Closes #3394, applied test patch

Deprecated define('MAX_MD5SIZE', (5 * 1024) * 1024); in core.php
Removing additional defines in core.php, replaced with Configure::write();
Added CakeSession::__startSession() to check for sent headers before attempting to start the session.
Added notices to Configure::__loadBootstrap() that will be removed before stable release.
Refactored Folder::tree().
Added additional FolderTest cases

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5768 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2007-10-16 09:05:25 +00:00
parent 16fbd33eee
commit 1aa1164b1d
20 changed files with 386 additions and 154 deletions

View file

@ -92,46 +92,46 @@
* 'database' Uses CakePHP's database sessions. * 'database' Uses CakePHP's database sessions.
* *
* To define a custom session handler, save it at /app/config/<name>.php. * To define a custom session handler, save it at /app/config/<name>.php.
* Set the value of CAKE_SESSION_SAVE to <name> to utilize it in CakePHP. * Set the value of 'Session.save' to <name> to utilize it in CakePHP.
* *
* To use database sessions, execute the SQL file found at /app/config/sql/sessions.sql. * To use database sessions, execute the SQL file found at /app/config/sql/sessions.sql.
* *
*/ */
define('CAKE_SESSION_SAVE', 'php'); Configure::write('Session.save', 'php');
/** /**
* The name of the table used to store CakePHP database sessions. * The name of the table used to store CakePHP database sessions.
* *
* CAKE_SESSION_SAVE must be set to 'database' in order to utilize this constant. * 'Session.save' must be set to 'database' in order to utilize this constant.
* *
* The table name set here should *not* include any table prefix defined elsewhere. * The table name set here should *not* include any table prefix defined elsewhere.
*/ */
define('CAKE_SESSION_TABLE', 'cake_sessions'); Configure::write('Session.table', 'cake_sessions');
/** /**
* A random string used in session management. * A random string used in security hashing methods.
*/ */
define('CAKE_SESSION_STRING', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi'); Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
/** /**
* The name of CakePHP's session cookie. * The name of CakePHP's session cookie.
*/ */
define('CAKE_SESSION_COOKIE', 'CAKEPHP'); Configure::write('Session.cookie', 'CAKEPHP');
/** /**
* The level of CakePHP session security. The session timeout time defined * The level of CakePHP security. The session timeout time defined
* in CAKE_SESSION_TIMEOUT is multiplied according to the settings here. * in 'Session.timeout' is multiplied according to the settings here.
* Valid values: * Valid values:
* *
* 'high' Session timeout in CAKE_SESSION_TIMEOUT x 10 * 'high' Session timeout in 'Session.timeout' x 10
* 'medium' Session timeout in CAKE_SESSION_TIMEOUT x 100 * 'medium' Session timeout in 'Session.timeout' x 100
* 'low' Session timeout in CAKE_SESSION_TIMEOUT x 300 * 'low' Session timeout in 'Session.timeout' x 300
* *
* CakePHP session IDs are also regenerated between requests if * CakePHP session IDs are also regenerated between requests if
* CAKE_SECURITY is set to 'high'. * 'Security.level' is set to 'high'.
*/ */
define('CAKE_SECURITY', 'high'); Configure::write('Security.level', 'high');
/** /**
* Session time out time (in seconds). * Session time out time (in seconds).
* Actual value depends on CAKE_SECURITY setting. * Actual value depends on 'Security.level' setting.
*/ */
define('CAKE_SESSION_TIMEOUT', '120'); Configure::write('Session.timeout', '120');
/** /**
* Compress CSS output by removing comments, whitespace, repeating tags, etc. * Compress CSS output by removing comments, whitespace, repeating tags, etc.
* This requires a/var/cache directory to be writable by the web server for caching. * This requires a/var/cache directory to be writable by the web server for caching.
@ -142,11 +142,7 @@
/** /**
* If set to false, sessions are not automatically started. * If set to false, sessions are not automatically started.
*/ */
define('AUTO_SESSION', true); Configure::write('Session.start', true);
/**
* The max size of file allowed for MD5 hashes (in bytes).
*/
define('MAX_MD5SIZE', (5 * 1024) * 1024);
/** /**
* The classname and database used in CakePHP's * The classname and database used in CakePHP's
* access control lists. * access control lists.
@ -207,5 +203,4 @@
* ); * );
*/ */
Cache::config('default', array('engine' => 'File')); Cache::config('default', array('engine' => 'File'));
?> ?>

