From 91a9670e22594b64710348bdf44aa2e84b9fedc6 Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Tue, 25 May 2021 10:40:22 +0000
Subject: [PATCH] refactor: update app starter files to CI4 4.1.2

---
 app/Config/App.php                        | 168 +---------------------
 app/Config/Autoload.php                   |  18 +++
 app/Config/ContentSecurityPolicy.php      |  21 ++-
 app/Config/Events.php                     |   2 +-
 app/Config/Exceptions.php                 |  12 ++
 app/Config/Mimes.php                      |  34 ++---
 app/Config/Modules.php                    |   2 +-
 app/Config/Security.php                   |  16 ---
 app/Views/errors/html/debug.css           |  63 +++++---
 app/Views/errors/html/error_exception.php | 118 ++++++---------
 env                                       |  42 +++---
 public/.htaccess                          |  44 ++++--
 public/index.php                          |  19 +--
 spark                                     |  48 +++----
 14 files changed, 226 insertions(+), 381 deletions(-)

diff --git a/app/Config/App.php b/app/Config/App.php
index fdfb92fb..82e27e39 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -34,7 +34,7 @@ class App extends BaseConfig
      *
      *    http://cdn.example.com/
      */
-    public string $mediaBaseURL = 'http://127.0.0.2:8080/';
+    public string $mediaBaseURL = 'http://localhost:8080/';
 
     /**
      * --------------------------------------------------------------------------
@@ -216,87 +216,6 @@ class App extends BaseConfig
      */
     public bool $sessionRegenerateDestroy = false;
 
-    /**
-     * --------------------------------------------------------------------------
-     * Cookie Prefix
-     * --------------------------------------------------------------------------
-     *
-     * Set a cookie name prefix if you need to avoid collisions.
-     *
-     * @deprecated use Config\Cookie::$prefix property instead.
-     */
-    public string $cookiePrefix = '';
-
-    /**
-     * --------------------------------------------------------------------------
-     * Cookie Domain
-     * --------------------------------------------------------------------------
-     *
-     * Set to `.your-domain.com` for site-wide cookies.
-     *
-     * @deprecated use Config\Cookie::$domain property instead.
-     */
-    public string $cookieDomain = '';
-
-    /**
-     * --------------------------------------------------------------------------
-     * Cookie Path
-     * --------------------------------------------------------------------------
-     *
-     * Typically will be a forward slash.
-     *
-     * @deprecated use Config\Cookie::$path property instead.
-     */
-    public string $cookiePath = '/';
-
-    /**
-     * --------------------------------------------------------------------------
-     * Cookie Secure
-     * --------------------------------------------------------------------------
-     *
-     * Cookie will only be set if a secure HTTPS connection exists.
-     *
-     * @deprecated use Config\Cookie::$secure property instead.
-     */
-    public bool $cookieSecure = false;
-
-    /**
-     * --------------------------------------------------------------------------
-     * Cookie HttpOnly
-     * --------------------------------------------------------------------------
-     *
-     * Cookie will only be accessible via HTTP(S) (no JavaScript).
-     *
-     * @var boolean
-     *
-     * @deprecated use Config\Cookie::$httponly property instead.
-     */
-    public bool $cookieHTTPOnly = true;
-
-    /**
-     * --------------------------------------------------------------------------
-     * Cookie SameSite
-     * --------------------------------------------------------------------------
-     *
-     * Configure cookie SameSite setting. Allowed values are:
-     * - None
-     * - Lax
-     * - Strict
-     * - ''
-     *
-     * Alternatively, you can use the constant names:
-     * - `Cookie::SAMESITE_NONE`
-     * - `Cookie::SAMESITE_LAX`
-     * - `Cookie::SAMESITE_STRICT`
-     *
-     * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
-     * (empty string) means default SameSite attribute set by browsers (`Lax`)
-     * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
-     *
-     * @deprecated use Config\Cookie::$samesite property instead.
-     */
-    public string $cookieSameSite = 'Lax';
-
     /**
      * --------------------------------------------------------------------------
      * Reverse Proxy IPs
@@ -317,91 +236,6 @@ class App extends BaseConfig
      */
     public string | array $proxyIPs = '';
 
