fix(security): add csrf filter + prevent xss attacks by escaping user input

- update CI4 to v4.1.9's stable production package - update php and js dependencies to latest
2026-04-16 04:57:46 +02:00 · 2022-03-04 14:33:48 +00:00 · 2022-03-04 14:33:48 +00:00 · cd2e1e1dc3
commit cd2e1e1dc3
parent a597cf4ecf
182 changed files with 4410 additions and 4214 deletions
--- a/app/Views/errors/cli/error_exception.php
+++ b/app/Views/errors/cli/error_exception.php
@ -6,12 +6,13 @@ use CodeIgniter\CLI\CLI;

 // The main Exception
 CLI::newLine();
-CLI::write('[' . $exception::class . ']', 'light_gray', 'red');
+CLI::write('[' . get_class($exception) . ']', 'light_gray', 'red');
 CLI::newLine();
 CLI::write($message);
 CLI::newLine();
-CLI::write('at ' . CLI::color(clean_path($exception->getFile()) . ':' . $exception->getLine(), 'green', ), );
+CLI::write('at ' . CLI::color(clean_path($exception->getFile()) . ':' . $exception->getLine(), 'green'));
 CLI::newLine();
+
 // The backtrace
 if (defined('SHOW_DEBUG_BACKTRACE') && SHOW_DEBUG_BACKTRACE) {
    $backtraces = $exception->getTrace();
@ -21,41 +22,42 @@ if (defined('SHOW_DEBUG_BACKTRACE') && SHOW_DEBUG_BACKTRACE) {
    }

    foreach ($backtraces as $i => $error) {
-        $padFile = '    ';
-        $c = str_pad($i + 1, 3, ' ', STR_PAD_LEFT);
+        $padFile = '    '; // 4 spaces
+        $padClass = '       '; // 7 spaces
+        $c = str_pad((string) ($i + 1), 3, ' ', STR_PAD_LEFT);

        if (isset($error['file'])) {
            $filepath = clean_path($error['file']) . ':' . $error['line'];

            CLI::write($c . $padFile . CLI::color($filepath, 'yellow'));
        } else {
-            CLI::write($c . $padFile . CLI::color('[internal function]', 'yellow'), );
+            CLI::write($c . $padFile . CLI::color('[internal function]', 'yellow'));
        }

        $function = '';

        if (isset($error['class'])) {
-            $type =
-                $error['type'] === '->'
-                    ? '()' . $error['type']
-                    : $error['type'];
-            $function .=
-                $padClass . $error['class'] . $type . $error['function'];
+            $type = ($error['type'] === '->') ? '()' . $error['type'] : $error['type'];
+            $function .= $padClass . $error['class'] . $type . $error['function'];
        } elseif (! isset($error['class']) && isset($error['function'])) {
            $function .= $padClass . $error['function'];
        }

-        $args = implode(
-            ', ',
-            array_map(function ($value) {
-                return match (true) {
-                    is_object($value) => 'Object(' . $value::class . ')',
-                    is_array($value) => $value !== [] ? '[...]' : '[]',
-                    $value === null => 'null',
-                    default => var_export($value, true),
-                };
-            }, array_values($error['args'] ?? [])),
-        );
+        $args = implode(', ', array_map(static function ($value) {
+            switch (true) {
+                case is_object($value):
+                    return 'Object(' . get_class($value) . ')';
+
+                case is_array($value):
+                    return count($value) ? '[...]' : '[]';
+
+                case $value === null:
+                    return 'null'; // return the lowercased version
+
+                default:
+                    return var_export($value, true);
+            }
+        }, array_values($error['args'] ?? [])));

        $function .= '(' . $args . ')';