View file

@ -156,10 +156,10 @@ class ProjectTask extends Shell {
$this->out('The Welcome page was NOT created'); $this->out('The Welcome page was NOT created');
} }
if ($this->cakeSessionString($path) === true ) { if ($this->securitySalt($path) === true ) {
$this->out('Random hash key created for CAKE_SESSION_STRING'); $this->out('Random hash key created for \'Security.salt\'');
} else { } else {
$this->err('Unable to generate random hash for CAKE_SESSION_STRING, please change this yourself in ' . CONFIGS . 'core.php'); $this->err('Unable to generate random hash for \'Security.salt\', please change this yourself in ' . CONFIGS . 'core.php');
} }
$corePath = $this->corePath($path); $corePath = $this->corePath($path);
@ -202,17 +202,17 @@ class ProjectTask extends Shell {
return $this->createFile($path.'home.ctp', $output); return $this->createFile($path.'home.ctp', $output);
} }
/** /**
* generates and writes CAKE_SESSION_STRING * generates and writes 'Security.salt'
* *
* @return bool * @return bool
*/ */
function cakeSessionString($path) { function securitySalt($path) {
$File =& new File($path . 'config' . DS . 'core.php'); $File =& new File($path . 'config' . DS . 'core.php');
$contents = $File->read(); $contents = $File->read();
if (preg_match('/([\\t\\x20]*define\\(\\\'CAKE_SESSION_STRING\\\',[\\t\\x20\'A-z0-9]*\\);)/', $contents, $match)) { if (preg_match('/([\\t\\x20]*Configure::write\\(\\\'Security.salt\\\',[\\t\\x20\'A-z0-9]*\\);)/', $contents, $match)) {
uses('Security'); uses('Security');
$string = Security::generateAuthKey(); $string = Security::generateAuthKey();
$result = str_replace($match[0], 'define(\'CAKE_SESSION_STRING\', \''.$string.'\');', $contents); $result = str_replace($match[0], "\t" . 'Configure::write(\'Security.salt\', \''.$string.'\');', $contents);
if ($File->write($result)) { if ($File->write($result)) {
return true; return true;
} else { } else {
@ -252,7 +252,7 @@ class ProjectTask extends Shell {
$File =& new File(CONFIGS . 'core.php'); $File =& new File(CONFIGS . 'core.php');
$contents = $File->read(); $contents = $File->read();
if (preg_match('%([/\\t\\x20]*Configure::write\(\'Routing.admin\',[\\t\\x20\'a-z]*\\);)%', $contents, $match)) { if (preg_match('%([/\\t\\x20]*Configure::write\(\'Routing.admin\',[\\t\\x20\'a-z]*\\);)%', $contents, $match)) {
$result = str_replace($match[0], 'Configure::write(\'Routing.admin\', \''.$name.'\');', $contents); $result = str_replace($match[0], "\t" . 'Configure::write(\'Routing.admin\', \''.$name.'\');', $contents);
if ($File->write($result)) { if ($File->write($result)) {
Configure::write('Routing.admin', $name); Configure::write('Routing.admin', $name);
return true; return true;

