From c0343f916347d6685a465f5a476bb4f277371678 Mon Sep 17 00:00:00 2001
From: Markus <development@mawim.at>
Date: Wed, 10 Jun 2026 10:51:37 +0200
Subject: [PATCH] update Codeigniter 4.7.3

---
 app/Config/CURLRequest.php                |  16 ++++
 app/Config/Cache.php                      |  52 +++++++++--
 app/Config/ContentSecurityPolicy.php      |  50 +++++++++-
 app/Config/Cookie.php                     |   2 +-
 app/Config/Database.php                   | 109 +++++++++++++++++++++-
 app/Config/Email.php                      |  12 ++-
 app/Config/Encryption.php                 |  17 ++++
 app/Config/Events.php                     |   4 +-
 app/Config/Filters.php                    |   5 +-
 app/Config/Format.php                     |   9 ++
 app/Config/Hostnames.php                  |  40 ++++++++
 app/Config/Images.php                     |   2 +
 app/Config/Logger.php                     |   3 +-
 app/Config/Migrations.php                 |  15 +++
 app/Config/Optimize.php                   |   2 +
 app/Config/Paths.php                      |  14 ++-
 app/Config/Routes.php                     |   4 +-
 app/Config/Routing.php                    |   9 ++
 app/Config/Session.php                    |   1 +
 app/Config/Toolbar.php                    |  25 +++++
 app/Config/UserAgents.php                 |  10 ++
 app/Config/View.php                       |  27 ++++--
 app/Config/WorkerMode.php                 |  62 ++++++++++++
 app/Controllers/BaseController.php        |  39 +++-----
 app/Views/errors/html/error_exception.php |   2 +-
 phpunit.xml.dist                          |  63 -------------
 preload.php                               |  14 ++-
 public/index.php                          |   2 +-
 spark                                     |  11 ++-
 29 files changed, 488 insertions(+), 133 deletions(-)
 create mode 100644 app/Config/Hostnames.php
 create mode 100644 app/Config/WorkerMode.php
 delete mode 100644 phpunit.xml.dist

diff --git a/app/Config/CURLRequest.php b/app/Config/CURLRequest.php
index 5a3d4e9..bc5947f 100644
--- a/app/Config/CURLRequest.php
+++ b/app/Config/CURLRequest.php
@@ -6,6 +6,22 @@ use CodeIgniter\Config\BaseConfig;
 
 class CURLRequest extends BaseConfig
 {
+    /**
+     * --------------------------------------------------------------------------
+     * CURLRequest Share Connection Options
+     * --------------------------------------------------------------------------
+     *
+     * Share connection options between requests.
+     *
+     * @var list<int>
+     *
+     * @see https://www.php.net/manual/en/curl.constants.php#constant.curl-lock-data-connect
+     */
+    public array $shareConnectionOptions = [
+        CURL_LOCK_DATA_CONNECT,
+        CURL_LOCK_DATA_DNS,
+    ];
+
     /**
      * --------------------------------------------------------------------------
      * CURLRequest Share Options
diff --git a/app/Config/Cache.php b/app/Config/Cache.php
index e6efa3a..38ac541 100644
--- a/app/Config/Cache.php
+++ b/app/Config/Cache.php
@@ -3,6 +3,7 @@
 namespace Config;
 
 use CodeIgniter\Cache\CacheInterface;
+use CodeIgniter\Cache\Handlers\ApcuHandler;
 use CodeIgniter\Cache\Handlers\DummyHandler;
 use CodeIgniter\Cache\Handlers\FileHandler;
 use CodeIgniter\Cache\Handlers\MemcachedHandler;
@@ -78,7 +79,7 @@ class Cache extends BaseConfig
      * Your file storage preferences can be specified below, if you are using
      * the File driver.
      *
-     * @var array<string, int|string|null>
+     * @var array{storePath?: string, mode?: int}
      */
     public array $file = [
         'storePath' => WRITEPATH . 'cache/',
@@ -95,7 +96,7 @@ class Cache extends BaseConfig
      *
      * @see https://codeigniter.com/user_guide/libraries/caching.html#memcached
      *
-     * @var array<string, bool|int|string>
+     * @var array{host?: string, port?: int, weight?: int, raw?: bool}
      */
     public array $memcached = [
         'host'   => '127.0.0.1',
@@ -112,14 +113,24 @@ class Cache extends BaseConfig
      * Your Redis server can be specified below, if you are using
      * the Redis or Predis drivers.
      *
-     * @var array<string, int|string|null>
+     * @var array{
+     *     host?: string,
+     *     password?: string|null,
+     *     port?: int,
+     *     timeout?: int,
+     *     async?: bool,
+     *     persistent?: bool,
+     *     database?: int
+     * }
      */
     public array $redis = [
-        'host'     => '127.0.0.1',
-        'password' => null,
-        'port'     => 6379,
-        'timeout'  => 0,
-        'database' => 0,
+        'host'       => '127.0.0.1',
+        'password'   => null,
+        'port'       => 6379,
+        'timeout'    => 0,
+        'async'      => false, // specific to Predis and ignored by the native Redis extension
+        'persistent' => false,
+        'database'   => 0,
     ];
 
