diff --git a/app/.htaccess b/app/.htaccess index f24db0acc..3462048ad 100644 --- a/app/.htaccess +++ b/app/.htaccess @@ -1,6 +1,6 @@ - Require all denied + Require all denied - Deny from all + Deny from all diff --git a/app/Config/App.php b/app/Config/App.php index b062e7f63..3b849a44f 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -50,7 +50,7 @@ class App extends BaseConfig * URL to your CodeIgniter root. Typically, this will be your base URL, * WITH a trailing slash: * - * http://example.com/ + * E.g., http://example.com/ */ public string $baseURL; //Defined in the constructor @@ -58,10 +58,10 @@ class App extends BaseConfig * Allowed Hostnames in the Site URL other than the hostname in the baseURL. * If you want to accept multiple Hostnames, set this. * - * E.g. When your site URL ($baseURL) is 'http://example.com/', and your site - * also accepts 'http://media.example.com/' and - * 'http://accounts.example.com/': - * ['media.example.com', 'accounts.example.com'] + * E.g., + * When your site URL ($baseURL) is 'http://example.com/', and your site + * also accepts 'http://media.example.com/' and 'http://accounts.example.com/': + * ['media.example.com', 'accounts.example.com'] * * @var list */ @@ -72,9 +72,9 @@ class App extends BaseConfig * Index File * -------------------------------------------------------------------------- * - * Typically this will be your index.php file, unless you've renamed it to - * something else. If you are using mod_rewrite to remove the page set this - * variable so that it is blank. + * Typically, this will be your `index.php` file, unless you've renamed it to + * something else. If you have configured your web server to remove this file + * from your site URIs, set this variable to an empty string. */ public string $indexPage = ''; @@ -84,17 +84,41 @@ class App extends BaseConfig * -------------------------------------------------------------------------- * * This item determines which server global should be used to retrieve the - * URI string. The default setting of 'REQUEST_URI' works for most servers. + * URI string. The default setting of 'REQUEST_URI' works for most servers. * If your links do not seem to work, try one of the other delicious flavors: * - * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI'] - * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING'] - * 'PATH_INFO' Uses $_SERVER['PATH_INFO'] + * 'REQUEST_URI': Uses $_SERVER['REQUEST_URI'] + * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING'] + * 'PATH_INFO': Uses $_SERVER['PATH_INFO'] * * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! */ public string $uriProtocol = 'REQUEST_URI'; + /* + |-------------------------------------------------------------------------- + | Allowed URL Characters + |-------------------------------------------------------------------------- + | + | This lets you specify which characters are permitted within your URLs. + | When someone tries to submit a URL with disallowed characters they will + | get a warning message. + | + | As a security measure you are STRONGLY encouraged to restrict URLs to + | as few characters as possible. + | + | By default, only these are allowed: `a-z 0-9~%.:_-` + | + | Set an empty string to allow all characters -- but only if you are insane. + | + | The configured value is actually a regular expression character group + | and it will be used as: '/\A[]+\z/iu' + | + | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! + | + */ + public string $permittedURIChars = 'a-z 0-9~%.:_\-'; + /** * -------------------------------------------------------------------------- * Default Locale @@ -130,7 +154,7 @@ class App extends BaseConfig * * IncomingRequest::setLocale() also uses this