Skip to content

Commit

Permalink
Merge pull request from GHSA-7528-7jg5-6g62
Browse files Browse the repository at this point in the history
Hotfix 4.1.8
  • Loading branch information
MGatner authored Jan 24, 2022
2 parents 99e0797 + 2dd3968 commit 70d881c
Show file tree
Hide file tree
Showing 10 changed files with 154 additions and 79 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Changelog

## [v4.1.8](https://github.com/codeigniter4/CodeIgniter4/tree/v4.1.8) (2022-01-24)

[Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.1.7...v4.1.8)

**SECURITY**

* *XSS Vulnerability* in the `API\ResponseTrait` was fixed. See the [Security advisory](https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62) for more information.

## [v4.1.7](https://github.com/codeigniter4/CodeIgniter4/tree/v4.1.7) (2022-01-09)

[Full Changelog](https://github.com/codeigniter4/CodeIgniter4/compare/v4.1.6...v4.1.7)
Expand Down
2 changes: 1 addition & 1 deletion admin/framework/composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"ext-intl": "*",
"ext-json": "*",
"ext-mbstring": "*",
"kint-php/kint": "^3.3",
"kint-php/kint": "^4.0",
"laminas/laminas-escaper": "^2.9",
"psr/log": "^1.1"
},
Expand Down
60 changes: 30 additions & 30 deletions system/API/ResponseTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,9 @@ trait ResponseTrait
*
* @param array|string|null $data
*
* @return mixed
* @return Response
*/
public function respond($data = null, ?int $status = null, string $message = '')
protected function respond($data = null, ?int $status = null, string $message = '')
{
if ($data === null && $status === null) {
$status = 404;
Expand Down Expand Up @@ -119,9 +119,9 @@ public function respond($data = null, ?int $status = null, string $message = '')
* @param int $status HTTP status code
* @param string|null $code Custom, API-specific, error code
*
* @return mixed
* @return Response
*/
public function fail($messages, int $status = 400, ?string $code = null, string $customMessage = '')
protected function fail($messages, int $status = 400, ?string $code = null, string $customMessage = '')
{
if (! is_array($messages)) {
$messages = ['error' => $messages];
Expand All @@ -145,9 +145,9 @@ public function fail($messages, int $status = 400, ?string $code = null, string
*
* @param mixed $data
*
* @return mixed
* @return Response
*/
public function respondCreated($data = null, string $message = '')
protected function respondCreated($data = null, string $message = '')
{
return $this->respond($data, $this->codes['created'], $message);
}
Expand All @@ -157,9 +157,9 @@ public function respondCreated($data = null, string $message = '')
*
* @param mixed $data
*
* @return mixed
* @return Response
*/
public function respondDeleted($data = null, string $message = '')
protected function respondDeleted($data = null, string $message = '')
{
return $this->respond($data, $this->codes['deleted'], $message);
}
Expand All @@ -169,9 +169,9 @@ public function respondDeleted($data = null, string $message = '')
*
* @param mixed $data
*
* @return mixed
* @return Response
*/
public function respondUpdated($data = null, string $message = '')
protected function respondUpdated($data = null, string $message = '')
{
return $this->respond($data, $this->codes['updated'], $message);
}
Expand All @@ -180,9 +180,9 @@ public function respondUpdated($data = null, string $message = '')
* Used after a command has been successfully executed but there is no
* meaningful reply to send back to the client.
*
* @return mixed
* @return Response
*/
public function respondNoContent(string $message = 'No Content')
protected function respondNoContent(string $message = 'No Content')
{
return $this->respond(null, $this->codes['no_content'], $message);
}
Expand All @@ -192,9 +192,9 @@ public function respondNoContent(string $message = 'No Content')
* or had bad authorization credentials. User is encouraged to try again
* with the proper information.
*
* @return mixed
* @return Response
*/
public function failUnauthorized(string $description = 'Unauthorized', ?string $code = null, string $message = '')
protected function failUnauthorized(string $description = 'Unauthorized', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['unauthorized'], $code, $message);
}
Expand All @@ -203,31 +203,31 @@ public function failUnauthorized(string $description = 'Unauthorized', ?string $
* Used when access is always denied to this resource and no amount
* of trying again will help.
*
* @return mixed
* @return Response
*/
public function failForbidden(string $description = 'Forbidden', ?string $code = null, string $message = '')
protected function failForbidden(string $description = 'Forbidden', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['forbidden'], $code, $message);
}

/**
* Used when a specified resource cannot be found.
*
* @return mixed
* @return Response
*/
public function failNotFound(string $description = 'Not Found', ?string $code = null, string $message = '')
protected function failNotFound(string $description = 'Not Found', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['resource_not_found'], $code, $message);
}

/**
* Used when the data provided by the client cannot be validated.
*
* @return mixed
* @return Response
*
* @deprecated Use failValidationErrors instead
*/
public function failValidationError(string $description = 'Bad Request', ?string $code = null, string $message = '')
protected function failValidationError(string $description = 'Bad Request', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['invalid_data'], $code, $message);
}
Expand All @@ -237,19 +237,19 @@ public function failValidationError(string $description = 'Bad Request', ?string
*
* @param string|string[] $errors
*
* @return mixed
* @return Response
*/
public function failValidationErrors($errors, ?string $code = null, string $message = '')
protected function failValidationErrors($errors, ?string $code = null, string $message = '')
{
return $this->fail($errors, $this->codes['invalid_data'], $code, $message);
}

/**
* Use when trying to create a new resource and it already exists.
*
* @return mixed
* @return Response
*/
public function failResourceExists(string $description = 'Conflict', ?string $code = null, string $message = '')
protected function failResourceExists(string $description = 'Conflict', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['resource_exists'], $code, $message);
}
Expand All @@ -259,19 +259,19 @@ public function failResourceExists(string $description = 'Conflict', ?string $co
* Not Found, because here we know the data previously existed, but is now gone,
* where Not Found means we simply cannot find any information about it.
*
* @return mixed
* @return Response
*/
public function failResourceGone(string $description = 'Gone', ?string $code = null, string $message = '')
protected function failResourceGone(string $description = 'Gone', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['resource_gone'], $code, $message);
}

/**
* Used when the user has made too many requests for the resource recently.
*
* @return mixed
* @return Response
*/
public function failTooManyRequests(string $description = 'Too Many Requests', ?string $code = null, string $message = '')
protected function failTooManyRequests(string $description = 'Too Many Requests', ?string $code = null, string $message = '')
{
return $this->fail($description, $this->codes['too_many_requests'], $code, $message);
}
Expand All @@ -285,7 +285,7 @@ public function failTooManyRequests(string $description = 'Too Many Requests', ?
*
* @return Response The value of the Response's send() method.
*/
public function failServerError(string $description = 'Internal Server Error', ?string $code = null, string $message = ''): Response
protected function failServerError(string $description = 'Internal Server Error', ?string $code = null, string $message = ''): Response
{
return $this->fail($description, $this->codes['server_error'], $code, $message);
}
Expand Down Expand Up @@ -346,7 +346,7 @@ protected function format($data = null)
*
* @return $this
*/
public function setResponseFormat(?string $format = null)
protected function setResponseFormat(?string $format = null)
{
$this->format = strtolower($format);

Expand Down
2 changes: 1 addition & 1 deletion system/CodeIgniter.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ class CodeIgniter
/**
* The current version of CodeIgniter Framework
*/
public const CI_VERSION = '4.1.7';
public const CI_VERSION = '4.1.8';

private const MIN_PHP_VERSION = '7.3';

Expand Down
Loading

0 comments on commit 70d881c

Please sign in to comment.