From dee2f183e230937d8b48de3f6f374e9cf6c77ad3 Mon Sep 17 00:00:00 2001 From: michalsn Date: Wed, 25 Feb 2026 21:39:28 +0100 Subject: [PATCH 1/3] feat: add SQLSRV trustServerCertificate connection option --- app/Config/Database.php | 33 ++--- system/Database/SQLSRV/Connection.php | 20 +-- user_guide_src/source/changelogs/v4.8.0.rst | 2 + .../source/database/configuration.rst | 119 +++++++++--------- 4 files changed, 93 insertions(+), 81 deletions(-) diff --git a/app/Config/Database.php b/app/Config/Database.php index ec6a6df9d173..a236c5862ebb 100644 --- a/app/Config/Database.php +++ b/app/Config/Database.php @@ -108,22 +108,23 @@ class Database extends Config // * @var array // */ // public array $default = [ - // 'DSN' => '', - // 'hostname' => 'localhost', - // 'username' => 'root', - // 'password' => 'root', - // 'database' => 'ci4', - // 'schema' => 'dbo', - // 'DBDriver' => 'SQLSRV', - // 'DBPrefix' => '', - // 'pConnect' => false, - // 'DBDebug' => true, - // 'charset' => 'utf8', - // 'swapPre' => '', - // 'encrypt' => false, - // 'failover' => [], - // 'port' => 1433, - // 'dateFormat' => [ + // 'DSN' => '', + // 'hostname' => 'localhost', + // 'username' => 'root', + // 'password' => 'root', + // 'database' => 'ci4', + // 'schema' => 'dbo', + // 'DBDriver' => 'SQLSRV', + // 'DBPrefix' => '', + // 'pConnect' => false, + // 'DBDebug' => true, + // 'charset' => 'utf8', + // 'swapPre' => '', + // 'encrypt' => false, + // 'trustServerCertificate' => false, + // 'failover' => [], + // 'port' => 1433, + // 'dateFormat' => [ // 'date' => 'Y-m-d', // 'datetime' => 'Y-m-d H:i:s', // 'time' => 'H:i:s', diff --git a/system/Database/SQLSRV/Connection.php b/system/Database/SQLSRV/Connection.php index 98b9d77b09c4..f4ef4e552749 100644 --- a/system/Database/SQLSRV/Connection.php +++ b/system/Database/SQLSRV/Connection.php @@ -66,6 +66,11 @@ class Connection extends BaseConnection */ public $schema = 'dbo'; + /** + * Trust server certificate. + */ + public bool $trustServerCertificate = false; + /** * Quoted identifier flag * @@ -110,13 +115,14 @@ public function connect(bool $persistent = false) $charset = in_array(strtolower($this->charset), ['utf-8', 'utf8'], true) ? 'UTF-8' : SQLSRV_ENC_CHAR; $connection = [ - 'UID' => empty($this->username) ? '' : $this->username, - 'PWD' => empty($this->password) ? '' : $this->password, - 'Database' => $this->database, - 'ConnectionPooling' => $persistent ? 1 : 0, - 'CharacterSet' => $charset, - 'Encrypt' => $this->encrypt === true ? 1 : 0, - 'ReturnDatesAsStrings' => 1, + 'UID' => empty($this->username) ? '' : $this->username, + 'PWD' => empty($this->password) ? '' : $this->password, + 'Database' => $this->database, + 'ConnectionPooling' => $persistent ? 1 : 0, + 'CharacterSet' => $charset, + 'Encrypt' => $this->encrypt === true ? 1 : 0, + 'TrustServerCertificate' => $this->trustServerCertificate === true ? 1 : 0, + 'ReturnDatesAsStrings' => 1, ]; // If the username and password are both empty, assume this is a diff --git a/user_guide_src/source/changelogs/v4.8.0.rst b/user_guide_src/source/changelogs/v4.8.0.rst index 46eb5cf32f83..255bd7353586 100644 --- a/user_guide_src/source/changelogs/v4.8.0.rst +++ b/user_guide_src/source/changelogs/v4.8.0.rst @@ -132,6 +132,8 @@ Testing Database ======== +- Added ``trustServerCertificate`` option to ``SQLSRV`` database connections in ``Config\Database``. Set it to ``true`` to trust the server certificate without CA validation when using encrypted connections. + Query Builder ------------- diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index a70fcbd0a29a..b8f6e00635c1 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -140,64 +140,67 @@ and decode it in the constructor in the Config class: Description of Values ********************* -================ =========================================================================================================== - Config Name Description -================ =========================================================================================================== -**DSN** The DSN connect string (an all-in-one configuration sequence). -**hostname** The hostname of your database server. Often this is 'localhost'. -**username** The username used to connect to the database. (``SQLite3`` does not use this.) -**password** The password used to connect to the database. (``SQLite3`` does not use this.) -**database** The name of the database you want to connect to. - - .. note:: CodeIgniter doesn't support dots (``.