list. * - * @var string[] + * @var list */ public array $supportedLocales = [ 'ar-EG', @@ -184,7 +208,8 @@ class App extends BaseConfig * The default timezone that will be used in your application to display * dates with the date helper, and can be retrieved through app_timezone() * - * @see https://www.php.net/manual/en/timezones.php for list of timezones supported by PHP. + * @see https://www.php.net/manual/en/timezones.php for list of timezones + * supported by PHP. */ public string $appTimezone = 'UTC'; @@ -208,7 +233,7 @@ class App extends BaseConfig * If true, this will force every request made to this application to be * made via a secure connection (HTTPS). If the incoming request is not * secure, the user will be redirected to a secure version of the page - * and the HTTP Strict Transport Security header will be set. + * and the HTTP Strict Transport Security (HSTS) header will be set. */ public bool $forceGlobalSecureRequests = false; diff --git a/app/Config/Cache.php b/app/Config/Cache.php index 751a8934c..dec950ed4 100644 --- a/app/Config/Cache.php +++ b/app/Config/Cache.php @@ -61,7 +61,7 @@ class Cache extends BaseConfig * ['q'] = Enabled, but only take into account the specified list * of query parameters. * - * @var bool|string[] + * @var bool|list */ public $cacheQueryString = false; diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php index 7799c476f..2ac41a70d 100644 --- a/app/Config/ContentSecurityPolicy.php +++ b/app/Config/ContentSecurityPolicy.php @@ -45,28 +45,28 @@ class ContentSecurityPolicy extends BaseConfig /** * Will default to self if not overridden * - * @var string|string[]|null + * @var list|string|null */ public $defaultSrc; /** * Lists allowed scripts' URLs. * - * @var string|string[] + * @var list|string */ public $scriptSrc = 'self'; /** * Lists allowed stylesheets' URLs. * - * @var string|string[] + * @var list|string */ public $styleSrc = 'self'; /** * Defines the origins from which images can be loaded. * - * @var string|string[] + * @var list|string */ public $imageSrc = 'self'; @@ -75,14 +75,14 @@ class ContentSecurityPolicy extends BaseConfig * * Will default to self if not overridden * - * @var string|string[]|null + * @var list|string|null */ public $baseURI; /** * Lists the URLs for workers and embedded frame contents * - * @var string|string[] + * @var list|string */ public $childSrc = 'self'; @@ -90,21 +90,21 @@ class ContentSecurityPolicy extends BaseConfig * Limits the origins that you can connect to (via XHR, * WebSockets, and EventSource). * - * @var string|string[] + * @var list|string */ public $connectSrc = 'self'; /** * Specifies the origins that can serve web fonts. * - * @var string|string[] + * @var list|string */ public $fontSrc; /** * Lists valid endpoints for submission from `
` tags. * - * @var string|string[] + * @var list|string */ public $formAction = 'self'; @@ -114,7 +114,7 @@ class ContentSecurityPolicy extends BaseConfig * and `` tags. This directive can't be used in * `` tags and applies only to non-HTML resources. * - * @var string|string[]|null + * @var list|string|null */ public $frameAncestors; @@ -122,40 +122,40 @@ class ContentSecurityPolicy extends BaseConfig * The frame-src directive restricts the URLs which may * be loaded into nested browsing contexts. * - * @var array|string|null + * @var list|string|null */ public $frameSrc; /** * Restricts the origins allowed to deliver video and audio. * - * @var string|string[]|null + * @var list|string|null */ public $mediaSrc; /** * Allows control over Flash and other plugins. * - * @var string|string[] + * @var list|string */ public $objectSrc = 'self'; /** - * @var string|string[]|null + * @var list|string|null */ public $manifestSrc; /** * Limits