refactor!: remove $upper functionality in Request::getMethod()

app/Config/Feature.php

@@ -18,4 +18,17 @@ class Feature extends BaseConfig
      * Use filter execution order in 4.4 or before.
      */
     public bool $oldFilterOrder = false;
+
+    /**
+     * Use lowercase HTTP method names like "get", "post" in Config\Filters::$methods.
+     *
+     * But the HTTP method is case-sensitive. So using lowercase is wrong.
+     * We should disable this and use uppercase names like "GET", "POST", etc.
+     *
+     * The method token is case-sensitive because it might be used as a gateway
+     * to object-based systems with case-sensitive method names. By convention,
+     * standardized methods are defined in all-uppercase US-ASCII letters.
+     * https://www.rfc-editor.org/rfc/rfc9110#name-overview
+     */
+    public bool $lowerCaseFilterMethods = true;
 }

system/CodeIgniter.php

@@ -1027,7 +1027,7 @@ public function storePreviousURL($uri)
     public function spoofRequestMethod()
     {
         // Only works with POSTED forms
-        if (strtolower($this->request->getMethod()) !== 'post') {
+        if ($this->request->getMethod() !== 'POST') {
             return;
         }
 
@@ -1038,7 +1038,7 @@ public function spoofRequestMethod()
         }
 
         // Only allows PUT, PATCH, DELETE
-        if (in_array(strtoupper($method), ['PUT', 'PATCH', 'DELETE'], true)) {
+        if (in_array($method, ['PUT', 'PATCH', 'DELETE'], true)) {
             $this->request = $this->request->setMethod($method);
         }
     }

system/Filters/Filters.php

@@ -494,8 +494,9 @@ protected function processMethods()
             return;
         }
 
-        // Request method won't be set for CLI-based requests
-        $method = strtolower($this->request->getMethod()) ?? 'cli';
+        if (config(Feature::class)->lowerCaseFilterMethods) {
+            $method = strtolower($this->request->getMethod());
+        }
 
         if (array_key_exists($method, $this->config->methods)) {
             if (config(Feature::class)->oldFilterOrder) {

system/HTTP/CLIRequest.php

@@ -56,7 +56,7 @@ class CLIRequest extends Request
      *
      * @var string
      */
-    protected $method = 'cli';
+    protected $method = 'CLI';
 
     /**
      * Constructor

system/HTTP/CURLRequest.php

@@ -130,7 +130,7 @@ public function __construct(App $config, URI $uri, ?ResponseInterface $response
      * Sends an HTTP request to the specified $url. If this is a relative
      * URL, it will be merged with $this->baseURI to form a complete URL.
      *
-     * @param string $method
+     * @param string $method HTTP method
      */
     public function request($method, string $url, array $options = []): ResponseInterface
     {
@@ -177,55 +177,55 @@ protected function resetOptions()
      */
     public function get(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('get', $url, $options);
+        return $this->request('GET', $url, $options);
     }
 
     /**
      * Convenience method for sending a DELETE request.
      */
     public function delete(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('delete', $url, $options);
+        return $this->request('DELETE', $url, $options);
     }
 
     /**
      * Convenience method for sending a HEAD request.
      */
     public function head(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('head', $url, $options);
+        return $this->request('HEAD', $url, $options);
     }
 
     /**
      * Convenience method for sending an OPTIONS request.
      */
     public function options(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('options', $url, $options);
+        return $this->request('OPTIONS', $url, $options);
     }
 
     /**
      * Convenience method for sending a PATCH request.
      */
     public function patch(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('patch', $url, $options);
+        return $this->request('PATCH', $url, $options);
     }
 
     /**
      * Convenience method for sending a POST request.
      */
     public function post(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('post', $url, $options);
+        return $this->request('POST', $url, $options);
     }
 
     /**
      * Convenience method for sending a PUT request.
      */
     public function put(string $url, array $options = []): ResponseInterface
     {
-        return $this->request('put', $url, $options);
+        return $this->request('PUT', $url, $options);
     }
 
