Closes #3394, applied test patch

Deprecated define('MAX_MD5SIZE', (5 * 1024) * 1024); in core.php Removing additional defines in core.php, replaced with Configure::write(); Added CakeSession::__startSession() to check for sent headers before attempting to start the session. Added notices to Configure::__loadBootstrap() that will be removed before stable release. Refactored Folder::tree(). Added additional FolderTest cases git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5768 3807eeeb-6ff5-0310-8944-8be069107fe0
2024-11-15 11:28:25 +00:00 · 2007-10-16 09:05:25 +00:00 · 2007-10-16 09:05:25 +00:00 · 1aa1164b1d
commit 1aa1164b1d
parent 16fbd33eee
20 changed files with 386 additions and 154 deletions
--- a/app/config/core.php
+++ b/app/config/core.php
@ -92,46 +92,46 @@
 * 'database'	Uses CakePHP's database sessions.
 *
 * To define a custom session handler, save it at /app/config/<name>.php.
- * Set the value of CAKE_SESSION_SAVE to <name> to utilize it in CakePHP.
+ * Set the value of 'Session.save' to <name> to utilize it in CakePHP.
 *
 * To use database sessions, execute the SQL file found at /app/config/sql/sessions.sql.
 *
 */
-	define('CAKE_SESSION_SAVE', 'php');
+	Configure::write('Session.save', 'php');
 /**
 * The name of the table used to store CakePHP database sessions.
 *
- * CAKE_SESSION_SAVE must be set to 'database' in order to utilize this constant.
+ * 'Session.save' must be set to 'database' in order to utilize this constant.
 *
 * The table name set here should *not* include any table prefix defined elsewhere.
 */
-	define('CAKE_SESSION_TABLE', 'cake_sessions');
+	Configure::write('Session.table', 'cake_sessions');
 /**
- * A random string used in session management.
+ * A random string used in security hashing methods.
 */
-	define('CAKE_SESSION_STRING', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
+	Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
 /**
 * The name of CakePHP's session cookie.
 */
-	define('CAKE_SESSION_COOKIE', 'CAKEPHP');
+	Configure::write('Session.cookie', 'CAKEPHP');
 /**
- * The level of CakePHP session security. The session timeout time defined
+ * The level of CakePHP security. The session timeout time defined
- * in CAKE_SESSION_TIMEOUT is multiplied according to the settings here.
+ * in 'Session.timeout' is multiplied according to the settings here.
 * Valid values:
 *
- * 'high'	Session timeout in CAKE_SESSION_TIMEOUT x 10
+ * 'high'	Session timeout in 'Session.timeout' x 10
- * 'medium'	Session timeout in CAKE_SESSION_TIMEOUT x 100
+ * 'medium'	Session timeout in 'Session.timeout' x 100
- * 'low'		Session timeout in CAKE_SESSION_TIMEOUT x 300
+ * 'low'		Session timeout in 'Session.timeout' x 300
 *
 * CakePHP session IDs are also regenerated between requests if
- * CAKE_SECURITY is set to 'high'.
+ * 'Security.level' is set to 'high'.
 */
-	define('CAKE_SECURITY', 'high');
+	Configure::write('Security.level', 'high');
 /**
 * Session time out time (in seconds).
- * Actual value depends on CAKE_SECURITY setting.
+ * Actual value depends on 'Security.level' setting.
 */
-	define('CAKE_SESSION_TIMEOUT', '120');
+	Configure::write('Session.timeout', '120');
 /**
 * Compress CSS output by removing comments, whitespace, repeating tags, etc.
 * This requires a/var/cache directory to be writable by the web server for caching.
@ -142,11 +142,7 @@
 /**
 * If set to false, sessions are not automatically started.
 */
-	define('AUTO_SESSION', true);
+	Configure::write('Session.start', true);
 /**
 * The max size of file allowed for MD5 hashes (in bytes).
 */
 	define('MAX_MD5SIZE', (5 * 1024) * 1024);
 /**
 * The classname and database used in CakePHP's
 * access control lists.
@ -207,5 +203,4 @@
 * 					);
 */
 	Cache::config('default', array('engine' => 'File'));
 ?>
--- a/cake/console/libs/tasks/project.php
+++ b/cake/console/libs/tasks/project.php
@ -156,10 +156,10 @@ class ProjectTask extends Shell {
 					$this->out('The Welcome page was NOT created');
 				}
-				if ($this->cakeSessionString($path) === true ) {
+				if ($this->securitySalt($path) === true ) {
-					$this->out('Random hash key created for CAKE_SESSION_STRING');
+					$this->out('Random hash key created for \'Security.salt\'');
 				} else {
-					$this->err('Unable to generate random hash for CAKE_SESSION_STRING, please change this yourself in ' . CONFIGS . 'core.php');
+					$this->err('Unable to generate random hash for \'Security.salt\', please change this yourself in ' . CONFIGS . 'core.php');
 				}
 				$corePath = $this->corePath($path);
@ -202,17 +202,17 @@ class ProjectTask extends Shell {
 		return $this->createFile($path.'home.ctp', $output);
 	}
 /**
- * generates and writes CAKE_SESSION_STRING
+ * generates and writes 'Security.salt'
 *
 * @return bool
 */
-	function cakeSessionString($path) {
+	function securitySalt($path) {
 		$File =& new File($path . 'config' . DS . 'core.php');
 		$contents = $File->read();
-		if (preg_match('/([\\t\\x20]*define\\(\\\'CAKE_SESSION_STRING\\\',[\\t\\x20\'A-z0-9]*\\);)/', $contents, $match)) {
+		if (preg_match('/([\\t\\x20]*Configure::write\\(\\\'Security.salt\\\',[\\t\\x20\'A-z0-9]*\\);)/', $contents, $match)) {
 			uses('Security');
 			$string = Security::generateAuthKey();
-			$result = str_replace($match[0], 'define(\'CAKE_SESSION_STRING\', \''.$string.'\');', $contents);
+			$result = str_replace($match[0], "\t" . 'Configure::write(\'Security.salt\', \''.$string.'\');', $contents);
 			if ($File->write($result)) {
 				return true;
 			} else {
@ -252,7 +252,7 @@ class ProjectTask extends Shell {
 		$File =& new File(CONFIGS . 'core.php');
 		$contents = $File->read();
 		if (preg_match('%([/\\t\\x20]*Configure::write\(\'Routing.admin\',[\\t\\x20\'a-z]*\\);)%', $contents, $match)) {
-			$result = str_replace($match[0], 'Configure::write(\'Routing.admin\', \''.$name.'\');', $contents);
+			$result = str_replace($match[0], "\t" . 'Configure::write(\'Routing.admin\', \''.$name.'\');', $contents);
 			if ($File->write($result)) {
 				Configure::write('Routing.admin', $name);
 				return true;
--- a/cake/console/libs/templates/skel/config/core.php
+++ b/cake/console/libs/templates/skel/config/core.php
@ -92,46 +92,46 @@
 * 'database'	Uses CakePHP's database sessions.
