From db4882bdc2bd3759b26830784db5839ef69f9ae1 Mon Sep 17 00:00:00 2001 From: MGatner Date: Tue, 19 Jan 2021 15:25:27 +0000 Subject: [PATCH 01/14] Trigger Action on dependency changes --- .github/workflows/test-phpstan.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test-phpstan.yml b/.github/workflows/test-phpstan.yml index 12555fa7205b..dab66768d8e1 100644 --- a/.github/workflows/test-phpstan.yml +++ b/.github/workflows/test-phpstan.yml @@ -10,6 +10,7 @@ on: paths: - 'app/**' - 'system/**' + - composer.json - phpstan.neon.dist push: branches: @@ -18,6 +19,7 @@ on: paths: - 'app/**' - 'system/**' + - composer.json - phpstan.neon.dist jobs: From a4a14528352199de9a043fc7e2f1a411db9a330f Mon Sep 17 00:00:00 2001 From: MGatner Date: Tue, 19 Jan 2021 15:58:40 +0000 Subject: [PATCH 02/14] Specify cookie options for SA --- app/Config/App.php | 2 +- app/Config/Security.php | 2 +- system/CodeIgniter.php | 1 - system/Security/Security.php | 2 +- system/Session/Session.php | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/Config/App.php b/app/Config/App.php index 3b083a48f4ed..e2d56f9f3063 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -303,7 +303,7 @@ class App extends BaseConfig * (empty string) means no SameSite attribute will be set on cookies. If * set to `None`, `$cookieSecure` must also be set. * - * @var string + * @var 'Lax'|'None'|'Strict' */ public $cookieSameSite = 'Lax'; diff --git a/app/Config/Security.php b/app/Config/Security.php index 9dc91bb93d90..2e93ef2208f3 100644 --- a/app/Config/Security.php +++ b/app/Config/Security.php @@ -86,7 +86,7 @@ class Security extends BaseConfig * Defaults to `Lax` as recommended in this link: * @see https://portswigger.net/web-security/csrf/samesite-cookies * - * @var string + * @var 'Lax'|'None'|'Strict' */ public $samesite = 'Lax'; } diff --git a/system/CodeIgniter.php b/system/CodeIgniter.php index 1feb20931991..38e99ca38b26 100644 --- a/system/CodeIgniter.php +++ b/system/CodeIgniter.php @@ -234,7 +234,6 @@ protected function initializeKint() // If we have KINT_DIR it means it's already loaded via composer if (! defined('KINT_DIR')) { - // @phpstan-ignore-next-line spl_autoload_register(function ($class) { $class = explode('\\', $class); diff --git a/system/Security/Security.php b/system/Security/Security.php index 059e0e6bf3e3..ff2a7150a0be 100644 --- a/system/Security/Security.php +++ b/system/Security/Security.php @@ -99,7 +99,7 @@ class Security implements SecurityInterface * Defaults to `Lax` as recommended in this link: * @see https://portswigger.net/web-security/csrf/samesite-cookies * - * @var string + * @var 'Lax'|'None'|'Strict' */ protected $samesite = 'Lax'; diff --git a/system/Session/Session.php b/system/Session/Session.php index 4d29d5c87797..5bcf70f8b9f5 100644 --- a/system/Session/Session.php +++ b/system/Session/Session.php @@ -125,7 +125,7 @@ class Session implements SessionInterface * Cookie SameSite setting as described in RFC6265 * Must be 'None', 'Lax' or 'Strict'. * - * @var string + * @var 'Lax'|'None'|'Strict' */ protected $cookieSameSite = 'Lax'; From 2cf5b276d9e558b704b92f518b1c06929e44b82f Mon Sep 17 00:00:00 2001 From: MGatner Date: Tue, 19 Jan 2021 18:10:09 -0500 Subject: [PATCH 03/14] Update app/Config/App.php Co-authored-by: John Paul E. Balandan, CPA <51850998+paulbalandan@users.noreply.github.com> --- app/Config/App.