Merge remote-tracking branch 'upstream/develop' into 4.3

Conflicts:
	user_guide_src/source/dbmgmt/forge.rst
	user_guide_src/source/dbmgmt/forge/013.php

Author: kenjis

admin/RELEASE.md

@@ -2,7 +2,7 @@
 
 > Documentation guide based on the releases of `4.0.5` and `4.1.0` on January 31, 2021.
 >
-> Updated for `4.2.3` on August 6, 2022.
+> Updated for `4.2.10` on November 5, 2022.
 >
 > -MGatner
 
@@ -17,7 +17,7 @@ When generating the changelog each Pull Request to be included must have one of
 PRs with breaking changes must have the following additional label:
 - **breaking change** ... PRs that may break existing functionalities
 
-To auto-generate, start drafting a new Release and use the "Auto-generate release notes" button.
+To auto-generate, start drafting a new Release and use the "Generate release notes" button.
 Copy the resulting content into **CHANGELOG.md** and adjust the format to match the existing content.
 
 ## Preparation
@@ -43,6 +43,7 @@ git clone [email protected]:codeigniter4/userguide.git
 * Set the date in **user_guide_src/source/changelogs/{version}.rst** to format `Release Date: January 31, 2021`
 * Create a new changelog for the next version at **user_guide_src/source/changelogs/{next_version}.rst** and add it to **index.rst**
 * Create **user_guide_src/source/installation/upgrade_{ver}.rst**, fill in the "All Changes" section, and add it to **upgrading.rst**
+    * git diff --name-status master -- . ':!system'
 * Commit the changes with "Prep for 4.x.x release" and push to origin
 * Create a new PR from `release-4.x.x` to `develop`:
     * Title: "Prep for 4.x.x release"
@@ -53,12 +54,16 @@ git clone [email protected]:codeigniter4/userguide.git
     * Description: blank
 * Merge the PR then create a new Release:
     * Version: "v4.x.x"
+    * Target: master
     * Title: "CodeIgniter 4.x.x"
     * Description:
 ```
 CodeIgniter 4.x.x release.
 
 See the changelog: https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md
+
+## New Contributors
+*
 ```
 * Watch for the "Deploy Distributable Repos" action to make sure **framework**, **appstarter**, and **userguide** get updated
 * Run the following commands to install and test `appstarter` and verify the new version:
@@ -70,8 +75,15 @@ composer test && composer info codeigniter4/framework
 * Verify that the user guide actions succeeded:
     * "Deploy Distributable Repos", framework repo
     * "Deploy Production", UG repo
-    * "pages-build-deployment", both repos
+    * "pages-build-deployment", UG repo
 * Fast-forward `develop` branch to catch the merge commit from `master`
+```console
+git fetch origin
+git checkout develop
+git merge origin/develop
+git merge origin/master
+git push origin HEAD
+```
 * Update the next minor upgrade branch `4.x`:
 ```console
 git fetch origin

admin/next-changelog-minor.rst

@@ -0,0 +1,74 @@
+Version {version}
+#################
+
+Release Date: Unreleased
+
+**{version} release of CodeIgniter4**
+
+.. contents::
+    :local:
+    :depth: 3
+
+Highlights
+**********
+
+- TBD
+
+BREAKING
+********
+
+Behavior Changes
+================
+
+Interface Changes
+=================
+
+Method Signature Changes
+========================
+
+Enhancements
+************
+
+Commands
+========
+
+Testing
+=======
+
+Database
+========
+
+Query Builder
+-------------
+
+Forge
+-----
+
+Others
+------
+
+Model
+=====
+
+Libraries
+=========
+
+Helpers and Functions
+=====================
+
+Others
+======
+
+Message Changes
+***************
+
+Changes
+*******
+
+Deprecations
+************
+
+Bugs Fixed
+**********
+
+See the repo's `CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_ for a complete list of bugs fixed.

admin/next-changelog-patch.rst

@@ -0,0 +1,30 @@
+Version {version}
+#################
+
+Release Date: Unreleased
+
+**{version} release of CodeIgniter4**
+
+.. contents::
+    :local:
+    :depth: 3
+
+BREAKING
+********
+
+Enhancements
+************
+
+Message Changes
+***************
+
+Changes
+*******
+
+Deprecations
+************
+
+Bugs Fixed
+**********
+
+See the repo's `CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_ for a complete list of bugs fixed.

admin/next.rst

@@ -1254,7 +1254,7 @@ protected function doProtectFields(array $data): array
      */
     protected function setDate(?int $userData = null)