     /**
@@ -133,6 +144,7 @@ class Cache extends BaseConfig
      * @var array<string, class-string<CacheInterface>>
      */
     public array $validHandlers = [
+        'apcu'      => ApcuHandler::class,
         'dummy'     => DummyHandler::class,
         'file'      => FileHandler::class,
         'memcached' => MemcachedHandler::class,
@@ -159,4 +171,28 @@ class Cache extends BaseConfig
      * @var bool|list<string>
      */
     public $cacheQueryString = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Web Page Caching: Cache Status Codes
+     * --------------------------------------------------------------------------
+     *
+     * HTTP status codes that are allowed to be cached. Only responses with
+     * these status codes will be cached by the PageCache filter.
+     *
+     * Default: [] - Cache all status codes (backward compatible)
+     *
+     * Recommended: [200] - Only cache successful responses
+     *
+     * You can also use status codes like:
+     *   [200, 404, 410] - Cache successful responses and specific error codes
+     *   [200, 201, 202, 203, 204] - All 2xx successful responses
+     *
+     * WARNING: Using [] may cache temporary error pages (404, 500, etc).
+     * Consider restricting to [200] for production applications to avoid
+     * caching errors that should be temporary.
+     *
+     * @var list<int>
+     */
+    public array $cacheStatusCodes = [];
 }
diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
index 2ac41a7..f64a9af 100644
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -30,6 +30,11 @@ class ContentSecurityPolicy extends BaseConfig
      */
     public ?string $reportURI = null;
 
+    /**
+     * Specifies a reporting endpoint to which violation reports ought to be sent.
+     */
+    public ?string $reportTo = null;
+
     /**
      * Instructs user agents to rewrite URL schemes, changing
      * HTTP to HTTPS. This directive is for websites with
@@ -38,12 +43,12 @@ class ContentSecurityPolicy extends BaseConfig
     public bool $upgradeInsecureRequests = false;
 
     // -------------------------------------------------------------------------
-    // Sources allowed
+    // CSP DIRECTIVES SETTINGS
     // NOTE: once you set a policy to 'none', it cannot be further restricted
     // -------------------------------------------------------------------------
 
     /**
-     * Will default to self if not overridden
+     * Will default to `'self'` if not overridden
      *
      * @var list<string>|string|null
      */
@@ -56,6 +61,21 @@ class ContentSecurityPolicy extends BaseConfig
      */
     public $scriptSrc = 'self';
 
+    /**
+     * Specifies valid sources for JavaScript <script> elements.
+     *
+     * @var list<string>|string
+     */
+    public array|string $scriptSrcElem = 'self';
+
+    /**
+     * Specifies valid sources for JavaScript inline event
+     * handlers and JavaScript URLs.
+     *
+     * @var list<string>|string
+     */
+    public array|string $scriptSrcAttr = 'self';
+
     /**
      * Lists allowed stylesheets' URLs.
      *
@@ -63,6 +83,21 @@ class ContentSecurityPolicy extends BaseConfig
      */
     public $styleSrc = 'self';
 
+    /**
+     * Specifies valid sources for stylesheets <link> elements.
+     *
+     * @var list<string>|string
+     */
+    public array|string $styleSrcElem = 'self';
+
+    /**
+     * Specifies valid sources for stylesheets inline
+     * style attributes and `<style>` elements.
+     *
+     * @var list<string>|string
+     */
+    public array|string $styleSrcAttr = 'self';
+
     /**
      * Defines the origins from which images can be loaded.
      *
@@ -145,6 +180,11 @@ class ContentSecurityPolicy extends BaseConfig
      */
     public $manifestSrc;
 
+    /**
+     * @var list<string>|string
+     */
+    public array|string $workerSrc = [];
+
     /**
      * Limits the kinds of plugins a page may invoke.
      *
@@ -160,17 +200,17 @@ class ContentSecurityPolicy extends BaseConfig
     public $sandbox;
 
     /**
-     * Nonce tag for style
+     * Nonce placeholder for style tags.
      */
     public string $styleNonceTag = '{csp-style-nonce}';
 
     /**
-     * Nonce tag for script
+     * Nonce placeholder for script tags.
      */
     public string $scriptNonceTag = '{csp-script-nonce}';
 
     /**
-     * Replace nonce tag automatically
+     * Replace nonce tag automatically?
      */
     public bool $autoNonce = true;
 }
diff --git a/app/Config/Cookie.php b/app/Config/Cookie.php
index 84ccc0e..3bad184 100644
--- a/app/Config/Cookie.php
+++ b/app/Config/Cookie.php
@@ -85,7 +85,7 @@ class Cookie extends BaseConfig
      * (empty string) means default SameSite attribute set by browsers (`Lax`)
      * will be set on cookies. If set to `None`, `$secure` must also be set.
      *
-     * @phpstan-var 'None'|'Lax'|'Strict'|''
+     * @var ''|'Lax'|'None'|'Strict'
      */
     public string $samesite = 'Lax';
 
diff --git a/app/Config/Database.php b/app/Config/Database.php
index d37a1e8..48b4778 100644
--- a/app/Config/Database.php
+++ b/app/Config/Database.php
@@ -44,6 +44,112 @@ class Database extends Config
         ],
     ];
 