the kinds of plugins a page may invoke. * - * @var string|string[]|null + * @var list|string|null */ public $pluginTypes; /** * List of actions allowed. * - * @var string|string[]|null + * @var list|string|null */ public $sandbox; diff --git a/app/Config/Database.php b/app/Config/Database.php index 78bd6d1a6..ba3aa9a2e 100644 --- a/app/Config/Database.php +++ b/app/Config/Database.php @@ -23,30 +23,34 @@ class Database extends Config /** * The default database connection. + * + * @var array */ public array $default = [ - 'DSN' => '', - 'hostname' => 'localhost', - 'username' => 'admin', - 'password' => 'pointofsale', - 'database' => 'ospos', - 'DBDriver' => 'MySQLi', - 'DBPrefix' => 'ospos_', - 'pConnect' => false, - 'DBDebug' => (ENVIRONMENT !== 'production'), - 'charset' => 'utf8', - 'DBCollat' => 'utf8_general_ci', - 'swapPre' => '', - 'encrypt' => false, - 'compress' => false, - 'strictOn' => false, - 'failover' => [], - 'port' => 3306 - ]; + 'DSN' => '', + 'hostname' => 'localhost', + 'username' => 'admin', + 'password' => 'pointofsale', + 'database' => 'ospos', + 'DBDriver' => 'MySQLi', + 'DBPrefix' => 'ospos_', + 'pConnect' => false, + 'DBDebug' => (ENVIRONMENT !== 'production'), + 'charset' => 'utf8', + 'DBCollat' => 'utf8_general_ci', + 'swapPre' => '', + 'encrypt' => false, + 'compress' => false, + 'strictOn' => false, + 'failover' => [], + 'port' => 3306 + ]; /** * This database connection is used when * running PHPUnit database tests. + * + * @var array */ public array $tests = [ 'DSN' => '', diff --git a/app/Config/Exceptions.php b/app/Config/Exceptions.php index 2ab8eaf00..bc3c4f453 100644 --- a/app/Config/Exceptions.php +++ b/app/Config/Exceptions.php @@ -30,6 +30,8 @@ class Exceptions extends BaseConfig * -------------------------------------------------------------------------- * Any status codes here will NOT be logged if logging is turned on. * By default, only 404 (Page Not Found) exceptions are ignored. + * + * @var list */ public array $ignoreCodes = [404]; @@ -51,6 +53,8 @@ class Exceptions extends BaseConfig * Any data that you would like to hide from the debug trace. * In order to specify 2 levels, use "/" to separate. * ex. ['server', 'setup/password', 'secret_token'] + * + * @var list */ public array $sensitiveDataInTrace = []; diff --git a/app/Config/Filters.php b/app/Config/Filters.php index 88e1be93b..42f9e4228 100644 --- a/app/Config/Filters.php +++ b/app/Config/Filters.php @@ -55,6 +55,8 @@ class Filters extends BaseConfig * If you use this, you should disable auto-routing because auto-routing * permits any HTTP method to access a controller. Accessing the controller * with a method you don't expect could bypass the filter. + * + * @var array> */ public array $methods = []; @@ -64,6 +66,8 @@ class Filters extends BaseConfig * * Example: * 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']] + * + * @var array>> */ public array $filters = []; } diff --git a/app/Config/Format.php b/app/Config/Format.php index 749da3e5f..3de98d7a9 100644 --- a/app/Config/Format.php +++ b/app/Config/Format.php @@ -22,7 +22,7 @@ class Format extends BaseConfig * These formats are only checked when the data passed to the respond() * method is an array. * - * @var string[] + * @var list */ public array $supportedResponseFormats = [ 'application/json', diff --git a/app/Config/Logger.php b/app/Config/Logger.php index a34891c77..823e230ed 100644 --- a/app/Config/Logger.php +++ b/app/Config/Logger.php @@ -36,7 +36,7 @@ class Logger extends BaseConfig * For a live site you'll usually enable Critical or higher (3) to be logged otherwise * your log files will fill up very fast. * - * @var array|int + * @var int|list */ public $threshold = (ENVIRONMENT === 'production') ? 