 *
 * To define a custom session handler, save it at /app/config/<name>.php.
- * Set the value of CAKE_SESSION_SAVE to <name> to utilize it in CakePHP.
+ * Set the value of 'Session.save' to <name> to utilize it in CakePHP.
 *
 * To use database sessions, execute the SQL file found at /app/config/sql/sessions.sql.
 *
 */
-	define('CAKE_SESSION_SAVE', 'php');
+	Configure::write('Session.save', 'php');
 /**
 * The name of the table used to store CakePHP database sessions.
 *
- * CAKE_SESSION_SAVE must be set to 'database' in order to utilize this constant.
+ * 'Session.save' must be set to 'database' in order to utilize this constant.
 *
 * The table name set here should *not* include any table prefix defined elsewhere.
 */
-	define('CAKE_SESSION_TABLE', 'cake_sessions');
+	Configure::write('Session.table', 'cake_sessions');
 /**
- * A random string used in session management.
+ * A random string used in security hashing methods.
 */
-	define('CAKE_SESSION_STRING', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
+	Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
 /**
 * The name of CakePHP's session cookie.
 */
-	define('CAKE_SESSION_COOKIE', 'CAKEPHP');
+	Configure::write('Session.cookie', 'CAKEPHP');
 /**
- * The level of CakePHP session security. The session timeout time defined
+ * The level of CakePHP security. The session timeout time defined
- * in CAKE_SESSION_TIMEOUT is multiplied according to the settings here.
+ * in 'Session.timeout' is multiplied according to the settings here.
 * Valid values:
 *
- * 'high'	Session timeout in CAKE_SESSION_TIMEOUT x 10
+ * 'high'	Session timeout in 'Session.timeout' x 10
- * 'medium'	Session timeout in CAKE_SESSION_TIMEOUT x 100
+ * 'medium'	Session timeout in 'Session.timeout' x 100
- * 'low'		Session timeout in CAKE_SESSION_TIMEOUT x 300
+ * 'low'		Session timeout in 'Session.timeout' x 300
 *
 * CakePHP session IDs are also regenerated between requests if
- * CAKE_SECURITY is set to 'high'.
+ * 'Security.level' is set to 'high'.
 */
-	define('CAKE_SECURITY', 'high');
+	Configure::write('Security.level', 'high');
 /**
 * Session time out time (in seconds).
- * Actual value depends on CAKE_SECURITY setting.
+ * Actual value depends on 'Security.level' setting.
 */
-	define('CAKE_SESSION_TIMEOUT', '120');
+	Configure::write('Session.timeout', '120');
 /**
 * Compress CSS output by removing comments, whitespace, repeating tags, etc.
 * This requires a/var/cache directory to be writable by the web server for caching.
@ -142,11 +142,7 @@
 /**
 * If set to false, sessions are not automatically started.
 */
-	define('AUTO_SESSION', true);
+	Configure::write('Session.start', true);
 /**
 * The max size of file allowed for MD5 hashes (in bytes).
 */
 	define('MAX_MD5SIZE', (5 * 1024) * 1024);
 /**
 * The classname and database used in CakePHP's
 * access control lists.
