Merge pull request #15605 from cakephp/remove-deprecations

cake 5: Remove various deprecations

phpstan-baseline.neon

@@ -151,11 +151,6 @@ parameters:
 			path: src/Controller/ControllerFactory.php
 
 		-
-			message: "#^Parameter \\#1 \\$callback of function spl_autoload_register expects \\(callable\\(string\\)\\: void\\)\\|null, array\\(\\$this\\(Cake\\\\Core\\\\ClassLoader\\), 'loadClass'\\) given\\.$#"
-			count: 1
-			path: src/Core/ClassLoader.php
-
-		-
 			message: "#^Array \\(array\\<TObject\\>\\) does not accept object\\.$#"
 			count: 1
 			path: src/Core/ObjectRegistry.php
@@ -441,21 +436,6 @@ parameters:
 			path: src/Routing/RouteBuilder.php
 
 		-
-			message: "#^Property Cake\\\\TestSuite\\\\ConsoleIntegrationTestCase\\:\\:\\$_err \\(Cake\\\\TestSuite\\\\Stub\\\\ConsoleOutput\\) does not accept null\\.$#"
-			count: 1
-			path: src/TestSuite/ConsoleIntegrationTestCase.php
-
-		-
-			message: "#^Property Cake\\\\TestSuite\\\\ConsoleIntegrationTestCase\\:\\:\\$_in \\(Cake\\\\Console\\\\ConsoleInput\\) does not accept null\\.$#"
-			count: 1
-			path: src/TestSuite/ConsoleIntegrationTestCase.php
-
-		-
-			message: "#^Property Cake\\\\TestSuite\\\\ConsoleIntegrationTestCase\\:\\:\\$_out \\(Cake\\\\TestSuite\\\\Stub\\\\ConsoleOutput\\) does not accept null\\.$#"
-			count: 1
-			path: src/TestSuite/ConsoleIntegrationTestCase.php
-
-		-
 			message: "#^PHPDoc tag @template TCode for class Cake\\\\TestSuite\\\\Constraint\\\\Response\\\\StatusCodeBase with bound type array\\<int, int\\> is not supported\\.$#"
 			count: 1
 			path: src/TestSuite/Constraint/Response/StatusCodeBase.php
@@ -491,31 +471,6 @@ parameters:
 			path: src/TestSuite/Fixture/TransactionStrategy.php
 
 		-
-			message: "#^Parameter \\#1 \\$response of class Cake\\\\TestSuite\\\\Constraint\\\\Response\\\\CookieEncryptedEquals constructor expects Cake\\\\Http\\\\Response\\|null, Psr\\\\Http\\\\Message\\\\ResponseInterface\\|null given\\.$#"
-			count: 1
-			path: src/TestSuite/IntegrationTestCase.php
-
-		-
-			message: "#^Parameter \\#1 \\$response of class Cake\\\\TestSuite\\\\Constraint\\\\Response\\\\CookieEquals constructor expects Cake\\\\Http\\\\Response\\|null, Psr\\\\Http\\\\Message\\\\ResponseInterface\\|null given\\.$#"
-			count: 1
-			path: src/TestSuite/IntegrationTestCase.php
-
-		-
-			message: "#^Property Cake\\\\TestSuite\\\\IntegrationTestCase\\:\\:\\$_layoutName \\(string\\) does not accept null\\.$#"
-			count: 1
-			path: src/TestSuite/IntegrationTestCase.php
-
-		-
-			message: "#^Property Cake\\\\TestSuite\\\\IntegrationTestCase\\:\\:\\$_requestSession \\(Cake\\\\Http\\\\Session\\) does not accept null\\.$#"
-			count: 1
-			path: src/TestSuite/IntegrationTestCase.php
-
-		-
-			message: "#^Property Cake\\\\TestSuite\\\\IntegrationTestCase\\:\\:\\$_viewName \\(string\\) does not accept null\\.$#"
-			count: 1
-			path: src/TestSuite/IntegrationTestCase.php
-
-		-
 			message: "#^Unsafe usage of new static\\(\\)\\.$#"
 			count: 1
 			path: src/View/Form/ContextFactory.php

psalm-baseline.xml

@@ -312,11 +312,6 @@
       <code>$key</code>
     </PossiblyFalseOperand>
   </file>
-  <file src="src/View/Helper/NumberHelper.php">
-    <DeprecatedMethod occurrences="1">
-      <code>defaultCurrency</code>
-    </DeprecatedMethod>
-  </file>
   <file src="src/View/View.php">
     <ArgumentTypeCoercion occurrences="1">
       <code>$options</code>

src/Cache/Cache.php

@@ -198,20 +198,6 @@ class Cache
     }
 
     /**
-     * Get a cache engine object for the named cache config.
-     *
-     * @param string $config The name of the configured cache backend.
-     * @return \Psr\SimpleCache\CacheInterface&\Cake\Cache\CacheEngineInterface
-     * @deprecated 3.7.0 Use {@link pool()} instead. This method will be removed in 5.0.
-     */
-    public static function engine(string $config)
-    {
-        deprecationWarning('Cache::engine() is deprecated. Use Cache::pool() instead.');
-
-        return static::pool($config);
-    }
-
-    /**
      * Get a SimpleCacheEngine object for the named cache pool.
      *
      * @param string $config The name of the configured cache backend.