4 : 9; @@ -72,6 +72,8 @@ class Logger extends BaseConfig * * Handlers are executed in the order defined in this array, starting with * the handler on top and continuing down. + * + * @var array|string>> */ public array $handlers = [ /* diff --git a/app/Config/Mimes.php b/app/Config/Mimes.php index d02df1aba..7722444ab 100644 --- a/app/Config/Mimes.php +++ b/app/Config/Mimes.php @@ -22,6 +22,8 @@ class Mimes { /** * Map of extensions to mime types. + * + * @var array|string> */ public static array $mimes = [ 'hqx' => [ diff --git a/app/Config/Routing.php b/app/Config/Routing.php index 0a1847789..f1856bcad 100644 --- a/app/Config/Routing.php +++ b/app/Config/Routing.php @@ -24,6 +24,8 @@ class Routing extends BaseRouting * found taking precedence. * * Default: APPPATH . 'Config/Routes.php' + * + * @var list */ public array $routeFiles = [ APPPATH . 'Config/Routes.php', @@ -63,13 +65,12 @@ class Routing extends BaseRouting /** * Sets the class/method that should be called if routing doesn't - * find a match. It can be either a closure or the controller/method - * name exactly like a route is defined: Users::index + * find a match. It can be the controller/method name like: Users::index * * This setting is passed to the Router class and handled there. * * If you want to use a closure, you will have to set it in the - * class constructor or the routes file by calling: + * routes file by calling: * * $routes->set404Override(function() { * // Do something here @@ -81,17 +82,17 @@ class Routing extends BaseRouting public ?string $override404 = null; /** - * If true, the system will attempt to match the URI against + * If TRUE, the system will attempt to match the URI against * Controllers by matching each segment against folders/files * in APPPATH/Controllers, when a match wasn't found against * defined routes. * - * If false, will stop searching and do NO automatic routing. + * If FALSE, will stop searching and do NO automatic routing. */ public bool $autoRoute = true; /** - * If true, will enable the use of the 'prioritize' option + * If TRUE, will enable the use of the 'prioritize' option * when defining routes. * * Default: false @@ -107,7 +108,7 @@ class Routing extends BaseRouting * 'blog' => 'Acme\Blog\Controllers', * ] * - * @var array [ uri_segment => namespace ] + * @var array */ public array $moduleRoutes = []; } diff --git a/app/Config/Toolbar.php b/app/Config/Toolbar.php index 97fbda281..5a3e5045d 100644 --- a/app/Config/Toolbar.php +++ b/app/Config/Toolbar.php @@ -31,7 +31,7 @@ class Toolbar extends BaseConfig * List of toolbar collectors that will be called when Debug Toolbar * fires up and collects data from. * - * @var string[] + * @var list */ public array $collectors = [ Timers::class, @@ -49,7 +49,7 @@ class Toolbar extends BaseConfig * Collect Var Data * -------------------------------------------------------------------------- * - * If set to false var data from the views will not be colleted. Useful to + * If set to false var data from the views will not be collected. Useful to * avoid high memory usage when there are lots of data passed to the view. */ public bool $collectVarData = true; @@ -99,6 +99,8 @@ class Toolbar extends BaseConfig * We restrict the values to keep performance as high as possible. * * NOTE: The ROOTPATH will be prepended to all values. + * + * @var list */ public array $watchedDirectories = [ 'app', @@ -111,6 +113,8 @@ class Toolbar extends BaseConfig * * Contains an array of file extensions that will be watched for changes and * used to determine if the hot-reload feature should reload the page or not. + * + * @var list */ public array $watchedExtensions = [ 'php', 'css', 'js', 'html', 'svg', 'json', 'env', diff --git a/app/Config/Validation.php b/app/Config/Validation.php index 3432bc36c..f31ab9fe7 100644 --- a/app/Config/Validation.php +++ b/app/Config/Validation.php @@ -19,7 +19,7 @@ class Validation extends BaseConfig * Stores the classes that contain the * rules that are available. * - * @var string[] + * @var list */ public array $ruleSets = [ Rules::class, diff --git a/app/Config/View.php b/app/Config/View.php index cf00863fb..cf8dd06f1 100644 --- a/app/Config/View.php +++ b/app/Config/View.php @@ -6,8 +6,8 @@ use CodeIgniter\Config\View as BaseView; use CodeIgniter\View\ViewDecoratorInterface; /** - * @phpstan-type ParserCallable (callable(mixed): mixed) - * @phpstan-type ParserCallableString (callable(mixed): mixed)&string + * @phpstan-type parser_callable (callable(mixed): mixed) + * @phpstan-type parser_callable_string (callable(mixed): mixed)&string */ class View extends BaseView { @@ -34,8 +34,8 @@ class View extends BaseView * { title|esc(js) } * { created_on|date(Y-m-d)|esc(attr) } * - * @var array - * @phpstan-var array + * @var array + * @phpstan-var array */ public $filters = []; @@ -44,8 +44,8 @@ class View extends BaseView * by the core Parser by creating aliases that will be replaced with * any callable. Can be single or tag pair. * - * @var array|callable|string> - * @phpstan-var array|ParserCallableString|ParserCallable> + * @var array|string> + * @phpstan-var array|parser_callable_string|parser_callable> */ public $plugins = []; @@ -56,7 +56,7 @@ class View extends BaseView * * All classes must implement CodeIgniter\View\ViewDecoratorInterface * - * @var class-string[] + * @var list> */ public array $decorators = []; } diff --git a/app/Controllers/BaseController.php b/app/Controllers/BaseController.php index fb44007e5..8b435dab7 100644 --- a/app/Controllers/BaseController.php +++ b/app/Controllers/BaseController.php @@ -33,7 +33,7 @@ abstract class BaseController extends Controller * class instantiation. These helpers will be available * to all other controllers that extend BaseController. * - * @var array + * @var list */ protected $helpers = []; diff --git a/app/Views/errors/html/debug.css b/app/Views/errors/html/debug.css index e606ac3b4..6a050c8bb 100644 --- a/app/Views/errors/html/debug.css +++ b/app/Views/errors/html/debug.css @@ -19,7 +19,6 @@ body { } h1 { font-weight: lighter; - letter-spacing: 0.8rem; font-size: 3rem; color: var(--dark-text-color); margin: 0; @@ -44,7 +43,7 @@ p.lead { color: var(--dark-text-color); } .header .container { - padding: 1rem 1.75rem 1.75rem 1.75rem; + padding: 1rem; } .header h1 { font-size: 2.5rem; @@ -65,14 +64,11 @@ p.lead { display: inline; } -.footer { +.environment { background: var(--dark-bg-color); color: var(--light-text-color); -} -.footer .container { - border-top: 1px solid #e7e7e7; - margin-top: 1rem; text-align: center; + padding: 0.2rem; } .source { @@ -112,7 +108,7 @@ p.lead { } .tabs a:link, .tabs a:visited { - padding: 0rem 1rem; + padding: 0 1rem; line-height: 2.7; text-decoration: none; color: var(--dark-text-color); @@ -152,9 +148,6 @@ p.lead { border-radius: 5px; color: #31708f; } -ul, ol { - line-height: 1.8; -} table { width: 100%; diff --git a/app/Views/errors/html/error_exception.php b/app/Views/errors/html/error_exception.php index 9dd59e3c8..78f89e1f6 100644 --- a/app/Views/errors/html/error_exception.php +++ b/app/Views/errors/html/error_exception.php @@ -32,6 +32,12 @@ $errorId = uniqid('error', true);
+
+ Displayed at — + PHP: — + CodeIgniter: -- + Environment: +

getCode() ? ' #' . $exception->getCode() : '') ?>

@@ -410,18 +416,5 @@ $errorId = uniqid('error', true);

-
-
- -

- Displayed at — - PHP: — - CodeIgniter: -- - Environment: -

- -
-