+    //    /**
+    //     * Sample database connection for SQLite3.
+    //     *
+    //     * @var array<string, mixed>
+    //     */
+    //    public array $default = [
+    //        'database'    => 'database.db',
+    //        'DBDriver'    => 'SQLite3',
+    //        'DBPrefix'    => '',
+    //        'DBDebug'     => true,
+    //        'swapPre'     => '',
+    //        'failover'    => [],
+    //        'foreignKeys' => true,
+    //        'busyTimeout' => 1000,
+    //        'synchronous' => null,
+    //        'dateFormat'  => [
+    //            'date'     => 'Y-m-d',
+    //            'datetime' => 'Y-m-d H:i:s',
+    //            'time'     => 'H:i:s',
+    //        ],
+    //    ];
+
+    //    /**
+    //     * Sample database connection for Postgre.
+    //     *
+    //     * @var array<string, mixed>
+    //     */
+    //    public array $default = [
+    //        'DSN'        => '',
+    //        'hostname'   => 'localhost',
+    //        'username'   => 'root',
+    //        'password'   => 'root',
+    //        'database'   => 'ci4',
+    //        'schema'     => 'public',
+    //        'DBDriver'   => 'Postgre',
+    //        'DBPrefix'   => '',
+    //        'pConnect'   => false,
+    //        'DBDebug'    => true,
+    //        'charset'    => 'utf8',
+    //        'swapPre'    => '',
+    //        'failover'   => [],
+    //        'port'       => 5432,
+    //        'dateFormat' => [
+    //            'date'     => 'Y-m-d',
+    //            'datetime' => 'Y-m-d H:i:s',
+    //            'time'     => 'H:i:s',
+    //        ],
+    //    ];
+
+    //    /**
+    //     * Sample database connection for SQLSRV.
+    //     *
+    //     * @var array<string, mixed>
+    //     */
+    //    public array $default = [
+    //        'DSN'        => '',
+    //        'hostname'   => 'localhost',
+    //        'username'   => 'root',
+    //        'password'   => 'root',
+    //        'database'   => 'ci4',
+    //        'schema'     => 'dbo',
+    //        'DBDriver'   => 'SQLSRV',
+    //        'DBPrefix'   => '',
+    //        'pConnect'   => false,
+    //        'DBDebug'    => true,
+    //        'charset'    => 'utf8',
+    //        'swapPre'    => '',
+    //        'encrypt'    => false,
+    //        'failover'   => [],
+    //        'port'       => 1433,
+    //        'dateFormat' => [
+    //            'date'     => 'Y-m-d',
+    //            'datetime' => 'Y-m-d H:i:s',
+    //            'time'     => 'H:i:s',
+    //        ],
+    //    ];
+
+    //    /**
+    //     * Sample database connection for OCI8.
+    //     *
+    //     * You may need the following environment variables:
+    //     *   NLS_LANG                = 'AMERICAN_AMERICA.UTF8'
+    //     *   NLS_DATE_FORMAT         = 'YYYY-MM-DD HH24:MI:SS'
+    //     *   NLS_TIMESTAMP_FORMAT    = 'YYYY-MM-DD HH24:MI:SS'
+    //     *   NLS_TIMESTAMP_TZ_FORMAT = 'YYYY-MM-DD HH24:MI:SS'
+    //     *
+    //     * @var array<string, mixed>
+    //     */
+    //    public array $default = [
+    //        'DSN'        => 'localhost:1521/FREEPDB1',
+    //        'username'   => 'root',
+    //        'password'   => 'root',
+    //        'DBDriver'   => 'OCI8',
+    //        'DBPrefix'   => '',
+    //        'pConnect'   => false,
+    //        'DBDebug'    => true,
+    //        'charset'    => 'AL32UTF8',
+    //        'swapPre'    => '',
+    //        'failover'   => [],
+    //        'dateFormat' => [
+    //            'date'     => 'Y-m-d',
+    //            'datetime' => 'Y-m-d H:i:s',
+    //            'time'     => 'H:i:s',
+    //        ],
+    //    ];
+
     /**
      * This database connection is used when running PHPUnit database tests.
      *
@@ -64,11 +170,12 @@ class Database extends Config
         'swapPre'     => '',
         'encrypt'     => false,
         'compress'    => false,
-        'strictOn'    => false,
+        'strictOn'    => true,
         'failover'    => [],
         'port'        => 3306,
         'foreignKeys' => true,
         'busyTimeout' => 1000,
+        'synchronous' => null,
         'dateFormat'  => [
             'date'     => 'Y-m-d',
             'datetime' => 'Y-m-d H:i:s',
diff --git a/app/Config/Email.php b/app/Config/Email.php
index 758e8ea..409f71f 100644
--- a/app/Config/Email.php
+++ b/app/Config/Email.php
@@ -28,7 +28,7 @@ class Email extends BaseConfig
     public string $mailPath = '/usr/sbin/sendmail';
 
     /**
-     * SMTP Server Address
+     * SMTP Server Hostname
      */
     public string $SMTPHost ="web110.dogado.de";
 
@@ -58,9 +58,13 @@ class Email extends BaseConfig
     public bool $SMTPKeepAlive = false;
 
     /**
-     * SMTP Encryption. Either tls or ssl
+     * SMTP Encryption.
+     *
+     * @var string '', 'tls' or 'ssl'. 'tls' will issue a STARTTLS command
+     *             to the server. 'ssl' means implicit SSL. Connection on port
+     *             465 should set this to ''.
      */
-    public string $SMTPCrypto = '';
+    public string $SMTPCrypto = 'ssl';
 
     /**
      * Enable word-wrap
@@ -75,7 +79,7 @@ class Email extends BaseConfig
     /**
      * Type of mail, either 'text' or 'html'
      */
-    public string $mailType = 'html';
+    public string $mailType = 'text';
 
     /**
      * Character set (utf-8, iso-8859-1, etc.)
diff --git a/app/Config/Encryption.php b/app/Config/Encryption.php
index 2834413..c6b8aad 100644
--- a/app/Config/Encryption.php
+++ b/app/Config/Encryption.php
@@ -23,6 +23,23 @@ class Encryption extends BaseConfig
      */
     public string $key = '';
 
