mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Merge remote-tracking branch 'remotes/origin/2.8' into feature/uuid
This commit is contained in:
Yevgeny Tomenko
commit
06853a137a
6 changed files with 75 additions and 29 deletions
|
|
@ -30,6 +30,13 @@ App::uses('File', 'Utility');
|
|||
*/
|
||||
class Shell extends Object {
|
||||
|
||||
/**
|
||||
* Default error code
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
const CODE_ERROR = 1;
|
||||
|
||||
/**
|
||||
* Output constant making verbose shells.
|
||||
*
|
||||
|
|
@ -580,7 +587,8 @@ class Shell extends Object {
|
|||
$result = $this->stdin->read();
|
||||
|
||||
if ($result === false) {
|
||||
return $this->_stop(1);
|
||||
$this->_stop(self::CODE_ERROR);
|
||||
return self::CODE_ERROR;
|
||||
}
|
||||
$result = trim($result);
|
||||
|
||||
|
|
@ -726,7 +734,8 @@ class Shell extends Object {
|
|||
if (!empty($message)) {
|
||||
$this->err($message);
|
||||
}
|
||||
return $this->_stop(1);
|
||||
$this->_stop(self::CODE_ERROR);
|
||||
return self::CODE_ERROR;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -764,7 +773,8 @@ class Shell extends Object {
|
|||
|
||||
if (strtolower($key) === 'q') {
|
||||
$this->out(__d('cake_console', '<error>Quitting</error>.'), 2);
|
||||
return $this->_stop();
|
||||
$this->_stop();
|
||||
return true;
|
||||
} elseif (strtolower($key) !== 'y') {
|
||||
$this->out(__d('cake_console', 'Skip `%s`', $path), 2);
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -224,7 +224,7 @@ class SecurityComponent extends Component {
|
|||
$this->_secureRequired($controller);
|
||||
$this->_authRequired($controller);
|
||||
|
||||
$isPost = $this->request->is(array('post', 'put'));
|
||||
$hasData = !empty($this->request->data);
|
||||
$isNotRequestAction = (
|
||||
!isset($controller->request->params['requested']) ||
|
||||
$controller->request->params['requested'] != 1
|
||||
|
|
@ -234,7 +234,7 @@ class SecurityComponent extends Component {
|
|||
return $this->blackHole($controller, 'auth');
|
||||
}
|
||||
|
||||
if (!in_array($this->_action, (array)$this->unlockedActions) && $isPost && $isNotRequestAction) {
|
||||
if (!in_array($this->_action, (array)$this->unlockedActions) && $hasData && $isNotRequestAction) {
|
||||
if ($this->validatePost && $this->_validatePost($controller) === false) {
|
||||
return $this->blackHole($controller, 'auth');
|
||||
}
|
||||
|
|
@ -243,7 +243,7 @@ class SecurityComponent extends Component {
|
|||
}
|
||||
}
|
||||
$this->generateToken($controller->request);
|
||||
if ($isPost && is_array($controller->request->data)) {
|
||||
if ($hasData && is_array($controller->request->data)) {
|
||||
unset($controller->request->data['_Token']);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -591,7 +591,7 @@ class CakeSession {
|
|||
* @return bool
|
||||
*/
|
||||
protected static function _hasSession() {
|
||||
return static::started() || isset($_COOKIE[session_name()]) || (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
|
||||
return static::started() || isset($_COOKIE[static::_cookieName()]) || (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -757,7 +757,7 @@ class CakeSession {
|
|||
if (session_id() === '') {
|
||||
return;
|
||||
}
|
||||
if (isset($_COOKIE[session_name()])) {
|
||||
if (isset($_COOKIE[static::_cookieName()])) {
|
||||
setcookie(Configure::read('Session.cookie'), '', time() - 42000, static::$path);
|
||||
}
|
||||
if (!headers_sent()) {
|
||||
|
|
|
|||
|
|
@ -173,9 +173,13 @@ class CakeRequest implements ArrayAccess {
|
|||
if (ini_get('magic_quotes_gpc') === '1') {
|
||||
$this->data = stripslashes_deep($this->data);
|
||||
}
|
||||
|
||||
$override = null;
|
||||
if (env('HTTP_X_HTTP_METHOD_OVERRIDE')) {
|
||||
$this->data['_method'] = env('HTTP_X_HTTP_METHOD_OVERRIDE');
|
||||
$override = $this->data['_method'];
|
||||
}
|
||||
|
||||
$isArray = is_array($this->data);
|
||||
if ($isArray && isset($this->data['_method'])) {
|
||||
if (!empty($_SERVER)) {
|
||||
|
|
@ -183,8 +187,14 @@ class CakeRequest implements ArrayAccess {
|
|||
} else {
|
||||
$_ENV['REQUEST_METHOD'] = $this->data['_method'];
|
||||
}
|
||||
$override = $this->data['_method'];
|
||||
unset($this->data['_method']);
|
||||
}
|
||||
|
||||
if ($override && !in_array($override, array('POST', 'PUT', 'PATCH', 'DELETE'))) {
|
||||
$this->data = array();
|
||||
}
|
||||
|
||||
if ($isArray && isset($this->data['data'])) {
|
||||
$data = $this->data['data'];
|
||||
if (count($this->data) <= 1) {
|
||||
|
|
|
|||
|
|
@ -330,19 +330,23 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
*/
|
||||
public function testRequireAuthSucceed() {
|
||||
$_SERVER['REQUEST_METHOD'] = 'AUTH';
|
||||
$this->Controller->Security->unlockedActions = array('posted');
|
||||
$this->Controller->request['action'] = 'posted';
|
||||