@ -207,5 +203,4 @@
 * 					);
 */
 	Cache::config('default', array('engine' => 'File'));
 ?>
--- a/cake/libs/configure.php
+++ b/cake/libs/configure.php
@ -568,13 +568,41 @@ class Configure extends Object {
 			$_this->write('Routing.webservices', WEBSERVICES);
 		}
 		if (defined('ACL_CLASSNAME')) {
-			trigger_error('ACL_CLASSNAME Deprecated. Use Configure::write(\'Acl.classname\'); in APP/config/core.php', E_USER_WARNING);
+			trigger_error('ACL_CLASSNAME Deprecated. Use Configure::write(\'Acl.classname\', \'' . ACL_CLASSNAME . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Acl.classname', ACL_CLASSNAME);
 		}
 		if (defined('ACL_DATABASE')) {
-			trigger_error('ACL_DATABASE Deprecated. Use Configure::write(\'Acl.database\'); in APP/config/core.php', E_USER_WARNING);
+			trigger_error('ACL_DATABASE Deprecated. Use Configure::write(\'Acl.database\', \'' . ACL_CLASSNAME . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Acl.database', ACL_CLASSNAME);
 		}
 		if (defined('CAKE_SESSION_SAVE')) {
 			trigger_error('CAKE_SESSION_SAVE Deprecated. Use Configure::write(\'Session.save\', \'' . CAKE_SESSION_SAVE . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Session.save', CAKE_SESSION_SAVE);
 		}
 		if (defined('CAKE_SESSION_TABLE')) {
 			trigger_error('CAKE_SESSION_TABLE Deprecated. Use Configure::write(\'Session.table\', \'' . CAKE_SESSION_TABLE . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Session.table', CAKE_SESSION_TABLE);
 		}
 		if (defined('CAKE_SESSION_STRING')) {
 			trigger_error('CAKE_SESSION_STRING Deprecated. Use Configure::write(\'Security.salt\', \'' . CAKE_SESSION_STRING . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Security.salt', CAKE_SESSION_STRING);
 		}
 		if (defined('CAKE_SESSION_COOKIE')) {
 			trigger_error('CAKE_SESSION_COOKIE Deprecated. Use Configure::write(\'Session.cookie\', \'' . CAKE_SESSION_COOKIE . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Session.cookie', CAKE_SESSION_COOKIE);
 		}
 		if (defined('CAKE_SECURITY')) {
 			trigger_error('CAKE_SECURITY Deprecated. Use Configure::write(\'Security.level\', \'' . CAKE_SECURITY . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Security.level', CAKE_SECURITY);
 		}
 		if (defined('CAKE_SESSION_TIMEOUT')) {
 			trigger_error('CAKE_SESSION_TIMEOUT Deprecated. Use Configure::write(\'Session.timeout\', \'' . CAKE_SESSION_TIMEOUT . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Session.timeout', CAKE_SESSION_TIMEOUT);
 		}
 		if (defined('AUTO_SESSION')) {
 			trigger_error('AUTO_SESSION Deprecated. Use Configure::write(\'Session.start\', \'' . AUTO_SESSION . '\'); in APP/config/core.php', E_USER_WARNING);
 			$_this->write('Session.start', AUTO_SESSION);
 		}
 	}
 }
 ?>
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@ -786,7 +786,7 @@ class AuthComponent extends Object {
 		return $data;
 	}
 /**
- * Hash a password with the application's salt value (as defined in CAKE_SESSION_STRING)
+ * Hash a password with the application's salt value (as defined with Configure::write('Security.salt');
 *
 * @access public
 * @param string $password
@ -794,7 +794,7 @@ class AuthComponent extends Object {
 * @return string
 */
 	function password($password) {
-		return Security::hash(CAKE_SESSION_STRING . $password);
+		return Security::hash(Configure::read('Security.salt') . $password);
 	}
 /**
 * Component shutdown.  If user is logged in, wipe out redirect.
--- a/cake/libs/controller/components/cookie.php
+++ b/cake/libs/controller/components/cookie.php
@ -116,7 +116,7 @@ class CookieComponent extends Object {
 * @var string
 * @access protected
 */
-	var $key = CAKE_SESSION_STRING;
+	var $key = null;
 /**
 * Values stored in the cookie.
 *
@ -190,6 +190,7 @@ class CookieComponent extends Object {
 */
 	function startup() {
 		$this->__expire($this->time);
 		$this->key = Configure::read('Security.salt');
 		if (isset($_COOKIE[$this->name])) {
 			$this->__values = $this->__decrypt($_COOKIE[$this->name]);
--- a/cake/libs/controller/components/security.php
+++ b/cake/libs/controller/components/security.php
@ -7,7 +7,7 @@
 *
 * PHP versions 4 and 5
 *
- * CakePHP(tm) :  Rapid Development Framework <http://www.cakephp.org/>
+ * CakePHP(tm) : Rapid Development Framework <http://www.cakephp.org/>
 * Copyright 2005-2007, Cake Software Foundation, Inc.
 *								1785 E. Sahara Avenue, Suite 490-204
 *								Las Vegas, Nevada 89104
@ -121,7 +121,7 @@ class SecurityComponent extends Object {
 */
 	var $components = array('RequestHandler', 'Session');
 /**
- * Component startup.  All security checking happens here.
+ * Component startup. All security checking happens here.
 *
 * @param object $controller
 * @return unknown
@ -250,7 +250,7 @@ class SecurityComponent extends Object {
 	function loginRequest($options = array()) {
 		$options = am($this->loginOptions, $options);
 		$this->__setLoginDefaults($options);
-		$auth  = 'WWW-Authenticate: ' . ucfirst($options['type']);
+		$auth = 'WWW-Authenticate: ' . ucfirst($options['type']);
 		$out = array('realm="' . $options['realm'] . '"');
 		if (low($options['type']) == 'digest') {
@ -485,9 +485,9 @@ class SecurityComponent extends Object {
 					$parts = preg_split('/\/|\./', $value);
 					if (count($parts) == 1) {
-						$key1[] =  $controller->modelClass . '.' . $parts['0'];
+						$key1[] = $controller->modelClass . '.' . $parts['0'];
 					} elseif (count($parts) == 2) {
-						$key1[] = $parts['0']  . '.' . $parts['1'];
+						$key1[] = $parts['0'] . '.' . $parts['1'];
 					}
 				}
@ -526,7 +526,7 @@ class SecurityComponent extends Object {
 						}
 					}
-					foreach ($k as  $lookup) {
+					foreach ($k as $lookup) {
 						if (isset($controller->data[$newKey][$lookup])) {
 							unset($controller->data[$key][$lookup]);
 						} elseif ($controller->data[$key][$lookup] === '0') {
@ -544,8 +544,11 @@ class SecurityComponent extends Object {
 					continue;
 				}
 				if (!array_key_exists($key, $value)) {
-					$field[$key] = array_keys($value);
+					if (isset($field[$key])) {
-					$field[$key] = array_merge($merge, $field[$key]);
+						$field[$key] = array_merge($field[$key], array_keys($value));
 					} else {
 						$field[$key] = array_keys($value);
 					}
 				}
 			}
@ -555,7 +558,7 @@ class SecurityComponent extends Object {
 				}
 			}
 			ksort($field);
-			$check = urlencode(Security::hash(serialize($field) . CAKE_SESSION_STRING));
+			$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
 			if ($form !== $check) {
 				if (!$this->blackHole($controller, 'auth')) {
--- a/cake/libs/controller/components/session.php
+++ b/cake/libs/controller/components/session.php
@ -27,6 +27,7 @@
 * @lastmodified	$Date$
 * @license			http://www.opensource.org/licenses/mit-license.php The MIT License
 */
 uses('session');
 /**
 * Session Component.