+    /**
+     * --------------------------------------------------------------------------
+     * Previous Encryption Keys
+     * --------------------------------------------------------------------------
+     *
+     * When rotating encryption keys, add old keys here to maintain ability
+     * to decrypt data encrypted with previous keys. Encryption always uses
+     * the current $key. Decryption tries current key first, then falls back
+     * to previous keys if decryption fails.
+     *
+     * In .env file, use comma-separated string:
+     *   encryption.previousKeys = hex2bin:9be8c64fcea509867...,hex2bin:3f5a1d8e9c2b7a4f6...
+     *
+     * @var list<string>|string
+     */
+    public array|string $previousKeys = '';
+
     /**
      * --------------------------------------------------------------------------
      * Encryption Driver to Use
diff --git a/app/Config/Events.php b/app/Config/Events.php
index 946285b..7dc9507 100644
--- a/app/Config/Events.php
+++ b/app/Config/Events.php
@@ -25,7 +25,9 @@ use CodeIgniter\HotReloader\HotReloader;
 
 Events::on('pre_system', static function (): void {
     if (ENVIRONMENT !== 'testing') {
-        if (ini_get('zlib.output_compression')) {
+        $value = ini_get('zlib.output_compression');
+
+        if (filter_var($value, FILTER_VALIDATE_BOOLEAN) || (int) $value > 0) {
             throw FrameworkException::forEnabledZlibOutputCompression();
         }
 
diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 75ee0a7..cf01ead 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -65,7 +65,10 @@ class Filters extends BaseFilters
      * List of filter aliases that are always
      * applied before and after every request.
      *
-     * @var array<string, array<string, array<string, string>>>|array<string, list<string>>
+     * @var array{
+     *     before: array<string, array{except: list<string>|string}>|list<string>,
+     *     after: array<string, array{except: list<string>|string}>|list<string>
+     * }
      */
     public array $globals = [
         'before' => [
diff --git a/app/Config/Format.php b/app/Config/Format.php
index 0d334d7..5bf56c2 100644
--- a/app/Config/Format.php
+++ b/app/Config/Format.php
@@ -61,4 +61,13 @@ class Format extends BaseConfig
         'application/xml'  => 0,
         'text/xml'         => 0,
     ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Maximum depth for JSON encoding.
+     * --------------------------------------------------------------------------
+     *
+     * This value determines how deep the JSON encoder will traverse nested structures.
+     */
+    public int $jsonEncodeDepth = 512;
 }
diff --git a/app/Config/Hostnames.php b/app/Config/Hostnames.php
new file mode 100644
index 0000000..1b4c722
--- /dev/null
+++ b/app/Config/Hostnames.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Config;
+
+class Hostnames
+{
+    // List of known two-part TLDs for subdomain extraction
+    public const TWO_PART_TLDS = [
+        'co.uk', 'org.uk', 'gov.uk', 'ac.uk', 'sch.uk', 'ltd.uk', 'plc.uk',
+        'com.au', 'net.au', 'org.au', 'edu.au', 'gov.au', 'asn.au', 'id.au',
+        'co.jp', 'ac.jp', 'go.jp', 'or.jp', 'ne.jp', 'gr.jp',
+        'co.nz', 'org.nz', 'govt.nz', 'ac.nz', 'net.nz', 'geek.nz', 'maori.nz', 'school.nz',
+        'co.in', 'net.in', 'org.in', 'ind.in', 'ac.in', 'gov.in', 'res.in',
+        'com.cn', 'net.cn', 'org.cn', 'gov.cn', 'edu.cn',
+        'com.sg', 'net.sg', 'org.sg', 'gov.sg', 'edu.sg', 'per.sg',
+        'co.za', 'org.za', 'gov.za', 'ac.za', 'net.za',
+        'co.kr', 'or.kr', 'go.kr', 'ac.kr', 'ne.kr', 'pe.kr',
+        'co.th', 'or.th', 'go.th', 'ac.th', 'net.th', 'in.th',
+        'com.my', 'net.my', 'org.my', 'edu.my', 'gov.my', 'mil.my', 'name.my',
+        'com.mx', 'org.mx', 'net.mx', 'edu.mx', 'gob.mx',
+        'com.br', 'net.br', 'org.br', 'gov.br', 'edu.br', 'art.br', 'eng.br',
+        'co.il', 'org.il', 'ac.il', 'gov.il', 'net.il', 'muni.il',
+        'co.id', 'or.id', 'ac.id', 'go.id', 'net.id', 'web.id', 'my.id',
+        'com.hk', 'edu.hk', 'gov.hk', 'idv.hk', 'net.hk', 'org.hk',
+        'com.tw', 'net.tw', 'org.tw', 'edu.tw', 'gov.tw', 'idv.tw',
+        'com.sa', 'net.sa', 'org.sa', 'gov.sa', 'edu.sa', 'sch.sa', 'med.sa',
+        'co.ae', 'net.ae', 'org.ae', 'gov.ae', 'ac.ae', 'sch.ae',
+        'com.tr', 'net.tr', 'org.tr', 'gov.tr', 'edu.tr', 'av.tr', 'gen.tr',
+        'co.ke', 'or.ke', 'go.ke', 'ac.ke', 'sc.ke', 'me.ke', 'mobi.ke', 'info.ke',
+        'com.ng', 'org.ng', 'gov.ng', 'edu.ng', 'net.ng', 'sch.ng', 'name.ng',
+        'com.pk', 'net.pk', 'org.pk', 'gov.pk', 'edu.pk', 'fam.pk',
+        'com.eg', 'edu.eg', 'gov.eg', 'org.eg', 'net.eg',
+        'com.cy', 'net.cy', 'org.cy', 'gov.cy', 'ac.cy',
+        'com.lk', 'org.lk', 'edu.lk', 'gov.lk', 'net.lk', 'int.lk',
+        'com.bd', 'net.bd', 'org.bd', 'ac.bd', 'gov.bd', 'mil.bd',
+        'com.ar', 'net.ar', 'org.ar', 'gov.ar', 'edu.ar', 'mil.ar',
+        'gob.cl', 'com.pl', 'net.pl', 'org.pl', 'gov.pl', 'edu.pl',
+        'co.ir', 'ac.ir', 'org.ir', 'id.ir', 'gov.ir', 'sch.ir', 'net.ir',
+    ];
+}
diff --git a/app/Config/Images.php b/app/Config/Images.php
index a33ddad..68e415e 100644
--- a/app/Config/Images.php
+++ b/app/Config/Images.php
@@ -16,6 +16,8 @@ class Images extends BaseConfig
     /**
      * The path to the image library.
      * Required for ImageMagick, GraphicsMagick, or NetPBM.
+     *
+     * @deprecated 4.7.0 No longer used.
      */
     public string $libraryPath = '/usr/local/bin/convert';
 