$this->Controller->Security->requireAuth('posted');
|
||||
$this->Controller->Security->startup($this->Controller);
|
||||
$this->assertFalse($this->Controller->failed);
|
||||
|
||||
$this->Controller->Security->Session->write('_Token', array(
|
||||
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted')
|
||||
'allowedControllers' => array('SecurityTest'),
|
||||
'allowedActions' => array('posted')
|
||||
));
|
||||
$this->Controller->request['controller'] = 'SecurityTest';
|
||||
$this->Controller->request['action'] = 'posted';
|
||||
|
||||
$this->Controller->request->data = array(
|
||||
'username' => 'willy', 'password' => 'somePass', '_Token' => ''
|
||||
'username' => 'willy',
|
||||
'password' => 'somePass',
|
||||
'_Token' => ''
|
||||
);
|
||||
$this->Controller->action = 'posted';
|
||||
$this->Controller->Security->requireAuth('posted');
|
||||
|
|
@ -480,6 +484,29 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->assertFalse($this->Controller->failed);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that validatePost fires on GET with request data.
|
||||
* This could happen when method overriding is used.
|
||||
*
|
||||
* @return void
|
||||
* @triggers Controller.startup $this->Controller
|
||||
*/
|
||||
public function testValidatePostOnGetWithData() {
|
||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||
$this->Controller->Security->startup($this->Controller);
|
||||
|
||||
$fields = 'an-invalid-token';
|
||||
$unlocked = '';
|
||||
|
||||
$this->Controller->request->data = [
|
||||
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
|
||||
'_Token' => compact('fields', 'unlocked')
|
||||
];
|
||||
$this->assertFalse($this->Controller->failed, 'Should not be failed yet');
|
||||
$this->Controller->Security->startup($this->Controller);
|
||||
$this->assertTrue($this->Controller->failed, 'Should fail because of validatePost.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Simple hash validation test
|
||||
*
|
||||
|
|
@ -1230,11 +1257,6 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
|
||||
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
|
||||
|
||||
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
|
||||
$this->Controller->request->expects($this->once())->method('is')
|
||||
->with(array('post', 'put'))
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$this->Controller->request->params['action'] = 'index';
|
||||
$this->Controller->request->data = array(
|
||||
'_Token' => array(
|
||||
|
|
@ -1299,11 +1321,6 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
|
||||
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
|
||||
|
||||
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
|
||||
$this->Controller->request->expects($this->once())->method('is')
|
||||
->with(array('post', 'put'))
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$this->Controller->request->params['action'] = 'index';
|
||||
$this->Controller->request->data = array(
|
||||
'_Token' => array(
|
||||
|
|
@ -1329,11 +1346,6 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
|
||||
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('-5 minutes')));
|
||||
|
||||
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
|
||||
$this->Controller->request->expects($this->once())->method('is')
|
||||
->with(array('post', 'put'))
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$this->Controller->request->params['action'] = 'index';
|
||||
$this->Controller->request->data = array(
|
||||
'_Token' => array(
|
||||
|
|
@ -1386,10 +1398,6 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
|
||||
|
||||
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
|
||||
$this->Controller->request->expects($this->once())->method('is')
|
||||
->with(array('post', 'put'))
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$this->Controller->request->params['action'] = 'index';
|
||||
$this->Controller->request->data = array(
|
||||
'_Token' => array(
|
||||
|
|
|
|||
|
|
@ -2444,6 +2444,24 @@ XML;
|
|||
$request->allowMethod('POST');
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that overriding the method to GET will clean all request
|
||||
* data, to better simulate a GET request.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testMethodOverrideEmptyData() {
|
||||
$_POST = array('_method' => 'GET', 'foo' => 'bar');
|
||||
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
||||
$request = new CakeRequest('/posts/edit/1');
|
||||
$this->assertEmpty($request->data);
|
||||
|
||||
$_POST = array('foo' => 'bar');
|
||||
$_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] = 'GET';
|
||||
$request = new CakeRequest('/posts/edit/1');
|
||||
$this->assertEmpty($request->data);
|
||||
}
|
||||
|
||||
/**
|
||||
* loadEnvironment method
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in a new issue