Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: remove deprecated properties and methods in CodeIgniter class #8050

Merged
merged 9 commits into from
Oct 20, 2023
Merged

refactor: remove deprecated properties and methods in CodeIgniter class #8050

merged 9 commits into from
Oct 20, 2023

Conversation

kenjis
Copy link
Member

@kenjis kenjis commented Oct 17, 2023
edited
Loading

Description

  • remove deprecated properties and methods

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@kenjis kenjis added refactor Pull requests that refactor code breaking change Pull requests that may break existing functionalities 4.5 labels Oct 17, 2023
@kenjis kenjis force-pushed the refactor-CodeIgniter branch from 535a3fa to 4195322 Compare October 17, 2023 01:20
@kenjis kenjis mentioned this pull request Oct 17, 2023
Merged
5 tasks
@MGatner
Copy link
Member

MGatner commented Oct 17, 2023

Looks good, needs a few other PRs.

@kenjis kenjis force-pushed the refactor-CodeIgniter branch from 4195322 to dd952f4 Compare October 18, 2023 01:58
MGatner
MGatner approved these changes Oct 20, 2023
View reviewed changes
system/CodeIgniter.php
@@ -647,6 +617,8 @@ protected function getRequestObject()
}

$this->request = Services::request();

$this->spoofRequestMethod();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The repeat of this and the fact that spoofRequestMethod() only works on the Request object itself makes me think this should eventually be moved into IncomingRequest. This could be a constructor override or a feature of getMethod() (and maybe adding getRawMethod() or something?) or a new method like getMethodWithSpoofing(). That would also make an easy, central place to have this be configurable for security purposes: turn on/off, allow-list of methods, etc.

For this PR I think what you have is fine.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the code, it is indeed all operations to the Request object.

CodeIgniter4/system/CodeIgniter.php

Lines 1027 to 1044 in 091abaf

public function spoofRequestMethod()
{
// Only works with POSTED forms
if (strtolower($this->request->getMethod()) !== 'post') {
return;
}
$method = $this->request->getPost('_method');
if (empty($method)) {
return;
}
// Only allows PUT, PATCH, DELETE
if (in_array(strtoupper($method), ['PUT', 'PATCH', 'DELETE'], true)) {
$this->request = $this->request->setMethod($method);
}
}

@kenjis kenjis merged commit 091abaf into codeigniter4:4.5 Oct 20, 2023
53 checks passed
@kenjis kenjis deleted the refactor-CodeIgniter branch October 20, 2023 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MGatner MGatner MGatner approved these changes

Assignees
No one assigned
Labels
4.5 breaking change Pull requests that may break existing functionalities refactor Pull requests that refactor code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kenjis @MGatner