Version 4.2.0
Release Date: June 3, 2022
4.2.0 release of CodeIgniter4
Highlights
Update minimal PHP requirement to 7.4.
To make the default configuration more secure, auto-routing has been changed to disabled by default.
OCI8 Driver for Oracle Database (contributed by ytetsuro). See Database.
Improved Auto Routing (opt-in) (contributed by kenjis). See New Improved Auto Routing.
Query Builder Subqueries and UNION support (contributed by Andrey Pyzhikov). See Database.
New Contributors
@fdomgjoni99 made their first contribution in #5608
@beganovich made their first contribution in #5823
@michaelrk02 made their first contribution in #5878
@valmorflores made their first contribution in #6051
@lonnie-vault made their first contribution in #6060
BREAKING
Method Signature Changes
The method signature of
CodeIgniter\Database\BaseBuilder::join()
andCodeIgniter\Database\*\Builder::join()
have been changed.The method signature of
Validation::setRule()
has been changed. Thestring
typehint on the$rules
parameter was removed. Extending classes should likewise remove the parameter so as not to break LSP.The method signature of
CodeIgniter\CLI\CommandRunner::_remap()
has been changed to fix a bug.The default parameter values for
Service::reset()
andCIUnitTestCase::resetServices()
have been changed fromfalse
totrue
. This is to eliminate unexpected problems during testing, such aslang()
not getting translated messages.
Behavior Changes
- The
CodeIgniter\CodeIgniter
class has a new property$context
and it must have the correct context at runtime. So the following files have been changed: public/index.php
spark
- The
The
system/bootstrap.php
file has been modified to easily implement Preloading. Returning aCodeIgniter
instance and loading.env
file have been moved toindex.php
andspark
.The
CodeIgniter\Autoloader\Autoloader::initialize()
has changed the behavior to fix a bug. It used to use Composer classmap only when$modules->discoverInComposer
is true. Now it always uses the Composer classmap if Composer is available.The color code output by CLI::color() has been changed to fix a bug.
To prevent unexpected access from the web browser, if a controller is added to a cli route (
$routes->cli()
), all methods of that controller are no longer accessible via auto-routing.There is a possible backward compatibility break for those users extending the History Collector and they should probably update
History::setFiles()
method.The
dot_array_search()
’s unexpected behavior has been fixed. Nowdot_array_search('foo.bar.baz', ['foo' => ['bar' => 23]])
returnsnull
. The previous versions returned23
.The
CodeIgniter::storePreviousURL()
has been changed to store only the URLs whose Content-Type wastext/html
. It also affects the behavior ofprevious_url()
andredirect()->back()
.
Enhancements
New Improved Auto Routing
Added an optional new more secure auto router. These are the changes from the legacy auto-routing:
- A controller method needs HTTP verb prefix like
getIndex()
,postCreate()
. Developers always know the HTTP method, so requests by an unexpected HTTP method does not pass.
- A controller method needs HTTP verb prefix like
- The Default Controller (
Home
by default) and the Default Method (index
by default) must be omitted in the URI. It restricts one-to-one correspondence between controller methods and URIs.
E.g. by default, you can access
/
, but/home
and/home/index
will be 404.
- The Default Controller (
- It checks method parameter count.
If there are more parameters in the URI than the method parameters, it results in 404.
- It does not support
_remap()
method. It restricts one-to-one correspondence between controller methods and URIs.
- It does not support
- Can’t access controllers in Defined Routes.
It completely separates controllers accessible via Auto Routes from those accessible via Defined Routes.
See Auto Routing (Improved) for the details.
Database
- Added new OCI8 driver for database.
It can access Oracle Database and supports SQL and PL/SQL statements.
- QueryBuilder
Added Subqueries in the FROM section. See Subqueries.
Added Subqueries in the SELECT section. See Select.
The
BaseBuilder::buildSubquery()
method can take an optional third argumentstring $alias
.Union queries. See Union queries.
- Raw SQL string support
Added the class
CodeIgniter\Database\RawSql
which expresses raw SQL strings.select(), where(), like(), join() accept the
CodeIgniter\Database\RawSql
instance.DBForge::addField()
default value raw SQL string support. See Raw Sql Strings as Default Values.
