From 0d23de43401f0ca86697ec8ff4210ba823fd00a0 Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Thu, 16 May 2019 15:25:18 -0400
Subject: [PATCH 1/5] Use request->method for HTTP verb

---
 system/Router/RouteCollection.php | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/system/Router/RouteCollection.php b/system/Router/RouteCollection.php
index 34ea10d4da60..c1a933e3037f 100644
--- a/system/Router/RouteCollection.php
+++ b/system/Router/RouteCollection.php
@@ -39,6 +39,7 @@
 
 namespace CodeIgniter\Router;
 
+use Config\Services;
 use CodeIgniter\Autoloader\FileLocator;
 use CodeIgniter\Router\Exceptions\RouterException;
 
@@ -234,7 +235,7 @@ class RouteCollection implements RouteCollectionInterface
 	public function __construct(FileLocator $locator, $moduleConfig)
 	{
 		// Get HTTP verb
-		$this->HTTPVerb = strtolower($_SERVER['REQUEST_METHOD'] ?? 'cli');
+		$this->HTTPVerb = is_cli() ? 'cli' : Services::request()->getMethod();
 
 		$this->fileLocator = $locator;
 
@@ -1115,12 +1116,6 @@ public function reverseRoute(string $search, ...$params)
 			{
 				$from = key($route['route']);
 				$to   = $route['route'][$from];
-				
-				// ignore closures
-				if (! is_string($to))
-				{
-					continue;
-				}
 
 				// Lose any namespace slash at beginning of strings
 				// to ensure more consistent match.

From 12c32bab8611105040b5a109b68fc0aeae4e6704 Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Fri, 17 May 2019 11:43:28 -0400
Subject: [PATCH 2/5] Remove CLI redundancy; restore Closure check

---
 system/Router/RouteCollection.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/system/Router/RouteCollection.php b/system/Router/RouteCollection.php
index c1a933e3037f..6654077f3858 100644
--- a/system/Router/RouteCollection.php
+++ b/system/Router/RouteCollection.php
@@ -234,8 +234,8 @@ class RouteCollection implements RouteCollectionInterface
 	 */
 	public function __construct(FileLocator $locator, $moduleConfig)
 	{
-		// Get HTTP verb
-		$this->HTTPVerb = is_cli() ? 'cli' : Services::request()->getMethod();
+		// Get HTTP verb from current request (accounts for spoofing)
+		$this->HTTPVerb = Services::request()->getMethod();
 
 		$this->fileLocator = $locator;
 
@@ -1116,6 +1116,12 @@ public function reverseRoute(string $search, ...$params)
 			{
 				$from = key($route['route']);
 				$to   = $route['route'][$from];
+					
+				// ignore closures
+				if (! is_string($to))
+				{
+					continue;
+				}
 
 				// Lose any namespace slash at beginning of strings
 				// to ensure more consistent match.

From d5c90a1204344efd5cfbcb89f66cbfee12e93920 Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Fri, 17 May 2019 11:47:33 -0400
Subject: [PATCH 3/5] Set request method on CLI

---
 system/CodeIgniter.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/CodeIgniter.php b/system/CodeIgniter.php
index e518db4409e1..ca41cb228e3f 100644
--- a/system/CodeIgniter.php
+++ b/system/CodeIgniter.php
@@ -986,12 +986,13 @@ public function storePreviousURL($uri)
 	 * Modifies the Request Object to use a different method if a POST
 	 * variable called _method is found.
 	 *
-	 * Does not work on CLI commands.
 	 */
 	public function spoofRequestMethod()
 	{
+		// CLI commands always use 'cli' method
 		if (is_cli())
 		{
+			$this->request->setMethod('cli');
 			return;
 		}
 

From 62acd0729a01faed7d1a2b6c791a8aeebe5cf9b0 Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Fri, 17 May 2019 11:53:55 -0400
Subject: [PATCH 4/5] Use `$request->setMethod` instead of `$_SERVER`

---
 tests/system/Router/RouteCollectionTest.php | 92 ++++++++++-----------
 1 file changed, 46 insertions(+), 46 deletions(-)

diff --git a/tests/system/Router/RouteCollectionTest.php b/tests/system/Router/RouteCollectionTest.php
index f8ea52988ef2..ae3403b9abf3 100644
--- a/tests/system/Router/RouteCollectionTest.php
+++ b/tests/system/Router/RouteCollectionTest.php
@@ -90,7 +90,7 @@ public function testAddIgnoresDefaultNamespaceWhenExists()
 
 	public function testAddWorksWithCurrentHTTPMethods()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 
 		$routes = $this->getCollector();
 
@@ -126,7 +126,7 @@ public function testAddWithLeadingSlash()
 
 	public function testMatchIgnoresInvalidHTTPMethods()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 
 		$routes = $this->getCollector();
 
