Update Composer dependencies

README.md

@@ -41,7 +41,7 @@ Some of the programming design decisions reflected:
 
 ## Server Requirements
 
-PHP version 7.4 or higher is required, with the following extensions installed:
+PHP version 8.1 or higher is required, with the following extensions installed:
 
 - [intl](https://php.net/manual/en/intl.requirements.php)
 - [libcurl](https://php.net/manual/en/curl.requirements.php) if you plan to use the `HTTP\CURLRequest` library

app/Config/App.php

@@ -14,18 +14,18 @@ class App extends BaseConfig
      * URL to your CodeIgniter root. Typically, this will be your base URL,
      * WITH a trailing slash:
      *
-     *    http://example.com/
+     * E.g., http://example.com/
      */
     public string $baseURL = 'http://localhost:8080/';
 
     /**
      * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
      * If you want to accept multiple Hostnames, set this.
      *
-     * E.g. When your site URL ($baseURL) is 'http://example.com/', and your site
-     *      also accepts 'http://media.example.com/' and
-     *      'http://accounts.example.com/':
-     *          ['media.example.com', 'accounts.example.com']
+     * E.g.,
+     * When your site URL ($baseURL) is 'http://example.com/', and your site
+     * also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
+     *     ['media.example.com', 'accounts.example.com']
      *
      * @var list<string>
      */
@@ -36,9 +36,9 @@ class App extends BaseConfig
      * Index File
      * --------------------------------------------------------------------------
      *
-     * Typically this will be your index.php file, unless you've renamed it to
-     * something else. If you are using mod_rewrite to remove the page set this
-     * variable so that it is blank.
+     * Typically, this will be your `index.php` file, unless you've renamed it to
+     * something else. If you have configured your web server to remove this file
+     * from your site URIs, set this variable to an empty string.
      */
     public string $indexPage = '';
 
@@ -48,17 +48,41 @@ class App extends BaseConfig
      * --------------------------------------------------------------------------
      *
      * This item determines which server global should be used to retrieve the
-     * URI string.  The default setting of 'REQUEST_URI' works for most servers.
+     * URI string. The default setting of 'REQUEST_URI' works for most servers.
      * If your links do not seem to work, try one of the other delicious flavors:
      *
-     * 'REQUEST_URI'    Uses $_SERVER['REQUEST_URI']
-     * 'QUERY_STRING'   Uses $_SERVER['QUERY_STRING']
-     * 'PATH_INFO'      Uses $_SERVER['PATH_INFO']
+     *  'REQUEST_URI': Uses $_SERVER['REQUEST_URI']
+     * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING']
+     *    'PATH_INFO': Uses $_SERVER['PATH_INFO']
      *
      * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
      */
     public string $uriProtocol = 'REQUEST_URI';
 
+    /*
+    |--------------------------------------------------------------------------
+    | Allowed URL Characters
+    |--------------------------------------------------------------------------
+    |
+    | This lets you specify which characters are permitted within your URLs.
+    | When someone tries to submit a URL with disallowed characters they will
+    | get a warning message.
+    |
+    | As a security measure you are STRONGLY encouraged to restrict URLs to
+    | as few characters as possible.
+    |
+    | By default, only these are allowed: `a-z 0-9~%.:_-`
+    |
+    | Set an empty string to allow all characters -- but only if you are insane.
+    |
+    | The configured value is actually a regular expression character group
+    | and it will be used as: '/\A[<permittedURIChars>]+\z/iu'
+    |
+    | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
+    |
+    */
+    public string $permittedURIChars = 'a-z 0-9~%.:_\-';
+
     /**
      * --------------------------------------------------------------------------
      * Default Locale
@@ -94,7 +118,7 @@ class App extends BaseConfig
      *
      * IncomingRequest::setLocale() also uses this list.
      *
-     * @var string[]
+     * @var list<string>
      */
     public array $supportedLocales = ['en'];
 
@@ -106,7 +130,8 @@ class App extends BaseConfig
      * The default timezone that will be used in your application to display
      * dates with the date helper, and can be retrieved through app_timezone()
      *
-     * @see https://www.php.net/manual/en/timezones.php for list of timezones supported by PHP.
+     * @see https://www.php.net/manual/en/timezones.php for list of timezones
+     *      supported by PHP.
      */
     public string $appTimezone = 'UTC';
 
@@ -130,7 +155,7 @@ class App extends BaseConfig
      * If true, this will force every request made to this application to be
      * made via a secure connection (HTTPS). If the incoming request is not
      * secure, the user will be redirected to a secure version of the page
-     * and the HTTP Strict Transport Security header will be set.
+     * and the HTTP Strict Transport Security (HSTS) header will be set.
      */
     public bool $forceGlobalSecureRequests = true;
 

app/Config/Cache.php

@@ -61,7 +61,7 @@ class Cache extends BaseConfig
      *    array('q') = Enabled, but only take into account the specified list
      *                 of query parameters.
      *
-     * @var bool|string[]
+     * @var bool|list<string>
      */
     public $cacheQueryString = false;
 

app/Config/ContentSecurityPolicy.php

@@ -45,28 +45,28 @@ class ContentSecurityPolicy extends BaseConfig
     /**
      * Will default to self if not overridden
      *
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $defaultSrc;
 
     /**
      * Lists allowed scripts' URLs.
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $scriptSrc = 'self';
 
