diff --git a/.github/scripts/deploy.sh b/.github/scripts/deploy.sh new file mode 100755 index 00000000..783eddb8 --- /dev/null +++ b/.github/scripts/deploy.sh @@ -0,0 +1,58 @@ +#!/bin/sh -e + +# Deploys the official site to the production server. +# See ../workflows/deploy.yml + +REPO="/opt/website" +RELEASE_DIR="/home/public_html/site/releases" +SHARED_DIR="/home/public_html/site/shared" +USERGUIDE_DIR="/home/public_html/userguides" +CONFIG_FILE="/home/public_html/config/.env.site" + +if [ "$(id -u)" = "0" ]; then + echo "Cannot be run as root. Please run as the user for deployment." + exit 1 +fi + +RELEASE=`date +"%Y-%m-%d-%H-%M-%S"` + +echo 'Update website repository\n' +cd $REPO +git switch master +git pull + +echo 'Copy current release\n' +cd $RELEASE_DIR +sudo cp -pr $REPO ./$RELEASE + +echo 'Install composer dependencies\n' +cd $RELEASE_DIR/$RELEASE +composer install --no-dev + +if [ ! -d "$SHARED_DIR" ]; then + echo 'Create shared directory\n' + sudo mkdir -p "$SHARED_DIR" + echo 'Setup folder permissions\n' + sudo chown -R www-data:www-data writable + sudo chmod -R 755 writable + sudo cp -rp writable "$SHARED_DIR" +fi + +echo 'Link writable\n' +sudo rm -rf writable +sudo ln -nsf "$SHARED_DIR/writable" writable + +echo 'Link .env\n' +sudo ln -nsf $CONFIG_FILE .env + +echo 'Link user guides\n' +ln -nsf $USERGUIDE_DIR/userguide4 public/user_guide +ln -nsf $USERGUIDE_DIR/userguide3 public/userguide3 +ln -nsf $USERGUIDE_DIR/userguide2 public/userguide2 + +echo 'Deploy: update symlink\n' +cd $RELEASE_DIR +sudo ln -nsf $RELEASE_DIR/$RELEASE "../current" + +echo 'Reload PHP8.1-FPM\n' +sudo service php8.1-fpm reload diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index bfffe306..4867e15e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,63 +9,15 @@ jobs: name: "Deploy to Production" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: master - - name: Install SSH key - uses: shimataro/ssh-key-action@v2 + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.2.4 with: - key: ${{ secrets.DEPLOY_KEY }} - name: id_rsa - known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} - - - name: Deploy to Webserver - uses: yeshan333/rsync-deploy-action@main - id: rsync-deploy-action - with: - ssh_login_username: ${{ secrets.DEPLOY_USER }} - remote_server_ip: ${{ secrets.DEPLOY_SSH_BOX }} - ssh_port: ${{ secrets.DEPLOY_PORT }} - ssh_private_key: ${{ secrets.DEPLOY_KEY }} - source_path: "./*" - destination_path: "/home/public_html/site/latest" - - - name: Finalize deployment - uses: appleboy/ssh-action@master - env: - RELEASE_DIR: "/home/public_html/site/releases/" - RSYNC_DIR: "/home/public_html/site/latest/" - USERGUIDE_DIR: "/home/public_html/userguides" - CONFIG_FILE: "/home/public_html/config/.env.site" - with: - host: ${{ secrets.DEPLOY_SSH_BOX }} - username: ${{ secrets.DEPLOY_USER }} - key: ${{ secrets.DEPLOY_KEY }} - script_stop: true - envs: RELEASE_DIR,CONFIG_FILE,RSYNC_DIR,USERGUIDE_DIR - script: | - cd ~/ - RELEASE=`date +"%d-%m-%Y-%H-%M-%S"` - - echo $'Copy current release\n' - cd $RELEASE_DIR - cp -r ../latest ./$RELEASE - - echo $'Install composer dependencies\n' - cd $RELEASE_DIR/$RELEASE - composer install - - echo $'Setup FS\n' - cd $RELEASE_DIR/$RELEASE - sudo chmod -R 777 writable - sudo chmod -R a+rx vendor - sudo ln -nsf $CONFIG_FILE .env - - echo $'Link current user guide\n' - sudo ln -nsf $USERGUIDE_DIR/userguide4 public/user_guide - - echo $'Set up Links\n' - cd $RELEASE_DIR - sudo ln -nsf $RELEASE_DIR/$RELEASE "../current" - sudo service php8.1-fpm reload + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: /opt/website/.github/scripts/deploy.sh diff --git a/.github/workflows/deptrac.yml b/.github/workflows/deptrac.yml index ebaf4df1..5a3ba061 100644 --- a/.github/workflows/deptrac.yml +++ b/.github/workflows/deptrac.yml @@ -20,4 +20,4 @@ on: jobs: deptrac: - uses: codeigniter4/.github/.github/workflows/deptrac.yml@main + uses: codeigniter4/.github/.github/workflows/deptrac.yml@CI47 