 *
@ -50,14 +51,14 @@ class SessionComponent extends CakeSession {
 * @param string $base
 */
 	function __construct($base = null) {
-		if (!defined('AUTO_SESSION') || AUTO_SESSION === true) {
+		if (Configure::read('Session.start') === true) {
 			parent::__construct($base);
 		} else {
 			$this->__active = false;
 		}
 	}
 /**
- * Turn sessions on if AUTO_SESSION is set to false in core.php
+ * Turn sessions on if 'Session.start' is set to false in core.php
 *
 * @param string $base
 */
--- a/cake/libs/debugger.php
+++ b/cake/libs/debugger.php
@ -420,8 +420,8 @@ class Debugger extends Object {
 * @access public
 */
 	function checkSessionKey() {
-		if (CAKE_SESSION_STRING == 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi') {
+		if (Configure::read('Security.salt') == 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi') {
-			trigger_error(__('Please change the value of CAKE_SESSION_STRING in app/config/core.php to a salt value specific to your application', true), E_USER_NOTICE);
+			trigger_error(__('Please change the value of \'Security.salt\' in app/config/core.php to a salt value specific to your application', true), E_USER_NOTICE);
 		}
 	}
 /**
--- a/cake/libs/folder.php
+++ b/cake/libs/folder.php
@ -154,7 +154,7 @@ class Folder extends Object{
 					if (!in_array($n, $exceptions)) {
 						$item = $n;
 					}
-				} elseif ((!preg_match('#^\.+$#', $n) && $exceptions == false) || ($exceptions == true && !preg_match('#^\.(.*)$#', $n))) {
+				} elseif ((!preg_match('/^\\.+$/', $n) && $exceptions == false) || ($exceptions == true && !preg_match('/^\\.(.*)$/', $n))) {
 					$item = $n;
 				}
@ -244,7 +244,7 @@ class Folder extends Object{
 * @static
 */
 	function isWindowsPath($path) {
-		if (preg_match('#^[A-Z]:\\\#i', $path)) {
+		if (preg_match('/^[A-Z]:\\\\/i', $path)) {
 			return true;
 		}
 		return false;
@ -258,7 +258,7 @@ class Folder extends Object{
 * @static
 */
 	function isAbsolute($path) {
-		$match = preg_match('#^\/#', $path) || preg_match('#^[A-Z]:\\\#i', $path);
+		$match = preg_match('/^\\//', $path) || preg_match('/^[A-Z]:\\\\/i', $path);
 		return $match;
 	}
 /**
@ -270,7 +270,7 @@ class Folder extends Object{
 * @static
 */
 	function isSlashTerm($path) {
-		if (preg_match('#[\\\/]$#', $path)) {
+		if (preg_match('/[\/\\\]$/', $path)) {
 			return true;
 		}
 		return false;
@ -412,10 +412,11 @@ class Folder extends Object{
 * Returns an array of nested directories and files in each directory
 *
 * @param string $path the directory path to build the tree from
- * @return mixed array of nested directories and fiels in each directory
+ * @param = boolean $hidden return hidden files and directories
 * @return mixed array of nested directories and files in each directory
 * @access public
 */
-	function tree($path) {
+	function tree($path, $hidden = true) {
 		$path = rtrim($path, DS);
 		$this->__files = array();
 		$this->__directories = array($path);
@ -423,7 +424,7 @@ class Folder extends Object{
 		while (count($this->__directories)) {
 			$dir = array_pop($this->__directories);
-			$this->__tree($dir);
+			$this->__tree($dir, $hidden);
 			array_push($directories, $dir);
 		}
@ -434,25 +435,30 @@ class Folder extends Object{
 * Private method to list directories and files in each directory
 *
 * @param string $path
 * @param = boolean $hidden
 * @access private
 */
-	function __tree($path) {
+	function __tree($path, $hidden) {
 		if (is_dir($path)) {
 			$dirHandle = @opendir($path);
 			while (false !== ($item = @readdir($dirHandle))) {
-				if ($item != '.' && $item != '..') {
+				$found = false;
 					$item = $path . DS . $item;
-					if (is_dir($item)) {
+				if (($hidden === true && $item != '.' && $item != '..') || ($hidden === false && !preg_match('/^\\.(.*)$/', $item))) {
-						array_push($this->__directories, $item);
+					$found = $path . DS . $item;
 				}
 				if ($found !== false) {
 					if (is_dir($found)) {
 						array_push($this->__directories, $found);
 					} else {
-						array_push($this->__files, $item);
+						array_push($this->__files, $found);
 					}
 				}
 			}
 			closedir($dirHandle);
 		}
 		closedir($dirHandle);
 	}
 /**
 * Create a directory structure recursively.
