v4.5.1 Bug Fix Released - kenjis - 04-13-2024
We have just released v4.5.1 bug fix.
This version fixed all reported bugs including TypeError in v4.5.0.
All v4.5.0 users should upgrade immediately.
Other CI4 users are encouraged to upgrade to v4.5.1 after detailed verification.
ChangeLog: https://codeigniter4.github.io/userguide/changelogs/v4.5.1.html
Upgrading Guide: https://codeigniter4.github.io/userguide/installation/upgrade_451.html
Note: Unfortunately now the User Guide on the official site is not yet updated due to the deployment trouble.
Important: There is a bug in appstarter v4.5.1. If you install appstarter, please fix the following path.
Code: --- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -2,7 +2,7 @@
<phpunit
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd"
- bootstrap="system/Test/bootstrap.php"
+ bootstrap="vendor/codeigniter4/framework/system/Test/bootstrap.php"
backupGlobals="false"
beStrictAboutOutputDuringTests="true"
colors="true"
RE: v4.5.1 Bug Fix Released - InsiteFX - 04-13-2024
Thank you CodeIgniter Development Team.
RE: v4.5.1 Bug Fix Released - lokman - 04-16-2024
Thanks for continuous update.
RE: v4.5.1 Bug Fix Released - LP_bnss - 04-20-2024
Is i am found any bug?
I am using datatable library from https://codeigniter4-datatables.hermawan.dev/usage/basic/
In my view page
Code: $('#custTable').DataTable({
processing: true,
serverSide: true,
ajax: '<?= base_url('institute-lists') ?>',
language: {
"processing": "Loading. Please wait ..."
},
columns: [
{ data: 'name' },
{ data: 'identifier' },
{ data: 'inst_code' },
{ data: 'is_demo' },
]
});
In Controller
PHP Code: public function getInstituteList() { $inst_model = new InstituteModel;
$builder = $inst_model->select('name,identifier,inst_code,is_demo');
return DataTable::of($builder)->toJson(true); }
In ResponseTrait.php
PHP Code: if ($cookie->isSecure() && ! $request->isSecure()) { throw SecurityException::forDisallowedAction(); }
Getting this error
Code: institute-list:2254
<br />
<b>Fatal error</b>: Uncaught CodeIgniter\Security\Exceptions\SecurityException: The action you requested is not allowed. in F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php:673
Stack trace:
#0 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(673): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(663): CodeIgniter\HTTP\Response->dispatchCookies()
#2 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(374): CodeIgniter\HTTP\Response->sendCookies()
#3 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\ExceptionHandler.php(83): CodeIgniter\HTTP\Response->send()
#4 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(163): CodeIgniter\Debug\ExceptionHandler->handle(Object(CodeIgniter\Security\Exceptions\SecurityException), Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), 403, 1)
#5 [internal function]: CodeIgniter\Debug\Exceptions->exceptionHandler(Object(CodeIgniter\Security\Exceptions\SecurityException))
#6 {main}
thrown in <b>F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php</b> on line <b>673</b><br />
<br />
<b>Fatal error</b>: Uncaught CodeIgniter\Security\Exceptions\SecurityException: The action you requested is not allowed. in F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php:673
Stack trace:
#0 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(673): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(663): CodeIgniter\HTTP\Response->dispatchCookies()
#2 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(374): CodeIgniter\HTTP\Response->sendCookies()
#3 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\ExceptionHandler.php(83): CodeIgniter\HTTP\Response->send()
#4 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(163): CodeIgniter\Debug\ExceptionHandler->handle(Object(ErrorException), Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), 500, 1)
#5 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(252): CodeIgniter\Debug\Exceptions->exceptionHandler(Object(ErrorException))
#6 [internal function]: CodeIgniter\Debug\Exceptions->shutdownHandler()
#7 {main}
thrown in <b>F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php</b> on line <b>673</b><br />
After i have modify this code
PHP Code: if ($cookie->isSecure() && ! $request->isSecure() && ! $request->isAJAX() ) { throw SecurityException::forDisallowedAction(); }
It works as expected
And if im directly use the ajax url it works normally
Code: http://localhost:8080/institute-lists?draw=1&columns%5B0%5D%5Bdata%5D=name&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=identifier&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=inst_code&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=is_demo&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=true&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=0&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1713534972736
RE: v4.5.1 Bug Fix Released - kenjis - 04-20-2024
@LP_bnss No, you have security misconfiguration.
Your configuration is not secure, so CI4 throws the exception.
Don't use the modified code. Fix your configuration.
RE: v4.5.1 Bug Fix Released - LP_bnss - 04-21-2024
(04-20-2024, 05:36 PM)kenjis Wrote: @LP_bnss No, you have security misconfiguration.