src/Console/Command.php

@@ -1,11 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * @deprecated 4.0.0 Use {@link \Cake\Command\Command} instead.
- */
-
-class_alias(
-    'Cake\Command\Command',
-    'Cake\Console\Command'
-);

src/Controller/Component/SecurityComponent.php

@@ -1,583 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @since         0.10.8
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\Controller\Component;
-
-use Cake\Controller\Component;
-use Cake\Controller\Controller;
-use Cake\Controller\Exception\AuthSecurityException;
-use Cake\Controller\Exception\SecurityException;
-use Cake\Core\Configure;
-use Cake\Event\EventInterface;
-use Cake\Http\Exception\BadRequestException;
-use Cake\Http\Response;
-use Cake\Http\ServerRequest;
-use Cake\Routing\Router;
-use Cake\Utility\Hash;
-use Cake\Utility\Security;
-
-/**
- * The Security Component creates an easy way to integrate tighter security in
- * your application. It provides methods for these tasks:
- *
- * - Form tampering protection.
- * - Requiring that SSL be used.
- *
- * @link https://book.cakephp.org/4/en/controllers/components/security.html
- * @deprecated 4.0.0 Use {@link FormProtectionComponent} instead, for form tampering protection
- *   or {@link HttpsEnforcerMiddleware} to enforce use of HTTPS (SSL) for requests.
- */
-class SecurityComponent extends Component
-{
-    /**
-     * Default message used for exceptions thrown
-     *
-     * @var string
-     */
-    public const DEFAULT_EXCEPTION_MESSAGE = 'The request has been black-holed';
-
-    /**
-     * Default config
-     *
-     * - `blackHoleCallback` - The controller method that will be called if this
-     *   request is black-hole'd.
-     * - `requireSecure` - List of actions that require an SSL-secured connection.
-     * - `unlockedFields` - Form fields to exclude from POST validation. Fields can
-     *   be unlocked either in the Component, or with FormHelper::unlockField().
-     *   Fields that have been unlocked are not required to be part of the POST
-     *   and hidden unlocked fields do not have their values checked.
-     * - `unlockedActions` - Actions to exclude from POST validation checks.
-     *   Other checks like requireSecure() etc. will still be applied.
-     * - `validatePost` - Whether to validate POST data. Set to false to disable
-     *   for data coming from 3rd party services, etc.
-     *
-     * @var array
-     */
-    protected $_defaultConfig = [
-        'blackHoleCallback' => null,
-        'requireSecure' => [],
-        'unlockedFields' => [],
-        'unlockedActions' => [],
-        'validatePost' => true,
-    ];
-
-    /**
-     * Holds the current action of the controller
-     *
-     * @var string
-     */
-    protected $_action;
-
-    /**
-     * Component startup. All security checking happens here.
-     *
-     * @param \Cake\Event\EventInterface $event An Event instance
-     * @return \Cake\Http\Response|null
-     */
-    public function startup(EventInterface $event): ?Response
-    {
-        /** @var \Cake\Controller\Controller $controller */
-        $controller = $event->getSubject();
-        $request = $controller->getRequest();
-        $this->_action = $request->getParam('action');
-        $hasData = ($request->getData() || $request->is(['put', 'post', 'delete', 'patch']));
-        try {
-            $this->_secureRequired($controller);
-
-            if ($this->_action === $this->_config['blackHoleCallback']) {
-                throw new AuthSecurityException(sprintf(
-                    'Action %s is defined as the blackhole callback.',
-                    $this->_action
-                ));
-            }
-
-            if (
-                !in_array($this->_action, (array)$this->_config['unlockedActions'], true) &&
-                $hasData &&
-                $this->_config['validatePost']
-            ) {
-                $this->_validatePost($controller);
-            }
-        } catch (SecurityException $se) {
-            return $this->blackHole($controller, $se->getType(), $se);
-        }
-
-        $request = $this->generateToken($request);
-        if ($hasData && is_array($controller->getRequest()->getData())) {
-            $request = $request->withoutData('_Token');
-        }
-        $controller->setRequest($request);
-
-        return null;
-    }
-
-    /**
-     * Events supported by this component.
-     *
-     * @return array
-     */
-    public function implementedEvents(): array
-    {
-        return [
-            'Controller.startup' => 'startup',
-        ];
-    }
-
-    /**
-     * Sets the actions that require a request that is SSL-secured, or empty for all actions
-     *
-     * @param string|string[]|null $actions Actions list
-     * @return void
-     */
-    public function requireSecure($actions = null): void
-    {
-        $actions = (array)$actions;
-        $this->setConfig('requireSecure', empty($actions) ? ['*'] : $actions);
-    }
-
-    /**
-     * Black-hole an invalid request with a 400 error or custom callback. If SecurityComponent::$blackHoleCallback