     /**
@@ -339,17 +339,6 @@ protected function prepareURL(string $url): string
         );
     }
 
-    /**
-     * Get the request method. Overrides the Request class' method
-     * since users expect a different answer here.
-     *
-     * @param bool|false $upper Whether to return in upper or lower case.
-     */
-    public function getMethod(bool $upper = false): string
-    {
-        return ($upper) ? strtoupper($this->method) : strtolower($this->method);
-    }
-
     /**
      * Fires the actual cURL request.
      *
@@ -446,8 +435,6 @@ protected function applyRequestHeaders(array $curlOptions = []): array
      */
     protected function applyMethod(string $method, array $curlOptions): array
     {
-        $method = strtoupper($method);
-
         $this->method                       = $method;
         $curlOptions[CURLOPT_CUSTOMREQUEST] = $method;
 

system/HTTP/IncomingRequest.php

@@ -406,7 +406,7 @@ public function is(string $type): bool
         $httpMethods = ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'PATCH', 'OPTIONS'];
 
         if (in_array($valueUpper, $httpMethods, true)) {
-            return strtoupper($this->getMethod()) === $valueUpper;
+            return $this->getMethod() === $valueUpper;
         }
 
         if ($valueUpper === 'JSON') {

system/HTTP/OutgoingRequest.php

@@ -66,15 +66,13 @@ private function getHostFromUri(URI $uri): string
     }
 
     /**
-     * Get the request method.
+     * Retrieves the HTTP method of the request.
      *
-     * @param bool $upper Whether to return in upper or lower case.
-     *
-     * @deprecated The $upper functionality will be removed and this will revert to its PSR-7 equivalent
+     * @return string Returns the request method.
      */
-    public function getMethod(bool $upper = false): string
+    public function getMethod(): string
     {
-        return ($upper) ? strtoupper($this->method) : strtolower($this->method);
+        return $this->method;
     }
 
     /**

system/HTTP/OutgoingRequestInterface.php

@@ -21,14 +21,11 @@
 interface OutgoingRequestInterface extends MessageInterface
 {
     /**
-     * Get the request method.
-     * An extension of PSR-7's getMethod to allow casing.
+     * Retrieves the HTTP method of the request.
      *
-     * @param bool $upper Whether to return in upper or lower case.
-     *
-     * @deprecated The $upper functionality will be removed and this will revert to its PSR-7 equivalent
+     * @return string Returns the request method.
      */
-    public function getMethod(bool $upper = false): string;
+    public function getMethod(): string;
 
     /**
      * Return an instance with the provided HTTP method.

system/HTTP/Request.php

@@ -49,20 +49,6 @@ public function __construct($config = null) // @phpstan-ignore-line
         }
     }
 
-    /**
-     * Get the request method.
-     *
-     * @param bool $upper Whether to return in upper or lower case.
-     *
-     * @deprecated 4.0.5 The $upper functionality will be removed and this will revert to its PSR-7 equivalent
-     *
-     * @codeCoverageIgnore
-     */
-    public function getMethod(bool $upper = false): string
-    {
-        return ($upper) ? strtoupper($this->method) : strtolower($this->method);
-    }
-
     /**
      * Sets the request method. Used when spoofing the request.
      *

tests/system/CodeIgniterTest.php

@@ -733,7 +733,7 @@ public function testSpoofRequestMethodCanUsePUT(): void
         $this->codeigniter->run();
         ob_get_clean();
 
-        $this->assertSame('put', Services::incomingrequest()->getMethod());
+        $this->assertSame('PUT', Services::incomingrequest()->getMethod());
     }
 
     public function testSpoofRequestMethodCannotUseGET(): void
@@ -758,7 +758,7 @@ public function testSpoofRequestMethodCannotUseGET(): void
         $this->codeigniter->run();
         ob_get_clean();
 
-        $this->assertSame('post', Services::incomingrequest()->getMethod());
+        $this->assertSame('POST', Services::incomingrequest()->getMethod());
     }
 
