diff --git a/.gitignore b/.gitignore
index b76b146f..539bf182 100644
--- a/.gitignore
+++ b/.gitignore
@@ -132,7 +132,6 @@ tmp/
/results/
/phpunit*.xml
-/.phpunit.*.cache
# js package manager
yarn.lock
diff --git a/app/.htaccess b/app/.htaccess
index f24db0ac..e64d9494 100644
--- a/app/.htaccess
+++ b/app/.htaccess
@@ -1,6 +1,2 @@
-
- Require all denied
-
-
- Deny from all
-
+ Require all denied
+ Deny from all
diff --git a/app/Config/App.php b/app/Config/App.php
index a67511d5..d251a468 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -61,6 +61,30 @@ class App extends BaseConfig
*/
public string $uriProtocol = 'REQUEST_URI';
+ /*
+ *--------------------------------------------------------------------------
+ * Allowed URL Characters
+ *--------------------------------------------------------------------------
+ *
+ * This lets you specify which characters are permitted within your URLs.
+ * When someone tries to submit a URL with disallowed characters they will
+ * get a warning message.
+ *
+ * As a security measure you are STRONGLY encouraged to restrict URLs to
+ * as few characters as possible.
+ *
+ * By default, only these are allowed: `a-z 0-9~%.:_-`
+ *
+ * Set an empty string to allow all characters -- but only if you are insane.
+ *
+ * The configured value is actually a regular expression character group
+ * and it will be used as: '/\A[]+\z/iu'
+ *
+ * DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
+ *
+ */
+ public string $permittedURIChars = 'a-z 0-9~%.:_\-';
+
/**
* --------------------------------------------------------------------------
* Default Locale
diff --git a/app/Config/Autoload.php b/app/Config/Autoload.php
index 57a2938a..b2bb33f1 100644
--- a/app/Config/Autoload.php
+++ b/app/Config/Autoload.php
@@ -29,23 +29,17 @@ class Autoload extends AutoloadConfig
* their location on the file system. These are used by the autoloader
* to locate files the first time they have been instantiated.
*
- * The '/app' and '/system' directories are already mapped for you.
- * you may change the name of the 'App' namespace if you wish,
+ * The 'Config' (APPPATH . 'Config') and 'CodeIgniter' (SYSTEMPATH) are
+ * already mapped for you.
+ *
+ * You may change the name of the 'App' namespace if you wish,
* but this should be done prior to creating any namespaced classes,
* else you will need to modify all of those classes for this to work.
*
- * Prototype:
- *
- * $psr4 = [
- * 'CodeIgniter' => SYSTEMPATH,
- * 'App' => APPPATH
- * ];
- *
* @var array|string>
*/
public $psr4 = [
APP_NAMESPACE => APPPATH,
- 'Config' => APPPATH . 'Config/',
'Modules' => ROOTPATH . 'modules/',
'Modules\Admin' => ROOTPATH . 'modules/Admin/',
'Modules\Analytics' => ROOTPATH . 'modules/Analytics/',
diff --git a/app/Config/Boot/production.php b/app/Config/Boot/production.php
index 701bf31e..9d22b60a 100644
--- a/app/Config/Boot/production.php
+++ b/app/Config/Boot/production.php
@@ -11,8 +11,10 @@ declare(strict_types=1);
*
* If you set 'display_errors' to '1', CI4's detailed error report will show.
*/
+error_reporting(E_ALL & ~E_DEPRECATED);
+// If you want to suppress more types of errors.
+// error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
ini_set('display_errors', '0');
-error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
/**
* --------------------------------------------------------------------------
diff --git a/app/Config/Cache.php b/app/Config/Cache.php
index ecf562ff..20bd2f27 100644
--- a/app/Config/Cache.php
+++ b/app/Config/Cache.php
@@ -48,25 +48,6 @@ class Cache extends BaseConfig
*/
public string $storePath = WRITEPATH . 'cache/';
- /**
- * --------------------------------------------------------------------------
- * Cache Include Query String
- * --------------------------------------------------------------------------
- *
- * Whether to take the URL query string into consideration when generating
- * output cache files. Valid options are:
- *
- * false = Disabled
- * true = Enabled, take all query parameters into account.
- * Please be aware that this may result in numerous cache
- * files generated for the same page over and over again.
- * ['q'] = Enabled, but only take into account the specified list
- * of query parameters.
- *
- * @var boolean|string[]
- */
- public bool | array $cacheQueryString = false;
-
/**
* --------------------------------------------------------------------------
* Key Prefix
@@ -170,4 +151,23 @@ class Cache extends BaseConfig
'redis' => RedisHandler::class,
'wincache' => WincacheHandler::class,
];
+
+ /**
+ * --------------------------------------------------------------------------
+ * Web Page Caching: Cache Include Query String
+ * --------------------------------------------------------------------------
+ *
+ * Whether to take the URL query string into consideration when generating
+ * output cache files. Valid options are:
+ *
+ * false = Disabled
+ * true = Enabled, take all query parameters into account.
+ * Please be aware that this may result in numerous cache
+ * files generated for the same page over and over again.
+ * ['q'] = Enabled, but only take into account the specified list
+ * of query parameters.
+ *
+ * @var bool|list
+ */
+ public $cacheQueryString = false;
}
diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
index 301f7731..6c08b13c 100644
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -35,28 +35,28 @@ class ContentSecurityPolicy extends BaseConfig
/**
* Will default to self if not overridden
*
- * @var string|string[]|null
+ * @var list|string|null
*/
public string | array | null $defaultSrc = null;
/**
* Lists allowed scripts' URLs.
*
- * @var string|string[]
+ * @var list|string
*/
public string | array $scriptSrc = 'self';
/**
* Lists allowed stylesheets' URLs.
*
- * @var string|string[]
+ * @var list|string
*/
public string | array $styleSrc = 'self';
/**
* Defines the origins from which images can be loaded.
*
- * @var string|string[]
+ * @var list|string
*/
public string | array $imageSrc = 'self';
@@ -65,35 +65,35 @@ class ContentSecurityPolicy extends BaseConfig
*
* Will default to self if not overridden
*
- * @var string|string[]|null
+ * @var list|string|null
*/
public string | array | null $baseURI = null;
/**
* Lists the URLs for workers and embedded frame contents
*
- * @var string|string[]
+ * @var list|string
*/
public string | array $childSrc = 'self';
/**
* Limits the origins that you can connect to (via XHR, WebSockets, and EventSource).
*
- * @var string|string[]
+ * @var list|string
*/
public string | array $connectSrc = 'self';
/**
* Specifies the origins that can serve web fonts.
*
- * @var string|string[]
+ * @var list|string
*/
public string | array $fontSrc;
/**
* Lists valid endpoints for submission from `