Merge branch 'develop' into enhance/testing

Author: jim-parry

application/Filters/Honeypot.php

@@ -1,51 +1,45 @@
-<?php namespace App\Filters;
+<?php
+
+namespace App\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
 use Config\Services;
 use CodeIgniter\Honeypot\Exceptions\HoneypotException;
+use CodeIgniter\Honeypot\Honeypot;
 
-class Honeypot implements FilterInterface 
+class Honeypot implements FilterInterface
 {
 
-    /**
-	 * Checks if Honeypot field is empty, if so
-     * then the requester is a bot,show a blank
-     * page
+	/**
+	 * Checks if Honeypot field is empty; if not
+	 * then the requester is a bot
 	 *
-	 * @param RequestInterface|\CodeIgniter\HTTP\IncomingRequest $request
+	 * @param CodeIgniter\HTTP\RequestInterface $request
 	 *
 	 * @return mixed
 	 */
+	public function before(RequestInterface $request)
+	{
+		$honeypot = new Honeypot(new \Config\Honeypot());
+		if ($honeypot->hasContent($request))
+		{
+			throw HoneypotException::isBot();
+		}
+	}
 
-    public function before (RequestInterface $request) 
-    {
-
-        // Checks honeypot field if value was entered then show blank if so.
-    
-        $honeypot = Services::honeypot(new \Config\Honeypot());
-        if($honeypot->hasContent($request))
-        {
-            throw HoneypotException::isBot();
-        }
-        
-    }
-
-    /**
-	 * Checks if Honeypot field is empty, if so
-     * then the requester is a bot,show a blank
-     * page
+	/**
+	 * Attach a honypot to the current response.
 	 *
-	 * @param RequestInterface|\CodeIgniter\HTTP\IncomingRequest $request
-	 * @param ResponseInterface|\CodeIgniter\HTTP\Response $response
+	 * @param CodeIgniter\HTTP\RequestInterface $request
+	 * @param CodeIgniter\HTTP\ResponseInterface $response
 	 * @return mixed
 	 */
+	public function after(RequestInterface $request, ResponseInterface $response)
+	{
+		$honeypot = new Honeypot(new \Config\Honeypot());
+		$honeypot->attachHoneypot($response);
+	}
 
-    public function after (RequestInterface $request, ResponseInterface $response) 
-    {
-        
-        $honeypot = Services::honeypot(new \Config\Honeypot());
-        $honeypot->attachHoneypot($response);
-    }
 }

system/API/ResponseTrait.php

@@ -346,7 +346,7 @@ protected function format($data = null)
 
 		// Determine correct response type through content negotiation
 		$config = new Format();
-		$format = $this->request->negotiate('media', $config->supportedResponseFormats, true);
+		$format = $this->request->negotiate('media', $config->supportedResponseFormats, false);
 
 		$this->response->setContentType($format);
 

system/Database/BaseResult.php

@@ -344,7 +344,7 @@ public function getCustomRowObject($n, string $className)
 
 		if ($n !== $this->currentRow && isset($this->customResultObject[$className][$n]))
 		{
-			$this->current_row = $n;
+			$this->currentRow = $n;
 		}
 
 		return $this->customResultObject[$className][$this->currentRow];

system/Database/BaseUtils.php

@@ -301,7 +301,7 @@ public function getXMLFromResult(ResultInterface $query, $params = [])
 		extract($params);
 
 		// Load the xml helper
-//		get_instance()->load->helper('xml');
+              helper('xml');
 		// Generate the result
 		$xml = '<' . $root . '>' . $newline;
 		while ($row = $query->getUnbufferedRow())

system/Database/MySQLi/Utils.php

@@ -0,0 +1,74 @@
+<?php namespace CodeIgniter\Database\MySQLi;
+
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 British Columbia Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package	CodeIgniter
+ * @author	CodeIgniter Dev Team
+ * @copyright	2014-2018 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license	https://opensource.org/licenses/MIT	MIT License
+ * @link	https://codeigniter.com
+ * @since	Version 3.0.0
+ * @filesource
+ */
+
+/**
+ * Utils for MySQLi
+ */
+class Utils extends \CodeIgniter\Database\BaseUtils
+{
+
+	/**
+	 * List databases statement
+	 *
+	 * @var	string
+	 */
+	protected $listDatabases = 'SHOW DATABASES';
+
+	/**
+	 * OPTIMIZE TABLE statement
+	 *
+	 * @var	string
+	 */
+	protected $optimizeTable = 'OPTIMIZE TABLE %s';
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Platform dependent version of the backup function.
+	 *
+	 * @param array|null $prefs
+	 *
+	 * @return mixed
+	 */
+	public function _backup(array $prefs = null)
+	{
+		throw new DatabaseException('Unsupported feature of the database platform you are using.');
+	}
+
+	//--------------------------------------------------------------------
+}

system/HTTP/Files/UploadedFile.php

@@ -373,5 +373,26 @@ public function isValid(): bool
 		return is_uploaded_file($this->path) && $this->error === UPLOAD_ERR_OK;
 	}
 