--- a/cake/libs/model/connection_manager.php
+++ b/cake/libs/model/connection_manager.php
@ -243,7 +243,7 @@ class ConnectionManager extends Object {
 *
 */
 	function __destruct() {
-		if (CAKE_SESSION_SAVE == 'database' && function_exists('session_write_close')) {
+		if (Configure::read('Session.save') == 'database' && function_exists('session_write_close')) {
 			session_write_close();
 		}
 	}
--- a/cake/libs/security.php
+++ b/cake/libs/security.php
@ -66,7 +66,7 @@ class Security extends Object {
  */
 	function inactiveMins() {
 		$_this =& Security::getInstance();
-		switch(CAKE_SECURITY) {
+		switch(Configure::read('Security.level')) {
 			case 'high':
 				return 10;
 			break;
--- a/cake/libs/session.php
+++ b/cake/libs/session.php
@ -80,7 +80,7 @@ class CakeSession extends Object {
 */
 	var $lastError = null;
 /**
- * CAKE_SECURITY setting, "high", "medium", or "low".
+ * 'Security.level' setting, "high", "medium", or "low".
 *
 * @var string
 * @access public
@ -115,16 +115,13 @@ class CakeSession extends Object {
 * @access public
 */
 	function __construct($base = null, $start = true) {
 		if (!defined('CAKE_SESSION_TABLE')) {
 			 define('CAKE_SESSION_TABLE', 'cake_sessions');
 		}
-		if (CAKE_SESSION_SAVE === 'database' && !class_exists('ConnectionManager')) {
+		if (Configure::read('Session.save') === 'database' && !class_exists('ConnectionManager')) {
 			uses('model' . DS . 'connection_manager');
 		}
 		if (env('HTTP_USER_AGENT') != null) {
-			$this->_userAgent = md5(env('HTTP_USER_AGENT') . CAKE_SESSION_STRING);
+			$this->_userAgent = md5(env('HTTP_USER_AGENT') . Configure::read('Security.salt'));
 		} else {
 				$this->_userAgent = "";
 		}
@ -143,17 +140,19 @@ class CakeSession extends Object {
 				$this->host = substr($this->host, 0, strpos($this->host, ':'));
 			}
-			$this->sessionTime = $this->time + (Security::inactiveMins() * CAKE_SESSION_TIMEOUT);
+			if (!class_exists('Security')) {
-			$this->security = CAKE_SECURITY;
+				uses('security');
 			}
 			$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
 			$this->security = Configure::read('Security.level');
 			if (function_exists('session_write_close')) {
 				session_write_close();
 			}
 			$this->__initSession();
-			session_cache_limiter ("must-revalidate");
+			$this->__startSession();
 			session_start();
 			header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
 			$this->__checkValid();
 		}
 		parent::__construct();
@ -377,7 +376,7 @@ class CakeSession extends Object {
 		}
 		if (isset($_COOKIE[session_name()])) {
-			setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path);
+			setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
 		}
 		$_SESSION = array();
@ -409,7 +408,7 @@ class CakeSession extends Object {
 			break;
 		}
-		switch(CAKE_SESSION_SAVE) {
+		switch(Configure::read('Session.cookie')) {
 			case 'cake':
 				if (!isset($_SESSION)) {
 					if (function_exists('ini_set')) {
@ -417,7 +416,7 @@ class CakeSession extends Object {
 						ini_set('url_rewriter.tags', '');
 						ini_set('session.serialize_handler', 'php');
 						ini_set('session.use_cookies', 1);
-						ini_set('session.name', CAKE_SESSION_COOKIE);
+						ini_set('session.name', Configure::read('Session.cookie'));
 						ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 						ini_set('session.cookie_path', $this->path);
 						ini_set('session.auto_start', 0);
@ -433,7 +432,7 @@ class CakeSession extends Object {
 						ini_set('session.save_handler', 'user');
 						ini_set('session.serialize_handler', 'php');
 						ini_set('session.use_cookies', 1);
-						ini_set('session.name', CAKE_SESSION_COOKIE);
+						ini_set('session.name', Configure::read('Session.cookie'));
 						ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 						ini_set('session.cookie_path', $this->path);
 						ini_set('session.auto_start', 0);
@ -450,7 +449,7 @@ class CakeSession extends Object {
 				if (!isset($_SESSION)) {
 					if (function_exists('ini_set')) {
 						ini_set('session.use_trans_sid', 0);
-						ini_set('session.name', CAKE_SESSION_COOKIE);
+						ini_set('session.name', Configure::read('Session.cookie'));
 						ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 						ini_set('session.cookie_path', $this->path);
 					}
@ -458,7 +457,7 @@ class CakeSession extends Object {
 			break;
 			default:
 				if (!isset($_SESSION)) {
-					$config = CONFIGS . CAKE_SESSION_SAVE . '.php';
+					$config = CONFIGS . Configure::read('Session.cookie') . '.php';
 					if (is_file($config)) {
 						require_once ($config);
@ -467,6 +466,22 @@ class CakeSession extends Object {
 			break;
 		}
 	}
 /**
 * Helper method to start a session
 *
 * @access private
 */
 	function __startSession() {
 		if (headers_sent()) {
 			if (!isset($_SESSION)) {
 				$_SESSION = array();
 			}
 		} else {
 			session_cache_limiter ("must-revalidate");
 			session_start();
 			header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
 		}
 	}
 /**
 * Helper method to create a new session.