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF Token Name
-     * --------------------------------------------------------------------------
-     *
-     * The token name.
-     *
-     * @deprecated Use `Config\Security` $tokenName property instead of using this property.
-     */
-    public string $CSRFTokenName = 'csrf_test_name';
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF Header Name
-     * --------------------------------------------------------------------------
-     *
-     * The header name.
-     *
-     * @deprecated Use `Config\Security` $headerName property instead of using this property.
-     */
-    public string $CSRFHeaderName = 'X-CSRF-TOKEN';
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF Cookie Name
-     * --------------------------------------------------------------------------
-     *
-     * The cookie name.
-     *
-     * @deprecated Use `Config\Security` $cookieName property instead of using this property.
-     */
-    public string $CSRFCookieName = 'csrf_cookie_name';
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF Expire
-     * --------------------------------------------------------------------------
-     *
-     * The number in seconds the token should expire.
-     *
-     * @deprecated Use `Config\Security` $expire property instead of using this property.
-     */
-    public int $CSRFExpire = 7200;
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF Regenerate
-     * --------------------------------------------------------------------------
-     *
-     * Regenerate token on every submission?
-     *
-     * @deprecated Use `Config\Security` $regenerate property instead of using this property.
-     */
-    public bool $CSRFRegenerate = true;
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF Redirect
-     * --------------------------------------------------------------------------
-     *
-     * Redirect to previous page with error on failure?
-     *
-     * @deprecated Use `Config\Security` $redirect property instead of using this property.
-     */
-    public bool $CSRFRedirect = true;
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF SameSite
-     * --------------------------------------------------------------------------
-     *
-     * Setting for CSRF SameSite cookie token. Allowed values are:
-     * - None
-     * - Lax
-     * - Strict
-     * - ''
-     *
-     * Defaults to `Lax` as recommended in this link:
-     *
-     * @see https://portswigger.net/web-security/csrf/samesite-cookies
-     *
-     * @deprecated Use `Config\Security` $samesite property instead of using this property.
-     */
-    public string $CSRFSameSite = 'Lax';
-
     /**
      * --------------------------------------------------------------------------
      * Content Security Policy
diff --git a/app/Config/Autoload.php b/app/Config/Autoload.php
index 209af318..b74370e8 100644
--- a/app/Config/Autoload.php
+++ b/app/Config/Autoload.php
@@ -65,4 +65,22 @@ class Autoload extends AutoloadConfig
      * @var array<string, string>
      */
     public $classmap = [];
+
+    /**
+     * -------------------------------------------------------------------
+     * Files
+     * -------------------------------------------------------------------
+     * The files array provides a list of paths to __non-class__ files
+     * that will be autoloaded. This can be useful for bootstrap operations
+     * or for loading functions.
+     *
+     * Prototype:
+     * ```
+     *	  $files = [
+     *	 	   '/path/to/my/file.php',
+     *    ];
+     * ```
+     * @var array<int, string>
+     */
+    public $files = [];
 }
diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
index c4d17653..ae5374e2 100644
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -35,7 +35,7 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var string|string[]|null
      */
-    public string | array | null $defaultSrc;
+    public string | array | null $defaultSrc = null;
 
     /**
      * Lists allowed scripts' URLs.
@@ -65,7 +65,7 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var string|string[]|null
      */
-    public string | array | null $baseURI;
+    public string | array | null $baseURI = null;
 
     /**
      * Lists the URLs for workers and embedded frame contents
@@ -102,14 +102,21 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var string|string[]|null
      */
-    public string | array | null $frameAncestors;
+    public string | array | null $frameAncestors = null;
+
+    /**
+     * The frame-src directive restricts the URLs which may be loaded into nested browsing contexts.
+     *
+     * @var string[]|string|null
+     */
+    public string | array | null $frameSrc = null;
 
     /**
      * Restricts the origins allowed to deliver video and audio.
      *
      * @var string|string[]|null
      */
-    public string | array | null $mediaSrc;
+    public string | array | null $mediaSrc = null;
 
     /**
      * Allows control over Flash and other plugins.
@@ -121,19 +128,19 @@ class ContentSecurityPolicy extends BaseConfig
     /**
      * @var string|string[]|null
      */
-    public string | array | null $manifestSrc;
+    public string | array | null $manifestSrc = null;
 
     /**
      * Limits the kinds of plugins a page may invoke.
      *
      * @var string|string[]|null
      */
-    public string | array | null $pluginTypes;
+    public string | array | null $pluginTypes = null;
 