@@ -141,7 +141,7 @@ public function testMatchIgnoresInvalidHTTPMethods()
 
 	public function testAddWorksWithArrayOFHTTPMethods()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'POST';
+		Services::request()->setMethod('post');
 
 		$routes = $this->getCollector();
 
@@ -328,7 +328,7 @@ public function testHostnameOption()
 
 	public function testResourcesScaffoldsCorrectly()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos');
@@ -342,7 +342,7 @@ public function testResourcesScaffoldsCorrectly()
 
 		$this->assertEquals($expected, $routes->getRoutes());
 
-		$_SERVER['REQUEST_METHOD'] = 'POST';
+		Services::request()->setMethod('post');
 		$routes                    = $this->getCollector();
 		$routes->resource('photos');
 
@@ -352,7 +352,7 @@ public function testResourcesScaffoldsCorrectly()
 
 		$this->assertEquals($expected, $routes->getRoutes());
 
-		$_SERVER['REQUEST_METHOD'] = 'PUT';
+		Services::request()->setMethod('put');
 		$routes                    = $this->getCollector();
 		$routes->resource('photos');
 
@@ -362,7 +362,7 @@ public function testResourcesScaffoldsCorrectly()
 
 		$this->assertEquals($expected, $routes->getRoutes());
 
-		$_SERVER['REQUEST_METHOD'] = 'PATCH';
+		Services::request()->setMethod('patch');
 		$routes                    = $this->getCollector();
 		$routes->resource('photos');
 
@@ -372,7 +372,7 @@ public function testResourcesScaffoldsCorrectly()
 
 		$this->assertEquals($expected, $routes->getRoutes());
 
-		$_SERVER['REQUEST_METHOD'] = 'DELETE';
+		Services::request()->setMethod('delete');
 		$routes                    = $this->getCollector();
 		$routes->resource('photos');
 
@@ -387,7 +387,7 @@ public function testResourcesScaffoldsCorrectly()
 
 	public function testResourcesWithCustomController()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos', ['controller' => '<script>gallery']);
@@ -406,7 +406,7 @@ public function testResourcesWithCustomController()
 
 	public function testResourcesWithCustomPlaceholder()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos', ['placeholder' => ':num']);
@@ -423,7 +423,7 @@ public function testResourcesWithCustomPlaceholder()
 
 	public function testResourcesWithDefaultPlaceholder()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->setDefaultConstraint('num');
@@ -441,7 +441,7 @@ public function testResourcesWithDefaultPlaceholder()
 
 	public function testResourcesWithBogusDefaultPlaceholder()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->setDefaultConstraint(':num');
@@ -461,7 +461,7 @@ public function testResourcesWithBogusDefaultPlaceholder()
 
 	public function testResourcesWithOnly()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos', ['only' => 'index']);
@@ -477,7 +477,7 @@ public function testResourcesWithOnly()
 
 	public function testResourcesWithExcept()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos', ['except' => 'edit,new']);
@@ -494,7 +494,7 @@ public function testResourcesWithExcept()
 
 	public function testResourcesWithWebsafe()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'POST';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos', ['websafe' => true]);
@@ -512,7 +512,7 @@ public function testResourcesWithWebsafe()
 
 	public function testMatchSupportsMultipleMethods()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -520,7 +520,7 @@ public function testMatchSupportsMultipleMethods()
 		$routes->match(['get', 'post'], 'here', 'there');
 		$this->assertEquals($expected, $routes->getRoutes());
 
-		$_SERVER['REQUEST_METHOD'] = 'POST';
+		Services::request()->setMethod('post');
 		$routes                    = $this->getCollector();
 		$routes->match(['get', 'post'], 'here', 'there');
 		$this->assertEquals($expected, $routes->getRoutes());
@@ -530,7 +530,7 @@ public function testMatchSupportsMultipleMethods()
 
 	public function testGet()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -543,7 +543,7 @@ public function testGet()
 
 	public function testPost()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'POST';
+		Services::request()->setMethod('post');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -556,7 +556,7 @@ public function testPost()
 
 	public function testGetDoesntAllowOtherMethods()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -570,7 +570,7 @@ public function testGetDoesntAllowOtherMethods()
 
 	public function testPut()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'PUT';
+		Services::request()->setMethod('put');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -583,7 +583,7 @@ public function testPut()
 
 	public function testDelete()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'DELETE';
+		Services::request()->setMethod('delete');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -596,7 +596,7 @@ public function testDelete()
 
 	public function testHead()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'HEAD';
+		Services::request()->setMethod('head');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -609,7 +609,7 @@ public function testHead()
 
 	public function testPatch()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'PATCH';
+		Services::request()->setMethod('patch');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -622,7 +622,7 @@ public function testPatch()
 
 	public function testOptions()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'OPTIONS';
+		Services::request()->setMethod('options');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -649,7 +649,7 @@ public function testEnvironmentRestricts()
 	{
 		// ENVIRONMENT should be 'testing'
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$expected = ['here' => '\there'];
@@ -1026,7 +1026,7 @@ public function testRoutesOptions()
 