diff --git a/.github/workflows/infection.yml b/.github/workflows/infection.yml index e7d09934..eb3fbe9d 100644 --- a/.github/workflows/infection.yml +++ b/.github/workflows/infection.yml @@ -26,12 +26,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up PHP uses: shivammathur/setup-php@v2 with: - php-version: '8.1' + php-version: '8.2' tools: infection, phpunit extensions: intl, json, mbstring, gd, xml, sqlite3 coverage: xdebug @@ -48,7 +48,7 @@ jobs: run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE_FILES_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }} @@ -65,6 +65,6 @@ jobs: - name: Run Infection for added files only run: | git fetch --depth=1 origin $GITHUB_BASE_REF - infection --threads=max --git-diff-lines --git-diff-base=origin/$GITHUB_BASE_REF --ignore-msi-with-no-mutations --only-covered --logger-github + infection --threads=max --git-diff-lines --git-diff-base=origin/$GITHUB_BASE_REF --ignore-msi-with-no-mutations --logger-github env: GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/phpcpd.yml b/.github/workflows/phpcpd.yml index 296afa87..1e234d28 100644 --- a/.github/workflows/phpcpd.yml +++ b/.github/workflows/phpcpd.yml @@ -16,6 +16,6 @@ on: jobs: phpcpd: - uses: codeigniter4/.github/.github/workflows/phpcpd.yml@main + uses: codeigniter4/.github/.github/workflows/phpcpd.yml@CI47 with: dirs: "app/ tests/" diff --git a/.github/workflows/phpcsfixer.yml b/.github/workflows/phpcsfixer.yml index 79e5ecb8..b3cb79fc 100644 --- a/.github/workflows/phpcsfixer.yml +++ b/.github/workflows/phpcsfixer.yml @@ -30,11 +30,11 @@ jobs: strategy: fail-fast: false matrix: - php-versions: ['8.1'] + php-versions: ['8.2'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up PHP uses: shivammathur/setup-php@v2 @@ -49,7 +49,7 @@ jobs: run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE_FILES_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }} diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml index 9ff74c77..b0a76326 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -34,11 +34,11 @@ jobs: strategy: fail-fast: false matrix: - php-versions: ['8.1'] + php-versions: ['8.2'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup PHP uses: shivammathur/setup-php@v2 @@ -54,7 +54,7 @@ jobs: run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE_FILES_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }} @@ -64,7 +64,7 @@ jobs: run: mkdir -p build/phpstan - name: Cache PHPStan results - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: build/phpstan key: ${{ runner.os }}-phpstan-${{ github.sha }} diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index 11f7fccf..66e57cf4 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -25,11 +25,11 @@ jobs: if: "!contains(github.event.head_commit.message, '[ci skip]')" strategy: matrix: - php-versions: ['8.1'] + php-versions: ['8.2'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up PHP uses: shivammathur/setup-php@v2 @@ -45,7 +45,7 @@ jobs: run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE_FILES_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }} @@ -60,13 +60,13 @@ jobs: fi - name: Test with PHPUnit - run: vendor/bin/phpunit --verbose --coverage-text + run: vendor/bin/phpunit --coverage-text env: TERM: xterm-256color TACHYCARDIA_MONITOR_GA: enabled GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - if: matrix.php-versions == '8.1' + - if: matrix.php-versions == '8.2' name: Run Coveralls continue-on-error: true run: | diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 53c76e7f..8c9d14ee 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -20,4 +20,4 @@ on: jobs: psalm: - uses: codeigniter4/.github/.github/workflows/psalm.yml@main + uses: codeigniter4/.github/.github/workflows/psalm.yml@CI47 diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index 59518cf5..0c7b8c94 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -34,11 +34,11 @@ jobs: strategy: fail-fast: false matrix: - php-versions: ['8.1'] + php-versions: ['8.2'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up PHP uses: shivammathur/setup-php@v2 @@ -54,7 +54,7 @@ jobs: run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE_FILES_DIR }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }} diff --git a/README.md b/README.md index 6e4169b3..469dbb69 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ Some of the programming design decisions reflected: ## Server Requirements -PHP version 7.4 or higher is required, with the following extensions installed: +PHP version 8.1 or higher is required, with the following extensions installed: - [intl](https://php.net/manual/en/intl.requirements.php) - [libcurl](https://php.net/manual/en/curl.requirements.php) if you plan to use the `HTTP\CURLRequest` library diff --git a/app/Config/App.php b/app/Config/App.php index 17a7d65e..74239fb0 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -14,7 +14,7 @@ class App extends BaseConfig * URL to your CodeIgniter root. Typically, this will be your base URL, * WITH a trailing slash: * - * http://example.com/ + * E.g., http://example.com/ */ public string $baseURL = 'http://localhost:8080/'; @@ -22,10 +22,10 @@ class App extends BaseConfig * Allowed Hostnames in the Site URL other than the hostname in the baseURL. * If you want to accept multiple Hostnames, set this. * - * E.g. When your site URL ($baseURL) is 'http://example.com/', and your site - * also accepts 'http://media.example.com/' and - * 'http://accounts.example.com/': - * ['media.example.com', 'accounts.example.com'] + * E.g., + * When your site URL ($baseURL) is 'http://example.com/', and your site + * also accepts 'http://media.example.com/' and 'http://accounts.example.com/': + * ['media.example.com', 'accounts.example.com'] * * @var list */ @@ -36,9 +36,9 @@ class App extends BaseConfig * Index File * -------------------------------------------------------------------------- * - * Typically this will be your index.php file, unless you've renamed it to - * something else. If you are using mod_rewrite to remove the page set this - * variable so that it is blank. + * Typically, this will be your `index.php` file, unless you've renamed it to + * something else. If you have configured your web server to remove this file + * from your site URIs, set this variable to an empty string. */ public string $indexPage = ''; @@ -48,17 +48,41 @@ class App extends BaseConfig * -------------------------------------------------------------------------- * * This item determines which server global should be used to retrieve the - * URI string. The default setting of 'REQUEST_URI' works for most servers. + * URI string. The default setting of 'REQUEST_URI' works for most servers. * If your links do not seem to work, try one of the other delicious flavors: * - * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI'] - * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING'] - * 'PATH_INFO' Uses $_SERVER['PATH_INFO'] + * 'REQUEST_URI': Uses $_SERVER['REQUEST_URI'] + * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING'] + * 'PATH_INFO': Uses $_SERVER['PATH_INFO'] * * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! */ public string $uriProtocol = 'REQUEST_URI'; + /* + |-------------------------------------------------------------------------- + | Allowed URL Characters + |-------------------------------------------------------------------------- + | + | This lets you specify which characters are permitted within your URLs. + | When someone tries to submit a URL with disallowed characters they will + | get a warning message. + | + | As a security measure you are STRONGLY encouraged to restrict URLs to + | as few characters as possible. + | + | By default, only these are allowed: `a-z 0-9~%.:_-` + | + | Set an empty string to allow all characters -- but only if you are insane. + | + | The configured value is actually a regular expression character group + | and it will be used as: '/\A[]+\z/iu' + | + | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! + | + */ + public string $permittedURIChars = 'a-z 0-9~%.:_\-'; + /** * -------------------------------------------------------------------------- * Default Locale @@ -94,7 +118,7 @@ class App extends BaseConfig * * IncomingRequest::setLocale() also uses this list. * - * @var string[] + * @var list */ public array $supportedLocales = ['en']; @@ -106,7 +130,8 @@ class App extends BaseConfig * The default timezone that will be used in your application to display * dates with the date helper, and can be retrieved through app_timezone() * - * @see https://www.php.net/manual/en/timezones.php for list of timezones supported by PHP. + * @see https://www.php.net/manual/en/timezones.php for list of timezones + * supported by PHP. */ public string $appTimezone = 'UTC'; @@ -130,7 +155,7 @@ class App extends BaseConfig * If true, this will force every request made to this application to be * made via a secure connection (HTTPS). If the incoming request is not * secure, the user will be redirected to a secure version of the page - * and the HTTP Strict Transport Security header will be set. + * and the HTTP Strict Transport Security (HSTS) header will be set. */ public bool $forceGlobalSecureRequests = true; diff --git a/app/Config/Autoload.php b/app/Config/Autoload.php index 647b5ee9..79972a47 100644 --- a/app/Config/Autoload.php +++ b/app/Config/Autoload.php @@ -17,8 +17,6 @@ * * NOTE: This class is required prior to Autoloader instantiation, * and does not extend BaseConfig. - * - * @immutable */ class Autoload extends AutoloadConfig { @@ -30,8 +28,10 @@ class Autoload extends AutoloadConfig * their location on the file system. These are used by the autoloader * to locate files the first time they have been instantiated. * - * The '/app' and '/system' directories are already mapped for you. - * you may change the name of the 'App' namespace if you wish, + * The 'Config' (APPPATH . 'Config') and 'CodeIgniter' (SYSTEMPATH) are + * already mapped for you. + * + * You may change the name of the 'App' namespace if you wish, * but this should be done prior to creating any namespaced classes, * else you will need to modify all of those classes for this to work. * @@ -44,8 +44,7 @@ class Autoload extends AutoloadConfig * @var array|string> */ public $psr4 = [ - APP_NAMESPACE => APPPATH, // For custom app namespace - 'Config' => APPPATH . 'Config', + APP_NAMESPACE => APPPATH, ]; /** diff --git a/app/Config/Boot/development.php b/app/Config/Boot/development.php index 63fdd88b..94274168 100644 --- a/app/Config/Boot/development.php +++ b/app/Config/Boot/development.php @@ -1,4 +1,5 @@ + * + * @see https://www.php.net/manual/en/curl.constants.php#constant.curl-lock-data-connect + */ + public array $shareConnectionOptions = [ + CURL_LOCK_DATA_CONNECT, + CURL_LOCK_DATA_DNS, + ]; + /** * -------------------------------------------------------------------------- * CURLRequest Share Options diff --git a/app/Config/Cache.php b/app/Config/Cache.php index 92b7572c..5396259b 100644 --- a/app/Config/Cache.php +++ b/app/Config/Cache.php @@ -3,6 +3,7 @@ namespace Config; use CodeIgniter\Cache\CacheInterface; +use CodeIgniter\Cache\Handlers\ApcuHandler; use CodeIgniter\Cache\Handlers\DummyHandler; use CodeIgniter\Cache\Handlers\FileHandler; use CodeIgniter\Cache\Handlers\MemcachedHandler; @@ -34,37 +35,6 @@ class Cache extends BaseConfig */ public string $backupHandler = 'dummy'; - /** - * -------------------------------------------------------------------------- - * Cache Directory Path - * -------------------------------------------------------------------------- - * - * The path to where cache files should be stored, if using a file-based - * system. - * - * @deprecated Use the driver-specific variant under $file - */ - public string $storePath = WRITEPATH . 