-     * is specified, it will use this callback by executing the method indicated in $error
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @param string $error Error method
-     * @param \Cake\Controller\Exception\SecurityException|null $exception Additional debug info describing the cause
-     * @return mixed If specified, controller blackHoleCallback's response, or no return otherwise
-     * @see \Cake\Controller\Component\SecurityComponent::$blackHoleCallback
-     * @link https://book.cakephp.org/4/en/controllers/components/security.html#handling-blackhole-callbacks
-     * @throws \Cake\Http\Exception\BadRequestException
-     */
-    public function blackHole(Controller $controller, string $error = '', ?SecurityException $exception = null)
-    {
-        if (!$this->_config['blackHoleCallback']) {
-            $this->_throwException($exception);
-        }
-
-        return $this->_callback($controller, $this->_config['blackHoleCallback'], [$error, $exception]);
-    }
-
-    /**
-     * Check debug status and throw an Exception based on the existing one
-     *
-     * @param \Cake\Controller\Exception\SecurityException|null $exception Additional debug info describing the cause
-     * @throws \Cake\Http\Exception\BadRequestException
-     * @return void
-     */
-    protected function _throwException(?SecurityException $exception = null): void
-    {
-        if ($exception !== null) {
-            if (!Configure::read('debug')) {
-                $exception->setReason($exception->getMessage());
-                $exception->setMessage(static::DEFAULT_EXCEPTION_MESSAGE);
-            }
-            throw $exception;
-        }
-        throw new BadRequestException(static::DEFAULT_EXCEPTION_MESSAGE);
-    }
-
-    /**
-     * Check if access requires secure connection
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @return void
-     * @throws \Cake\Controller\Exception\SecurityException
-     */
-    protected function _secureRequired(Controller $controller): void
-    {
-        if (
-            empty($this->_config['requireSecure']) ||
-            !is_array($this->_config['requireSecure'])
-        ) {
-            return;
-        }
-
-        $requireSecure = $this->_config['requireSecure'];
-        if (
-            ($requireSecure[0] === '*' ||
-                in_array($this->_action, $requireSecure, true)
-            ) &&
-            !$controller->getRequest()->is('ssl')
-        ) {
-            throw new SecurityException(
-                'Request is not SSL and the action is required to be secure'
-            );
-        }
-    }
-
-    /**
-     * Validate submitted form
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @return void
-     * @throws \Cake\Controller\Exception\AuthSecurityException
-     */
-    protected function _validatePost(Controller $controller): void
-    {
-        $token = $this->_validToken($controller);
-        $hashParts = $this->_hashParts($controller);
-        $check = hash_hmac('sha1', implode('', $hashParts), Security::getSalt());
-
-        if (hash_equals($check, $token)) {
-            return;
-        }
-
-        $msg = static::DEFAULT_EXCEPTION_MESSAGE;
-        if (Configure::read('debug')) {
-            $msg = $this->_debugPostTokenNotMatching($controller, $hashParts);
-        }
-
-        throw new AuthSecurityException($msg);
-    }
-
-    /**
-     * Check if token is valid
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @throws \Cake\Controller\Exception\SecurityException
-     * @return string fields token
-     */
-    protected function _validToken(Controller $controller): string
-    {
-        $check = $controller->getRequest()->getData();
-
-        $message = '\'%s\' was not found in request data.';
-        if (!isset($check['_Token'])) {
-            throw new AuthSecurityException(sprintf($message, '_Token'));
-        }
-        if (!isset($check['_Token']['fields'])) {
-            throw new AuthSecurityException(sprintf($message, '_Token.fields'));
-        }
-        if (!is_string($check['_Token']['fields'])) {
-            throw new AuthSecurityException("'_Token.fields' is invalid.");
-        }
-        if (!isset($check['_Token']['unlocked'])) {
-            throw new AuthSecurityException(sprintf($message, '_Token.unlocked'));
-        }
-        if (Configure::read('debug') && !isset($check['_Token']['debug'])) {
-            throw new SecurityException(sprintf($message, '_Token.debug'));
-        }
-        if (!Configure::read('debug') && isset($check['_Token']['debug'])) {
-            throw new SecurityException('Unexpected \'_Token.debug\' found in request data');
-        }
-
-        $token = urldecode($check['_Token']['fields']);
-        if (strpos($token, ':')) {
-            [$token, ] = explode(':', $token, 2);
-        }
-
-        return $token;
-    }
-
-    /**
-     * Return hash parts for the Token generation
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @return string[]
-     */
-    protected function _hashParts(Controller $controller): array
-    {
-        $request = $controller->getRequest();
-
-        // Start the session to ensure we get the correct session id.