     /**

tests/system/HTTP/CLIRequestTest.php

@@ -525,8 +525,7 @@ public function testGetIPAddressDefault(): void
     public function testMethodReturnsRightStuff(): void
     {
         // Defaults method to CLI now.
-        $this->assertSame('cli', $this->request->getMethod());
-        $this->assertSame('CLI', $this->request->getMethod(true));
+        $this->assertSame('CLI', $this->request->getMethod());
     }
 
     public function testMethodIsCliReturnsAlwaysTrue(): void

tests/system/HTTP/CURLRequestDoNotShareOptionsTest.php

@@ -103,7 +103,7 @@ public function testGetSetsCorrectMethod(): void
     {
         $this->request->get('http://example.com');
 
-        $this->assertSame('get', $this->request->getMethod());
+        $this->assertSame('GET', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -115,7 +115,7 @@ public function testDeleteSetsCorrectMethod(): void
     {
         $this->request->delete('http://example.com');
 
-        $this->assertSame('delete', $this->request->getMethod());
+        $this->assertSame('DELETE', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -127,7 +127,7 @@ public function testHeadSetsCorrectMethod(): void
     {
         $this->request->head('http://example.com');
 
-        $this->assertSame('head', $this->request->getMethod());
+        $this->assertSame('HEAD', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -139,7 +139,7 @@ public function testOptionsSetsCorrectMethod(): void
     {
         $this->request->options('http://example.com');
 
-        $this->assertSame('options', $this->request->getMethod());
+        $this->assertSame('OPTIONS', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -281,7 +281,7 @@ public function testPatchSetsCorrectMethod(): void
     {
         $this->request->patch('http://example.com');
 
-        $this->assertSame('patch', $this->request->getMethod());
+        $this->assertSame('PATCH', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -293,7 +293,7 @@ public function testPostSetsCorrectMethod(): void
     {
         $this->request->post('http://example.com');
 
-        $this->assertSame('post', $this->request->getMethod());
+        $this->assertSame('POST', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -305,7 +305,7 @@ public function testPutSetsCorrectMethod(): void
     {
         $this->request->put('http://example.com');
 
-        $this->assertSame('put', $this->request->getMethod());
+        $this->assertSame('PUT', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -322,19 +322,19 @@ public function testCustomMethodSetsCorrectMethod(): void
         $options = $this->request->curl_options;
 
         $this->assertArrayHasKey(CURLOPT_CUSTOMREQUEST, $options);
-        $this->assertSame('CUSTOM', $options[CURLOPT_CUSTOMREQUEST]);
+        $this->assertSame('custom', $options[CURLOPT_CUSTOMREQUEST]);
     }
 
     public function testRequestMethodGetsSanitized(): void
     {
         $this->request->request('<script>Custom</script>', 'http://example.com');
 
-        $this->assertSame('custom', $this->request->getMethod());
+        $this->assertSame('Custom', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
         $this->assertArrayHasKey(CURLOPT_CUSTOMREQUEST, $options);
-        $this->assertSame('CUSTOM', $options[CURLOPT_CUSTOMREQUEST]);
+        $this->assertSame('Custom', $options[CURLOPT_CUSTOMREQUEST]);
     }
 
     public function testRequestSetsBasicCurlOptions(): void
@@ -951,7 +951,7 @@ public function testPostFormEncoded(): void
             'form_params' => $params,
         ]);
 
-        $this->assertSame('post', $this->request->getMethod());
+        $this->assertSame('POST', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -974,7 +974,7 @@ public function testPostFormMultipart(): void
             'multipart' => $params,
         ]);
 
-        $this->assertSame('post', $this->request->getMethod());
+        $this->assertSame('POST', $this->request->getMethod());
 
         $options = $this->request->curl_options;
 
@@ -1022,7 +1022,7 @@ public function testJSONData(): void
             'json' => $params,
         ]);
 
-        $this->assertSame('post', $this->request->getMethod());
+        $this->assertSame('POST', $this->request->getMethod());
 
         $expected = json_encode($params);
         $this->assertSame(