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Config/App.php b/app/Config/App.php index e2d56f9f3063..dc38b57c7993 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -303,7 +303,8 @@ class App extends BaseConfig * (empty string) means no SameSite attribute will be set on cookies. If * set to `None`, `$cookieSecure` must also be set. * - * @var 'Lax'|'None'|'Strict' + * @var string + * @phpstan-var 'Lax'|'None'|'Strict' */ public $cookieSameSite = 'Lax'; From 19dcda49c770722ffc5632408e494e8d84f37432 Mon Sep 17 00:00:00 2001 From: MGatner Date: Tue, 19 Jan 2021 18:10:47 -0500 Subject: [PATCH 04/14] Update app/Config/Security.php Co-authored-by: John Paul E. Balandan, CPA <51850998+paulbalandan@users.noreply.github.com> --- app/Config/Security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Config/Security.php b/app/Config/Security.php index 2e93ef2208f3..95e90ccf9d21 100644 --- a/app/Config/Security.php +++ b/app/Config/Security.php @@ -86,7 +86,8 @@ class Security extends BaseConfig * Defaults to `Lax` as recommended in this link: * @see https://portswigger.net/web-security/csrf/samesite-cookies * - * @var 'Lax'|'None'|'Strict' + * @var string + * @phpstan-var 'Lax'|'None'|'Strict' */ public $samesite = 'Lax'; } From 384dd9616bb1a59c9dd9a9750bdd8cd5b857e900 Mon Sep 17 00:00:00 2001 From: MGatner Date: Tue, 19 Jan 2021 18:11:14 -0500 Subject: [PATCH 05/14] Update system/Security/Security.php Co-authored-by: John Paul E. Balandan, CPA <51850998+paulbalandan@users.noreply.github.com> --- system/Security/Security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/Security/Security.php b/system/Security/Security.php index ff2a7150a0be..55c6ffa41a94 100644 --- a/system/Security/Security.php +++ b/system/Security/Security.php @@ -99,7 +99,8 @@ class Security implements SecurityInterface * Defaults to `Lax` as recommended in this link: * @see https://portswigger.net/web-security/csrf/samesite-cookies * - * @var 'Lax'|'None'|'Strict' + * @var string + * @phpstan-var 'Lax'|'None'|'Strict' */ protected $samesite = 'Lax'; From 97d1e3b6dfb97d8aeed62c3075d2eb363b63880b Mon Sep 17 00:00:00 2001 From: MGatner Date: Tue, 19 Jan 2021 18:11:38 -0500 Subject: [PATCH 06/14] Update system/Session/Session.php Co-authored-by: John Paul E. Balandan, CPA <51850998+paulbalandan@users.noreply.github.com> --- system/Session/Session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/Session/Session.php b/system/Session/Session.php index 5bcf70f8b9f5..88a6176d72fb 100644 --- a/system/Session/Session.php +++ b/system/Session/Session.php @@ -125,7 +125,8 @@ class Session implements SessionInterface * Cookie SameSite setting as described in RFC6265 * Must be 'None', 'Lax' or 'Strict'. * - * @var 'Lax'|'None'|'Strict' + * @var string + * @phpstan-var 'Lax'|'None'|'Strict' */ protected $cookieSameSite = 'Lax'; From bc244a9cfeda98bfe6d8bfd2f10cf415d835a54e Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:49:15 +0700 Subject: [PATCH 07/14] use * @var string 'Lax'|'None'|'Strict' --- app/Config/App.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Config/App.php b/app/Config/App.php index dc38b57c7993..2b48362180b9 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -304,7 +304,7 @@ class App extends BaseConfig * set to `None`, `$cookieSecure` must also be set. * * @var string - * @phpstan-var 'Lax'|'None'|'Strict' + * @var string 'Lax'|'None'|'Strict' */ public $cookieSameSite = 'Lax'; From 96347f2d399ebfc97c7542edf8b064188176e9fd Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:49:28 +0700 Subject: [PATCH 08/14] use * @var string 'Lax'|'None'|'Strict' --- app/Config/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Config/Security.php b/app/Config/Security.php index 95e90ccf9d21..1b32c44805ab 100644 --- a/app/Config/Security.php +++ b/app/Config/Security.php @@ -87,7 +87,7 @@ class Security extends BaseConfig * @see https://portswigger.net/web-security/csrf/samesite-cookies * * @var string - * @phpstan-var 'Lax'|'None'|'Strict' + * @var string 'Lax'|'None'|'Strict' */ public $samesite = 'Lax'; } From 678eb8dbbb43744f92637af18403e19dfa0723ea Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:49:35 +0700 Subject: [PATCH 09/14] use * @var string 'Lax'|'None'|'Strict' --- system/Security/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Security/Security.php