 	public function testRouteGroupWithFilterSimple()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->group(
@@ -1043,7 +1043,7 @@ public function testRouteGroupWithFilterSimple()
 
 	public function testRouteGroupWithFilterWithParams()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->group(
@@ -1061,7 +1061,7 @@ public function testRouteGroupWithFilterWithParams()
 
 	public function test404OverrideNot()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$this->assertEquals(null, $routes->get404Override());
@@ -1069,7 +1069,7 @@ public function test404OverrideNot()
 
 	public function test404OverrideString()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->set404Override('Explode');
@@ -1078,7 +1078,7 @@ public function test404OverrideString()
 
 	public function test404OverrideCallable()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->set404Override(function () {
@@ -1092,7 +1092,7 @@ public function test404OverrideCallable()
 
 	public function testOffsetParameters()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$routes                    = $this->getCollector();
 
 		$routes->get('users/(:num)', 'users/show/$1', ['offset' => 1]);
@@ -1110,7 +1110,7 @@ public function testRouteToWithSubdomainMatch()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['subdomain' => 'doc', 'as' => 'doc_item']);
@@ -1122,7 +1122,7 @@ public function testRouteToWithSubdomainMismatch()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'dev.example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['subdomain' => 'doc', 'as' => 'doc_item']);
@@ -1134,7 +1134,7 @@ public function testRouteToWithSubdomainNot()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['subdomain' => 'doc', 'as' => 'doc_item']);
@@ -1146,7 +1146,7 @@ public function testRouteToWithGenericSubdomainMatch()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['subdomain' => '*', 'as' => 'doc_item']);
@@ -1158,7 +1158,7 @@ public function testRouteToWithGenericSubdomainMismatch()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'dev.example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['subdomain' => '*', 'as' => 'doc_item']);
@@ -1170,7 +1170,7 @@ public function testRouteToWithGenericSubdomainNot()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['subdomain' => '*', 'as' => 'doc_item']);
@@ -1182,7 +1182,7 @@ public function testRouteToWithoutSubdomainMatch()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['hostname' => 'example.com', 'as' => 'doc_item']);
@@ -1194,7 +1194,7 @@ public function testRouteToWithoutSubdomainMismatch()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'dev.example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['hostname' => 'example.com', 'as' => 'doc_item']);
@@ -1206,7 +1206,7 @@ public function testRouteToWithoutSubdomainNot()
 	{
 		$routes = $this->getCollector();
 
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'example.com';
 
 		$routes->get('i/(:any)', 'App\Controllers\Site\CDoc::item/$1', ['hostname' => 'example.com', 'as' => 'doc_item']);
@@ -1220,7 +1220,7 @@ public function testRouteToWithoutSubdomainNot()
 
 	public function testRouteOverwritingDifferentSubdomains()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.domain.com';
 
 		$routes = $this->getCollector();
@@ -1240,7 +1240,7 @@ public function testRouteOverwritingDifferentSubdomains()
 
 	public function testRouteOverwritingTwoRules()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.domain.com';
 
 		$routes = $this->getCollector();
@@ -1261,7 +1261,7 @@ public function testRouteOverwritingTwoRules()
 
 	public function testRouteOverwritingTwoRulesLastApplies()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.domain.com';
 
 		$routes = $this->getCollector();
@@ -1281,7 +1281,7 @@ public function testRouteOverwritingTwoRulesLastApplies()
 
 	public function testRouteOverwritingMatchingSubdomain()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.domain.com';
 
 		$routes = $this->getCollector();
@@ -1301,7 +1301,7 @@ public function testRouteOverwritingMatchingSubdomain()
 
 	public function testRouteOverwritingMatchingHost()
 	{
-		$_SERVER['REQUEST_METHOD'] = 'GET';
+		Services::request()->setMethod('get');
 		$_SERVER['HTTP_HOST']      = 'doc.domain.com';
 
 		$routes = $this->getCollector();

From a538fcff43ce223b8bbcc0d46b68ba3936ac0cea Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Fri, 17 May 2019 13:02:09 -0400
Subject: [PATCH 5/5] Corrected method on `testResourcesWithWebsafe`

---
 tests/system/Router/RouteCollectionTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/system/Router/RouteCollectionTest.php b/tests/system/Router/RouteCollectionTest.php
index ae3403b9abf3..e090c06c8fe3 100644
--- a/tests/system/Router/RouteCollectionTest.php
+++ b/tests/system/Router/RouteCollectionTest.php
@@ -494,7 +494,7 @@ public function testResourcesWithExcept()
 
 	public function testResourcesWithWebsafe()
 	{
-		Services::request()->setMethod('get');
+		Services::request()->setMethod('post');
 		$routes                    = $this->getCollector();
 
 		$routes->resource('photos', ['websafe' => true]);