 *
@ -504,7 +519,7 @@ class CakeSession extends Object {
 		}
 		if (isset($_COOKIE[session_name()])) {
-			setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path);
+			setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
 		}
 		session_regenerate_id();
 		$newSessid = session_id();
@ -590,7 +605,7 @@ class CakeSession extends Object {
 */
 	function __read($key) {
 		$db =& ConnectionManager::getDataSource('default');
-		$table = $db->fullTableName(CAKE_SESSION_TABLE, false);
+		$table = $db->fullTableName(Configure::read('Session.table'), false);
 		$row = $db->query("SELECT " . $db->name($table.'.data') . " FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key), false);
 		if ($row && !isset($row[0][$table]) && isset($row[0][0])) {
@ -613,9 +628,9 @@ class CakeSession extends Object {
 */
 	function __write($key, $value) {
 		$db =& ConnectionManager::getDataSource('default');
-		$table = $db->fullTableName(CAKE_SESSION_TABLE);
+		$table = $db->fullTableName(Configure::read('Session.table'));
-		switch(CAKE_SECURITY) {
+		switch(Configure::read('Security.level')) {
 			case 'high':
 				$factor = 10;
 			break;
@ -629,7 +644,7 @@ class CakeSession extends Object {
 				$factor = 10;
 			break;
 		}
-		$expires = time() + CAKE_SESSION_TIMEOUT * $factor;
+		$expires = time() +  Configure::read('Session.timeout') * $factor;
 		$row = $db->query("SELECT COUNT(id) AS count FROM " . $db->name($table) . " WHERE "
 								 . $db->name('id') . " = "
 								 . $db->value($key), false);
@ -656,7 +671,7 @@ class CakeSession extends Object {
 */
 	function __destroy($key) {
 		$db =& ConnectionManager::getDataSource('default');
-		$table = $db->fullTableName(CAKE_SESSION_TABLE);
+		$table = $db->fullTableName(Configure::read('Session.table'));
 		$db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key, 'integer'));
 		return true;
 	}
@ -669,7 +684,7 @@ class CakeSession extends Object {
 */
 	function __gc($expires = null) {
 		$db =& ConnectionManager::getDataSource('default');
-		$table = $db->fullTableName(CAKE_SESSION_TABLE);
+		$table = $db->fullTableName(Configure::read('Session.table'));
 		$db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.expires') . " < ". $db->value(time()));
 		return true;
 	 }
--- a/cake/libs/view/helpers/form.php
+++ b/cake/libs/view/helpers/form.php
@ -283,7 +283,7 @@ class FormHelper extends AppHelper {
 				}
 			}
 			ksort($fields);
-			$append .= $this->hidden('_Token.fields', array('value' => urlencode(Security::hash(serialize($fields) . CAKE_SESSION_STRING)), 'id' => 'TokenFields' . mt_rand()));
+			$append .= $this->hidden('_Token.fields', array('value' => urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt'))), 'id' => 'TokenFields' . mt_rand()));
 			$append .= '</p>';
 			return $append;
 		}
@ -852,15 +852,16 @@ class FormHelper extends AppHelper {
 		$options = $this->__initInputField($fieldName, $options);
 		$model = $this->model();
 		$value = '';
 		$key = '_' . $model;
 		if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
-			$options['name'] = str_replace($model, '_' . $model, $options['name']);
+			$options['name'] = str_replace($model, $key, $options['name']);
 		}
 		if (!empty($options['value']) || $options['value'] === '0') {
 			$value = $options['value'];
 		}
-		$this->__secure($model, $value);
+		$this->__secure($key, $value);
 		/*if (in_array($fieldName, array('_method', '_fields'))) {
 			$model = null;
--- a/cake/libs/view/helpers/session.php
+++ b/cake/libs/view/helpers/session.php
@ -57,14 +57,14 @@ class SessionHelper extends CakeSession {
 * @param string $base
 */
 	function __construct($base = null) {
-		if (!defined('AUTO_SESSION') || AUTO_SESSION === true) {
+		if (Configure::read('Session.start') === true) {
 			parent::__construct($base, false);
 		} else {
 			$this->__active = false;
 		}
 	}
 /**
- * Turn sessions on if AUTO_SESSION is set to false in core.php
+ * Turn sessions on if 'Session.start' is set to false in core.php
 *
 * @param string $base
 */
--- a/cake/tests/cases/dispatcher.test.php
+++ b/cake/tests/cases/dispatcher.test.php
@ -416,7 +416,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'some_pages/redirect/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return' => 1));
+		$controller = $dispatcher->dispatch($url, array('return' => 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'privateAction';
@ -429,7 +429,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'some_pages/home/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return'=> 1));
+		$controller = $dispatcher->dispatch($url, array('return'=> 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'missingAction';
 		$this->assertEqual($expected, $controller);
@ -441,7 +441,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'pages/home/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return' => 1));
+		$controller = $dispatcher->dispatch($url, array('return' => 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'Pages';
@ -462,7 +462,7 @@ class DispatcherTest extends UnitTestCase {
 		$Router =& Router::getInstance();
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return' => 1));
+		$controller = $dispatcher->dispatch($url, array('return' => 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'TestDispatchPages';
@ -492,7 +492,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'my_plugin/some_pages/home/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return' => 1));
+		$controller = $dispatcher->dispatch($url, array('return' => 1));
 		set_error_handler('simpleTestErrorHandler');
@ -534,7 +534,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'my_plugin/other_pages/index/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return'=> 1));
+		$controller = $dispatcher->dispatch($url, array('return'=> 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'my_plugin';
@ -566,7 +566,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'my_plugin/add/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return' => 1));
+		$controller = $dispatcher->dispatch($url, array('return' => 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'my_plugin';
@ -615,7 +615,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'my_plugin/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return'=> 1));
+		$controller = $dispatcher->dispatch($url, array('return'=> 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'missingAction';
@ -634,7 +634,7 @@ class DispatcherTest extends UnitTestCase {
 		$url = 'test_dispatch_pages/admin_index/param:value/param2:value2';
 		restore_error_handler();
-		@$controller = $dispatcher->dispatch($url, array('return' => 1));
+		$controller = $dispatcher->dispatch($url, array('return' => 1));
 		set_error_handler('simpleTestErrorHandler');
 		$expected = 'privateAction';
--- a/cake/tests/cases/libs/controller/components/auth.test.php
+++ b/cake/tests/cases/libs/controller/components/auth.test.php
@ -29,6 +29,7 @@
 uses('controller' . DS . 'components' . DS .'auth', 'controller' . DS . 'components' . DS .'acl');
 uses('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl');
 Configure::write('Security.salt', 'JfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
 /**
 * Short description for class.