     {
-        $currentDate = $userData ?? time();
+        $currentDate = $userData ?? Time::now()->getTimestamp();
 
         return $this->intToDate($currentDate);
     }

system/BaseModel.php

@@ -67,8 +67,13 @@ public function getIPAddress(): string
         $this->ipAddress = $this->getServer('REMOTE_ADDR');
 
         if ($proxyIPs) {
-            foreach (['HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP'] as $header) {
-                if (($spoof = $this->getServer($header)) !== null) {
+            foreach (['x-forwarded-for', 'client-ip', 'x-client-ip', 'x-cluster-client-ip'] as $header) {
+                $spoof     = null;
+                $headerObj = $this->header($header);
+
+                if ($headerObj !== null) {
+                    $spoof = $headerObj->getValue();
+
                     // Some proxies typically list the whole chain of IP
                     // addresses through which the client has reached us.
                     // e.g. client_ip, proxy_ip1, proxy_ip2, etc.

system/HTTP/RequestTrait.php

@@ -706,7 +706,10 @@ public function testGetIPAddressNormal()
     {
         $expected               = '123.123.123.123';
         $_SERVER['REMOTE_ADDR'] = $expected;
-        $this->request          = new Request(new App());
+
+        $this->request = new Request(new App());
+        $this->request->populateHeaders();
+
         $this->assertSame($expected, $this->request->getIPAddress());
         // call a second time to exercise the initial conditional block in getIPAddress()
         $this->assertSame($expected, $this->request->getIPAddress());
@@ -715,66 +718,75 @@ public function testGetIPAddressNormal()
     public function testGetIPAddressThruProxy()
     {
         $expected                        = '123.123.123.123';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
         $_SERVER['REMOTE_ADDR']          = '10.0.1.200';
         $config                          = new App();
         $config->proxyIPs                = '10.0.1.200,192.168.5.0/24';
-        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
-        $this->request                   = new Request($config);
+
+        $this->request = new Request($config);
+        $this->request->populateHeaders();
 
         // we should see the original forwarded address
         $this->assertSame($expected, $this->request->getIPAddress());
     }
 
     public function testGetIPAddressThruProxyInvalid()
     {
-        $expected                        = '123.456.23.123';
-        $_SERVER['REMOTE_ADDR']          = '10.0.1.200';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '123.456.23.123';
+        $expected                        = '10.0.1.200';
+        $_SERVER['REMOTE_ADDR']          = $expected;
         $config                          = new App();
         $config->proxyIPs                = '10.0.1.200,192.168.5.0/24';
-        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
-        $this->request                   = new Request($config);
+
+        $this->request = new Request($config);
+        $this->request->populateHeaders();
 
         // spoofed address invalid
-        $this->assertSame('10.0.1.200', $this->request->getIPAddress());
+        $this->assertSame($expected, $this->request->getIPAddress());
     }
 
     public function testGetIPAddressThruProxyNotWhitelisted()
     {
-        $expected                        = '123.456.23.123';
-        $_SERVER['REMOTE_ADDR']          = '10.10.1.200';
+        $expected                        = '10.10.1.200';
+        $_SERVER['REMOTE_ADDR']          = $expected;
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '123.456.23.123';
         $config                          = new App();
         $config->proxyIPs                = '10.0.1.200,192.168.5.0/24';
-        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
-        $this->request                   = new Request($config);
+
+        $this->request = new Request($config);
+        $this->request->populateHeaders();
 
         // spoofed address invalid
-        $this->assertSame('10.10.1.200', $this->request->getIPAddress());
+        $this->assertSame($expected, $this->request->getIPAddress());
     }
 
     public function testGetIPAddressThruProxySubnet()
     {