diff --git a/app/Config/Logger.php b/app/Config/Logger.php
index ab6997e..799dc2c 100644
--- a/app/Config/Logger.php
+++ b/app/Config/Logger.php
@@ -4,6 +4,7 @@ namespace Config;
 
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Log\Handlers\FileHandler;
+use CodeIgniter\Log\Handlers\HandlerInterface;
 
 class Logger extends BaseConfig
 {
@@ -73,7 +74,7 @@ class Logger extends BaseConfig
      * Handlers are executed in the order defined in this array, starting with
      * the handler on top and continuing down.
      *
-     * @var array<class-string, array<string, int|list<string>|string>>
+     * @var array<class-string<HandlerInterface>, array<string, int|list<string>|string>>
      */
     public array $handlers = [
         /*
diff --git a/app/Config/Migrations.php b/app/Config/Migrations.php
index 1dec8b9..eb45e72 100644
--- a/app/Config/Migrations.php
+++ b/app/Config/Migrations.php
@@ -47,4 +47,19 @@ class Migrations extends BaseConfig
      * - Y_m_d_His_
      */
     public string $timestampFormat = 'Y-m-d-His_';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Enable/Disable Migration Lock
+     * --------------------------------------------------------------------------
+     *
+     * Locking is disabled by default.
+     *
+     * When enabled, it will prevent multiple migration processes
+     * from running at the same time by using a lock mechanism.
+     *
+     * This is useful in production environments to avoid conflicts
+     * or race conditions during concurrent deployments.
+     */
+    public bool $lock = false;
 }
diff --git a/app/Config/Optimize.php b/app/Config/Optimize.php
index 481e645..8b93eb1 100644
--- a/app/Config/Optimize.php
+++ b/app/Config/Optimize.php
@@ -7,6 +7,8 @@ namespace Config;
  *
  * NOTE: This class does not extend BaseConfig for performance reasons.
  *       So you cannot replace the property values with Environment Variables.
+ *
+ * WARNING: Do not use these options when running the app in the Worker Mode.
  */
 class Optimize
 {
diff --git a/app/Config/Paths.php b/app/Config/Paths.php
index 1a39b81..ff8c7ca 100644
--- a/app/Config/Paths.php
+++ b/app/Config/Paths.php
@@ -26,7 +26,7 @@ class Paths
      * This must contain the name of your "system" folder. Include
      * the path if the folder is not in the same directory as this file.
      */
-    public $systemDirectory = __DIR__ . '/../../../vendor/codeigniter4/framework/system';
+    public string $systemDirectory = __DIR__ . '/../../../vendor/codeigniter4/framework/system';
 
     /**
      * ---------------------------------------------------------------
@@ -75,4 +75,16 @@ class Paths
      * is used when no value is provided to `Services::renderer()`.
      */
     public string $viewDirectory = __DIR__ . '/../Views';
+
+    /**
+     * ---------------------------------------------------------------
+     * ENVIRONMENT DIRECTORY NAME
+     * ---------------------------------------------------------------
+     *
+     * This variable must contain the name of the directory where
+     * the .env file is located.
+     * Please consider security implications when changing this
+     * value - the directory should not be publicly accessible.
+     */
+    public string $envDirectory = __DIR__ . '/../../';
 }
diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index 2869f44..7f86c73 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -2,9 +2,7 @@
 
 use CodeIgniter\Router\RouteCollection;
 
-/**
- * @var RouteCollection $routes
- */
+/** @var RouteCollection $routes */
 
 
 
diff --git a/app/Config/Routing.php b/app/Config/Routing.php
index 2d8d039..2dd5c17 100644
--- a/app/Config/Routing.php
+++ b/app/Config/Routing.php
@@ -96,6 +96,15 @@ class Routing extends BaseRouting
      */
     public bool $autoRoute = false;
 