-        $session = $request->getSession();
-        $session->start();
-
-        $data = (array)$request->getData();
-        $fieldList = $this->_fieldsList($data);
-        $unlocked = $this->_sortedUnlocked($data);
-
-        return [
-            Router::url($request->getRequestTarget()),
-            serialize($fieldList),
-            $unlocked,
-            $session->id(),
-        ];
-    }
-
-    /**
-     * Return the fields list for the hash calculation
-     *
-     * @param array $check Data array
-     * @return array
-     */
-    protected function _fieldsList(array $check): array
-    {
-        $locked = '';
-        $token = urldecode($check['_Token']['fields']);
-        $unlocked = $this->_unlocked($check);
-
-        if (strpos($token, ':')) {
-            [, $locked] = explode(':', $token, 2);
-        }
-        unset($check['_Token']);
-
-        $locked = $locked ? explode('|', $locked) : [];
-        $unlocked = $unlocked ? explode('|', $unlocked) : [];
-
-        $fields = Hash::flatten($check);
-        $fieldList = array_keys($fields);
-        $multi = $lockedFields = [];
-        $isUnlocked = false;
-
-        foreach ($fieldList as $i => $key) {
-            if (is_string($key) && preg_match('/(\.\d+){1,10}$/', $key)) {
-                $multi[$i] = preg_replace('/(\.\d+){1,10}$/', '', $key);
-                unset($fieldList[$i]);
-            } else {
-                $fieldList[$i] = (string)$key;
-            }
-        }
-        if (!empty($multi)) {
-            $fieldList += array_unique($multi);
-        }
-
-        $unlockedFields = array_unique(
-            array_merge(
-                (array)$this->_config['unlockedFields'],
-                $unlocked
-            )
-        );
-
-        foreach ($fieldList as $i => $key) {
-            $isLocked = in_array($key, $locked, true);
-
-            if (!empty($unlockedFields)) {
-                foreach ($unlockedFields as $off) {
-                    $off = explode('.', $off);
-                    $field = array_values(array_intersect(explode('.', $key), $off));
-                    $isUnlocked = ($field === $off);
-                    if ($isUnlocked) {
-                        break;
-                    }
-                }
-            }
-
-            if ($isUnlocked || $isLocked) {
-                unset($fieldList[$i]);
-                if ($isLocked) {
-                    $lockedFields[$key] = $fields[$key];
-                }
-            }
-        }
-        sort($fieldList, SORT_STRING);
-        ksort($lockedFields, SORT_STRING);
-        $fieldList += $lockedFields;
-
-        return $fieldList;
-    }
-
-    /**
-     * Get the unlocked string
-     *
-     * @param array $data Data array
-     * @return string
-     */
-    protected function _unlocked(array $data): string
-    {
-        return urldecode($data['_Token']['unlocked']);
-    }
-
-    /**
-     * Get the sorted unlocked string
-     *
-     * @param array $data Data array
-     * @return string
-     */
-    protected function _sortedUnlocked(array $data): string
-    {
-        $unlocked = $this->_unlocked($data);
-        $unlocked = explode('|', $unlocked);
-        sort($unlocked, SORT_STRING);
-
-        return implode('|', $unlocked);
-    }
-
-    /**
-     * Create a message for humans to understand why Security token is not matching
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @param array $hashParts Elements used to generate the Token hash
-     * @return string Message explaining why the tokens are not matching
-     */
-    protected function _debugPostTokenNotMatching(Controller $controller, array $hashParts): string
-    {
-        $messages = [];
-        $expectedParts = json_decode(urldecode($controller->getRequest()->getData('_Token.debug')), true);
-        if (!is_array($expectedParts) || count($expectedParts) !== 3) {
-            return 'Invalid security debug token.';
-        }
-        $expectedUrl = Hash::get($expectedParts, 0);
-        $url = Hash::get($hashParts, 0);
-        if ($expectedUrl !== $url) {
-            $messages[] = sprintf('URL mismatch in POST data (expected \'%s\' but found \'%s\')', $expectedUrl, $url);
-        }
-        $expectedFields = Hash::get($expectedParts, 1);
-        $dataFields = Hash::get($hashParts, 1);
-        if ($dataFields) {
-            $dataFields = unserialize($dataFields);
-        }
-        $fieldsMessages = $this->_debugCheckFields(
-            $dataFields,
-            $expectedFields,
-            'Unexpected field \'%s\' in POST data',
-            'Tampered field \'%s\' in POST data (expected value \'%s\' but found \'%s\')',
-            'Missing field \'%s\' in POST data'
-        );
-        $expectedUnlockedFields = Hash::get($expectedParts, 2);
-        $dataUnlockedFields = Hash::get($hashParts, 2) ?: null;
-        if ($dataUnlockedFields) {
-            $dataUnlockedFields = explode('|', $dataUnlockedFields);
-        }
-        $unlockFieldsMessages = $this->_debugCheckFields(
-            (array)$dataUnlockedFields,
-            $expectedUnlockedFields,
-            'Unexpected unlocked field \'%s\' in POST data',