 *
@ -124,7 +125,7 @@ class AuthTest extends CakeTestCase {
 		$this->AuthUser =& new AuthUser();
 		$user['id'] = 1;
 		$user['username'] = 'mariano';
-		$user['password'] = Security::hash(CAKE_SESSION_STRING . 'cake');
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
 		$this->AuthUser->save($user, false);
 		$authUser = $this->AuthUser->find();
@ -253,7 +254,11 @@ class AuthTest extends CakeTestCase {
 	}
 	function testLoginRedirect() {
-		$backup = $_SERVER['HTTP_REFERER'];
+		if (isset($_SERVER['HTTP_REFERER'])) {
 			$backup = $_SERVER['HTTP_REFERER'];
 		} else {
 			$backup = null;
 		}
 		$_SERVER['HTTP_REFERER'] = false;
@ -305,7 +310,7 @@ class AuthTest extends CakeTestCase {
 		$this->AuthUser =& new AuthUser();
 		$user['id'] = 1;
 		$user['username'] = 'mariano';
-		$user['password'] = Security::hash(CAKE_SESSION_STRING . 'cake');
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
 		$this->AuthUser->save($user, false);
 		$authUser = $this->AuthUser->find();
--- a/cake/tests/cases/libs/controller/components/security.test.php
+++ b/cake/tests/cases/libs/controller/components/security.test.php
@ -27,16 +27,148 @@
 * @license			http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
 */
 uses('controller' . DS . 'components' . DS .'security');
 /**
 * Short description for class.
 *
 * @package		cake.tests
 * @subpackage	cake.tests.cases.libs.controller.components
 */
 class SecurityTestController extends Controller {
 	var $name = 'SecurityTest';
 	var $components = array('Security');
 	function redirect($option, $code, $exit) {
 		return $code;
 	}
 }
 /**
 * Short description for class.
 *
- * @package    cake.tests
+ * @package		cake.tests
- * @subpackage cake.tests.cases.libs.controller.components
+ * @subpackage	cake.tests.cases.libs.controller.components
 */
 class SecurityComponentTest extends CakeTestCase {
-	function skip() {
+	function setUp() {
-		$this->skipif (true, 'SecurityComponentTest not implemented');
+		$this->Controller =& new SecurityTestController();
 		restore_error_handler();
 		@$this->Controller->_initComponents();
 		set_error_handler('simpleTestErrorHandler');
 	}
 	function testStartup() {
 		$this->Controller->Security->startup($this->Controller);
 		$result = $this->Controller->params['_Token']['key'];
 		$this->assertNotNull($result);
 		$this->assertTrue($this->Controller->Session->check('_Token'));
 	}
 	function testValidatePostSimple() {
 		$this->Controller->Security->startup($this->Controller);
 		$key = $this->Controller->params['_Token']['key'];
 		$data['Model']['username'] = '';
 		$data['Model']['password'] = '';
 		$data['__Token']['key'] = $key;
 		$fields = array('Model' => array('username','password'),
 						'__Token' => array('key' => $key));
 		$fields = $this->__sortFields($fields);
 		$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
 		$data['__Token']['fields'] = $fields;
 		$this->Controller->data = $data;
 		$result = $this->Controller->Security->__validatePost($this->Controller);
 		$this->assertTrue($result);
 	}
 	function testValidatePostCheckbox() {
 		$this->Controller->Security->startup($this->Controller);
 		$key = $this->Controller->params['_Token']['key'];
 		$data['Model']['username'] = '';
 		$data['Model']['password'] = '';
 		$data['_Model']['valid'] = '0';
 		$data['__Token']['key'] = $key;
 		$fields = array('Model' => array('username', 'password', 'valid'),
 						'_Model' => array('valid' => '0'),
 						'__Token' => array('key' => $key));
 		$fields = $this->__sortFields($fields);
 		$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
 		$data['__Token']['fields'] = $fields;
 		$this->Controller->data = $data;
 		$result = $this->Controller->Security->__validatePost($this->Controller);
 		$this->assertTrue($result);
 	}
 	function testValidatePostHidden() {
 		$this->Controller->Security->startup($this->Controller);
 		$key = $this->Controller->params['_Token']['key'];
 		$data['Model']['username'] = '';
 		$data['Model']['password'] = '';
 		$data['_Model']['hidden'] = '0';
 		$data['__Token']['key'] = $key;
 		$fields = array('Model' => array('username', 'password', 'hidden'),
 						'_Model' => array('hidden' => '0'),
 						'__Token' => array('key' => $key));
 		$fields = $this->__sortFields($fields);
 		$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
 		$data['__Token']['fields'] = $fields;
 		$this->Controller->data = $data;
 		$result = $this->Controller->Security->__validatePost($this->Controller);
 		$this->assertTrue($result);
 	}
 	function testValidateHiddenMultipleModel() {
 		$this->Controller->Security->startup($this->Controller);
 		$key = $this->Controller->params['_Token']['key'];
 		$data['Model']['username'] = '';
 		$data['Model']['password'] = '';
 		$data['_Model']['valid'] = '0';
 		$data['_Model2']['valid'] = '0';
 		$data['_Model3']['valid'] = '0';
 		$data['__Token']['key'] = $key;
 		$fields = array('Model' => array('username', 'password', 'valid'),
 						'Model2'=> array('valid'),
 						'Model3'=> array('valid'),
 						'_Model2'=> array('valid' => '0'),
 						'_Model3'=> array('valid' => '0'),
 						'_Model' => array('valid' => '0'),
 						'__Token' => array('key' => $key));
 		$fields = $this->__sortFields($fields);
 		$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
 		$data['__Token']['fields'] = $fields;
 		$this->Controller->data = $data;
 		$result = $this->Controller->Security->__validatePost($this->Controller);
 		$this->assertTrue($result);
 	}
 	function __sortFields($fields) {