+    /**
+     * If TRUE, the system will look for attributes on controller
+     * class and methods that can run before and after the
+     * controller/method.
+     *
+     * If FALSE, will ignore any attributes.
+     */
+    public bool $useControllerAttributes = true;
+
     /**
      * For Defined Routes.
      * If TRUE, will enable the use of the 'prioritize' option
diff --git a/app/Config/Session.php b/app/Config/Session.php
index 6944710..2491286 100644
--- a/app/Config/Session.php
+++ b/app/Config/Session.php
@@ -14,6 +14,7 @@ class Session extends BaseConfig
      * --------------------------------------------------------------------------
      *
      * The session storage driver to use:
+     * - `CodeIgniter\Session\Handlers\ArrayHandler` (for testing)
      * - `CodeIgniter\Session\Handlers\FileHandler`
      * - `CodeIgniter\Session\Handlers\DatabaseHandler`
      * - `CodeIgniter\Session\Handlers\MemcachedHandler`
diff --git a/app/Config/Toolbar.php b/app/Config/Toolbar.php
index 5a3e504..968653e 100644
--- a/app/Config/Toolbar.php
+++ b/app/Config/Toolbar.php
@@ -119,4 +119,29 @@ class Toolbar extends BaseConfig
     public array $watchedExtensions = [
         'php', 'css', 'js', 'html', 'svg', 'json', 'env',
     ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Ignored HTTP Headers
+     * --------------------------------------------------------------------------
+     *
+     * CodeIgniter Debug Toolbar normally injects HTML and JavaScript into every
+     * HTML response. This is correct for full page loads, but it breaks requests
+     * that expect only a clean HTML fragment.
+     *
+     * Libraries like HTMX, Unpoly, and Hotwire (Turbo) update parts of the page or
+     * manage navigation on the client side. Injecting the Debug Toolbar into their
+     * responses can cause invalid HTML, duplicated scripts, or JavaScript errors
+     * (such as infinite loops or "Maximum call stack size exceeded").
+     *
+     * Any request containing one of the following headers is treated as a
+     * client-managed or partial request, and the Debug Toolbar injection is skipped.
+     *
+     * @var array<string, string|null>
+     */
+    public array $disableOnHeaders = [
+        'X-Requested-With' => 'xmlhttprequest', // AJAX requests
+        'HX-Request'       => 'true',           // HTMX requests
+        'X-Up-Version'     => null,             // Unpoly partial requests
+    ];
 }
diff --git a/app/Config/UserAgents.php b/app/Config/UserAgents.php
index fda7374..8ddfa05 100644
--- a/app/Config/UserAgents.php
+++ b/app/Config/UserAgents.php
@@ -230,9 +230,13 @@ class UserAgents extends BaseConfig
      */
     public array $robots = [
         'googlebot'            => 'Googlebot',
+        'google-pagerenderer'  => 'Google Page Renderer',
+        'google-read-aloud'    => 'Google Read Aloud',
+        'google-safety'        => 'Google Safety Bot',
         'msnbot'               => 'MSNBot',
         'baiduspider'          => 'Baiduspider',
         'bingbot'              => 'Bing',
+        'bingpreview'          => 'BingPreview',
         'slurp'                => 'Inktomi Slurp',
         'yahoo'                => 'Yahoo',
         'ask jeeves'           => 'Ask Jeeves',
@@ -248,5 +252,11 @@ class UserAgents extends BaseConfig
         'ia_archiver'          => 'Alexa Crawler',
         'MJ12bot'              => 'Majestic-12',
         'Uptimebot'            => 'Uptimebot',
+        'duckduckbot'          => 'DuckDuckBot',
+        'sogou'                => 'Sogou Spider',
+        'exabot'               => 'Exabot',
+        'bot'                  => 'Generic Bot',
+        'crawler'              => 'Generic Crawler',
+        'spider'               => 'Generic Spider',
     ];
 }
diff --git a/app/Config/View.php b/app/Config/View.php
index cf8dd06..b52d980 100644
--- a/app/Config/View.php
+++ b/app/Config/View.php
@@ -5,10 +5,6 @@ namespace Config;
 use CodeIgniter\Config\View as BaseView;
 use CodeIgniter\View\ViewDecoratorInterface;
 
-/**
- * @phpstan-type parser_callable (callable(mixed): mixed)
- * @phpstan-type parser_callable_string (callable(mixed): mixed)&string
- */
 class View extends BaseView
 {
     /**
@@ -34,8 +30,7 @@ class View extends BaseView
      *  { title|esc(js) }
      *  { created_on|date(Y-m-d)|esc(attr) }
      *
-     * @var         array<string, string>
-     * @phpstan-var array<string, parser_callable_string>
+     * @var array<string, (callable(mixed): mixed)&string>
      */
     public $filters = [];
 
@@ -44,8 +39,7 @@ class View extends BaseView
      * by the core Parser by creating aliases that will be replaced with
      * any callable. Can be single or tag pair.
      *
-     * @var         array<string, callable|list<string>|string>
-     * @phpstan-var array<string, list<parser_callable_string>|parser_callable_string|parser_callable>
+     * @var array<string, (callable(mixed...): mixed)|((callable(mixed...): mixed)&string)|list<(callable(mixed...): mixed)&string>>
      */
     public $plugins = [];
 