     /**
      * Lists allowed stylesheets' URLs.
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $styleSrc = 'self';
 
     /**
      * Defines the origins from which images can be loaded.
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $imageSrc = 'self';
 
@@ -75,36 +75,36 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * Will default to self if not overridden
      *
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $baseURI;
 
     /**
      * Lists the URLs for workers and embedded frame contents
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $childSrc = 'self';
 
     /**
      * Limits the origins that you can connect to (via XHR,
      * WebSockets, and EventSource).
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $connectSrc = 'self';
 
     /**
      * Specifies the origins that can serve web fonts.
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $fontSrc;
 
     /**
      * Lists valid endpoints for submission from `<form>` tags.
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $formAction = 'self';
 
@@ -114,48 +114,48 @@ class ContentSecurityPolicy extends BaseConfig
      * and `<applet>` tags. This directive can't be used in
      * `<meta>` tags and applies only to non-HTML resources.
      *
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $frameAncestors;
 
     /**
      * The frame-src directive restricts the URLs which may
      * be loaded into nested browsing contexts.
      *
-     * @var array|string|null
+     * @var list<string>|string|null
      */
     public $frameSrc;
 
     /**
      * Restricts the origins allowed to deliver video and audio.
      *
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $mediaSrc;
 
     /**
      * Allows control over Flash and other plugins.
      *
-     * @var string|string[]
+     * @var list<string>|string
      */
     public $objectSrc = 'self';
 
     /**
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $manifestSrc;
 
     /**
      * Limits the kinds of plugins a page may invoke.
      *
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $pluginTypes;
 
     /**
      * List of actions allowed.
      *
-     * @var string|string[]|null
+     * @var list<string>|string|null
      */
     public $sandbox;
 

app/Config/Database.php

@@ -23,6 +23,8 @@ class Database extends Config
 
     /**
      * The default database connection.
+     *
+     * @var array<string, mixed>
      */
     public array $default = [
         'DSN'          => '',
@@ -48,6 +50,8 @@ class Database extends Config
     /**
      * This database connection is used when
      * running PHPUnit database tests.
+     *
+     * @var array<string, mixed>
      */
     public array $tests = [
         'DSN'         => '',

app/Config/Exceptions.php

@@ -30,6 +30,8 @@ class Exceptions extends BaseConfig
      * --------------------------------------------------------------------------
      * Any status codes here will NOT be logged if logging is turned on.
      * By default, only 404 (Page Not Found) exceptions are ignored.
+     *
+     * @var list<int>
      */
     public array $ignoreCodes = [404];
 
@@ -51,6 +53,8 @@ class Exceptions extends BaseConfig
      * Any data that you would like to hide from the debug trace.
      * In order to specify 2 levels, use "/" to separate.
      * ex. ['server', 'setup/password', 'secret_token']
+     *
+     * @var list<string>
      */
     public array $sensitiveDataInTrace = [];
 

app/Config/Filters.php

@@ -54,7 +54,9 @@ class Filters extends BaseConfig
      *
      * If you use this, you should disable auto-routing because auto-routing
      * permits any HTTP method to access a controller. Accessing the controller
-     * with a method you don’t expect could bypass the filter.
+     * with a method you don't expect could bypass the filter.
+     *
+     * @var array<string, list<string>>
      */
     public array $methods = [];
 
@@ -64,6 +66,8 @@ class Filters extends BaseConfig
      *
      * Example:
      * 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
+     *
+     * @var array<string, array<string, list<string>>>
      */
     public array $filters = [];
 }

app/Config/Format.php

@@ -22,7 +22,7 @@ class Format extends BaseConfig
      * These formats are only checked when the data passed to the respond()
      * method is an array.
      *
-     * @var string[]
+     * @var list<string>
      */
     public array $supportedResponseFormats = [
         'application/json',

app/Config/GitHub.php

@@ -16,7 +16,7 @@ class GitHub extends BaseConfig
     /**
      * Repository paths
      *
-     * @var array<string,string[]> In the format [organization, repository]
+     * @var array<string,list<string>> In the format [organization, repository]
      */
     public $repos = [
         'framework3'    => ['bcit-ci', 'CodeIgniter'],
@@ -31,7 +31,7 @@ class GitHub extends BaseConfig
     /**
      * List of repos that track releases via tags
      *
-     * @var string[]
+     * @var list<string>
      */
     public $tagged = [
         'framework3',

app/Config/Logger.php

@@ -36,7 +36,7 @@ class Logger extends BaseConfig
      * For a live site you'll usually enable Critical or higher (3) to be logged otherwise
      * your log files will fill up very fast.
      *
-     * @var array|int
+     * @var int|list<int>
      */
     public $threshold = (ENVIRONMENT === 'production') ? 4 : 9;
 
@@ -72,6 +72,8 @@ class Logger extends BaseConfig
      *
      * Handlers are executed in the order defined in this array, starting with
      * the handler on top and continuing down.
+     *
+     * @var array<class-string, array<string, int|list<string>|string>>
      */
     public array $handlers = [
         /*

app/Config/Mimes.php

@@ -22,6 +22,8 @@ class Mimes
 {
     /**
      * Map of extensions to mime types.
+     *
+     * @var array<string, list<string>|string>
      */
     public static array $mimes = [
         'hqx' => [