``) in the table and column names. - Since v4.5.0, database names with dots are supported. -**DBDriver** The database driver name. The case must match the driver name. - You can set a fully qualified classname to use your custom driver. - Supported drivers: ``MySQLi``, ``Postgre``, ``SQLite3``, ``SQLSRV``, and ``OCI8``. -**DBPrefix** An optional table prefix which will be added to the table name when running - :doc:`Query Builder ` queries. This permits multiple CodeIgniter - installations to share one database. -**pConnect** true/false (boolean) - Whether to use a persistent connection. -**DBDebug** true/false (boolean) - Whether to throw exceptions when database errors occur. -**charset** The character set used in communicating with the database. -**DBCollat** (``MySQLi`` only) The character collation used in communicating with the database. -**swapPre** A default table prefix that should be swapped with ``DBPrefix``. This is useful for distributed - applications where you might run manually written queries, and need the prefix to still be - customizable by the end user. -**schema** (``Postgre`` and ``SQLSRV`` only) The database schema, default value varies by driver. -**encrypt** (``MySQLi`` and ``SQLSRV`` only) Whether to use an encrypted connection. - See :ref:`MySQLi encrypt ` for ``MySQLi`` settings. - ``SQLSRV`` driver accepts true/false. -**compress** (``MySQLi`` only) Whether to use client compression. -**strictOn** (``MySQLi`` only) true/false (boolean) - Whether to force "Strict Mode" connections, good for ensuring - strict SQL while developing an application. -**port** The database port number - Empty string ``''`` for default port (or dynamic port with ``SQLSRV``). -**foreignKeys** (``SQLite3`` only) true/false (boolean) - Whether to enable Foreign Key constraint. - - .. important:: SQLite3 Foreign Key constraint is disabled by default. - See `SQLite documentation `_. - To enforce Foreign Key constraint, set this config item to true. -**busyTimeout** (``SQLite3`` only) milliseconds (int) - Sleeps for a specified amount of time when a table is locked. -**synchronous** (``SQLite3`` only) flag (int) - How strict SQLite will be at flushing to disk during transactions. - Use `null` to stay with the default setting. This can be used since v4.6.0. -**numberNative** (``MySQLi`` only) true/false (boolean) - Whether to enable MYSQLI_OPT_INT_AND_FLOAT_NATIVE. -**foundRows** (``MySQLi`` only) true/false (boolean) - Whether to enable MYSQLI_CLIENT_FOUND_ROWS. -**dateFormat** The default date/time formats as PHP's `DateTime format`_. - * ``date`` - date format - * ``datetime`` - date and time format - * ``datetime-ms`` - date and time with millisecond format - * ``datetime-us`` - date and time with microsecond format - * ``time`` - time format - This can be used since v4.5.0, and you can get the value, e.g., ``$db->dateFormat['datetime']``. - Currently, the database drivers do not use these values directly, - but :ref:`Model ` uses them. -**timezone** (``MySQLi``, ``Postgre``, and ``OCI8`` only) The database session timezone. - * ``false`` - Don't set session timezone (default, backward compatible) - * ``true`` - Automatically sync with ``App::$appTimezone`` - * ``string`` - Specific timezone offset (e.g., ``'+05:30'``) or named timezone (e.g., ``'America/New_York'``) - Named timezones are automatically converted to offsets for database compatibility. - See :ref:`database-config-timezone` for details. -================ =========================================================================================================== +=========================== ===================================================================================================== + Config Name Description +=========================== ===================================================================================================== +**DSN** The DSN connect string (an all-in-one configuration sequence). +**hostname** The hostname of your database server. Often this is 'localhost'. +**username** The username used to connect to the database. (``SQLite3`` does not use this.) +**password** The password used to connect to the database. (``SQLite3`` does not use this.) +**database** The name of the database you want to connect to. + + .. note:: CodeIgniter doesn't support dots (``.``) in the table and column names. + Since v4.5.0, database names with dots are supported. +**DBDriver** The database driver name. The case must match the driver name. + You can set a fully qualified classname to use your custom driver. + Supported drivers: ``MySQLi``, ``Postgre``, ``SQLite3``, ``SQLSRV``, and ``OCI8``. +**DBPrefix** An optional table prefix which will be added to the table name when running + :doc:`Query Builder ` queries. This permits multiple CodeIgniter + installations to share one database. +**pConnect** true/false (boolean) - Whether to use a persistent connection. +**DBDebug** true/false (boolean) - Whether to throw exceptions when database errors occur. +**charset** The character set used in communicating with the database. +**DBCollat** (``MySQLi`` only) The character collation used in communicating