diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..bdcf7fe1 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,7 @@ +# Exclude some files and directories from the project's releases +/.gitignore export-ignore +/.gitattributes export-ignore +/conventions.md export-ignore +/phpunit.xml.dist export-ignore +/documentation/ export-ignore +/spark export-ignore \ No newline at end of file diff --git a/README.md b/README.md index 3dcd3b5c..372045d3 100644 --- a/README.md +++ b/README.md @@ -1,56 +1,32 @@ -# CodeIgniter 4 Framework +# Plafor -## What is CodeIgniter? +Web application to manage course plans of students in computer science CFC. -CodeIgniter is a PHP full-stack web framework that is light, fast, flexible and secure. -More information can be found at the [official site](http://codeigniter.com). +## Getting Started -This repository holds the distributable version of the framework, -including the user guide. It has been built from the -[development repository](https://github.com/codeigniter4/CodeIgniter4). +These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. -More information about the plans for version 4 can be found in [the announcement](http://forum.codeigniter.com/thread-62615.html) on the forums. +### Prerequisites -The user guide corresponding to this version of the framework can be found -[here](https://codeigniter4.github.io/userguide/). +This project is developed on a LAMP server with PHP 7.4 and MariaDB 10.4. +It is based on the CodeIgniter 4.x framework. +### Installing -## Important Change with index.php +1. Download [our latest release](https://github.com/OrifInformatique/plafor/tree/Release-4.0) +2. Unzip your download in your project's directory (in your local PHP server) +3. Rename env file to .env and adapt it for your server's parameters +4. To init the project navigate to your server address, like ``http://localhost/plafor/public`` +and add migration at the end of url + ``http://localhost/plafor/public/migration`` +## Built With -`index.php` is no longer in the root of the project! It has been moved inside the *public* folder, -for better security and separation of components. +* [CodeIgniter 4.x](https://www.codeigniter.com/) - PHP framework +* [Bootstrap](https://getbootstrap.com/) - Design library with personalized css +* [ReactJS v17.0.2](https://fr.reactjs.org/) - Design Library to add simple interactivity -This means that you should configure your web server to "point" to your project's *public* folder, and -not to the project root. A better practice would be to configure a virtual host to point there. A poor practice would be to point your web server to the project root and expect to enter *public/...*, as the rest of your logic and the -framework are exposed. +## Authors -**Please** read the user guide for a better explanation of how CI4 works! +* **Orif, domaine informatique** - *Initiating and following the project* - [GitHub account](https://github.com/OrifInformatique) -## Repository Management - -We use Github issues, in our main repository, to track **BUGS** and to track approved **DEVELOPMENT** work packages. -We use our [forum](http://forum.codeigniter.com) to provide SUPPORT and to discuss -FEATURE REQUESTS. - -This repository is a "distribution" one, built by our release preparation script. -Problems with it can be raised on our forum, or as issues in the main repository. - -## Contributing - -We welcome contributions from the community. - -Please read the [*Contributing to CodeIgniter*](https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing.md) section in the development repository. - -## Server Requirements - -PHP version 7.3 or higher is required, with the following extensions installed: - -- [intl](http://php.net/manual/en/intl.requirements.php) -- [libcurl](http://php.net/manual/en/curl.requirements.php) if you plan to use the HTTP\CURLRequest library - -Additionally, make sure that the following extensions are enabled in your PHP: - -- json (enabled by default - don't turn it off) -- [mbstring](http://php.net/manual/en/mbstring.installation.php) -- [mysqlnd](http://php.net/manual/en/mysqlnd.install.php) -- xml (enabled by default - don't turn it off) +See also the list of [contributors](https://github.com/OrifInformatique/plafor/contributors) who participated in this project. diff --git a/app/Config/App.php b/app/Config/App.php index 81a169b8..dcfc34f1 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -6,443 +6,459 @@ class App extends BaseConfig { - /** - * -------------------------------------------------------------------------- - * Base Site URL - * -------------------------------------------------------------------------- - * - * URL to your CodeIgniter root. Typically this will be your base URL, - * WITH a trailing slash: - * - * http://example.com/ - * - * If this is not set then CodeIgniter will try guess the protocol, domain - * and path to your installation. However, you should always configure this - * explicitly and never rely on auto-guessing, especially in production - * environments. - * - * @var string - */ - public $baseURL = 'http://localhost/ci_packbase_v4/public/'; - - /** - * -------------------------------------------------------------------------- - * Index File - * -------------------------------------------------------------------------- - * - * Typically this will be your index.php file, unless you've renamed it to - * something else. If you are using mod_rewrite to remove the page set this - * variable so that it is blank. - * - * @var string - */ - public $indexPage = ''; - - /** - * -------------------------------------------------------------------------- - * URI PROTOCOL - * -------------------------------------------------------------------------- - * - * This item determines which getServer global should be used to retrieve the - * URI string. The default setting of 'REQUEST_URI' works for most servers. - * If your links do not seem to work, try one of the other delicious flavors: - * - * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI'] - * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING'] - * 'PATH_INFO' Uses $_SERVER['PATH_INFO'] - * - * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! - * - * @var string - */ - public $uriProtocol = 'REQUEST_URI'; - - /** - * -------------------------------------------------------------------------- - * Default Locale - * -------------------------------------------------------------------------- - * - * The Locale roughly represents the language and location that your visitor - * is viewing the site from. It affects the language strings and other - * strings (like currency markers, numbers, etc), that your program - * should run under for this request. - * - * @var string - */ - public $defaultLocale = 'fr'; - - /** - * -------------------------------------------------------------------------- - * Negotiate Locale - * -------------------------------------------------------------------------- - * - * If true, the current Request object will automatically determine the - * language to use based on the value of the Accept-Language header. - * - * If false, no automatic detection will be performed. - * - * @var boolean - */ - public $negotiateLocale = false; - - /** - * -------------------------------------------------------------------------- - * Supported Locales - * -------------------------------------------------------------------------- - * - * If $negotiateLocale is true, this array lists the locales supported - * by the application in descending order of priority. If no match is - * found, the first locale will be used. - * - * @var string[] - */ - public $supportedLocales = ['en']; - - /** - * -------------------------------------------------------------------------- - * Application Timezone - * -------------------------------------------------------------------------- - * - * The default timezone that will be used in your application to display - * dates with the date helper, and can be retrieved through app_timezone() - * - * @var string - */ - public $appTimezone = 'Europe/Zurich'; - - /** - * -------------------------------------------------------------------------- - * Default Character Set - * -------------------------------------------------------------------------- - * - * This determines which character set is used by default in various methods - * that require a character set to be provided. - * - * @see http://php.net/htmlspecialchars for a list of supported charsets. - * - * @var string - */ - public $charset = 'UTF-8'; - - /** - * -------------------------------------------------------------------------- - * URI PROTOCOL - * -------------------------------------------------------------------------- - * - * If true, this will force every request made to this application to be - * made via a secure connection (HTTPS). If the incoming request is not - * secure, the user will be redirected to a secure version of the page - * and the HTTP Strict Transport Security header will be set. - * - * @var boolean - */ - public $forceGlobalSecureRequests = false; - - /** - * -------------------------------------------------------------------------- - * Session Driver - * -------------------------------------------------------------------------- - * - * The session storage driver to use: - * - `CodeIgniter\Session\Handlers\FileHandler` - * - `CodeIgniter\Session\Handlers\DatabaseHandler` - * - `CodeIgniter\Session\Handlers\MemcachedHandler` - * - `CodeIgniter\Session\Handlers\RedisHandler` - * - * @var string - */ - public $sessionDriver='CodeIgniter\Session\Handlers\DatabaseHandler'; - - /** - * -------------------------------------------------------------------------- - * Session Cookie Name - * -------------------------------------------------------------------------- - * - * The session cookie name, must contain only [0-9a-z_-] characters - * - * @var string - */ - public $sessionCookieName = 'ci_session'; - - /** - * -------------------------------------------------------------------------- - * Session Expiration - * -------------------------------------------------------------------------- - * - * The number of SECONDS you want the session to last. - * Setting to 0 (zero) means expire when the browser is closed. - * - * @var integer - */ - public $sessionExpiration = 7200; - - /** - * -------------------------------------------------------------------------- - * Session Save Path - * -------------------------------------------------------------------------- - * - * The location to save sessions to and is driver dependent. - * - * For the 'files' driver, it's a path to a writable directory. - * WARNING: Only absolute paths are supported! - * - * For the 'database' driver, it's a table name. - * Please read up the manual for the format with other session drivers. - * - * IMPORTANT: You are REQUIRED to set a valid save path! - * - * @var string - */ + /** + * -------------------------------------------------------------------------- + * Base Site URL + * -------------------------------------------------------------------------- + * + * URL to your CodeIgniter