codeigniter4 · kenjis · Nov 25, 2021 · Nov 21, 2021
diff --git a/app/Config/Mimes.php b/app/Config/Mimes.php
@@ -509,7 +509,7 @@ public static function guessExtensionFromType(string $type, ?string $proposedExt
     {
         $type = trim(strtolower($type), '. ');
 
-        $proposedExtension = trim(strtolower($proposedExtension));
+        $proposedExtension = trim(strtolower($proposedExtension ?? ''));
 
         if ($proposedExtension !== '') {
             if (array_key_exists($proposedExtension, static::$mimes) && in_array($type, is_string(static::$mimes[$proposedExtension]) ? [static::$mimes[$proposedExtension]] : static::$mimes[$proposedExtension], true)) {

diff --git a/system/CLI/CLI.php b/system/CLI/CLI.php
@@ -865,10 +865,12 @@ public static function getOptionString(bool $useLongOpts = false, bool $trim = f
                 $out .= "-{$name} ";
             }
 
-            // If there's a space, we need to group
-            // so it will pass correctly.
+            if ($value === null) {
+                continue;
+            }
+
             if (mb_strpos($value, ' ') !== false) {
-                $out .= '"' . $value . '" ';
+                $out .= "\"{$value}\" ";
             } elseif ($value !== null) {
                 $out .= "{$value} ";
             }

diff --git a/system/Database/BaseUtils.php b/system/Database/BaseUtils.php
@@ -200,7 +200,7 @@ public function repairTable(string $tableName)
     public function getCSVFromResult(ResultInterface $query, string $delim = ',', string $newline = "\n", string $enclosure = '"')
     {
         $out = '';
-        // First generate the headings from the table column names
+
         foreach ($query->getFieldNames() as $name) {
             $out .= $enclosure . str_replace($enclosure, $enclosure . $enclosure, $name) . $enclosure . $delim;
         }
@@ -212,7 +212,7 @@ public function getCSVFromResult(ResultInterface $query, string $delim = ',', st
             $line = [];
 
             foreach ($row as $item) {
-                $line[] = $enclosure . str_replace($enclosure, $enclosure . $enclosure, $item) . $enclosure;
+                $line[] = $enclosure . str_replace($enclosure, $enclosure . $enclosure, $item ?? '') . $enclosure;
             }
 
             $out .= implode($delim, $line) . $newline;

diff --git a/system/Database/Forge.php b/system/Database/Forge.php
@@ -462,7 +462,7 @@ public function dropKey(string $table, string $keyName)
     public function dropForeignKey(string $table, string $foreignName)
     {
         $sql = sprintf(
-            $this->dropConstraintStr,
+            (string) $this->dropConstraintStr,
             $this->db->escapeIdentifiers($this->db->DBPrefix . $table),
             $this->db->escapeIdentifiers($this->db->DBPrefix . $foreignName)
         );

diff --git a/system/Database/Postgre/Connection.php b/system/Database/Postgre/Connection.php
@@ -433,8 +433,11 @@ protected function buildDSN()
             $this->DSN = "host={$this->hostname} ";
         }
 
-        if (! empty($this->port) && ctype_digit($this->port)) {
-            $this->DSN .= "port={$this->port} ";
+        // ctype_digit only accepts strings
+        $port = (string) $this->port;
+
+        if ($port !== '' && ctype_digit($port)) {
+            $this->DSN .= "port={$port} ";
         }
 
         if ($this->username !== '') {

diff --git a/system/Filters/Filters.php b/system/Filters/Filters.php
@@ -397,13 +397,10 @@ protected function processGlobals(?string $uri = null)
             return;
         }
 
-        $uri = strtolower(trim($uri, '/ '));
+        $uri = strtolower(trim($uri ?? '', '/ '));
 