-            '',
-            'Missing unlocked field: \'%s\''
-        );
-
-        $messages = array_merge($messages, $fieldsMessages, $unlockFieldsMessages);
-
-        return implode(', ', $messages);
-    }
-
-    /**
-     * Iterates data array to check against expected
-     *
-     * @param array $dataFields Fields array, containing the POST data fields
-     * @param array $expectedFields Fields array, containing the expected fields we should have in POST
-     * @param string $intKeyMessage Message string if unexpected found in data fields indexed by int (not protected)
-     * @param string $stringKeyMessage Message string if tampered found in
-     *  data fields indexed by string (protected).
-     * @param string $missingMessage Message string if missing field
-     * @return string[] Messages
-     */
-    protected function _debugCheckFields(
-        array $dataFields,
-        array $expectedFields = [],
-        string $intKeyMessage = '',
-        string $stringKeyMessage = '',
-        string $missingMessage = ''
-    ): array {
-        $messages = $this->_matchExistingFields($dataFields, $expectedFields, $intKeyMessage, $stringKeyMessage);
-        $expectedFieldsMessage = $this->_debugExpectedFields($expectedFields, $missingMessage);
-        if ($expectedFieldsMessage !== null) {
-            $messages[] = $expectedFieldsMessage;
-        }
-
-        return $messages;
-    }
-
-    /**
-     * Manually add form tampering prevention token information into the provided
-     * request object.
-     *
-     * @param \Cake\Http\ServerRequest $request The request object to add into.
-     * @return \Cake\Http\ServerRequest The modified request.
-     */
-    public function generateToken(ServerRequest $request): ServerRequest
-    {
-        $token = [
-            'unlockedFields' => $this->_config['unlockedFields'],
-        ];
-
-        return $request->withAttribute('formTokenData', [
-            'unlockedFields' => $token['unlockedFields'],
-        ]);
-    }
-
-    /**
-     * Calls a controller callback method
-     *
-     * @param \Cake\Controller\Controller $controller Instantiating controller
-     * @param string $method Method to execute
-     * @param array $params Parameters to send to method
-     * @return mixed Controller callback method's response
-     * @throws \Cake\Http\Exception\BadRequestException When a the blackholeCallback is not callable.
-     */
-    protected function _callback(Controller $controller, string $method, array $params = [])
-    {
-        $callable = [$controller, $method];
-
-        if (!is_callable($callable)) {
-            throw new BadRequestException('The request has been black-holed');
-        }
-
-        return $callable(...$params);
-    }
-
-    /**
-     * Generate array of messages for the existing fields in POST data, matching dataFields in $expectedFields
-     * will be unset
-     *
-     * @param array $dataFields Fields array, containing the POST data fields
-     * @param array $expectedFields Fields array, containing the expected fields we should have in POST
-     * @param string $intKeyMessage Message string if unexpected found in data fields indexed by int (not protected)
-     * @param string $stringKeyMessage Message string if tampered found in
-     *   data fields indexed by string (protected)
-     * @return string[] Error messages
-     */
-    protected function _matchExistingFields(
-        array $dataFields,
-        array &$expectedFields,
-        string $intKeyMessage,
-        string $stringKeyMessage
-    ): array {
-        $messages = [];
-        foreach ($dataFields as $key => $value) {
-            if (is_int($key)) {
-                $foundKey = array_search($value, $expectedFields, true);
-                if ($foundKey === false) {
-                    $messages[] = sprintf($intKeyMessage, $value);
-                } else {
-                    unset($expectedFields[$foundKey]);
-                }
-            } else {
-                if (isset($expectedFields[$key]) && $value !== $expectedFields[$key]) {
-                    $messages[] = sprintf($stringKeyMessage, $key, $expectedFields[$key], $value);
-                }
-                unset($expectedFields[$key]);
-            }
-        }
-
-        return $messages;
-    }
-
-    /**
-     * Generate debug message for the expected fields
-     *
-     * @param array $expectedFields Expected fields
-     * @param string $missingMessage Message template
-     * @return string|null Error message about expected fields
-     */
-    protected function _debugExpectedFields(array $expectedFields = [], string $missingMessage = ''): ?string
-    {
-        if (count($expectedFields) === 0) {
-            return null;
-        }
-
-        $expectedFieldNames = [];
-        foreach ($expectedFields as $key => $expectedField) {
-            if (is_int($key)) {
-                $expectedFieldNames[] = $expectedField;
-            } else {
-                $expectedFieldNames[] = $key;
-            }
-        }
-
-        return sprintf($missingMessage, implode(', ', $expectedFieldNames));
-    }
-}