root. Typically this will be your base URL, + * WITH a trailing slash: + * + * http://example.com/ + * + * If this is not set then CodeIgniter will try guess the protocol, domain + * and path to your installation. However, you should always configure this + * explicitly and never rely on auto-guessing, especially in production + * environments. + * + * @var string + */ + public $baseURL = 'http://localhost/plafor/public'; + + /** + * -------------------------------------------------------------------------- + * Index File + * -------------------------------------------------------------------------- + * + * Typically this will be your index.php file, unless you've renamed it to + * something else. If you are using mod_rewrite to remove the page set this + * variable so that it is blank. + * + * @var string + */ + public $indexPage = 'index.php'; + + /** + * -------------------------------------------------------------------------- + * URI PROTOCOL + * -------------------------------------------------------------------------- + * + * This item determines which getServer global should be used to retrieve the + * URI string. The default setting of 'REQUEST_URI' works for most servers. + * If your links do not seem to work, try one of the other delicious flavors: + * + * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI'] + * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING'] + * 'PATH_INFO' Uses $_SERVER['PATH_INFO'] + * + * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! + * + * @var string + */ + public $uriProtocol = 'REQUEST_URI'; + + /** + * -------------------------------------------------------------------------- + * Default Locale + * -------------------------------------------------------------------------- + * + * The Locale roughly represents the language and location that your visitor + * is viewing the site from. It affects the language strings and other + * strings (like currency markers, numbers, etc), that your program + * should run under for this request. + * + * @var string + */ + public $defaultLocale = 'fr'; + + /** + * -------------------------------------------------------------------------- + * Negotiate Locale + * -------------------------------------------------------------------------- + * + * If true, the current Request object will automatically determine the + * language to use based on the value of the Accept-Language header. + * + * If false, no automatic detection will be performed. + * + * @var bool + */ + public $negotiateLocale = false; + + /** + * -------------------------------------------------------------------------- + * Supported Locales + * -------------------------------------------------------------------------- + * + * If $negotiateLocale is true, this array lists the locales supported + * by the application in descending order of priority. If no match is + * found, the first locale will be used. + * + * @var string[] + */ + public $supportedLocales = ['en']; + + /** + * -------------------------------------------------------------------------- + * Application Timezone + * -------------------------------------------------------------------------- + * + * The default timezone that will be used in your application to display + * dates with the date helper, and can be retrieved through app_timezone() + * + * @var string + */ + public $appTimezone = 'Europe/Zurich'; + + /** + * -------------------------------------------------------------------------- + * Default Character Set + * -------------------------------------------------------------------------- + * + * This determines which character set is used by default in various methods + * that require a character set to be provided. + * + * @see http://php.net/htmlspecialchars for a list of supported charsets. + * + * @var string + */ + public $charset = 'UTF-8'; + + /** + * -------------------------------------------------------------------------- + * URI PROTOCOL + * -------------------------------------------------------------------------- + * + * If true, this will force every request made to this application to be + * made via a secure connection (HTTPS). If the incoming request is not + * secure, the user will be redirected to a secure version of the page + * and the HTTP Strict Transport Security header will be set. + * + * @var bool + */ + public $forceGlobalSecureRequests = false; + + /** + * -------------------------------------------------------------------------- + * Session Driver + * -------------------------------------------------------------------------- + * + * The session storage driver to use: + * - `CodeIgniter\Session\Handlers\FileHandler` + * - `CodeIgniter\Session\Handlers\DatabaseHandler` + * - `CodeIgniter\Session\Handlers\MemcachedHandler` + * - `CodeIgniter\Session\Handlers\RedisHandler` + * + * @var string + */ + public $sessionDriver = 'CodeIgniter\Session\Handlers\DatabaseHandler'; + + /** + * -------------------------------------------------------------------------- + * Session Cookie Name + * -------------------------------------------------------------------------- + * + * The session cookie name, must contain only [0-9a-z_-] characters + * + * @var string + */ + public $sessionCookieName = 'ci_session'; + + /** + * -------------------------------------------------------------------------- + * Session Expiration + * -------------------------------------------------------------------------- + * + * The number of SECONDS you want the session to last. + * Setting to 0 (zero) means expire when the browser is closed. + * + * @var