'cache/'; - - /** - * -------------------------------------------------------------------------- - * Cache Include Query String - * -------------------------------------------------------------------------- - * - * Whether to take the URL query string into consideration when generating - * output cache files. Valid options are: - * - * false = Disabled - * true = Enabled, take all query parameters into account. - * Please be aware that this may result in numerous cache - * files generated for the same page over and over again. - * array('q') = Enabled, but only take into account the specified list - * of query parameters. - * - * @var bool|string[] - */ - public $cacheQueryString = false; - /** * -------------------------------------------------------------------------- * Key Prefix @@ -104,10 +74,11 @@ class Cache extends BaseConfig * -------------------------------------------------------------------------- * File settings * -------------------------------------------------------------------------- + * * Your file storage preferences can be specified below, if you are using * the File driver. * - * @var array + * @var array{storePath?: string, mode?: int} */ public array $file = [ 'storePath' => WRITEPATH . 'cache/', @@ -118,12 +89,13 @@ class Cache extends BaseConfig * ------------------------------------------------------------------------- * Memcached settings * ------------------------------------------------------------------------- + * * Your Memcached servers can be specified below, if you are using * the Memcached drivers. * * @see https://codeigniter.com/user_guide/libraries/caching.html#memcached * - * @var array + * @var array{host?: string, port?: int, weight?: int, raw?: bool} */ public array $memcached = [ 'host' => '127.0.0.1', @@ -136,17 +108,28 @@ class Cache extends BaseConfig * ------------------------------------------------------------------------- * Redis settings * ------------------------------------------------------------------------- + * * Your Redis server can be specified below, if you are using * the Redis or Predis drivers. * - * @var array + * @var array{ + * host?: string, + * password?: string|null, + * port?: int, + * timeout?: int, + * async?: bool, + * persistent?: bool, + * database?: int + * } */ public array $redis = [ - 'host' => '127.0.0.1', - 'password' => null, - 'port' => 6379, - 'timeout' => 0, - 'database' => 0, + 'host' => '127.0.0.1', + 'password' => null, + 'port' => 6379, + 'timeout' => 0, + 'async' => false, // specific to Predis and ignored by the native Redis extension + 'persistent' => false, + 'database' => 0, ]; /** @@ -160,6 +143,7 @@ class Cache extends BaseConfig * @var array> */ public array $validHandlers = [ + 'apcu' => ApcuHandler::class, 'dummy' => DummyHandler::class, 'file' => FileHandler::class, 'memcached' => MemcachedHandler::class, @@ -167,4 +151,47 @@ class Cache extends BaseConfig 'redis' => RedisHandler::class, 'wincache' => WincacheHandler::class, ]; + + /** + * -------------------------------------------------------------------------- + * Web Page Caching: Cache Include Query String + * -------------------------------------------------------------------------- + * + * Whether to take the URL query string into consideration when generating + * output cache files. Valid options are: + * + * false = Disabled + * true = Enabled, take all query parameters into account. + * Please be aware that this may result in numerous cache + * files generated for the same page over and over again. + * ['q'] = Enabled, but only take into account the specified list + * of query parameters. + * + * @var bool|list + */ + public $cacheQueryString = false; + + /** + * -------------------------------------------------------------------------- + * Web Page Caching: Cache Status Codes + * -------------------------------------------------------------------------- + * + * HTTP status codes that are allowed to be cached. Only responses with + * these status codes will be cached by the PageCache filter. + * + * Default: [] - Cache all status codes (backward compatible) + * + * Recommended: [200] - Only cache successful responses + * + * You can also use status codes like: + * [200, 404, 410] - Cache successful responses and specific error codes + * [200, 201, 202, 203, 204] - All 2xx successful responses + * + * WARNING: Using [] may cache temporary error pages (404, 500, etc). + * Consider restricting to [200] for production applications to avoid + * caching errors that should be temporary. + * + * @var list + */ + public array $cacheStatusCodes = []; } diff --git a/app/Config/Constants.php b/app/Config/Constants.php index 197bfce9..d28eb41c 100644 --- a/app/Config/Constants.php +++ b/app/Config/Constants.php @@ -67,28 +67,13 @@ | https://tldp.org/LDP/abs/html/exitcodes.html | */ -defined('EXIT_SUCCESS') || define('EXIT_SUCCESS', 0); // no errors -defined('EXIT_ERROR') || define('EXIT_ERROR', 1); // generic error -defined('EXIT_CONFIG') || define('EXIT_CONFIG', 3); // configuration error -defined('EXIT_UNKNOWN_FILE') || define('EXIT_UNKNOWN_FILE', 4); // file not found -defined('EXIT_UNKNOWN_CLASS') || define('EXIT_UNKNOWN_CLASS', 5); // unknown class +defined('EXIT_SUCCESS') || define('EXIT_SUCCESS', 0); // no errors +defined('EXIT_ERROR') || define('EXIT_ERROR', 1); // generic error +defined('EXIT_CONFIG') || define('EXIT_CONFIG', 3); // configuration error +defined('EXIT_UNKNOWN_FILE') || define('EXIT_UNKNOWN_FILE', 4); // file not found +defined('EXIT_UNKNOWN_CLASS') || define('EXIT_UNKNOWN_CLASS', 5); // unknown class defined('EXIT_UNKNOWN_METHOD') || define('EXIT_UNKNOWN_METHOD', 6); // unknown class member -defined('EXIT_USER_INPUT') || define('EXIT_USER_INPUT', 7); // invalid user input -defined('EXIT_DATABASE') || define('EXIT_DATABASE', 8); // database error -defined('EXIT__AUTO_MIN') || define('EXIT__AUTO_MIN', 9); // lowest automatically-assigned error code -defined('EXIT__AUTO_MAX') || define('EXIT__AUTO_MAX', 125); // highest automatically-assigned error code - -/** - * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_LOW instead. - */ -define('EVENT_PRIORITY_LOW', 200); - -/** - * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_NORMAL instead. - */ -define('EVENT_PRIORITY_NORMAL', 100); - -/** - * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_HIGH instead. - */ -define('EVENT_PRIORITY_HIGH', 10); +defined('EXIT_USER_INPUT') || define('EXIT_USER_INPUT', 7); // invalid user input +defined('EXIT_DATABASE') || define('EXIT_DATABASE', 8); // database error +defined('EXIT__AUTO_MIN') || define('EXIT__AUTO_MIN', 9); // lowest automatically-assigned error code +defined('EXIT__AUTO_MAX') || define('EXIT__AUTO_MAX', 125); // highest automatically-assigned error code diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php index 18612e15..f64a9af2 100644 --- a/app/Config/ContentSecurityPolicy.php +++ b/app/Config/ContentSecurityPolicy.php @@ -30,6 +30,11 @@ class ContentSecurityPolicy extends BaseConfig */ public ?string $reportURI = null; + /** + * Specifies a reporting endpoint to which violation reports ought to be sent. + */ + public ?string $reportTo = null; + /** * Instructs user agents to rewrite URL schemes, changing * HTTP to HTTPS. This directive is for websites with @@ -38,35 +43,65 @@ class ContentSecurityPolicy extends BaseConfig public bool $upgradeInsecureRequests = false; // ------------------------------------------------------------------------- - // Sources allowed - // Note: once you set a policy to 'none', it cannot be further restricted + // CSP DIRECTIVES SETTINGS + // NOTE: once you set a policy to 'none', it cannot be further restricted // ------------------------------------------------------------------------- /** - * Will default to self if not overridden + * Will default to `'self'` if not overridden * - * @var string|string[]|null + * @var list|string|null */ public $defaultSrc; /** * Lists allowed scripts' URLs. * - * @var string|string[] + * @var list|string */ public $scriptSrc = 'self'; + /** + * Specifies valid sources for JavaScript