return $this
      */
     public function setReportURI(string $uri)