     /**
      * List of actions allowed.
      *
      * @var string|string[]|null
      */
-    public string | array | null $sandbox;
+    public string | array | null $sandbox = null;
 }
diff --git a/app/Config/Events.php b/app/Config/Events.php
index 47224b1e..59cc1e6c 100644
--- a/app/Config/Events.php
+++ b/app/Config/Events.php
@@ -49,7 +49,7 @@ Events::on('pre_system', function () {
      *
      * @phpstan-ignore-next-line
      */
-    if (CI_DEBUG) {
+    if (CI_DEBUG && ! is_cli()) {
         Events::on('DBQuery', 'CodeIgniter\Debug\Toolbar\Collectors\Database::collect',);
         Services::toolbar()->respond();
     }
diff --git a/app/Config/Exceptions.php b/app/Config/Exceptions.php
index b11e9b3f..f264eee9 100644
--- a/app/Config/Exceptions.php
+++ b/app/Config/Exceptions.php
@@ -41,4 +41,16 @@ class Exceptions extends BaseConfig
      * Default: APPPATH.'Views/errors'
      */
     public string $errorViewPath = APPPATH . 'Views/errors';
+
+    /**
+     * --------------------------------------------------------------------------
+     * HIDE FROM DEBUG TRACE
+     * --------------------------------------------------------------------------
+     * Any data that you would like to hide from the debug trace.
+     * In order to specify 2 levels, use "/" to separate.
+     * ex. ['server', 'setup/password', 'secret_token']
+     *
+     * @var string[]
+     */
+    public array $sensitiveDataInTrace = [];
 }
diff --git a/app/Config/Mimes.php b/app/Config/Mimes.php
index 2229f039..759ccac6 100644
--- a/app/Config/Mimes.php
+++ b/app/Config/Mimes.php
@@ -207,6 +207,8 @@ class Mimes
             'application/msword',
             'application/x-zip',
         ],
+        'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
+        'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
         'word' => ['application/msword', 'application/octet-stream'],
         'xl' => 'application/excel',
         'eml' => 'message/rfc822',
@@ -311,32 +313,26 @@ class Mimes
 
         $proposedExtension = trim(strtolower($proposedExtension));
 
-        if ($proposedExtension === '') {
+        if ($proposedExtension !== '') {
+            if (array_key_exists($proposedExtension, static::$mimes) && in_array(
+                $type,
+                is_string(static::$mimes[$proposedExtension]) ? [
+                    static::$mimes[$proposedExtension],
+                ] : static::$mimes[$proposedExtension],
+                true
+            )) {
+                // The detected mime type matches with the proposed extension.
+                return $proposedExtension;
+            }
+
             // An extension was proposed, but the media type does not match the mime type list.
             return null;
         }
 
-        if (
-            array_key_exists($proposedExtension, static::$mimes) &&
-            in_array(
-                $type,
-                is_string(static::$mimes[$proposedExtension])
-                    ? [static::$mimes[$proposedExtension]]
-                    : static::$mimes[$proposedExtension],
-                true,
-            )
-        ) {
-            // The detected mime type matches with the proposed extension.
-            return $proposedExtension;
-        }
-
         // Reverse check the mime type list if no extension was proposed.
         // This search is order sensitive!
         foreach (static::$mimes as $ext => $types) {
-            if (
-                (is_string($types) && $types === $type) ||
-                (is_array($types) && in_array($type, $types, true))
-            ) {
+            if ((is_string($types) && $types === $type) || (is_array($types) && in_array($type, $types, true))) {
                 return $ext;
             }
         }
diff --git a/app/Config/Modules.php b/app/Config/Modules.php
index c87ce571..5fe2b53a 100644
--- a/app/Config/Modules.php
+++ b/app/Config/Modules.php
@@ -12,7 +12,7 @@ class Modules extends BaseModules
      * --------------------------------------------------------------------------
      *
      * If true, then auto-discovery will happen across all elements listed in
-     * $activeExplorers below. If false, no auto-discovery will happen at all,
+     * $aliases below. If false, no auto-discovery will happen at all,
      * giving a slight performance boost.
      *
      * @var boolean
diff --git a/app/Config/Security.php b/app/Config/Security.php
index c5b533f7..d0f31414 100644
--- a/app/Config/Security.php
+++ b/app/Config/Security.php
@@ -61,20 +61,4 @@ class Security extends BaseConfig
      * Redirect to previous page with error on failure.
      */
     public bool $redirect = true;
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF SameSite
-     * --------------------------------------------------------------------------
-     *
-     * Setting for CSRF SameSite cookie token.
-     *
-     * Allowed values are: None - Lax - Strict - ''.
-     *
-     * Defaults to `Lax` as recommended in this link:
-     * @see https://portswigger.net/web-security/csrf/samesite-cookies
-     *
-     * @var string 'Lax'|'None'|'Strict'
-     */
-    public string $samesite = 'Lax';
 }
diff --git a/app/Views/errors/html/debug.css b/app/Views/errors/html/debug.css
index ec6dc81f..2ef43583 100644
--- a/app/Views/errors/html/debug.css
+++ b/app/Views/errors/html/debug.css
@@ -1,8 +1,19 @@
+:root {
+  --main-bg-color: #fff;
+  --main-text-color: #555;
+  --dark-text-color: #222;
+  --light-text-color: #c7c7c7;
+  --brand-primary-color: #e06e3f;
+  --light-bg-color: #ededee;
+  --dark-bg-color: #404040;
+}
+
 body {
   height: 100%;
-  background: #fafafa;
-  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
-  color: #777;
+  background: var(--main-bg-color);
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial,
+    sans-serif, "Apple Color Emoji", "Segoe UI Emoji";
+  color: var(--main-text-color);
   font-weight: 300;
   margin: 0;
   padding: 0;
@@ -11,7 +22,7 @@ h1 {
   font-weight: lighter;
   letter-spacing: 0.8;
   font-size: 3rem;
-  color: #222;
+  color: var(--dark-text-color);
   margin: 0;
 }
 h1.headline {
@@ -30,11 +41,15 @@ p.lead {
   padding: 1rem;
 }
 .header {
-  background: #85271f;
-  color: #fff;
+  background: var(--light-bg-color);
+  color: var(--dark-text-color);
+}
+.header .container {
+  padding: 1rem 1.75rem 1.75rem 1.75rem;
 }
 .header h1 {
-  color: #fff;
+  font-size: 2.5rem;
+  font-weight: 500;
 }
 .header p {
   font-size: 1.2rem;
@@ -42,7 +57,7 @@ p.lead {
   line-height: 2.5;
 }
 .header a {
-  color: rgba(255, 255, 255, 0.5);
+  color: var(--brand-primary-color);
   margin-left: 2rem;
   display: none;
   text-decoration: none;
@@ -51,6 +66,10 @@ p.lead {
   display: inline;
 }
 