b/system/Security/Security.php index 55c6ffa41a94..d12414fe07eb 100644 --- a/system/Security/Security.php +++ b/system/Security/Security.php @@ -100,7 +100,7 @@ class Security implements SecurityInterface * @see https://portswigger.net/web-security/csrf/samesite-cookies * * @var string - * @phpstan-var 'Lax'|'None'|'Strict' + * @var string 'Lax'|'None'|'Strict' */ protected $samesite = 'Lax'; From 464ed29d9e87340f781d8f52bfc8b1018717ef20 Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:49:42 +0700 Subject: [PATCH 10/14] use * @var string 'Lax'|'None'|'Strict' --- system/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Session/Session.php b/system/Session/Session.php index 88a6176d72fb..bfeba276c0f9 100644 --- a/system/Session/Session.php +++ b/system/Session/Session.php @@ -126,7 +126,7 @@ class Session implements SessionInterface * Must be 'None', 'Lax' or 'Strict'. * * @var string - * @phpstan-var 'Lax'|'None'|'Strict' + * @var string 'Lax'|'None'|'Strict' */ protected $cookieSameSite = 'Lax'; From 3e2ff1d830588d674c27b330e37eaebcdd75c897 Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:49:56 +0700 Subject: [PATCH 11/14] remove @var string as already use * @var string 'Lax'|'None'|'Strict' --- system/Session/Session.php | 1 - 1 file changed, 1 deletion(-) diff --git a/system/Session/Session.php b/system/Session/Session.php index bfeba276c0f9..f0a01526b76a 100644 --- a/system/Session/Session.php +++ b/system/Session/Session.php @@ -125,7 +125,6 @@ class Session implements SessionInterface * Cookie SameSite setting as described in RFC6265 * Must be 'None', 'Lax' or 'Strict'. * - * @var string * @var string 'Lax'|'None'|'Strict' */ protected $cookieSameSite = 'Lax'; From b56c1adcf6bcd3dcc8a551c73b51237a12ac8f36 Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:50:03 +0700 Subject: [PATCH 12/14] remove @var string as already use * @var string 'Lax'|'None'|'Strict' --- system/Security/Security.php | 1 - 1 file changed, 1 deletion(-) diff --git a/system/Security/Security.php b/system/Security/Security.php index d12414fe07eb..5e59928a2842 100644 --- a/system/Security/Security.php +++ b/system/Security/Security.php @@ -99,7 +99,6 @@ class Security implements SecurityInterface * Defaults to `Lax` as recommended in this link: * @see https://portswigger.net/web-security/csrf/samesite-cookies * - * @var string * @var string 'Lax'|'None'|'Strict' */ protected $samesite = 'Lax'; From 5134ef66d68baa250343665514d12256ee7c234a Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:50:10 +0700 Subject: [PATCH 13/14] remove @var string as already use * @var string 'Lax'|'None'|'Strict' --- app/Config/Security.php | 1 - 1 file changed, 1 deletion(-) diff --git a/app/Config/Security.php b/app/Config/Security.php index 1b32c44805ab..50cd8c32cecb 100644 --- a/app/Config/Security.php +++ b/app/Config/Security.php @@ -86,7 +86,6 @@ class Security extends BaseConfig * Defaults to `Lax` as recommended in this link: * @see https://portswigger.net/web-security/csrf/samesite-cookies * - * @var string * @var string 'Lax'|'None'|'Strict' */ public $samesite = 'Lax'; From 34299286d44e78504ea2d7f0b7155d02fbe68fb2 Mon Sep 17 00:00:00 2001 From: Abdul Malik Ikhsan Date: Fri, 22 Jan 2021 12:50:18 +0700 Subject: [PATCH 14/14] remove @var string as already use * @var string 'Lax'|'None'|'Strict' --- app/Config/App.php | 1 - 1 file changed, 1 deletion(-) diff --git a/app/Config/App.php b/app/Config/App.php index 2b48362180b9..933b5c8ac744 100644 --- a/app/Config/App.php +++ b/app/Config/App.php @@ -303,7 +303,6 @@ class App extends BaseConfig * (empty string) means no SameSite attribute will be set on cookies. If * set to `None`, `$cookieSecure` must also be set. * - * @var string * @var string 'Lax'|'None'|'Strict' */ public $cookieSameSite = 'Lax';