         // Add any global filters, unless they are excluded for this URI
-        $sets = [
-            'before',
-            'after',
-        ];
+        $sets = ['before', 'after'];
 
         foreach ($sets as $set) {
             if (isset($this->config->globals[$set])) {

diff --git a/system/HTTP/CLIRequest.php b/system/HTTP/CLIRequest.php
@@ -139,11 +139,13 @@ public function getOptionString(bool $useLongOpts = false): string
                 $out .= "-{$name} ";
             }
 
-            // If there's a space, we need to group
-            // so it will pass correctly.
+            if ($value === null) {
+                continue;
+            }
+
             if (mb_strpos($value, ' ') !== false) {
                 $out .= '"' . $value . '" ';
-            } elseif ($value !== null) {
+            } else {
                 $out .= "{$value} ";
             }
         }

diff --git a/system/HTTP/CURLRequest.php b/system/HTTP/CURLRequest.php
@@ -424,7 +424,7 @@ protected function applyMethod(string $method, array $curlOptions): array
         $this->method                       = $method;
         $curlOptions[CURLOPT_CUSTOMREQUEST] = $method;
 
-        $size = strlen($this->body);
+        $size = strlen($this->body ?? '');
 
         // Have content?
         if ($size > 0) {

diff --git a/system/HTTP/ResponseTrait.php b/system/HTTP/ResponseTrait.php
@@ -435,7 +435,7 @@ public function send()
         if ($this->CSPEnabled === true) {
             $this->CSP->finalize($this);
         } else {
-            $this->body = str_replace(['{csp-style-nonce}', '{csp-script-nonce}'], '', $this->body);
+            $this->body = str_replace(['{csp-style-nonce}', '{csp-script-nonce}'], '', $this->body ?? '');
         }
 
         $this->sendHeaders();

diff --git a/system/I18n/Time.php b/system/I18n/Time.php
@@ -75,25 +75,23 @@ class Time extends DateTime
      */
     public function __construct(?string $time = null, $timezone = null, ?string $locale = null)
     {
-        // If no locale was provided, grab it from Locale (set by IncomingRequest for web requests)
-        $this->locale = ! empty($locale) ? $locale : Locale::getDefault();
+        $this->locale = $locale ?: Locale::getDefault();
 
-        // If a test instance has been provided, use it instead.
-        if ($time === null && static::$testNow instanceof self) {
-            if (empty($timezone)) {
-                $timezone = static::$testNow->getTimezone();
-            }
+        $time = $time ?? '';
 
-            $time = static::$testNow->toDateTimeString();
+        // If a test instance has been provided, use it instead.
+        if ($time === '' && static::$testNow instanceof self) {
+            $timezone = $timezone ?: static::$testNow->getTimezone();
+            $time     = (string) static::$testNow->toDateTimeString();
         }
 
-        $timezone       = ! empty($timezone) ? $timezone : date_default_timezone_get();
+        $timezone       = $timezone ?: date_default_timezone_get();
         $this->timezone = $timezone instanceof DateTimeZone ? $timezone : new DateTimeZone($timezone);
 
         // If the time string was a relative string (i.e. 'next Tuesday')
         // then we need to adjust the time going in so that we have a current
         // timezone to work with.
-        if (! empty($time) && (is_string($time) && static::hasRelativeKeywords($time))) {
+        if ($time !== '' && static::hasRelativeKeywords($time)) {
             $instance = new DateTime('now', $this->timezone);
             $instance->modify($time);
             $time = $instance->format('Y-m-d H:i:s');

diff --git a/system/Security/Security.php b/system/Security/Security.php
@@ -288,7 +288,7 @@ public function verify(RequestInterface $request)
             throw SecurityException::forDisallowedAction();
         }
 
-        $json = json_decode($request->getBody());
+        $json = json_decode($request->getBody() ?? '');
 
         if (isset($_POST[$this->tokenName])) {
             // We kill this since we're done and we don't want to pollute the POST array.
@@ -323,9 +323,10 @@ private function getPostedToken(RequestInterface $request): ?string
         if ($request->hasHeader($this->headerName) && ! empty($request->header($this->headerName)->getValue())) {
             $tokenName = $request->header($this->headerName)->getValue();
         } else {
-            $json = json_decode($request->getBody());
+            $body = (string) $request->getBody();
+            $json = json_decode($body);
 