SQLite3 has a new Config item
foreignKeys
that enables foreign key constraints.
Helpers and Functions
HTML helper
script_tag()
now usesnull
values to write boolean attributes in minimized form:<script src="..." defer />
. See the sample code forscript_tag()
.Added 4th parameter
$includeDir
toget_filenames()
. Seeget_filenames()
.- Exception information logged through
log_message()
has now improved. It now includes the file and line where the exception originated. It also does not truncate the message anymore. The log format has also changed. If users are depending on the log format in their apps, the new log format is “<1-based count> <cleaned filepath>(<line>): <class><function><args>”
- Exception information logged through
Commands
- Added
spark db:table
command. See Database Commands for the details. - You can now see the names of all the tables in the database you are currently connected in the terminal.
spark db:table --show
- Or you can see the field names and the records of a table.
spark db:table my_table
spark db:table my_table --limit-rows 50 --limit-field-value 20 --desc
- Or you can see metadata like the column type, max length of a table.
spark db:table my_table --metadata
- Added
The
spark routes
command now shows closure routes, auto routes, and filters. See URI Routing.
Others
Added
$this->validateData()
in Controller. See $this->validateData().- Content Security Policy (CSP) enhancements
Added the configs
$scriptNonceTag
and$styleNonceTag
inConfig\ContentSecurityPolicy
to customize the CSP placeholders ({csp-script-nonce}
and{csp-style-nonce}
)Added the config
$autoNonce
inConfig\ContentSecurityPolicy
to disable the CSP placeholder replacementAdded the functions
csp_script_nonce()
andcsp_style_nonce()
to get nonce attributesSee Content Security Policy for details.
New View Decorators allow modifying the generated HTML prior to caching.
Added Validation Strict Rules. See Traditional and Strict Rules.
Added support for webp files to app/Config/Mimes.php.
RouteCollection::addRedirect()
can now use placeholders. See Redirecting Routes for details.- Debugbar enhancements
Debug toolbar is now using
microtime()
instead oftime()
.
Added a sample file for Preloading. See preload.php.
Changes
Update minimal PHP requirement to 7.4.
To make the default configuration more secure, auto-routing has been changed to disabled by default.
Validation. Changed generation of errors when using fields with a wildcard (*). Now the error key contains the full path. See Getting All Errors.
Validation::getError()
when using a wildcard will return all found errors matching the mask as a string.The current version of Content Security Policy (CSP) outputs one nonce for script and one for style tags. The previous version outputted one nonce for each tag.
The process of sending cookies has been moved to the
Response
class. Now theSession
class doesn’t send cookies, set them to the Response.
Deprecations
CodeIgniter\Database\SQLSRV\Connection::getError()
is deprecated. UseCodeIgniter\Database\SQLSRV\Connection::error()
instead.CodeIgniter\Debug\Exceptions::cleanPath()
andCodeIgniter\Debug\Toolbar\Collectors\BaseCollector::cleanPath()
are deprecated. Use theclean_path()
function instead.CodeIgniter\Log\Logger::cleanFilenames()
andCodeIgniter\Test\TestLogger::cleanup()
are both deprecated. Use theclean_path()
function instead.CodeIgniter\Router\Router::setDefaultController()
is deprecated.The constant
SPARKED
in spark is deprecated. Use the$context
property inCodeIgniter\CodeIgniter
instead.CodeIgniter\Autoloader\Autoloader::discoverComposerNamespaces()
is deprecated, and no longer used.The constants
EVENT_PRIORITY_LOW
,EVENT_PRIORITY_NORMAL
andEVENT_PRIORITY_HIGH
are deprecated. Use the class constantsCodeIgniter\Events\Events::PRIORITY_LOW
,CodeIgniter\Events\Events::PRIORITY_NORMAL
andCodeIgniter\Events\Events::PRIORITY_HIGH
instead.
Bugs Fixed
The SQLSRV driver ignores the port value from the config.
See the repo’s CHANGELOG_4.2.md for a complete list of bugs fixed.