src/Controller/Controller.php

@@ -695,29 +695,6 @@ class Controller implements EventListenerInterface, EventDispatcherInterface
     }
 
     /**
-     * Internally redirects one action to another. Does not perform another HTTP request unlike Controller::redirect()
-     *
-     * Examples:
-     *
-     * ```
-     * setAction('another_action');
-     * setAction('action_with_parameters', $parameter1);
-     * ```
-     *
-     * @param string $action The new action to be 'redirected' to.
-     *   Any other parameters passed to this method will be passed as parameters to the new action.
-     * @param mixed ...$args Arguments passed to the action
-     * @return mixed Returns the return value of the called action
-     * @deprecated 4.2.0 Refactor your code use `redirect()` instead of forwarding actions.
-     */
-    public function setAction(string $action, ...$args)
-    {
-        $this->setRequest($this->request->withParam('action', $action));
-
-        return $this->$action(...$args);
-    }
-
-    /**
      * Instantiates the correct view class, hands it its data, and uses it to render the view output.
      *
      * @param string|null $template Template to use for rendering

src/Core/ClassLoader.php

@@ -1,137 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright 2005-2011, Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @since         3.0.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\Core;
-
-/**
- * ClassLoader
- *
- * @deprecated 4.0.3 Use composer to generate autoload files instead.
- */
-class ClassLoader
-{
-    /**
-     * An associative array where the key is a namespace prefix and the value
-     * is an array of base directories for classes in that namespace.
-     *
-     * @var array
-     */
-    protected $_prefixes = [];
-
-    /**
-     * Register loader with SPL autoloader stack.
-     *
-     * @return void
-     */
-    public function register(): void
-    {
-        spl_autoload_register([$this, 'loadClass']);
-    }
-
-    /**
-     * Adds a base directory for a namespace prefix.
-     *
-     * @param string $prefix The namespace prefix.
-     * @param string $baseDir A base directory for class files in the
-     * namespace.
-     * @param bool $prepend If true, prepend the base directory to the stack
-     * instead of appending it; this causes it to be searched first rather
-     * than last.
-     * @return void
-     */
-    public function addNamespace(string $prefix, string $baseDir, bool $prepend = false): void
-    {
-        $prefix = trim($prefix, '\\') . '\\';
-
-        $baseDir = rtrim($baseDir, '/') . DIRECTORY_SEPARATOR;
-        $baseDir = rtrim($baseDir, DIRECTORY_SEPARATOR) . '/';
-
-        $this->_prefixes[$prefix] = $this->_prefixes[$prefix] ?? [];
-
-        if ($prepend) {
-            array_unshift($this->_prefixes[$prefix], $baseDir);
-        } else {
-            $this->_prefixes[$prefix][] = $baseDir;
-        }
-    }
-
-    /**
-     * Loads the class file for a given class name.
-     *
-     * @param string $class The fully-qualified class name.
-     * @return string|false The mapped file name on success, or boolean false on
-     * failure.
-     */
-    public function loadClass(string $class)
-    {
-        $prefix = $class;
-
-        while (($pos = strrpos($prefix, '\\')) !== false) {
-            $prefix = substr($class, 0, $pos + 1);
-            $relativeClass = substr($class, $pos + 1);
-
-            $mappedFile = $this->_loadMappedFile($prefix, $relativeClass);
-            if ($mappedFile) {
-                return $mappedFile;
-            }
-
-            $prefix = rtrim($prefix, '\\');
-        }
-
-        return false;
-    }
-
-    /**
-     * Load the mapped file for a namespace prefix and relative class.
-     *
-     * @param string $prefix The namespace prefix.
-     * @param string $relativeClass The relative class name.
-     * @return string|false Boolean false if no mapped file can be loaded, or the
-     * name of the mapped file that was loaded.
-     */
-    protected function _loadMappedFile(string $prefix, string $relativeClass)
-    {
-        if (!isset($this->_prefixes[$prefix])) {
-            return false;
-        }
-
-        foreach ($this->_prefixes[$prefix] as $baseDir) {
-            $file = $baseDir . str_replace('\\', DIRECTORY_SEPARATOR, $relativeClass) . '.php';
-
-            if ($this->_requireFile($file)) {
-                return $file;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * If a file exists, require it from the file system.
-     *
-     * @param string $file The file to require.
-     * @return bool True if the file exists, false if not.
-     */
-    protected function _requireFile(string $file): bool
-    {
-        if (file_exists($file)) {
-            require $file;
-
-            return true;
-        }
-
-        return false;
-    }
-}

src/Error/BaseErrorHandler.php

@@ -188,21 +188,6 @@ abstract class BaseErrorHandler
     }
 
     /**
-     * Checks the passed exception type. If it is an instance of `Error`
-     * then, it wraps the passed object inside another Exception object
-     * for backwards compatibility purposes.
-     *
-     * @param \Throwable $exception The exception to handle
-     * @return void
-     * @deprecated 4.0.0 Unused method will be removed in 5.0
-     */
-    public function wrapAndHandleException(Throwable $exception): void
-    {
-        deprecationWarning('This method is no longer in use. Call handleException instead.');
-        $this->handleException($exception);
-    }
-
-    /**
      * Handle uncaught exceptions.
      *
      * Uses a template method provided by subclasses to display errors in an

src/Form/Form.php

@@ -170,27 +170,6 @@ class Form implements EventListenerInterface, EventDispatcherInterface, Validato
     }
 