int + */ + public $sessionExpiration = 7200; + + /** + * -------------------------------------------------------------------------- + * Session Save Path + * -------------------------------------------------------------------------- + * + * The location to save sessions to and is driver dependent. + * + * For the 'files' driver, it's a path to a writable directory. + * WARNING: Only absolute paths are supported! + * + * For the 'database' driver, it's a table name. + * Please read up the manual for the format with other session drivers. + * + * IMPORTANT: You are REQUIRED to set a valid save path! + * + * @var string + */ public $sessionSavePath = 'ci_sessions'; - /** - * -------------------------------------------------------------------------- - * Session Match IP - * -------------------------------------------------------------------------- - * - * Whether to match the user's IP address when reading the session data. - * - * WARNING: If you're using the database driver, don't forget to update - * your session table's PRIMARY KEY when changing this setting. - * - * @var boolean - */ - public $sessionMatchIP = false; - - /** - * -------------------------------------------------------------------------- - * Session Time to Update - * -------------------------------------------------------------------------- - * - * How many seconds between CI regenerating the session ID. - * - * @var integer - */ - public $sessionTimeToUpdate = 300; - - /** - * -------------------------------------------------------------------------- - * Session Regenerate Destroy - * -------------------------------------------------------------------------- - * - * Whether to destroy session data associated with the old session ID - * when auto-regenerating the session ID. When set to FALSE, the data - * will be later deleted by the garbage collector. - * - * @var boolean - */ - public $sessionRegenerateDestroy = false; - - /** - * -------------------------------------------------------------------------- - * Cookie Prefix - * -------------------------------------------------------------------------- - * - * Set a cookie name prefix if you need to avoid collisions. - * - * @var string - */ - public $cookiePrefix = ''; - - /** - * -------------------------------------------------------------------------- - * Cookie Domain - * -------------------------------------------------------------------------- - * - * Set to `.your-domain.com` for site-wide cookies. - * - * @var string - */ - public $cookieDomain = ''; - - /** - * -------------------------------------------------------------------------- - * Cookie Path - * -------------------------------------------------------------------------- - * - * Typically will be a forward slash. - * - * @var string - */ - public $cookiePath = '/'; - - /** - * -------------------------------------------------------------------------- - * Cookie Secure - * -------------------------------------------------------------------------- - * - * Cookie will only be set if a secure HTTPS connection exists. - * - * @var boolean - */ - public $cookieSecure = false; - - /** - * -------------------------------------------------------------------------- - * Cookie HTTP Only - * -------------------------------------------------------------------------- - * - * Cookie will only be accessible via HTTP(S) (no JavaScript). - * - * @var boolean - */ - public $cookieHTTPOnly = false; - - /** - * -------------------------------------------------------------------------- - * Cookie SameSite - * -------------------------------------------------------------------------- - * - * Configure cookie SameSite setting. Allowed values are: - * - None - * - Lax - * - Strict - * - '' - * - * Defaults to `Lax` for compatibility with modern browsers. Setting `''` - * (empty string) means no SameSite attribute will be set on cookies. If - * set to `None`, `$cookieSecure` must also be set. - * - * @var string 'Lax'|'None'|'Strict' - */ - public $cookieSameSite = 'Lax'; - - /** - * -------------------------------------------------------------------------- - * Reverse Proxy IPs - * -------------------------------------------------------------------------- - * - * If your server is behind a reverse proxy, you must whitelist the proxy - * IP addresses from which CodeIgniter should trust headers such as - * HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify - * the visitor's IP address. - * - * You can use both an array or a comma-separated list of proxy addresses, - * as well as specifying whole subnets. Here are a few examples: - * - * Comma-separated: '10.0.1.200,192.168.5.0/24' - * Array: ['10.0.1.200', '192.168.5.0/24'] - * - * @var string|string[] - */ - public $proxyIPs = ''; - - /** - * -------------------------------------------------------------------------- - * CSRF Token Name - * -------------------------------------------------------------------------- - * - * The token name. - * - * @deprecated Use `Config\Security` $tokenName property instead of using this property. - * - * @var string - */ - public $CSRFTokenName = 'csrf_test_name'; - - /** - * -------------------------------------------------------------------------- - * CSRF Header Name - * -------------------------------------------------------------------------- - * - * The header name. - * - * @deprecated Use `Config\Security` $headerName property instead of using this property. - * - * @var string - */ - public $CSRFHeaderName = 'X-CSRF-TOKEN'; - - /** - * -------------------------------------------------------------------------- - * CSRF