with the database. +**swapPre** A default table prefix that should be swapped with ``DBPrefix``. This is useful for distributed + applications where you might run manually written queries, and need the prefix to still be + customizable by the end user. +**schema** (``Postgre`` and ``SQLSRV`` only) The database schema, default value varies by driver. +**encrypt** (``MySQLi`` and ``SQLSRV`` only) Whether to use an encrypted connection. + See :ref:`MySQLi encrypt ` for ``MySQLi`` settings. + ``SQLSRV`` driver accepts true/false. +**trustServerCertificate** + (``SQLSRV`` only) true/false (boolean) - Whether to trust the server certificate + without validating it against a trusted certificate authority. +**compress** (``MySQLi`` only) Whether to use client compression. +**strictOn** (``MySQLi`` only) true/false (boolean) - Whether to force "Strict Mode" connections, good for ensuring + strict SQL while developing an application. +**port** The database port number - Empty string ``''`` for default port (or dynamic port with ``SQLSRV``). +**foreignKeys** (``SQLite3`` only) true/false (boolean) - Whether to enable Foreign Key constraint. + + .. important:: SQLite3 Foreign Key constraint is disabled by default. + See `SQLite documentation `_. + To enforce Foreign Key constraint, set this config item to true. +**busyTimeout** (``SQLite3`` only) milliseconds (int) - Sleeps for a specified amount of time when a table is locked. +**synchronous** (``SQLite3`` only) flag (int) - How strict SQLite will be at flushing to disk during transactions. + Use `null` to stay with the default setting. This can be used since v4.6.0. +**numberNative** (``MySQLi`` only) true/false (boolean) - Whether to enable MYSQLI_OPT_INT_AND_FLOAT_NATIVE. +**foundRows** (``MySQLi`` only) true/false (boolean) - Whether to enable MYSQLI_CLIENT_FOUND_ROWS. +**dateFormat** The default date/time formats as PHP's `DateTime format`_. + * ``date`` - date format + * ``datetime`` - date and time format + * ``datetime-ms`` - date and time with millisecond format + * ``datetime-us`` - date and time with microsecond format + * ``time`` - time format + This can be used since v4.5.0, and you can get the value, e.g., ``$db->dateFormat['datetime']``. + Currently, the database drivers do not use these values directly, + but :ref:`Model ` uses them. +**timezone** (``MySQLi``, ``Postgre``, and ``OCI8`` only) The database session timezone. + * ``false`` - Don't set session timezone (default, backward compatible) + * ``true`` - Automatically sync with ``App::$appTimezone`` + * ``string`` - Specific timezone offset (e.g., ``'+05:30'``) or named timezone (e.g., ``'America/New_York'``) + Named timezones are automatically converted to offsets for database compatibility. + See :ref:`database-config-timezone` for details. +=========================== ===================================================================================================== .. _DateTime format: https://www.php.net/manual/en/datetime.format.php From 61ca7be4638f0f4351be86bf73d26cb82d9ef421 Mon Sep 17 00:00:00 2001 From: michalsn Date: Wed, 25 Feb 2026 21:43:54 +0100 Subject: [PATCH 2/3] fix docs --- user_guide_src/source/database/configuration.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index b8f6e00635c1..f62fe911757b 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -168,8 +168,7 @@ Description of Values **encrypt** (``MySQLi`` and ``SQLSRV`` only) Whether to use an encrypted connection. See :ref:`MySQLi encrypt ` for ``MySQLi`` settings. ``SQLSRV`` driver accepts true/false. -**trustServerCertificate** - (``SQLSRV`` only) true/false (boolean) - Whether to trust the server certificate +**trustServerCertificate** (``SQLSRV`` only) true/false (boolean) - Whether to trust the server certificate without validating it against a trusted certificate authority. **compress** (``MySQLi`` only) Whether to use client compression. **strictOn** (``MySQLi`` only) true/false (boolean) - Whether to force "Strict Mode" connections, good for ensuring From d92bf8e2b01764cdcd447656630095113d11925f Mon Sep 17 00:00:00 2001 From: michalsn Date: Wed, 25 Feb 2026 21:53:17 +0100 Subject: [PATCH 3/3] fix rector --- system/Database/SQLSRV/Connection.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Database/SQLSRV/Connection.php b/system/Database/SQLSRV/Connection.php index f4ef4e552749..844869e341c1 100644 --- a/system/Database/SQLSRV/Connection.php +++ b/system/Database/SQLSRV/Connection.php @@ -121,7 +121,7 @@ public function connect(bool $persistent = false) 'ConnectionPooling' => $persistent ? 1 : 0, 'CharacterSet' => $charset, 'Encrypt' => $this->encrypt === true ? 1 : 0, - 'TrustServerCertificate' => $this->trustServerCertificate === true ? 1 : 0, + 'TrustServerCertificate' => $this->trustServerCertificate ? 1 : 0, 'ReturnDatesAsStrings' => 1, ];