-            if (! empty($request->getBody()) && ! empty($json) && json_last_error() === JSON_ERROR_NONE) {
+            if ($body !== '' && ! empty($json) && json_last_error() === JSON_ERROR_NONE) {
                 $tokenName = $json->{$this->tokenName} ?? null;
             } else {
                 $tokenName = null;

diff --git a/system/Validation/FormatRules.php b/system/Validation/FormatRules.php
@@ -23,7 +23,7 @@ class FormatRules
      */
     public function alpha(?string $str = null): bool
     {
-        return ctype_alpha($str);
+        return ctype_alpha($str ?? '');
     }
 
     /**
@@ -74,7 +74,7 @@ public function alpha_numeric_punct($str)
      */
     public function alpha_numeric(?string $str = null): bool
     {
-        return ctype_alnum($str);
+        return ctype_alnum($str ?? '');
     }
 
     /**
@@ -83,7 +83,7 @@ public function alpha_numeric(?string $str = null): bool
     public function alpha_numeric_space(?string $str = null): bool
     {
         // @see https://regex101.com/r/0AZDME/1
-        return (bool) preg_match('/\A[A-Z0-9 ]+\z/i', $str);
+        return (bool) preg_match('/\A[A-Z0-9 ]+\z/i', $str ?? '');
     }
 
     /**
@@ -105,39 +105,39 @@ public function string($str = null): bool
     public function decimal(?string $str = null): bool
     {
         // @see https://regex101.com/r/HULifl/2/
-        return (bool) preg_match('/\A[-+]?\d{0,}\.?\d+\z/', $str);
+        return (bool) preg_match('/\A[-+]?\d{0,}\.?\d+\z/', $str ?? '');
     }
 
     /**
      * String of hexidecimal characters
      */
     public function hex(?string $str = null): bool
     {
-        return ctype_xdigit($str);
+        return ctype_xdigit($str ?? '');
     }
 
     /**
      * Integer
      */
     public function integer(?string $str = null): bool
     {
-        return (bool) preg_match('/\A[\-+]?\d+\z/', $str);
+        return (bool) preg_match('/\A[\-+]?\d+\z/', $str ?? '');
     }
 
     /**
      * Is a Natural number  (0,1,2,3, etc.)
      */
     public function is_natural(?string $str = null): bool
     {
-        return ctype_digit($str);
+        return ctype_digit($str ?? '');
     }
 
     /**
      * Is a Natural number, but not a zero  (1,2,3, etc.)
      */
     public function is_natural_no_zero(?string $str = null): bool
     {
-        return $str !== '0' && ctype_digit($str);
+        return $str !== '0' && ctype_digit($str ?? '');
     }
 
     /**
@@ -146,7 +146,7 @@ public function is_natural_no_zero(?string $str = null): bool
     public function numeric(?string $str = null): bool
     {
         // @see https://regex101.com/r/bb9wtr/2
-        return (bool) preg_match('/\A[\-+]?\d*\.?\d+\z/', $str);
+        return (bool) preg_match('/\A[\-+]?\d*\.?\d+\z/', $str ?? '');
     }
 
     /**
@@ -158,7 +158,7 @@ public function regex_match(?string $str, string $pattern): bool
             $pattern = "/{$pattern}/";
         }
 
-        return (bool) preg_match($pattern, $str);
+        return (bool) preg_match($pattern, $str ?? '');
     }
 
     /**
@@ -171,7 +171,7 @@ public function regex_match(?string $str, string $pattern): bool
      */
     public function timezone(?string $str = null): bool
     {
-        return in_array($str, timezone_identifiers_list(), true);
+        return in_array($str ?? '', timezone_identifiers_list(), true);
     }
 