+.footer {
+  background: var(--dark-bg-color);
+  color: var(--light-text-color);
+}
 .footer .container {
   border-top: 1px solid #e7e7e7;
   margin-top: 1rem;
@@ -58,11 +77,12 @@ p.lead {
 }
 
 .source {
-  background: #333;
-  color: #c7c7c7;
+  background: #343434;
+  color: var(--light-text-color);
   padding: 0.5em 1em;
   border-radius: 5px;
   font-family: Menlo, Monaco, Consolas, "Courier New", monospace;
+  font-size: 0.85rem;
   margin: 0;
   overflow-x: scroll;
 }
@@ -74,8 +94,8 @@ p.lead {
 }
 .source .line .highlight {
   display: block;
-  background: #555;
-  color: #fff;
+  background: var(--dark-text-color);
+  color: var(--light-text-color);
 }
 .source span.highlight .number {
   color: #fff;
@@ -96,24 +116,25 @@ p.lead {
   padding: 0rem 1rem;
   line-height: 2.7;
   text-decoration: none;
-  color: #a7a7a7;
-  background: #f1f1f1;
-  border: 1px solid #e7e7e7;
+  color: var(--dark-text-color);
+  background: var(--light-bg-color);
+  border: 1px solid rgba(0, 0, 0, 0.15);
   border-bottom: 0;
   border-top-left-radius: 5px;
   border-top-right-radius: 5px;
   display: inline-block;
 }
 .tabs a:hover {
-  background: #e7e7e7;
-  border-color: #e1e1e1;
+  background: var(--light-bg-color);
+  border-color: rgba(0, 0, 0, 0.15);
 }
 .tabs a.active {
-  background: #fff;
+  background: var(--main-bg-color);
+  color: var(--main-text-color);
 }
 .tab-content {
-  background: #fff;
-  border: 1px solid #efefef;
+  background: var(--main-bg-color);
+  border: 1px solid rgba(0, 0, 0, 0.15);
 }
 .content {
   padding: 1rem;
@@ -167,7 +188,7 @@ td pre {
   font-weight: bold;
 }
 .trace td {
-  background: #e7e7e7;
+  background: var(--light-bg-color);
   padding: 0 1rem;
 }
 .trace td pre {
diff --git a/app/Views/errors/html/error_exception.php b/app/Views/errors/html/error_exception.php
index 815f7990..845953b1 100644
--- a/app/Views/errors/html/error_exception.php
+++ b/app/Views/errors/html/error_exception.php
@@ -1,10 +1,9 @@
 <?php
 
-use Config\Services;
 use CodeIgniter\CodeIgniter;
+use Config\Services;
 
-$errorId = uniqid('error', true);
-?>
+$errorId = uniqid('error', true); ?>
 <!doctype html>
 <html>
 
@@ -14,11 +13,7 @@ $errorId = uniqid('error', true);
 