         $expected                        = '123.123.123.123';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
         $_SERVER['REMOTE_ADDR']          = '192.168.5.21';
         $config                          = new App();
         $config->proxyIPs                = ['192.168.5.0/24'];
-        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
-        $this->request                   = new Request($config);
+
+        $this->request = new Request($config);
+        $this->request->populateHeaders();
 
         // we should see the original forwarded address
         $this->assertSame($expected, $this->request->getIPAddress());
     }
 
     public function testGetIPAddressThruProxyOutofSubnet()
     {
-        $expected                        = '123.123.123.123';
-        $_SERVER['REMOTE_ADDR']          = '192.168.5.21';
+        $expected                        = '192.168.5.21';
+        $_SERVER['REMOTE_ADDR']          = $expected;
         $config                          = new App();
         $config->proxyIPs                = ['192.168.5.0/28'];
-        $_SERVER['HTTP_X_FORWARDED_FOR'] = $expected;
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '123.123.123.123';
         $this->request                   = new Request($config);
+        $this->request->populateHeaders();
 
         // we should see the original forwarded address
-        $this->assertSame('192.168.5.21', $this->request->getIPAddress());
+        $this->assertSame($expected, $this->request->getIPAddress());
     }
 
     // @TODO getIPAddress should have more testing, to 100% code coverage

tests/system/HTTP/IncomingRequestTest.php

@@ -30,12 +30,6 @@ protected function setUp(): void
         $this->message = new Message();
     }
 
-    protected function tearDown(): void
-    {
-        $this->message = null;
-        unset($this->message);
-    }
-
     // We can only test the headers retrieved from $_SERVER
     // This test might fail under apache.
     public function testHeadersRetrievesHeaders()
@@ -246,23 +240,24 @@ public function testSetHeaderWithExistingArrayValuesAppendNullValue()
 
     public function testPopulateHeadersWithoutContentType()
     {
-        // fail path, if the CONTENT_TYPE doesn't exist
         $original    = $_SERVER;
-        $_SERVER     = ['HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.50'];
         $originalEnv = getenv('CONTENT_TYPE');
+
+        // fail path, if the CONTENT_TYPE doesn't exist
+        $_SERVER = ['HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.50'];
         putenv('CONTENT_TYPE');
 
         $this->message->populateHeaders();
 
         $this->assertNull($this->message->header('content-type'));
+
         putenv("CONTENT_TYPE={$originalEnv}");
-        $this->message->removeHeader('accept-language');
         $_SERVER = $original; // restore so code coverage doesn't break
     }
 
     public function testPopulateHeadersWithoutHTTP()
     {
-        // fail path, if arguement does't have the HTTP_*
+        // fail path, if argument doesn't have the HTTP_*
         $original = $_SERVER;
         $_SERVER  = [
             'USER_AGENT'     => 'Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405',
@@ -273,6 +268,7 @@ public function testPopulateHeadersWithoutHTTP()
 
         $this->assertNull($this->message->header('user-agent'));
         $this->assertNull($this->message->header('request-method'));
+
         $_SERVER = $original; // restore so code coverage doesn't break
     }
 
@@ -288,7 +284,7 @@ public function testPopulateHeadersKeyNotExists()
         $this->message->populateHeaders();
 
         $this->assertSame('', $this->message->header('accept-charset')->getValue());
-        $this->message->removeHeader('accept-charset');
+
         $_SERVER = $original; // restore so code coverage doesn't break
     }
 
@@ -305,8 +301,7 @@ public function testPopulateHeaders()
 
         $this->assertSame('text/html; charset=utf-8', $this->message->header('content-type')->getValue());
         $this->assertSame('en-us,en;q=0.50', $this->message->header('accept-language')->getValue());
-        $this->message->removeHeader('content-type');
-        $this->message->removeHeader('accept-language');
+
         $_SERVER = $original; // restore so code coverage doesn't break
     }
 }