adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-03-18 23:49:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into 2.5

Browse source
This commit is contained in:
mark_story 2014-04-23 22:21:57 -04:00
commit 04edb547f3
3 changed files with 49 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
composer.json
View file

@ -1,31 +1,31 @@
{ {
"name": "cakephp/cakephp", "name": "cakephp/cakephp",
"description": "The CakePHP framework", "description": "The CakePHP framework",
"type": "library", "type": "library",
"keywords": ["framework"], "keywords": ["framework"],
"homepage": "http://cakephp.org", "homepage": "http://cakephp.org",
"license": "MIT", "license": "MIT",
"authors": [ "authors": [
{ {
"name": "CakePHP Community", "name": "CakePHP Community",
"homepage": "https://github.com/cakephp/cakephp/graphs/contributors" "homepage": "https://github.com/cakephp/cakephp/graphs/contributors"
} }
], ],
"support": { "support": {
"issues": "https://github.com/cakephp/cakephp/issues", "issues": "https://github.com/cakephp/cakephp/issues",
"forum": "http://stackoverflow.com/tags/cakephp", "forum": "http://stackoverflow.com/tags/cakephp",
"irc": "irc://irc.freenode.org/cakephp", "irc": "irc://irc.freenode.org/cakephp",
"source": "https://github.com/cakephp/cakephp" "source": "https://github.com/cakephp/cakephp"
}, },
"require": { "require": {
"php": ">=5.2.8", "php": ">=5.2.8",
"ext-mcrypt": "*" "ext-mcrypt": "*"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "3.7.*", "phpunit/phpunit": "3.7.*",
"cakephp/debug_kit" : "2.2.*" "cakephp/debug_kit" : "2.2.*"
}, },
"bin": [ "bin": [
"lib/Cake/Console/cake" "lib/Cake/Console/cake"
] ]
} }

10
lib/Cake/Network/CakeResponse.php
View file

@ -1320,7 +1320,8 @@ class CakeResponse {
* - name: Alternate download name * - name: Alternate download name
* - download: If `true` sets download header and forces file to be downloaded rather than displayed in browser * - download: If `true` sets download header and forces file to be downloaded rather than displayed in browser
* *
* @param string $path Path to file * @param string $path Path to file. If the path is not an absolute path that resolves
* to a file, `APP` will be prepended to the path.
* @param array $options Options See above. * @param array $options Options See above.
* @return void * @return void
* @throws NotFoundException * @throws NotFoundException
@ -1331,6 +1332,13 @@ class CakeResponse {
'download' => null 'download' => null
); );
if (strpos($path, '..') !== false) {
throw new NotFoundException(__d(
'cake_dev',
'The requested file contains `..` and will not be read.'
));
}
if (!is_file($path)) { if (!is_file($path)) {
$path = APP . $path; $path = APP . $path;
} }

11
lib/Cake/Test/Case/Network/CakeResponseTest.php
View file

@ -1166,6 +1166,17 @@ class CakeResponseTest extends CakeTestCase {
$response->file('/some/missing/folder/file.jpg'); $response->file('/some/missing/folder/file.jpg');
} }
/**
* test file with ..
*
* @expectedException NotFoundException
* @return void
*/
public function testFileWithPathTraversal() {
$response = new CakeResponse();
$response->file('my/../cat.gif');
}
/** /**
* testFile method * testFile method
* *