- diff --git a/composer.json b/composer.json index 641094761..a965ce562 100644 --- a/composer.json +++ b/composer.json @@ -21,15 +21,23 @@ "point-of-sale", "POS" ], - "homepage": "https://github.com/opensourcepos/opensourcepos", + "homepage": "https://opensourcepos.org", + "support": { + "issues": "https://github.com/opensourcepos/opensourcepos/issues", + "forum": "https://github.com/opensourcepos/opensourcepos/discussions", + "wiki": "https://github.com/opensourcepos/opensourcepos/wiki", + "source": "https://github.com/opensourcepos/opensourcepos", + "docs": "https://github.com/opensourcepos/opensourcepos/wiki#documentation", + "matrix": "https://matrix.to/#/#opensourcepos_Lobby:gitter.im" + }, "require": { "php": "^7.4||^8.0", - "codeigniter4/framework": "4.4.5", + "codeigniter4/framework": "4.4.8", "dompdf/dompdf": "^2.0.3", - "laminas/laminas-escaper": "2.12", + "laminas/laminas-escaper": "2.13.0", "paragonie/random_compat": "^2.0.21", "picqer/php-barcode-generator": "^2.4.0", - "psr/log": "^1.1", + "psr/log": "1.1.4", "tamtamchik/namecase": "^3.0.0" }, "require-dev": { diff --git a/composer.lock b/composer.lock index 3a85296d3..dbf7d8a0b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,20 +4,20 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "aa9d3e97f50d42618e1c9e4ae34eca4b", + "content-hash": "be4c718ab388bf14dc79f8aabec4ecdd", "packages": [ { "name": "codeigniter4/framework", - "version": "v4.4.5", + "version": "v4.4.8", "source": { "type": "git", "url": "https://github.com/codeigniter4/framework.git", - "reference": "f5844cb9790d87ff6043203953821740ba3aa592" + "reference": "84ff35989270d17bcdb463626eec50b4c25b3766" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/codeigniter4/framework/zipball/f5844cb9790d87ff6043203953821740ba3aa592", - "reference": "f5844cb9790d87ff6043203953821740ba3aa592", + "url": "https://api.github.com/repos/codeigniter4/framework/zipball/84ff35989270d17bcdb463626eec50b4c25b3766", + "reference": "84ff35989270d17bcdb463626eec50b4c25b3766", "shasum": "" }, "require": { @@ -79,7 +79,7 @@ "slack": "https://codeigniterchat.slack.com", "source": "https://github.com/codeigniter4/CodeIgniter4" }, - "time": "2024-01-27T03:57:48+00:00" + "time": "2024-04-07T02:46:05+00:00" }, { "name": "dompdf/dompdf", @@ -145,33 +145,33 @@ }, { "name": "laminas/laminas-escaper", - "version": "2.12.0", + "version": "2.13.0", "source": { "type": "git", "url": "https://github.com/laminas/laminas-escaper.git", - "reference": "ee7a4c37bf3d0e8c03635d5bddb5bb3184ead490" + "reference": "af459883f4018d0f8a0c69c7a209daef3bf973ba" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-escaper/zipball/ee7a4c37bf3d0e8c03635d5bddb5bb3184ead490", - "reference": "ee7a4c37bf3d0e8c03635d5bddb5bb3184ead490", + "url": "https://api.github.com/repos/laminas/laminas-escaper/zipball/af459883f4018d0f8a0c69c7a209daef3bf973ba", + "reference": "af459883f4018d0f8a0c69c7a209daef3bf973ba", "shasum": "" }, "require": { "ext-ctype": "*", "ext-mbstring": "*", - "php": "^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0" + "php": "~8.1.0 || ~8.2.0 || ~8.3.0" }, "conflict": { "zendframework/zend-escaper": "*" }, "require-dev": { - "infection/infection": "^0.26.6", - "laminas/laminas-coding-standard": "~2.4.0", + "infection/infection": "^0.27.0", + "laminas/laminas-coding-standard": "~2.5.0", "maglnet/composer-require-checker": "^3.8.0", - "phpunit/phpunit": "^9.5.18", - "psalm/plugin-phpunit": "^0.17.0", - "vimeo/psalm": "^4.22.0" + "phpunit/phpunit": "^9.6.7", + "psalm/plugin-phpunit": "^0.18.4", + "vimeo/psalm": "^5.9" }, "type": "library", "autoload": { @@ -203,7 +203,7 @@ "type": "community_bridge" } ], - "time": "2022-10-10T10:11:09+00:00" + "time": "2023-10-10T08:35:13+00:00" }, { "name": "masterminds/html5",