 	<title><?= esc($title) ?></title>
 	<style type="text/css">
-		<?= preg_replace(
-      '~[\r\n\t ]+~',
-      ' ',
-      file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'debug.css'),
-  ) ?>
+		<?= preg_replace('~[\r\n\t ]+~', ' ', file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'debug.css')) ?>
 	</style>
 
 	<script type="text/javascript">
@@ -31,28 +26,21 @@ $errorId = uniqid('error', true);
 	<!-- Header -->
 	<div class="header">
 		<div class="container">
-			<h1><?= esc($title),
-       esc($exception->getCode() ? ' #' . $exception->getCode() : '') ?></h1>
+			<h1><?= esc($title), esc($exception->getCode() ? ' #' . $exception->getCode() : '') ?></h1>
 			<p>
-				<?= esc($exception->getMessage()) ?>
-				<a href="https://www.google.com/search?q=<?= urlencode(
-        $title .
-            ' ' .
-            preg_replace('~\'.*\'|".*"~Us', '', $exception->getMessage()),
-    ) ?>" rel="noreferrer" target="_blank">search &rarr;</a>
+				<?= nl2br(esc($exception->getMessage())) ?>
+				<a href="https://www.duckduckgo.com/?q=<?= urlencode($title . ' ' . preg_replace('~\'.*\'|".*"~Us', '', $exception->getMessage())) ?>" rel="noreferrer" target="_blank">search &rarr;</a>
 			</p>
 		</div>
 	</div>
 
 	<!-- Source -->
 	<div class="container">
-		<p><b><?= esc(static::cleanPath($file, $line)) ?></b> at line <b><?= esc(
-    $line,
-) ?></b></p>
+		<p><b><?= esc(static::cleanPath($file, $line)) ?></b> at line <b><?= esc($line) ?></b></p>
 
 		<?php if (is_file($file)): ?>
 			<div class="source">
-				<?= static::highlightFile($file, $line, 15) ?>
+				<?= static::highlightFile($file, $line, 15); ?>
 			</div>
 		<?php endif; ?>
 	</div>
@@ -66,7 +54,6 @@ $errorId = uniqid('error', true);
 			<li><a href="#response">Response</a></li>
 			<li><a href="#files">Files</a></li>
 			<li><a href="#memory">Memory</a></li>
-			</li>
 		</ul>
 
 		<div class="tab-content">
@@ -81,56 +68,41 @@ $errorId = uniqid('error', true);
 							<p>
 								<!-- Trace info -->
 								<?php if (isset($row['file']) && is_file($row['file'])): ?>
-									<?php if (
-             isset($row['function']) &&
-             in_array(
-                 $row['function'],
-                 ['include', 'include_once', 'require', 'require_once'],
-                 true,
-             )
-         ) {
-             echo esc($row['function'] . ' ' . static::cleanPath($row['file']));
-         } else {
-             echo esc(static::cleanPath($row['file']) . ' : ' . $row['line']);
-         } ?>
+									<?php
+									if (isset($row['function']) && in_array($row['function'], ['include', 'include_once', 'require', 'require_once'], true)) {
+										echo esc($row['function'] . ' ' . static::cleanPath($row['file']));
+									} else {
+										echo esc(static::cleanPath($row['file']) . ' : ' . $row['line']);
+									}
+									?>
 								<?php else: ?>
 									{PHP internal code}
 								<?php endif; ?>
 
 								<!-- Class/Method -->
-								<?php if (isset($row['class'])): ?>
-									&nbsp;&nbsp;&mdash;&nbsp;&nbsp;<?= esc(
-             $row['class'] . $row['type'] . $row['function'],
-         ) ?>
-									<?php if (array_key_exists('args', $row)): ?>
-										<?php $argsId = $errorId . 'args' . $index; ?>
-										( <a href="#" onclick="return toggle('<?= esc(
-              $argsId,
-              'attr',
-          ) ?>');">arguments</a> )
-							<div class="args" id="<?= esc($argsId, 'attr') ?>">
+								<?php if (isset($row['class'])) : ?>
+									&nbsp;&nbsp;&mdash;&nbsp;&nbsp;<?= esc($row['class'] . $row['type'] . $row['function']) ?>
+									<?php if (!empty($row['args'])) : ?>
+										<?php $args_id = $errorId . 'args' . $index ?>
+										( <a href="#" onclick="return toggle('<?= esc($args_id, 'attr') ?>');">arguments</a> )
+							<div class="args" id="<?= esc($args_id, 'attr') ?>">
 								<table cellspacing="0">
 