@@ -59,4 +53,21 @@ class View extends BaseView
      * @var list<class-string<ViewDecoratorInterface>>
      */
     public array $decorators = [];
+
+    /**
+     * Subdirectory within app/Views for namespaced view overrides.
+     *
+     * Namespaced views will be searched in:
+     *
+     *   app/Views/{$appOverridesFolder}/{Namespace}/{view_path}.{php|html...}
+     *
+     * This allows application-level overrides for package or module views
+     * without modifying vendor source files.
+     *
+     * Examples:
+     *   'overrides' -> app/Views/overrides/Example/Blog/post/card.php
+     *   'vendor'    -> app/Views/vendor/Example/Blog/post/card.php
+     *   ''          -> app/Views/Example/Blog/post/card.php (direct mapping)
+     */
+    public string $appOverridesFolder = 'overrides';
 }
diff --git a/app/Config/WorkerMode.php b/app/Config/WorkerMode.php
new file mode 100644
index 0000000..fd8b494
--- /dev/null
+++ b/app/Config/WorkerMode.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace Config;
+
+/**
+ * This configuration controls how CodeIgniter behaves when running
+ * in worker mode (with FrankenPHP).
+ */
+class WorkerMode
+{
+    /**
+     * Persistent Services
+     *
+     * List of service names that should persist across requests.
+     * These services will NOT be reset between requests.
+     *
+     * Services not in this list will be reset for each request to prevent
+     * state leakage.
+     *
+     * Recommended persistent services:
+     * - `autoloader`: PSR-4 autoloading configuration
+     * - `locator`: File locator
+     * - `exceptions`: Exception handler
+     * - `commands`: CLI commands registry
+     * - `codeigniter`: Main application instance
+     * - `superglobals`: Superglobals wrapper
+     * - `routes`: Router configuration
+     * - `cache`: Cache instance
+     *
+     * @var list<string>
+     */
+    public array $persistentServices = [
+        'autoloader',
+        'locator',
+        'exceptions',
+        'commands',
+        'codeigniter',
+        'superglobals',
+        'routes',
+        'cache',
+    ];
+
+    /**
+     * Reset Event Listeners
+     *
+     * List of event names whose listeners should be removed between requests.
+     * Use this if you register event listeners inside other event callbacks
+     * (rather than at the top level of Config/Events.php), which would cause
+     * them to accumulate across requests in worker mode.
+     *
+     * @var list<string>
+     */
+    public array $resetEventListeners = [];
+
+    /**
+     * Force Garbage Collection
+     *
+     * Whether to force garbage collection after each request.
+     * Helps prevent memory leaks at a small performance cost.
+     */
+    public bool $forceGarbageCollection = true;
+}
diff --git a/app/Controllers/BaseController.php b/app/Controllers/BaseController.php
index 689405b..ab45a77 100644
--- a/app/Controllers/BaseController.php
+++ b/app/Controllers/BaseController.php
@@ -3,44 +3,28 @@
 namespace App\Controllers;
 
 use CodeIgniter\Controller;
-use CodeIgniter\HTTP\CLIRequest;
-use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
 use Psr\Log\LoggerInterface;
 
 /**
- * Class BaseController
- *
  * BaseController provides a convenient place for loading components
  * and performing functions that are needed by all your controllers.
- * Extend this class in any new controllers:
- *     class Home extends BaseController
  *
- * For security be sure to declare any new methods as protected or private.
+ * Extend this class in any new controllers:
+ * ```
+ *     class Home extends BaseController
+ * ```
+ *
+ * For security, be sure to declare any new methods as protected or private.
  */
 abstract class BaseController extends Controller
 {
-    /**
-     * Instance of the main Request object.
-     *
-     * @var CLIRequest|IncomingRequest
-     */
-    protected $request;
-
-    /**
-     * An array of helpers to be loaded automatically upon
-     * class instantiation. These helpers will be available
-     * to all other controllers that extend BaseController.
-     *
-     * @var list<string>
-     */
-    protected $helpers = [];
-
     /**
      * Be sure to declare properties for any property fetch you initialized.
      * The creation of dynamic property is deprecated in PHP 8.2.
      */
+
     // protected $session;
 
     /**
@@ -48,11 +32,14 @@ abstract class BaseController extends Controller
      */
     public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
     {
-        // Do Not Edit This Line
+        // Load here all helpers you want to be available in your controllers that extend BaseController.
+        // Caution: Do not put the this below the parent::initController() call below.
+        // $this->helpers = ['form', 'url'];
+
+        // Caution: Do not edit this line.
         parent::initController($request, $response, $logger);
 