     /**
@@ -184,6 +184,10 @@ public function timezone(?string $str = null): bool
      */
     public function valid_base64(?string $str = null): bool
     {
+        if ($str === null) {
+            return false;
+        }
+
         return base64_encode(base64_decode($str, true)) === $str;
     }
 
@@ -194,7 +198,7 @@ public function valid_base64(?string $str = null): bool
      */
     public function valid_json(?string $str = null): bool
     {
-        json_decode($str);
+        json_decode($str ?? '');
 
         return json_last_error() === JSON_ERROR_NONE;
     }
@@ -207,7 +211,7 @@ public function valid_json(?string $str = null): bool
     public function valid_email(?string $str = null): bool
     {
         // @see https://regex101.com/r/wlJG1t/1/
-        if (function_exists('idn_to_ascii') && defined('INTL_IDNA_VARIANT_UTS46') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches)) {
+        if (function_exists('idn_to_ascii') && defined('INTL_IDNA_VARIANT_UTS46') && preg_match('#\A([^@]+)@(.+)\z#', $str ?? '', $matches)) {
             $str = $matches[1] . '@' . idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46);
         }
 
@@ -224,8 +228,9 @@ public function valid_email(?string $str = null): bool
      */
     public function valid_emails(?string $str = null): bool
     {
-        foreach (explode(',', $str) as $email) {
+        foreach (explode(',', $str ?? '') as $email) {
             $email = trim($email);
+
             if ($email === '') {
                 return false;
             }
@@ -241,16 +246,15 @@ public function valid_emails(?string $str = null): bool
     /**
      * Validate an IP address (human readable format or binary string - inet_pton)
      *
-     * @param string $ip    IP Address
-     * @param string $which IP protocol: 'ipv4' or 'ipv6'
+     * @param string|null $which IP protocol: 'ipv4' or 'ipv6'
      */
     public function valid_ip(?string $ip = null, ?string $which = null): bool
     {
         if (empty($ip)) {
             return false;
         }
 
-        switch (strtolower($which)) {
+        switch (strtolower($which ?? '')) {
             case 'ipv4':
                 $which = FILTER_FLAG_IPV4;
                 break;
@@ -260,20 +264,18 @@ public function valid_ip(?string $ip = null, ?string $which = null): bool
                 break;
 
             default:
-                $which = null;
-                break;
+                $which = 0;
         }
 
-        return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which) || (! ctype_print($ip) && (bool) filter_var(inet_ntop($ip), FILTER_VALIDATE_IP, $which));
+        return filter_var($ip, FILTER_VALIDATE_IP, $which) !== false
+            || (! ctype_print($ip) && filter_var(inet_ntop($ip), FILTER_VALIDATE_IP, $which) !== false);
     }
 
     /**
      * Checks a string to ensure it is (loosely) a URL.
      *
      * Warning: this rule will pass basic strings like
      * "banana"; use valid_url_strict for a stricter rule.
-     *
-     * @param string $str
      */
     public function valid_url(?string $str = null): bool
     {
@@ -317,18 +319,16 @@ public function valid_url_strict(?string $str = null, ?string $validSchemes = nu
 
     /**
      * Checks for a valid date and matches a given date format
-     *
-     * @param string $str
-     * @param string $format
      */
     public function valid_date(?string $str = null, ?string $format = null): bool
     {
         if (empty($format)) {
-            return (bool) strtotime($str);
+            return strtotime($str) !== false;
         }
 
-        $date = DateTime::createFromFormat($format, $str);
+        $date   = DateTime::createFromFormat($format, $str);
+        $errors = DateTime::getLastErrors();
 
-        return (bool) $date && DateTime::getLastErrors()['warning_count'] === 0 && DateTime::getLastErrors()['error_count'] === 0;
+        return $date !== false && $errors !== false && $errors['warning_count'] === 0 && $errors['error_count'] === 0;
     }
 }