Version 4.0.5
Release Date: January 31, 2021
4.0.5 release of CodeIgniter4
Enhancements
New URL helper function
url_to()
which creates absolute URLs based on controllers.New Model option:
$useAutoIncrement
which when set tofalse
allows you to provide your own primary key for each record in the table. Handy when we want to implement 1:1 relation or use UUIDs for our model.New URL helper function
url_is()
which allows you to check the current URL to see if matches the given string.Services now have their config parameters strictly typehinted. This will ensure no one will pass a different config instance. If you need to pass a new config with additional properties, you need to extend that particular config.
Support for setting SameSite attribute on Session and CSRF cookies has been added. For security and compatibility with latest browser versions, the default setting is
Lax
.Guessing file extensions from mime type in
Config\Mimes::guessExtensionFromType
now only reverse searches the$mimes
array if no extension is proposed (i.e., usually not for uploaded files).The getter functions for file extensions of uploaded files now have different fallback values (
$this->getClientExtension()
forUploadedFile->getExtension()
and''
forUploadedFile->guessExtension()
). This is a security fix and makes the process less dependent on the client.The Cache
FileHandler
now allows setting the file permissions mode viaConfig\Cache
Changes
System messages defined in
system/Language/en/
are now strictly for internal framework use and are not covered by backwards compatibility (BC) promise. Users may use these messages in their applications but at their own risks.
Bugs Fixed
Fixed a bug in
Entity
class where declaring class parameters was preventing data propagation to theattributes
array.Handling for the environment variable
encryption.key
has changed. Previously, explicit function calls, likegetenv('encryption.key')
orenv('encryption.key')
where the value has the special prefixhex2bin:
returns an automatically converted binary string. This is now changed to just return the character string with the prefix. This change was due to incompatibility with handling binary strings in environment variables on Windows platforms. However, accessing$key
usingEncryption
class config remains unchanged and still returns a binary string.Config\Services
(in app/Config/Services.php) now extendsCodeIgniter\Config\BaseService
to allow proper discovery of third-party services.
Deprecations
Deprecated
BaseCommand::getPad
in favor ofBaseCommand::setPad
.Deprecated
CodeIgniter\Controller::loadHelpers
in favor ofhelper
function.Deprecated
Config\Format::getFormatter
in favor ofCodeIgniter\Format\Format::getFormatter
Deprecated
CodeIgniter\Security\Security::CSRFVerify
in favor ofCodeIgniter\Security\Security::verify
Deprecated
CodeIgniter\Security\Security::getCSRFHash
in favor ofCodeIgniter\Security\Security::getHash
Deprecated
CodeIgniter\Security\Security::getCSRTokenName
in favor ofCodeIgniter\Security\Security::getCSRTokenName
Deprecated
Config\App::$CSRFTokenName
in favor ofConfig\Security::$tokenName
Deprecated
Config\App::$CSRFHeaderName
in favor ofConfig\Security::$headerName
Deprecated
Config\App::$CSRFCookieName
in favor ofConfig\Security::$cookieName
Deprecated
Config\App::$CSRFExpire
in favor ofConfig\Security::$expire
Deprecated
Config\App::$CSRFRegenerate
in favor ofConfig\Security::$regenerate
Deprecated
Config\App::$CSRFRedirect
in favor ofConfig\Security::$redirect
Deprecated
Config\App::$CSRFSameSite
in favor ofConfig\Security::$samesite
Deprecated
migrate:create
command in favor ofmake:migration
command.Deprecated
CodeIgniter\Database\ModelFactory
in favor ofCodeIgniter\Config\Factories::models()
Deprecated
CodeIgniter\Config\Config
in favor ofCodeIgniter\Config\Factories::config()
Deprecated
CodeIgniter\HTTP\Message::getHeader
in favor ofheader()
to prepare for PSR-7Deprecated
CodeIgniter\HTTP\Message::getHeaders
in favor ofheaders()
to prepare for PSR-7Deprecated
Config\Cache::$storePath
in favor ofConfig\Cache::$file['storePath']