         // Preload any models, libraries, etc, here.
-
-        // E.g.: $this->session = service('session');
+        // $this->session = service('session');
     }
 }
diff --git a/app/Views/errors/html/error_exception.php b/app/Views/errors/html/error_exception.php
index d5e0c2e..2c4e009 100644
--- a/app/Views/errors/html/error_exception.php
+++ b/app/Views/errors/html/error_exception.php
@@ -24,7 +24,7 @@ $errorId = uniqid('error', true);
     <!-- Header -->
     <div class="header">
         <div class="environment">
-            Displayed at <?= esc(date('H:i:sa')) ?> &mdash;
+            Displayed at <?= esc(date('H:i:s')) ?> &mdash;
             PHP: <?= esc(PHP_VERSION) ?>  &mdash;
             CodeIgniter: <?= esc(CodeIgniter::CI_VERSION) ?> --
             Environment: <?= ENVIRONMENT ?>
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
deleted file mode 100644
index dea9408..0000000
--- a/phpunit.xml.dist
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd"
-    bootstrap="system/Test/bootstrap.php"
-    backupGlobals="false"
-    beStrictAboutOutputDuringTests="true"
-    colors="true"
-    columns="max"
-    failOnRisky="true"
-    failOnWarning="true"
-    cacheDirectory="build/.phpunit.cache">
-    <coverage
-        includeUncoveredFiles="true"
-        pathCoverage="false"
-        ignoreDeprecatedCodeUnits="true"
-        disableCodeCoverageIgnore="true">
-        <report>
-            <clover outputFile="build/logs/clover.xml"/>
-            <html outputDirectory="build/logs/html"/>
-            <php outputFile="build/logs/coverage.serialized"/>
-            <text outputFile="php://stdout" showUncoveredFiles="false"/>
-        </report>
-    </coverage>
-    <testsuites>
-        <testsuite name="App">
-            <directory>./tests</directory>
-        </testsuite>
-    </testsuites>
-    <logging>
-        <testdoxHtml outputFile="build/logs/testdox.html"/>
-        <testdoxText outputFile="build/logs/testdox.txt"/>
-        <junit outputFile="build/logs/logfile.xml"/>
-    </logging>
-    <source>
-        <include>
-            <directory suffix=".php">./app</directory>
-        </include>
-        <exclude>
-            <directory suffix=".php">./app/Views</directory>
-            <file>./app/Config/Routes.php</file>
-        </exclude>
-    </source>
-    <php>
-        <server name="app.baseURL" value="http://example.com/"/>
-        <server name="CODEIGNITER_SCREAM_DEPRECATIONS" value="0"/>
-        <!-- Directory containing phpunit.xml -->
-        <const name="HOMEPATH" value="./"/>
-        <!-- Directory containing the Paths config file -->
-        <const name="CONFIGPATH" value="./app/Config/"/>
-        <!-- Directory containing the front controller (index.php) -->
-        <const name="PUBLICPATH" value="./public/"/>
-        <!-- Database configuration -->
-        <!-- Uncomment to provide your own database for testing
-            <env name="database.tests.hostname" value="localhost"/>
-            <env name="database.tests.database" value="tests"/>
-            <env name="database.tests.username" value="tests_user"/>
-            <env name="database.tests.password" value=""/>
-            <env name="database.tests.DBDriver" value="MySQLi"/>
-            <env name="database.tests.DBPrefix" value="tests_"/>
-            -->
-    </php>
-</phpunit>
diff --git a/preload.php b/preload.php
index 755df5e..288b30b 100644
--- a/preload.php
+++ b/preload.php
@@ -9,6 +9,9 @@
  * the LICENSE file that was distributed with this source code.
  */
 
+use CodeIgniter\Boot;
+use Config\Paths;
+
 /*
  *---------------------------------------------------------------
  * Sample file for Preloading
@@ -54,6 +57,7 @@ class preload
                 '/system/Config/Routes.php',
                 '/system/Language/',
                 '/system/bootstrap.php',
+                '/system/util_bootstrap.php',
                 '/system/rewrite.php',
                 '/Views/',
                 // Errors occur.
@@ -69,10 +73,10 @@ class preload
 
     private function loadAutoloader(): void
     {
-        $paths = new Config\Paths();
+        $paths = new Paths();
         require rtrim($paths->systemDirectory, '\\/ ') . DIRECTORY_SEPARATOR . 'Boot.php';
 
-        CodeIgniter\Boot::preload($paths);
+        Boot::preload($paths);
     }
 
     /**
@@ -86,7 +90,7 @@ class preload
             $phpFiles  = new RegexIterator(
                 $fullTree,
                 '/.+((?<!Test)+\.php$)/i',
-                RecursiveRegexIterator::GET_MATCH
+                RecursiveRegexIterator::GET_MATCH,
             );
 
             foreach ($phpFiles as $key => $file) {
@@ -97,7 +101,9 @@ class preload
                 }
 
                 require_once $file[0];
-                echo 'Loaded: ' . $file[0] . "\n";
+                // Uncomment only for debugging (to inspect which files are included).
+                // Never use this in production - preload scripts must not generate output.
+                // echo 'Loaded: ' . $file[0] . "\n";
             }
         }
     }
diff --git a/public/index.php b/public/index.php
index a0a20db..8e834f2 100644
--- a/public/index.php
+++ b/public/index.php
@@ -9,7 +9,7 @@ use Config\Paths;
  *---------------------------------------------------------------
  */
 
-$minPhpVersion = '8.1'; // If you update this, don't forget to update `spark`.
+$minPhpVersion = '8.2'; // If you update this, don't forget to update `spark`.
 if (version_compare(PHP_VERSION, $minPhpVersion, '<')) {
     $message = sprintf(
         'Your PHP version must be %s or higher to run CodeIgniter. Current version: %s',
diff --git a/spark b/spark
index a730e0b..b48441b 100755
--- a/spark
+++ b/spark
@@ -10,6 +10,9 @@
  * the LICENSE file that was distributed with this source code.
  */
 
+use CodeIgniter\Boot;
+use Config\Paths;
+
 /*
  * --------------------------------------------------------------------
  * CODEIGNITER COMMAND-LINE TOOLS
@@ -35,12 +38,12 @@ if (str_starts_with(PHP_SAPI, 'cgi')) {
  *---------------------------------------------------------------
  */
 
-$minPhpVersion = '8.1'; // If you update this, don't forget to update `public/index.php`.
+$minPhpVersion = '8.2'; // If you update this, don't forget to update `public/index.php`.
 if (version_compare(PHP_VERSION, $minPhpVersion, '<')) {
     $message = sprintf(
         'Your PHP version must be %s or higher to run CodeIgniter. Current version: %s',
         $minPhpVersion,
-        PHP_VERSION
+        PHP_VERSION,
     );
 
     exit($message);
@@ -76,9 +79,9 @@ chdir(FCPATH);
 require FCPATH . '../smarthome/app/Config/Paths.php';
 // ^^^ Change this line if you move your application folder
 
-$paths = new Config\Paths();
+$paths = new Paths();
 
 // LOAD THE FRAMEWORK BOOTSTRAP FILE
 require $paths->systemDirectory . '/Boot.php';
 
-exit(CodeIgniter\Boot::bootSpark($paths));
+exit(Boot::bootSpark($paths));