     /**
-     * Get/Set the schema for this form.
-     *
-     * This method will call `_buildSchema()` when the schema
-     * is first built. This hook method lets you configure the
-     * schema or load a pre-defined one.
-     *
-     * @deprecated 4.1.0 Use {@link setSchema()}/{@link getSchema()} instead.
-     * @param \Cake\Form\Schema|null $schema The schema to set, or null.
-     * @return \Cake\Form\Schema the schema instance.
-     */
-    public function schema(?Schema $schema = null): Schema
-    {
-        deprecationWarning('Form::schema() is deprecated. Use setSchema() and getSchema() instead.');
-        if ($schema !== null) {
-            $this->setSchema($schema);
-        }
-
-        return $this->getSchema();
-    }
-
-    /**
      * A hook method intended to be implemented by subclasses.
      *
      * You can use this method to define the schema using

src/I18n/Number.php

@@ -265,37 +265,6 @@ class Number
     }
 
     /**
-     * Getter/setter for default currency. This behavior is *deprecated* and will be
-     * removed in future versions of CakePHP.
-     *
-     * @deprecated 3.9.0 Use {@link getDefaultCurrency()} and {@link setDefaultCurrency()} instead.
-     * @param string|false|null $currency Default currency string to be used by {@link currency()}
-     * if $currency argument is not provided. If boolean false is passed, it will clear the
-     * currently stored value
-     * @return string|null Currency
-     */
-    public static function defaultCurrency($currency = null): ?string
-    {
-        deprecationWarning(
-            'Number::defaultCurrency() is deprecated. ' .
-            'Use Number::setDefaultCurrency()/getDefaultCurrency() instead.'
-        );
-
-        if ($currency === false) {
-            static::setDefaultCurrency(null);
-
-            // This doesn't seem like a useful result to return, but it's what the old version did.
-            // Retaining it for backward compatibility.
-            return null;
-        }
-        if ($currency !== null) {
-            static::setDefaultCurrency($currency);
-        }
-
-        return static::getDefaultCurrency();
-    }
-
-    /**
      * Getter for default currency
      *
      * @return string Currency

src/Mailer/Mailer.php

@@ -297,21 +297,6 @@ class Mailer implements EventListenerInterface
      * @param array|string $key Variable name or hash of view variables.
      * @param mixed $value View variable value.
      * @return $this
-     * @deprecated 4.0.0 Use {@link Mailer::setViewVars()} instead.
-     */
-    public function set($key, $value = null)
-    {
-        deprecationWarning('Mailer::set() is deprecated. Use setViewVars() instead.');
-
-        return $this->setViewVars($key, $value);
-    }
-
-    /**
-     * Sets email view vars.
-     *
-     * @param array|string $key Variable name or hash of view variables.
-     * @param mixed $value View variable value.
-     * @return $this
      */
     public function setViewVars($key, $value = null)
     {

src/Routing/Exception/RedirectException.php

@@ -1,42 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @since         3.2.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\Routing\Exception;
-
-use Cake\Core\Exception\CakeException;
-
-/**
- * An exception subclass used by the routing layer to indicate
- * that a route has resolved to a redirect.
- *
- * The URL and status code are provided as constructor arguments.
- *
- * ```
- * throw new RedirectException('http://example.com/some/path', 301);
- * ```
- *
- * If you need a more general purpose redirect exception use
- * Cake\Http\Exception\RedirectException instead of this class.
- *
- * @deprecated 4.1.0 Use Cake\Http\Exception\RedirectException instead.
- */
-class RedirectException extends CakeException
-{
-    /**
-     * @inheritDoc
-     */
-    protected $_defaultCode = 302;
-}

src/Routing/Middleware/RoutingMiddleware.php

@@ -21,7 +21,6 @@ use Cake\Core\PluginApplicationInterface;
 use Cake\Http\Exception\RedirectException;
 use Cake\Http\MiddlewareQueue;
 use Cake\Http\Runner;
-use Cake\Routing\Exception\RedirectException as DeprecatedRedirectException;
 use Cake\Routing\RouteCollection;
 use Cake\Routing\Router;
 use Cake\Routing\RoutingApplicationInterface;
@@ -150,11 +149,6 @@ class RoutingMiddleware implements MiddlewareInterface
                 $e->getMessage(),
                 $e->getCode()
             );
-        } catch (DeprecatedRedirectException $e) {
-            return new RedirectResponse(
-                $e->getMessage(),
-                $e->getCode()
-            );
         }
         $matching = Router::getRouteCollection()->getMiddleware($middleware);
         if (!$matching) {

src/TestSuite/ConsoleIntegrationTestCase.php

@@ -1,27 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- * @since         3.5.0
- * @license       http://www.opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\TestSuite;
-
-/**
- * A test case class intended to make integration tests of cake console commands
- * easier.
- *
- * @deprecated 3.7.0 Will be removed in 5.0.0. Use {@link \Cake\TestSuite\ConsoleIntegrationTestTrait} instead
- */
-abstract class ConsoleIntegrationTestCase extends TestCase
-{
-    use ConsoleIntegrationTestTrait;
-}

src/TestSuite/IntegrationTestCase.php

@@ -1,43 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @since         3.0.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\TestSuite;
-
-/**
- * A test case class intended to make integration tests of
- * your controllers easier.
- *
- * This test class provides a number of helper methods and features
- * that make dispatching requests and checking their responses simpler.
- * It favours full integration tests over mock objects as you can test
- * more of your code easily and avoid some of the maintenance pitfalls
- * that mock objects create.
- *
- * @deprecated 3.7.0 Will be removed in 5.0.0. Use {@link \Cake\TestSuite\IntegrationTestTrait} instead.
- */
-abstract class IntegrationTestCase extends TestCase
-{
-    use IntegrationTestTrait;
-
-    /**
-     * No-op method.
-     *
-     * @param bool $enable Unused.
-     * @return void
-     */
-    public function useHttpServer(bool $enable): void
-    {
-    }
-}