 									<?php
-         $params = null;
-         // Reflection by name is not available for closure function
-         if (substr($row['function'], -1) !== '}') {
-             $mirror = isset($row['class'])
-                 ? new ReflectionMethod($row['class'], $row['function'])
-                 : new ReflectionFunction($row['function']);
-             $params = $mirror->getParameters();
-         }
-         foreach ($row['args'] as $key => $value): ?>
+										$params = null;
+										// Reflection by name is not available for closure function
+										if (substr($row['function'], -1) !== '}') {
+											$mirror = isset($row['class']) ? new ReflectionMethod($row['class'], $row['function']) : new ReflectionFunction($row['function']);
+											$params = $mirror->getParameters();
+										}
+										foreach ($row['args'] as $key => $value): ?>
 										<tr>
-											<td><code><?= esc(
-               isset($params[$key]) ? '$' . $params[$key]->name : "#{$key}",
-           ) ?></code></td>
+											<td><code><?= esc(isset($params[$key]) ? '$' . $params[$key]->name : "#{$key}") ?></code></td>
 											<td>
 												<pre><?= esc(print_r($value, true)) ?></pre>
 											</td>
 										</tr>
-									<?php endforeach;
-         ?>
+									<?php endforeach; ?>
 
 								</table>
 							</div>
@@ -145,11 +117,7 @@ $errorId = uniqid('error', true);
 					</p>
 
 					<!-- Source? -->
-					<?php if (
-         isset($row['file']) &&
-         is_file($row['file']) &&
-         isset($row['class'])
-     ): ?>
+					<?php if (isset($row['file']) && is_file($row['file']) && isset($row['class'])): ?>
 						<div class="source">
 							<?= static::highlightFile($row['file'], $row['line']) ?>
 						</div>
@@ -165,8 +133,8 @@ $errorId = uniqid('error', true);
 			<div class="content" id="server">
 				<?php foreach (['_SERVER', '_SESSION'] as $var): ?>
 					<?php if (empty($GLOBALS[$var]) || !is_array($GLOBALS[$var])) {
-         continue;
-     } ?>
+						continue;
+					} ?>
 
 					<h3>$<?= esc($var) ?></h3>
 
@@ -267,8 +235,8 @@ $errorId = uniqid('error', true);
 				<?php $empty = true; ?>
 				<?php foreach (['_GET', '_POST', '_COOKIE'] as $var): ?>
 					<?php if (empty($GLOBALS[$var]) || !is_array($GLOBALS[$var])) {
-         continue;
-     } ?>
+						continue;
+					} ?>
 
 					<?php $empty = false; ?>
 
@@ -322,12 +290,12 @@ $errorId = uniqid('error', true);
 						<tbody>
 							<?php foreach ($headers as $value): ?>
 								<?php if (empty($value)) {
-            continue;
-        } ?>
+									continue;
+								} ?>
 								<?php if (!is_array($value)) {
-            $value = [$value];
-        } ?>
-								<?php foreach ($value as $h): ?>
+									$value = [$value];
+								} ?>
+								<?php foreach ($value as $h) : ?>
 									<tr>
 										<td><?= esc($h->getName(), 'html') ?></td>
 										<td><?= esc($h->getValueLine(), 'html') ?></td>
@@ -342,9 +310,9 @@ $errorId = uniqid('error', true);
 
 			<!-- Response -->
 			<?php
-   $response = Services::response();
-   $response->setStatusCode(http_response_code());
-   ?>
+			$response = Services::response();
+			$response->setStatusCode(http_response_code());
+			?>
 			<div class="content" id="response">
 				<table>
 					<tr>
diff --git a/env b/env
index 5893f099..1106ce46 100644
--- a/env
+++ b/env
@@ -25,26 +25,12 @@
 
 # app.sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler'
 # app.sessionCookieName = 'ci_session'
+# app.sessionExpiration = 7200
 # app.sessionSavePath = NULL
 # app.sessionMatchIP = false
 # app.sessionTimeToUpdate = 300
 # app.sessionRegenerateDestroy = false
 
-# app.cookiePrefix = ''
-# app.cookieDomain = ''
-# app.cookiePath = '/'
-# app.cookieSecure = false
-# app.cookieHTTPOnly = false
-# app.cookieSameSite = 'Lax'
-
-# app.CSRFProtection  = false
-# app.CSRFTokenName   = 'csrf_test_name'
-# app.CSRFCookieName  = 'csrf_cookie_name'
-# app.CSRFExpire      = 7200
-# app.CSRFRegenerate  = true
-# app.CSRFExcludeURIs = []
-# app.CSRFSameSite    = 'Lax'
-
 # app.CSPEnabled = false
 