Cookie Name - * -------------------------------------------------------------------------- - * - * The cookie name. - * - * @deprecated Use `Config\Security` $cookieName property instead of using this property. - * - * @var string - */ - public $CSRFCookieName = 'csrf_cookie_name'; - - /** - * -------------------------------------------------------------------------- - * CSRF Expire - * -------------------------------------------------------------------------- - * - * The number in seconds the token should expire. - * - * @deprecated Use `Config\Security` $expire property instead of using this property. - * - * @var integer - */ - public $CSRFExpire = 7200; - - /** - * -------------------------------------------------------------------------- - * CSRF Regenerate - * -------------------------------------------------------------------------- - * - * Regenerate token on every submission? - * - * @deprecated Use `Config\Security` $regenerate property instead of using this property. - * - * @var boolean - */ - public $CSRFRegenerate = true; - - /** - * -------------------------------------------------------------------------- - * CSRF Redirect - * -------------------------------------------------------------------------- - * - * Redirect to previous page with error on failure? - * - * @deprecated Use `Config\Security` $redirect property instead of using this property. - * - * @var boolean - */ - public $CSRFRedirect = true; - - /** - * -------------------------------------------------------------------------- - * CSRF SameSite - * -------------------------------------------------------------------------- - * - * Setting for CSRF SameSite cookie token. Allowed values are: - * - None - * - Lax - * - Strict - * - '' - * - * Defaults to `Lax` as recommended in this link: - * - * @see https://portswigger.net/web-security/csrf/samesite-cookies - * - * @deprecated Use `Config\Security` $samesite property instead of using this property. - * - * @var string - */ - public $CSRFSameSite = 'Lax'; - - /** - * -------------------------------------------------------------------------- - * Content Security Policy - * -------------------------------------------------------------------------- - * - * Enables the Response's Content Secure Policy to restrict the sources that - * can be used for images, scripts, CSS files, audio, video, etc. If enabled, - * the Response object will populate default values for the policy from the - * `ContentSecurityPolicy.php` file. Controllers can always add to those - * restrictions at run time. - * - * For a better understanding of CSP, see these documents: - * - * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/ - * @see http://www.w3.org/TR/CSP/ - * - * @var boolean - */ - public $CSPEnabled = false; + /** + * -------------------------------------------------------------------------- + * Session Match IP + * -------------------------------------------------------------------------- + * + * Whether to match the user's IP address when reading the session data. + * + * WARNING: If you're using the database driver, don't forget to update + * your session table's PRIMARY KEY when changing this setting. + * + * @var bool + */ + public $sessionMatchIP = false; + + /** + * -------------------------------------------------------------------------- + * Session Time to Update + * -------------------------------------------------------------------------- + * + * How many seconds between CI regenerating the session ID. + * + * @var int + */ + public $sessionTimeToUpdate = 20; + + /** + * -------------------------------------------------------------------------- + * Session Regenerate Destroy + * -------------------------------------------------------------------------- + * + * Whether to destroy session data associated with the old session ID + * when auto-regenerating the session ID. When set to FALSE, the data + * will be later deleted by the garbage collector. + * + * @var bool + */ + public $sessionRegenerateDestroy = true; + + /** + * -------------------------------------------------------------------------- + * Cookie Prefix + * -------------------------------------------------------------------------- + * + * Set a cookie name prefix if you need to avoid collisions. + * + * @var string + * + * @deprecated use Config\Cookie::$prefix property instead. + */ + public $cookiePrefix = ''; + + /** + * -------------------------------------------------------------------------- + * Cookie Domain + * -------------------------------------------------------------------------- + * + * Set to `.your-domain.com` for site-wide cookies. + * + * @var string + * + * @deprecated use Config\Cookie::$domain property instead. + */ + public $cookieDomain = ''; + + /** + * -------------------------------------------------------------------------- + * Cookie Path + * -------------------------------------------------------------------------- + * + * Typically will be a forward slash. + * + * @var string + * + * @deprecated use Config\Cookie::$path property instead. + */ + public $cookiePath = '/'; + + /** + * -------------------------------------------------------------------------- + * Cookie Secure + * -------------------------------------------------------------------------- + * + * Cookie will only be set if a secure HTTPS connection exists. + * + * @var bool + * + * @deprecated use Config\Cookie::$secure property instead. + */ + public $cookieSecure = false; + + /** + * -------------------------------------------------------------------------- + * Cookie