Merge pull request #2012 from MGatner/routes-respect-spoofs

Use request->method for HTTP verb

Author: lonnieezell

system/CodeIgniter.php

@@ -986,12 +986,13 @@ public function storePreviousURL($uri)
 	 * Modifies the Request Object to use a different method if a POST
 	 * variable called _method is found.
 	 *
-	 * Does not work on CLI commands.
 	 */
 	public function spoofRequestMethod()
 	{
+		// CLI commands always use 'cli' method
 		if (is_cli())
 		{
+			$this->request->setMethod('cli');
 			return;
 		}
 

system/Router/RouteCollection.php

@@ -39,6 +39,7 @@
 
 namespace CodeIgniter\Router;
 
+use Config\Services;
 use CodeIgniter\Autoloader\FileLocator;
 use CodeIgniter\Router\Exceptions\RouterException;
 
@@ -233,8 +234,8 @@ class RouteCollection implements RouteCollectionInterface
 	 */
 	public function __construct(FileLocator $locator, $moduleConfig)
 	{
-		// Get HTTP verb
-		$this->HTTPVerb = strtolower($_SERVER['REQUEST_METHOD'] ?? 'cli');
+		// Get HTTP verb from current request (accounts for spoofing)
+		$this->HTTPVerb = Services::request()->getMethod();
 
 		$this->fileLocator = $locator;
 
@@ -1115,7 +1116,7 @@ public function reverseRoute(string $search, ...$params)
 			{
 				$from = key($route['route']);
 				$to   = $route['route'][$from];
-				
+					
 				// ignore closures
 				if (! is_string($to))
 				{