Merge branch '4.6'

# Conflicts:
#	phpstan-baseline-7.4.neon
#	phpstan-baseline-gte-8.0.neon
#	phpstan-baseline.neon
#	src/bundle/EventListener/CsrfListener.php
#	src/contracts/Security/AuthorizationHeaderRESTRequestMatcher.php
#	src/lib/Input/Handler/Xml.php
#	src/lib/Server/Controller/SessionController.php
#	src/lib/Server/Security/CsrfTokenManager.php
#	src/lib/Server/Security/RestAuthenticator.php
#	src/lib/Server/Values/RestContent.php
#	src/lib/Server/Values/RestContentType.php
#	src/lib/Server/Values/RoleAssignment.php

Author: MateuszKolankowski

phpstan-baseline-7.4.neon

@@ -12,6 +12,7 @@
 use DOMNodeList;
 use Ibexa\Contracts\Rest\Exceptions;
 use Ibexa\Contracts\Rest\Input\Handler;
+use InvalidArgumentException;
 
 /**
  * Input format handler base class.
@@ -155,6 +156,9 @@ protected function convertDom(DOMNode $node): array|string|int|bool|float|null
                         ];
                         $isArray = true;
                     } elseif (is_array($current[$tagName])) {
+                        if (!is_array($current[$tagName])) {
+                            throw new InvalidArgumentException('Current tag name is not an array as expected.');
+                        }
                         $current[$tagName][] = $this->convertDom($childNode);
                     }
 

phpstan-baseline-gte-8.0.neon

@@ -21,9 +21,9 @@ final class CsrfTokenManager extends BaseCsrfTokenManager
     private string $namespace;
 
     public function __construct(
-        TokenGeneratorInterface $generator = null,
-        TokenStorageInterface $storage = null,
-        RequestStack $requestStack = null
+        ?TokenGeneratorInterface $generator = null,
+        ?TokenStorageInterface $storage = null,
+        ?RequestStack $requestStack = null
     ) {
         $this->storage = $storage ?: new NativeSessionTokenStorage();
         $this->namespace = $this->resolveNamespace($requestStack);
@@ -36,7 +36,7 @@ public function hasToken(string $tokenId): bool
         return $this->storage->hasToken($this->namespace . $tokenId);
     }
 
-    private function resolveNamespace(RequestStack $requestStack = null): string
+    private function resolveNamespace(?RequestStack $requestStack = null): string
     {
         if ($requestStack !== null && ($request = $requestStack->getMainRequest())) {
             return $request->isSecure() ? 'https-' : '';

src/contracts/Security/AuthorizationHeaderRESTRequestMatcher.php

@@ -19,13 +19,11 @@ class RestContentType extends RestValue
 {
     public ContentType $contentType;
 
-    /**
-     * @var \Ibexa\Contracts\Core\Repository\Values\ContentType\FieldDefinition[]
-     */
+    /** @var \Ibexa\Contracts\Core\Repository\Values\ContentType\FieldDefinition[]|null */
     public ?array $fieldDefinitions;
 
     /**
-     * @param \Ibexa\Contracts\Core\Repository\Values\ContentType\FieldDefinition[] $fieldDefinitions
+     * @param \Ibexa\Contracts\Core\Repository\Values\ContentType\FieldDefinition[]|null $fieldDefinitions
      */
     public function __construct(ContentType $contentType, ?array $fieldDefinitions = null)
     {