Your configuration is not secure, so CI4 throws the exception.
Don't use the modified code. Fix your configuration.
But why it throws the exception, in the datatable ajax [ method would be "GET" & X-CSRF-TOKEN has been added to the request header from ajax prefilter func ]
See my code- Tried multiple times to get the expected response from the server
- That's why some lines were commented
Code: $(document).ready(function () {
$.ajaxPrefilter(function (options, originalOptions, jqXHR) {
jqXHR.setRequestHeader('X-CSRF-Token', $('meta[name="X-CSRF-TOKEN"]').attr('content'));
});
$('#custTable').DataTable({
processing: true,
serverSide: true,
// ajax: {
// // beforeSend: function (xhr) {
// // xhr.setRequestHeader('X-CSRF-TOKEN', $('meta[name="X-CSRF-TOKEN"]').attr('content'));
// // },
// url: '<?= base_url('institute-lists') ?>',
// // type: "POST",
// type: "GET",
// // headers: {
// // "Content-Type": "application/json",
// // 'X-Requested-With': 'XMLHttpRequest'
// // },
// // data: function (data) {
// // // CSRF Hash
// // var csrfName = "<?= csrf_token() ?>"; // CSRF Token name
// // var csrfHash = $('meta[name="X-CSRF-TOKEN"]').attr('content'); // CSRF hash
// // console.log({
// // ...data,
// // [csrfName]: csrfHash // CSRF Token
// // });
// // return {
// // ...data,
// // [csrfName]: csrfHash // CSRF Token
// // };
// // },
// // dataSrc: function (data) {
// // // Update token hash
// // $('meta[name="X-CSRF-TOKEN"]').attr('content',data.token);
// // // Datatable data
// // return data.aaData;
// // },
// success: function (response) {
// console.log(response);
// },
// error: function (response) {
// console.error(response);
// }
// },
ajax: {
url: '<?= base_url('institute-lists') ?>',
// method:'POST',
// data: function (data) {
// // CSRF Hash
// var csrfName = "<?= csrf_token() ?>"; // CSRF Token name
// var csrfHash = $('meta[name="X-CSRF-TOKEN"]').attr('content'); // CSRF hash
// console.log({
// ...data,
// [csrfName]: csrfHash // CSRF Token
// });
// return {
// ...data,
// [csrfName]: csrfHash // CSRF Token
// };
// },
error: function (response) {
console.error(response.responseText);
}
},
// ajax: '<?= base_url('institute-lists') ?>',
language: {
"processing": "Loading. Please wait ..."
},
columns: [
{ data: 'name' },
{ data: 'identifier' },
{ data: 'inst_code' },
{ data: 'is_demo' },
]
});
})
Help me to solve this issues iam facing
RE: v4.5.1 Bug Fix Released - kenjis - 04-21-2024
@LP_bnss The exception message is not good. I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/8818
Do you get what's wrong?
RE: v4.5.1 Bug Fix Released - LP_bnss - 04-23-2024
(04-21-2024, 04:59 PM)kenjis Wrote: @LP_bnss The exception message is not good. I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/8818
Do you get what's wrong?
Why my request is not secure while request from ajax call in the datatable
After i have modified the ResponseTrait.php file
PHP Code: if ($cookie->isSecure() && ! $request->isSecure() && ! $request->isAJAX() ) { throw SecurityException::forDisallowedAction(); }
CI-datatable library properly working, otherwise its getting error status code 500 "Internal Server Error"
- The ajax request method from datatable is "GET", so why the request is not secure ?
- If i use "POST" method then i add CSRF in the request header "X-Csrf-Header"
Both methods are getting error why?
I don't know what i do?
See this thread https://forum.codeigniter.com/showthread.php?tid=90653&pid=418015#pid418015 for reference
RE: v4.5.1 Bug Fix Released - kenjis - 04-23-2024
(04-23-2024, 12:42 AM)LP_bnss Wrote: Why my request is not secure while request from ajax call in the datatable
If you don't use HTTPS, your request is not secure.
RE: v4.5.1 Bug Fix Released - LP_bnss - 04-23-2024
(04-23-2024, 01:48 AM)kenjis Wrote: (04-23-2024, 12:42 AM)LP_bnss Wrote: Why my request is not secure while request from ajax call in the datatable
If you don't use HTTPS, your request is not secure.
But my project is in development stage, so how can i use all features in localhost.
After my project has been moved to the server, the request will be in HTTPS from end to end.
My suggestion - IF ENVIRONMENT is in Development on Localhost, why we need HTTPS?
If HTTPS is must for secure request in localhost (development stage), how can i use the serverSide enabled datatable?
Also how to create SSL Certificate for codeIgniter 4 (installed from composer) on localhost.
Help me to solve this
|