tests/Fixture/AssertIntegrationTestCase.php

@@ -1,40 +0,0 @@
-<?php
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @since         3.0.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\Test\Fixture;
-
-use Cake\Http\Response;
-use Cake\TestSuite\IntegrationTestTrait;
-use Cake\TestSuite\TestCase;
-
-/**
- * This class helps in indirectly testing the functionality of IntegrationTestCase
- */
-class AssertIntegrationTestCase extends TestCase
-{
-    use IntegrationTestTrait;
-
-    /**
-     * testBadAssertNoRedirect
-     *
-     * @return void
-     */
-    public function testBadAssertNoRedirect()
-    {
-        $this->_response = new Response();
-        $this->_response = $this->_response->withLocation('http://localhost/tasks/index');
-
-        $this->assertNoRedirect();
-    }
-}

tests/TestCase/Controller/ControllerTest.php

@@ -479,25 +479,6 @@ class ControllerTest extends TestCase
     }
 
     /**
-     * testSetAction method
-     *
-     * @return void
-     * @group deprecated
-     */
-    public function testSetAction(): void
-    {
-        $this->deprecated(function () {
-            $request = new ServerRequest(['url' => 'controller/posts/index']);
-
-            $TestController = new TestController($request);
-            $TestController->setAction('view', 1, 2);
-            $expected = ['testId' => 1, 'test2Id' => 2];
-            $this->assertSame($expected, $TestController->getRequest()->getData());
-            $this->assertSame('view', $TestController->getRequest()->getParam('action'));
-        });
-    }
-
-    /**
      * Tests that the startup process calls the correct functions
      *
      * @return void

tests/TestCase/ExceptionsTest.php

@@ -185,7 +185,6 @@ class ExceptionsTest extends TestCase
             ['Cake\Routing\Exception\DuplicateNamedRouteException', 0],
             ['Cake\Routing\Exception\MissingDispatcherFilterException', 0],
             ['Cake\Routing\Exception\MissingRouteException', 0],
-            ['Cake\Routing\Exception\RedirectException', 302],
             ['Cake\Utility\Exception\XmlException', 0],
             ['Cake\View\Exception\MissingCellException', 0],
             ['Cake\View\Exception\MissingHelperException', 0],

tests/TestCase/Form/FormTest.php

@@ -29,30 +29,6 @@ use TestApp\Form\FormSchema;
 class FormTest extends TestCase
 {
     /**
-     * Test schema()
-     *
-     * @group deprecated
-     * @return void
-     */
-    public function testSchema()
-    {
-        $this->deprecated(function () {
-            $form = new Form();
-            $schema = $form->schema();
-
-            $this->assertInstanceOf('Cake\Form\Schema', $schema);
-            $this->assertSame($schema, $form->schema(), 'Same instance each time');
-
-            $schema = new Schema();
-            $this->assertSame($schema, $form->schema($schema));
-            $this->assertSame($schema, $form->schema());
-
-            $form = new AppForm();
-            $this->assertInstanceOf(FormSchema::class, $form->schema());
-        });
-    }
-
-    /**
      * Test setSchema() and getSchema()
      *
      * @return void

tests/TestCase/I18n/NumberTest.php

@@ -318,26 +318,6 @@ class NumberTest extends TestCase
     }
 
     /**
-     * Test default currency
-     *
-     * @group deprecated
-     * @return void
-     */
-    public function testDefaultCurrency()
-    {
-        $this->deprecated(function () {
-            $this->assertSame('USD', $this->Number->defaultCurrency());
-
-            $this->Number->defaultCurrency(false);
-            I18n::setLocale('es_ES');
-            $this->assertSame('EUR', $this->Number->defaultCurrency());
-
-            $this->Number->defaultCurrency('JPY');
-            $this->assertSame('JPY', $this->Number->defaultCurrency());
-        });
-    }
-
-    /**
      * Test get default currency
      *
      * @return void

tests/TestCase/TestSuite/IntegrationTestTraitTest.php

@@ -28,7 +28,6 @@ use Cake\Http\Session;
 use Cake\Routing\Route\InflectedRoute;
 use Cake\Routing\RouteBuilder;
 use Cake\Routing\Router;
-use Cake\Test\Fixture\AssertIntegrationTestCase;
 use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use Cake\Utility\Security;
@@ -1220,20 +1219,6 @@ class IntegrationTestTraitTest extends TestCase
     }
 
     /**
-     * Test the location header assertion.
-     *
-     * @return void
-     */
-    public function testAssertNoRedirectFail()
-    {
-        $test = new AssertIntegrationTestCase('testBadAssertNoRedirect');
-        $result = $test->run();
-
-        $this->assertFalse($result->wasSuccessful());
-        $this->assertSame(1, $result->failureCount());
-    }
-
-    /**
      * Test the location header assertion string contains
      *
      * @return void