 #--------------------------------------------------------------------
@@ -56,12 +42,14 @@
 # database.default.username = root
 # database.default.password = root
 # database.default.DBDriver = MySQLi
+# database.default.DBPrefix =
 
 # database.tests.hostname = localhost
 # database.tests.database = ci4
 # database.tests.username = root
 # database.tests.password = root
 # database.tests.DBDriver = MySQLi
+# database.tests.DBPrefix =
 
 #--------------------------------------------------------------------
 # CONTENT SECURITY POLICY
@@ -78,6 +66,7 @@
 # contentsecuritypolicy.fontSrc = null
 # contentsecuritypolicy.formAction = null
 # contentsecuritypolicy.frameAncestors = null
+# contentsecuritypolicy.frameSrc = null
 # contentsecuritypolicy.mediaSrc = null
 # contentsecuritypolicy.objectSrc = null
 # contentsecuritypolicy.pluginTypes = null
@@ -85,6 +74,19 @@
 # contentsecuritypolicy.sandbox = false
 # contentsecuritypolicy.upgradeInsecureRequests = false
 
+#--------------------------------------------------------------------
+# COOKIE
+#--------------------------------------------------------------------
+
+# cookie.prefix = ''
+# cookie.expires = 0
+# cookie.path = '/'
+# cookie.domain = ''
+# cookie.secure = false
+# cookie.httponly = false
+# cookie.samesite = 'Lax'
+# cookie.raw = false
+
 #--------------------------------------------------------------------
 # ENCRYPTION
 #--------------------------------------------------------------------
@@ -108,16 +110,16 @@
 # SECURITY
 #--------------------------------------------------------------------
 
-# security.tokenName  = 'csrf_token_name'
+# security.tokenName = 'csrf_token_name'
 # security.headerName = 'X-CSRF-TOKEN'
 # security.cookieName = 'csrf_cookie_name'
-# security.expires    = 7200
+# security.expires = 7200
 # security.regenerate = true
-# security.redirect   = true
-# security.samesite   = 'Lax'
+# security.redirect = true
+# security.samesite = 'Lax'
 
 #--------------------------------------------------------------------
 # LOGGER
 #--------------------------------------------------------------------
 
-# logger.threshold = 4
\ No newline at end of file
+# logger.threshold = 4
diff --git a/public/.htaccess b/public/.htaccess
index 4ae666b7..a5d6c2a5 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,21 +1,49 @@
 # Disable directory browsing
 Options All -Indexes
 
-# Disable server signature
-ServerSignature Off
+# ----------------------------------------------------------------------
+# Rewrite engine
+# ----------------------------------------------------------------------
 
+# Turning on the rewrite engine is necessary for the following rules and features.
+# FollowSymLinks must be enabled for this to work.
 <IfModule mod_rewrite.c>
 	Options +FollowSymlinks
 	RewriteEngine On
-	RewriteCond %{REQUEST_FILENAME} -s [OR]
-	RewriteCond %{REQUEST_FILENAME} -l [OR]
-	RewriteCond %{REQUEST_FILENAME} -d
-	RewriteRule ^.*$ - [NC,L]
-	RewriteRule ^.*$ index.php [NC,L]
+
+	# If you installed CodeIgniter in a subfolder, you will need to
+	# change the following line to match the subfolder you need.
+	# http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
+	# RewriteBase /
+
+	# Redirect Trailing Slashes...
+	RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteCond %{REQUEST_URI} (.+)/$
+	RewriteRule ^ %1 [L,R=301]
+
+	# Rewrite "www.example.com -> example.com"
+	RewriteCond %{HTTPS} !=on
+	RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
+	RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
+
+	# Checks to see if the user is attempting to access a valid file,
+	# such as an image or css document, if this isn't true it sends the
+	# request to the front controller, index.php
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteRule ^([\s\S]*)$ index.php/$1 [L,NC,QSA]
+
+	# Ensure Authorization header is passed along
+	RewriteCond %{HTTP:Authorization} .
+	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 </IfModule>
 
 <IfModule !mod_rewrite.c>
 	# If we don't have mod_rewrite installed, all 404's
 	# can be sent to index.php, and everything works as normal.
-	ErrorDocument 404 /index.php
+	ErrorDocument 404 index.php
 </IfModule>
+
+# Disable server signature start
+	ServerSignature Off
+# Disable server signature end
diff --git a/public/index.php b/public/index.php
index 3ae1e59b..752c63db 100644
--- a/public/index.php
+++ b/public/index.php
@@ -2,16 +2,6 @@
 
 use Config\Paths;
 