HttpOnly + * -------------------------------------------------------------------------- + * + * Cookie will only be accessible via HTTP(S) (no JavaScript). + * + * @var bool + * + * @deprecated use Config\Cookie::$httponly property instead. + */ + public $cookieHTTPOnly = false; + + /** + * -------------------------------------------------------------------------- + * Cookie SameSite + * -------------------------------------------------------------------------- + * + * Configure cookie SameSite setting. Allowed values are: + * - None + * - Lax + * - Strict + * - '' + * + * Alternatively, you can use the constant names: + * - `Cookie::SAMESITE_NONE` + * - `Cookie::SAMESITE_LAX` + * - `Cookie::SAMESITE_STRICT` + * + * Defaults to `Lax` for compatibility with modern browsers. Setting `''` + * (empty string) means default SameSite attribute set by browsers (`Lax`) + * will be set on cookies. If set to `None`, `$cookieSecure` must also be set. + * + * @var string + * + * @deprecated use Config\Cookie::$samesite property instead. + */ + public $cookieSameSite = 'Lax'; + + /** + * -------------------------------------------------------------------------- + * Reverse Proxy IPs + * -------------------------------------------------------------------------- + * + * If your server is behind a reverse proxy, you must whitelist the proxy + * IP addresses from which CodeIgniter should trust headers such as + * HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify + * the visitor's IP address. + * + * You can use both an array or a comma-separated list of proxy addresses, + * as well as specifying whole subnets. Here are a few examples: + * + * Comma-separated: '10.0.1.200,192.168.5.0/24' + * Array: ['10.0.1.200', '192.168.5.0/24'] + * + * @var string|string[] + */ + public $proxyIPs = ''; + + /** + * -------------------------------------------------------------------------- + * CSRF Token Name + * -------------------------------------------------------------------------- + * + * The token name. + * + * @deprecated Use `Config\Security` $tokenName property instead of using this property. + * + * @var string + */ + public $CSRFTokenName = 'csrf_test_name'; + + /** + * -------------------------------------------------------------------------- + * CSRF Header Name + * -------------------------------------------------------------------------- + * + * The header name. + * + * @deprecated Use `Config\Security` $headerName property instead of using this property. + * + * @var string + */ + public $CSRFHeaderName = 'X-CSRF-TOKEN'; + + /** + * -------------------------------------------------------------------------- + * CSRF Cookie Name + * -------------------------------------------------------------------------- + * + * The cookie name. + * + * @deprecated Use `Config\Security` $cookieName property instead of using this property. + * + * @var string + */ + public $CSRFCookieName = 'csrf_cookie_name'; + + /** + * -------------------------------------------------------------------------- + * CSRF Expire + * -------------------------------------------------------------------------- + * + * The number in seconds the token should expire. + * + * @deprecated Use `Config\Security` $expire property instead of using this property. + * + * @var int + */ + public $CSRFExpire = 7200; + + /** + * -------------------------------------------------------------------------- + * CSRF Regenerate + * -------------------------------------------------------------------------- + * + * Regenerate token on every submission? + * + * @deprecated Use `Config\Security` $regenerate property instead of using this property. + * + * @var bool + */ + public $CSRFRegenerate = true; + + /** + * -------------------------------------------------------------------------- + * CSRF Redirect + * -------------------------------------------------------------------------- + * + * Redirect to previous page with error on failure? + * + * @deprecated Use `Config\Security` $redirect property instead of using this property. + * + * @var bool + */ + public $CSRFRedirect = true; + + /** + * -------------------------------------------------------------------------- + * CSRF SameSite + * -------------------------------------------------------------------------- + * + * Setting for CSRF SameSite cookie token. Allowed values are: + * - None + * - Lax + * - Strict + * - '' + * + * Defaults to `Lax` as recommended in this link: + * + * @see https://portswigger.net/web-security/csrf/samesite-cookies + * @deprecated Use `Config\Security` $samesite property instead of using this property. + * + * @var string + */ + public $CSRFSameSite = 'Lax'; + + /** + * -------------------------------------------------------------------------- + * Content Security Policy + * -------------------------------------------------------------------------- + * + * Enables the Response's Content Secure Policy to restrict the sources that + * can be used for images, scripts, CSS files, audio, video, etc. If enabled, + * the Response object will populate default values for the policy from the + * `ContentSecurityPolicy.php` file. Controllers can always add to those + * restrictions at run time. + * + * For a better understanding of CSP, see these documents: + * + * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/ + * @see http://www.w3.org/TR/CSP/ + * + * @var bool + */ + public $CSPEnabled = false; } diff --git a/app/Config/Autoload.php b/app/Config/Autoload.php index e40dc903..3cc9fb90 100644 --- a/app/Config/Autoload.php +++ b/app/Config/Autoload.php @@ -6,7 +6,7 @@ /** * ------------------------------------------------------------------- - * AUTO-LOADER + * AUTOLOADER CONFIGURATION * ------------------------------------------------------------------- * * This file defines the namespaces and class maps so the Autoloader @@ -17,54 +17,75 @@ */ class Autoload extends AutoloadConfig { - /** - * ------------------------------------------------------------------- - * Namespaces - * ------------------------------------------------------------------- - * This maps the locations of any namespaces in your application to - * their location on the file system. These are used by the autoloader - * to locate files the first time they have been instantiated. - * - * The '/app' and '/system' directories are already mapped for you. - * you may change the name of the 'App' namespace if you wish, - * but this should be done prior to creating any namespaced classes, - * else you will need to modify all of those classes for this to work. - * - * Prototype: - * - * $psr4 = [ - * 'CodeIgniter' => SYSTEMPATH, - * 'App' => APPPATH - * ]; - * - * @var array - */ - public $psr4 = [ - APP_NAMESPACE => APPPATH, // For custom app namespace - 'Config' => APPPATH . 'Config', + /** + * ------------------------------------------------------------------- + * Namespaces + * ------------------------------------------------------------------- + * This maps the locations of any namespaces in your application to + * their location on the file system. These are used by the autoloader + * to locate files the first time they have been instantiated. + * + * The '/app' and '/system' directories are already mapped for you. + * you may change the name of the 'App' namespace if you wish, + * but this should be done prior to creating any namespaced classes, + * else you will need to modify all of those classes for this to work. + * + * Prototype: + *``` + * $psr4 = [ + * 'CodeIgniter' => SYSTEMPATH, + * 'App' => APPPATH + * ]; + *``` + * + * @var array + */ + public $psr4 = [ + APP_NAMESPACE => APPPATH, // For custom app namespace + 'Config' => APPPATH . 'Config', 'Common' => ROOTPATH.'orif/common', 'Welcome' => ROOTPATH.'orif/welcome', 'User' => ROOTPATH.'orif/user', 'Plafor' => ROOTPATH.'orif/plafor' - ]; + ]; - /** - * ------------------------------------------------------------------- - * Class Map - * ------------------------------------------------------------------- - * The class map provides a map of class names and their exact - * location on the drive. Classes loaded in this manner will have - * slightly faster performance because they will not have to be - * searched for within one or more directories as they would if they - * were being autoloaded through a namespace. - * - * Prototype: - * - * $classmap = [ - * 'MyClass' => '/path/to/class/file.php' - * ]; - * - * @var array - */ - public $classmap = []; + /** + * ------------------------------------------------------------------- + * Class Map + * ------------------------------------------------------------------- + * The class map provides a map of class names and their exact + * location on the drive. Classes loaded in this manner will have + * slightly faster performance because they will not have to be + * searched for within one or more directories as they would if they + * were being autoloaded through a namespace. + * + * Prototype: + *``` + * $classmap = [ + * 'MyClass' => '/path/to/class/file.php' + * ]; + *``` + * + * @var array + */ + public $classmap = []; + + /** + * ------------------------------------------------------------------- + * Files + * ------------------------------------------------------------------- + * The files array provides a list of paths to __non-class__ files + * that will be autoloaded. This can be useful for bootstrap operations + * or for loading functions. + * + * Prototype: + * ``` + * $files = [ + * '/path/to/my/file.php', + * ]; + * ``` + * + * @var array + */ + public $files = []; } diff --git a/app/Config/CURLRequest.php b/app/Config/CURLRequest.php new file mode 100644 index 00000000..b4c8e5c4 --- /dev/null +++ b/app/Config/CURLRequest.php @@ -0,0 +1,22 @@ + - */ - public $file = [ - 'storePath' => WRITEPATH . 'cache/', - 'mode' => 0640, - ]; + /** + * -------------------------------------------------------------------------- + * Default TTL + * -------------------------------------------------------------------------- + * + * The default number of seconds to save items when none is specified. + * + * WARNING: This is not used by framework handlers where 60 seconds is + * hard-coded, but may be useful to projects and modules. This will replace + * the hard-coded value in a future release. + * + * @var int + */ + public $ttl = 60; - /** - * ------------------------------------------------------------------------- - * Memcached settings - * ------------------------------------------------------------------------- - * Your Memcached servers can be specified below, if you are using - * the Memcached drivers. - * - * @see https://codeigniter.com/user_guide/libraries/caching.html#memcached - * - * @var array - */ - public $memcached = [ - 'host' => '127.0.0.1', - 'port' => 11211, - 'weight' => 1, - 'raw' => false, - ]; + /** + * -------------------------------------------------------------------------- + * Reserved Characters + * -------------------------------------------------------------------------- + * + * A string of reserved characters that will not be allowed in keys or tags. + * Strings that violate this restriction will cause handlers to throw. + * Default: {}()/\@: + * Note: The default set is required for PSR-6 compliance. + * + * @var string + */ + public $reservedCharacters = '{}()/\@:'; - /** - * ------------------------------------------------------------------------- - * Redis settings - * ------------------------------------------------------------------------- - * Your Redis server can be specified below, if you are using - * the Redis or Predis drivers. - * - * @var array - */ - public $redis = [ - 'host' => '127.0.0.1', - 'password' => null, - 'port' => 6379, - 'timeout' => 0, - 'database' => 0, - ]; + /** + * -------------------------------------------------------------------------- + * File settings + * -------------------------------------------------------------------------- + * Your file storage preferences can be specified below, if you are using + * the File driver. + * + * @var array + */ + public $file = [ + 'storePath' => WRITEPATH . 'cache/', + 'mode' => 0640, + ]; - /** - * -------------------------------------------------------------------------- - * Available Cache Handlers - * -------------------------------------------------------------------------- - * - * This is an array of cache engine alias' and class names. Only engines - * that are listed here are allowed to be used. - * - * @var array - */ - public $validHandlers = [ - 'dummy' => DummyHandler::class, - 'file' => FileHandler::class, - 'memcached' => MemcachedHandler::class, - 'predis' => PredisHandler::class, - 'redis' => RedisHandler::class, - 'wincache' => WincacheHandler::class, - ]; + /** + * ------------------------------------------------------------------------- + * Memcached settings + * ------------------------------------------------------------------------- + * Your Memcached servers can be specified below, if you are using + * the Memcached drivers. + * + * @see https://codeigniter.com/user_guide/libraries/caching.html#memcached + * + * @var array + */ + public $memcached = [ + 'host' => '127.0.0.1', + 'port' => 11211, + 'weight' => 1, + 'raw' => false, + ]; + + /** + * ------------------------------------------------------------------------- + * Redis settings + * ------------------------------------------------------------------------- + * Your Redis server can be specified below, if you are using + * the Redis or Predis drivers. + * + * @var array + */ + public $redis = [ + 'host' => '127.0.0.1', + 'password' => null, + 'port' => 6379, + 'timeout' => 0, + 'database' => 0, + ]; + + /** + * -------------------------------------------------------------------------- + * Available Cache Handlers + * -------------------------------------------------------------------------- + * + * This is an array of cache engine alias' and class names. Only engines + * that are listed here are allowed to be used. + * + * @var array + */ + public $validHandlers = [ + 'dummy' => DummyHandler::class, + 'file' => FileHandler::class, + 'memcached' => MemcachedHandler::class, + 'predis' => PredisHandler::class, + 'redis' => RedisHandler::class, + 'wincache' => WincacheHandler::class, + ]; } diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php index e357cba6..6fa5bd7b 100644 --- a/app/Config/ContentSecurityPolicy.php +++ b/app/Config/ContentSecurityPolicy.php @@ -15,145 +15,153 @@ */ class ContentSecurityPolicy extends BaseConfig { - //------------------------------------------------------------------------- - // Broadbrush CSP management - //------------------------------------------------------------------------- - - /** - * Default CSP report context - * - * @var boolean - */ - public $reportOnly = false; - - /** - * Specifies a URL where a browser will send reports - * when a content security policy is violated. - * - * @var string|null - */ - public $reportURI = null; - - /** - * Instructs user agents to rewrite URL schemes, changing - * HTTP to HTTPS. This directive is for websites with - * large numbers of old URLs that need to be rewritten. - * - * @var boolean - */ - public $upgradeInsecureRequests = false; - - //------------------------------------------------------------------------- - // Sources allowed - // Note: once you set a policy to 'none', it cannot be further restricted - //------------------------------------------------------------------------- - - /** - * Will default to self if not overridden - * - * @var string|string[]|null - */ - public $defaultSrc = null; - - /** - * Lists allowed scripts' URLs. - * - * @var string|string[] - */ - public $scriptSrc = 'self'; - - /** - * Lists allowed stylesheets' URLs. - * - * @var string|string[] - */ - public $styleSrc = 'self'; - - /** - * Defines the origins from which images can be loaded. - * - * @var string|string[] - */ - public $imageSrc = 'self'; - - /** - * Restricts the URLs that can appear in a page's `` element. - * - * Will default to self if not overridden - * - * @var string|string[]|null - */ - public $baseURI = null; - - /** - * Lists the URLs for workers and embedded frame contents - * - * @var string|string[] - */ - public $childSrc = 'self'; - - /** - * Limits the origins that you can connect to (via XHR, - * WebSockets, and EventSource). - * - * @var string|string[] - */ - public $connectSrc = 'self'; - - /** - * Specifies the origins that can serve web fonts. - * - * @var string|string[] - */ - public $fontSrc = null; - - /** - * Lists valid endpoints for submission from `
` tags. - * - * @var string|string[] - */ - public $formAction = 'self'; - - /** - * Specifies the sources that can embed the current page. - * This directive applies to ``, `