+	/**
+     * Save the uploaded file to a new location.
+     *
+     * By default.upload files are saved in writable/uploads directory. the YYYYMMDD folder
+     * and random file name will be created.
+     *
+     * @param string $folderName the folder name to writable/uploads directory.
+     * @param string $fileName   the name to rename the file to.
+     * @return string file full path
+     */
+    public function store($folderName = null, $fileName = null) : string
+    {
+        $folderName = $folderName ?? date('Ymd');
+        $fileName = $fileName ?? $this->getRandomName();
+
+        // Move the uploaded file to a new location.
+        if ($this->move(WRITEPATH . 'uploads/' . $folderName, $fileName)) {
+            return $folderName . DIRECTORY_SEPARATOR . $this->name;
+        }
+	}
+
 	//--------------------------------------------------------------------
 }

system/HTTP/RedirectResponse.php

@@ -139,30 +139,6 @@ public function withInput()
 		return $this;
 	}
 
-	/**
-	 * Makes it so that the URL used for the redirect will include
-	 * the Query variables in the current request.
-	 *
-	 * Using the $options array, can specify either only certain
-	 * keys, or all except some vars.
-	 *
-	 * NOTE: Should be called after either to() or route()
-	 *
-	 * @param array $options
-	 *
-	 * @return \CodeIgniter\HTTP\RedirectResponse
-	 */
-	public function withQuery(array $options = [])
-	{
-		$queryVars = service('request')->uri->getQuery($options);
-
-		$url = $this->getHeaderLine('Location');
-
-		$this->setHeader('Location', $url.'?'.$queryVars);
-
-		return $this;
-	}
-
 	/**
 	 * Adds a key and message to the session as Flashdata.
 	 *

system/Helpers/form_helper.php

@@ -92,7 +92,7 @@ function form_open(string $action = '', $attributes = [], array $hidden = []): s
 		{
 			foreach ($hidden as $name => $value)
 			{
-				$form .= '<input type="hidden" name="' . $name . '" value="' . $value . '" style="display: none;" />' . "\n";
+				$form .= '<input type="hidden" name="' . $name . '" value="' . esc($value,'html') . '" style="display: none;" />' . "\n";
 			}
 		}
 
@@ -171,7 +171,7 @@ function form_hidden($name, $value = '', bool $recursing = false): string
 
 		if ( ! is_array($value))
 		{
-			$form .= '<input type="hidden" name="' . $name . '" value="' . $value . "\" />\n";
+			$form .= '<input type="hidden" name="' . $name . '" value="' . esc($value,'html') . "\" />\n";
 		}
 		else
 		{

system/Helpers/url_helper.php

@@ -575,7 +575,6 @@ function prep_url($str = ''): string
 	 * human-friendly URL string with a "separator" string
 	 * as the word separator.
 	 *
-	 * @todo   Remove old 'dash' and 'underscore' usage in 3.1+.
 	 * @param  string $str       Input string
 	 * @param  string $separator Word separator (usually '-' or '_')
 	 * @param  bool   $lowercase Whether to transform the output string to lowercase

system/Helpers/xml_helper.php

@@ -0,0 +1,75 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 British Columbia Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package    CodeIgniter
+ * @author     CodeIgniter Dev Team
+ * @copyright  2014-2018 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license    https://opensource.org/licenses/MIT    MIT License
+ * @link       https://codeigniter.com
+ * @since      Version 1.0.0
+ * @filesource
+ */
+if ( ! function_exists('xml_convert'))
+{
+	/**
+	 * Convert Reserved XML characters to Entities
+	 *
+	 * @param	string
+	 * @param	bool
+	 * @return	string
+	 */
+	function xml_convert(string $str, $protect_all = FALSE): string
+	{
+		$temp = '__TEMP_AMPERSANDS__';
+
+		// Replace entities to temporary markers so that
+		// ampersands won't get messed up
+		$str = preg_replace('/&#(\d+);/', $temp.'\\1;', $str);
+
+		if ($protect_all === TRUE)
+		{
+			$str = preg_replace('/&(\w+);/', $temp.'\\1;', $str);
+		}
+
+		$str = str_replace(
+			['&', '<', '>', '"', "'", '-'],
+			['&amp;', '&lt;', '&gt;', '&quot;', '&apos;', '&#45;'],
+			$str
+		);
+
+		// Decode the temp markers back to entities
+		$str = preg_replace('/'.$temp.'(\d+);/', '&#\\1;', $str);
+
+		if ($protect_all === TRUE)
+		{
+			return preg_replace('/'.$temp.'(\w+);/', '&\\1;', $str);
+		}
+
+		return $str;
+	}
+}