-// Valid PHP Version?
-$minPHPVersionId = 80000; // 8.0
-if ($minPHPVersionId > PHP_VERSION_ID) {
-    die(
-        'Your PHP version must be 8.0 or higher to run Castopod Host. Current version: ' .
-            PHP_VERSION
-    );
-}
-unset($minPHPVersion);
-
 // Path to the front controller (this file)
 define('FCPATH', __DIR__ . DIRECTORY_SEPARATOR);
 
@@ -29,17 +19,12 @@ chdir(__DIR__);
 
 // Load our paths config file
 // This is the line that might need to be changed, depending on your folder structure.
-require realpath(FCPATH . '../app/Config/Paths.php') ?:
-    FCPATH . '../app/Config/Paths.php';
-// ^^^ Change this if you move your application folder
+require realpath(FCPATH . '../app/Config/Paths.php') ?: FCPATH . '../app/Config/Paths.php';
 
 $paths = new Paths();
 
 // Location of the framework bootstrap file.
-$bootstrap =
-    rtrim($paths->systemDirectory, '\\/ ') .
-    DIRECTORY_SEPARATOR .
-    'bootstrap.php';
+$bootstrap = rtrim($paths->systemDirectory, '\\/ ') . DIRECTORY_SEPARATOR . 'bootstrap.php';
 $app = require realpath($bootstrap) ?: $bootstrap;
 
 /*
diff --git a/spark b/spark
index 6446786f..c4ad645a 100644
--- a/spark
+++ b/spark
@@ -1,14 +1,5 @@
 #!/usr/bin/env php
 <?php
-// Valid PHP Version?
-$minPHPVersion = "8.0";
-if (version_compare(PHP_VERSION, $minPHPVersion, "<")) {
-    die(
-        "Your PHP version must be {$minPHPVersion} or higher to run CodeIgniter. Current version: " .
-            PHP_VERSION
-    );
-}
-unset($minPHPVersion);
 
 /*
  * --------------------------------------------------------------------
@@ -21,7 +12,7 @@ unset($minPHPVersion);
  * this class mainly acts as a passthru to the framework itself.
  */
 
-define("SPARKED", true);
+define('SPARKED', true);
 
 /*
  *---------------------------------------------------------------
@@ -33,20 +24,16 @@ define("SPARKED", true);
  */
 
 // Refuse to run when called from php-cgi
-if (strpos(PHP_SAPI, "cgi") === 0) {
-    die(
-        "The cli tool is not supported when running php-cgi. It needs php-cli to function!\n\n"
-    );
+if (strpos(PHP_SAPI, 'cgi') === 0)
+{
+	die("The cli tool is not supported when running php-cgi. It needs php-cli to function!\n\n");
 }
 
 // Path to the front controller
-define(
-    "FCPATH",
-    __DIR__ . DIRECTORY_SEPARATOR . "public" . DIRECTORY_SEPARATOR
-);
+define('FCPATH', __DIR__ . DIRECTORY_SEPARATOR . 'public' . DIRECTORY_SEPARATOR);
 
 // Load our paths config file
-require realpath("app/Config/Paths.php") ?: "app/Config/Paths.php";
+require realpath('app/Config/Paths.php') ?: 'app/Config/Paths.php';
 // ^^^ Change this line if you move your application folder
 
 $paths = new Config\Paths();
@@ -54,25 +41,28 @@ $paths = new Config\Paths();
 // Ensure the current directory is pointing to the front controller's directory
 chdir(FCPATH);
 
-$bootstrap =
-    rtrim($paths->systemDirectory, "\\/ ") .
-    DIRECTORY_SEPARATOR .
-    "bootstrap.php";
-$app = require realpath($bootstrap) ?: $bootstrap;
+$bootstrap = rtrim($paths->systemDirectory, '\\/ ') . DIRECTORY_SEPARATOR . 'bootstrap.php';
+$app       = require realpath($bootstrap) ?: $bootstrap;
 
 // Grab our Console
 $console = new CodeIgniter\CLI\Console($app);
 
 // We want errors to be shown when using it from the CLI.
 error_reporting(-1);
-ini_set("display_errors", "1");
+ini_set('display_errors', '1');
 
 // Show basic information before we do anything else.
-$console->showHeader();
+if (is_int($suppress = array_search('--no-header', $_SERVER['argv'], true)))
+{
+	unset($_SERVER['argv'][$suppress]); // @codeCoverageIgnore
+	$suppress = true;
+}
+
+$console->showHeader($suppress);
 
 // fire off the command in the main framework.
 $response = $console->run();
-if ($response->getStatusCode() >= 300) {
-    exit($response->getStatusCode());
+if ($response->getStatusCode() >= 300)
+{
+	exit($response->getStatusCode());
 }
-