 		foreach ($fields as $key => $value) {
 			if(strpos($key, '_') !== 0) {
 				sort($fields[$key]);
 			}
 		}
 		ksort($fields);
 		return $fields;
 	}
 }
 ?>
--- a/cake/tests/cases/libs/folder.test.php
+++ b/cake/tests/cases/libs/folder.test.php
@ -44,19 +44,6 @@ class FolderTest extends UnitTestCase {
 		$result = $Folder->pwd();
 		$this->assertEqual($result, $path);
 		$result = $Folder->isWindowsPath($path);
 		$expected = (DS == '\\' ? true : false);
 		$this->assertEqual($result, $expected);
 		$result = $Folder->isAbsolute($path);
 		$this->assertTrue($result);
 		$result = $Folder->isSlashTerm($path);
 		$this->assertFalse($result);
 		$result = $Folder->isSlashTerm($path . DS);
 		$this->assertTrue($result);
 		$result = $Folder->addPathElement($path, 'test');
 		$expected = $path . DS . 'test';
 		$this->assertEqual($result, $expected);
@ -132,12 +119,76 @@ class FolderTest extends UnitTestCase {
 		$result = $Folder->create($new);
 		$this->assertTrue($result);
-		$result = $Folder->read(true, '.');
+		$result = $Folder->read(true);
 		$expected = array(array('0', 'cache', 'logs', 'sessions', 'tests'), array());
 		$this->assertEqual($expected, $result);
 		$result = $Folder->read(true, array('.', '..', 'logs'));
 		$expected = array(array('0', 'cache', 'sessions', 'tests'), array());
 		$this->assertEqual($expected, $result);
 		$result = $Folder->delete($new);
 		$this->assertTrue($result);
 	}
 	function testFolderRead() {
 		$Folder =& new Folder(TMP);
 		$expected = array('cache', 'logs', 'sessions', 'tests');
 		$results = $Folder->read();
 		$this->assertEqual($results[0], $expected);
 	}
 	function testFolderTree() {
 		$Folder =& new Folder();
 		$expected = array(array(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding'),
 								array(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'config.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'paths.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0000_007f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0080_00ff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0100_017f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0180_024F.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0300_036f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0370_03ff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0400_04ff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0500_052f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '0530_058f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '10400_1044f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '10a0_10ff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '1e00_1eff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '1f00_1fff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '2100_214f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '2150_218f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '2460_24ff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '2c00_2c5f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '2c60_2c7f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . '2c80_2cff.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . 'fb00_fb4f.php',
 										CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' .  DS . 'casefolding' . DS . 'ff00_ffef.php'));
 		$results = $Folder->tree(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config', false);
 		$this->assertEqual($results, $expected);
 	}
 	function testWindowsPath(){
 		$Folder =& new Folder();
 		$this->assertTrue($Folder->isWindowsPath('C:\cake'));
 		$this->assertTrue($Folder->isWindowsPath('c:\cake'));
 	}
 	function testIsAbsolute(){
 		$Folder =& new Folder();
 		$this->assertTrue($Folder->isAbsolute('C:\cake'));
 		$this->assertTrue($Folder->isAbsolute('/usr/local'));
 		$this->assertFalse($Folder->isAbsolute('cake/'));
 	}
 	function testIsSlashTerm(){
 		$Folder =& new Folder();
 		$this->assertTrue($Folder->isSlashTerm('C:\cake\\'));
 		$this->assertTrue($Folder->isSlashTerm('/usr/local/'));
 		$this->assertFalse($Folder->isSlashTerm('cake'));
 	}
 }
 ?>
--- a/cake/tests/lib/test_manager.php
+++ b/cake/tests/lib/test_manager.php
@ -49,7 +49,7 @@ class TestManager {
 	}
 	function _installSimpleTest() {
-		vendor('simpletest'.DS.'unit_tester', 'simpletest'.DS.'web_tester', 'simpletest'.DS.'mock_objects');
+		vendor('simpletest'.DS.'unit_tester', 'simpletest'.DS.'mock_objects', 'simpletest'.DS.'web_tester');
 		require_once(LIB_TESTS . 'cake_web_test_case.php');
 		require_once(LIB_TESTS . 'cake_test_case.php');
 	}
@ -74,7 +74,7 @@ class TestManager {
 		foreach ($testCases as $testCase) {
 			$test->addTestFile($testCase);
 		}
-		$test->run($reporter);
+		return $test->run($reporter);
 	}
 	function runTestCase($testCaseFile, &$reporter) {
@ -90,7 +90,7 @@ class TestManager {
 		}
 		$test =& new GroupTest("Individual test case: " . $testCaseFile);
 		$test->addTestFile($testCaseFileWithPath);
-		$test->run($reporter);
+		return $test->run($reporter);
 	}
 	function runGroupTest($groupTestName, $groupTestDirectory, &$reporter) {
@ -104,7 +104,6 @@ class TestManager {
 		require_once $filePath;
 		$test =& new GroupTest($groupTestName . ' group test');
 		foreach ($manager->_getGroupTestClassNames($filePath) as $groupTest) {
 			$testCase = new $groupTest();
 			$test->addTestCase($testCase);
@ -112,7 +111,7 @@ class TestManager {
 				$test->_label = $testCase->label;
 			}
 		}
-		$test->run($reporter);
+		return $test->run($reporter);
 	}
 	function addTestCasesFromDirectory(&$groupTest, $directory = '.') {