View file

@ -92,46 +92,46 @@
* 'database' Uses CakePHP's database sessions. * 'database' Uses CakePHP's database sessions.
* *
* To define a custom session handler, save it at /app/config/<name>.php. * To define a custom session handler, save it at /app/config/<name>.php.
* Set the value of CAKE_SESSION_SAVE to <name> to utilize it in CakePHP. * Set the value of 'Session.save' to <name> to utilize it in CakePHP.
* *
* To use database sessions, execute the SQL file found at /app/config/sql/sessions.sql. * To use database sessions, execute the SQL file found at /app/config/sql/sessions.sql.
* *
*/ */
define('CAKE_SESSION_SAVE', 'php'); Configure::write('Session.save', 'php');
/** /**
* The name of the table used to store CakePHP database sessions. * The name of the table used to store CakePHP database sessions.
* *
* CAKE_SESSION_SAVE must be set to 'database' in order to utilize this constant. * 'Session.save' must be set to 'database' in order to utilize this constant.
* *
* The table name set here should *not* include any table prefix defined elsewhere. * The table name set here should *not* include any table prefix defined elsewhere.
*/ */
define('CAKE_SESSION_TABLE', 'cake_sessions'); Configure::write('Session.table', 'cake_sessions');
/** /**
* A random string used in session management. * A random string used in security hashing methods.
*/ */
define('CAKE_SESSION_STRING', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi'); Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
/** /**
* The name of CakePHP's session cookie. * The name of CakePHP's session cookie.
*/ */
define('CAKE_SESSION_COOKIE', 'CAKEPHP'); Configure::write('Session.cookie', 'CAKEPHP');
/** /**
* The level of CakePHP session security. The session timeout time defined * The level of CakePHP security. The session timeout time defined
* in CAKE_SESSION_TIMEOUT is multiplied according to the settings here. * in 'Session.timeout' is multiplied according to the settings here.
* Valid values: * Valid values:
* *
* 'high' Session timeout in CAKE_SESSION_TIMEOUT x 10 * 'high' Session timeout in 'Session.timeout' x 10
* 'medium' Session timeout in CAKE_SESSION_TIMEOUT x 100 * 'medium' Session timeout in 'Session.timeout' x 100
* 'low' Session timeout in CAKE_SESSION_TIMEOUT x 300 * 'low' Session timeout in 'Session.timeout' x 300
* *
* CakePHP session IDs are also regenerated between requests if * CakePHP session IDs are also regenerated between requests if
* CAKE_SECURITY is set to 'high'. * 'Security.level' is set to 'high'.
*/ */
define('CAKE_SECURITY', 'high'); Configure::write('Security.level', 'high');
/** /**
* Session time out time (in seconds). * Session time out time (in seconds).
* Actual value depends on CAKE_SECURITY setting. * Actual value depends on 'Security.level' setting.
*/ */
define('CAKE_SESSION_TIMEOUT', '120'); Configure::write('Session.timeout', '120');
/** /**
* Compress CSS output by removing comments, whitespace, repeating tags, etc. * Compress CSS output by removing comments, whitespace, repeating tags, etc.
* This requires a/var/cache directory to be writable by the web server for caching. * This requires a/var/cache directory to be writable by the web server for caching.
@ -142,11 +142,7 @@
/** /**
* If set to false, sessions are not automatically started. * If set to false, sessions are not automatically started.
*/ */
define('AUTO_SESSION', true); Configure::write('Session.start', true);
/**
* The max size of file allowed for MD5 hashes (in bytes).
*/
define('MAX_MD5SIZE', (5 * 1024) * 1024);
/** /**
* The classname and database used in CakePHP's * The classname and database used in CakePHP's
* access control lists. * access control lists.
@ -207,5 +203,4 @@
* ); * );
*/ */
Cache::config('default', array('engine' => 'File')); Cache::config('default', array('engine' => 'File'));
?> ?>

View file

@ -568,13 +568,41 @@ class Configure extends Object {
$_this->write('Routing.webservices', WEBSERVICES); $_this->write('Routing.webservices', WEBSERVICES);
} }
if (defined('ACL_CLASSNAME')) { if (defined('ACL_CLASSNAME')) {
trigger_error('ACL_CLASSNAME Deprecated. Use Configure::write(\'Acl.classname\'); in APP/config/core.php', E_USER_WARNING); trigger_error('ACL_CLASSNAME Deprecated. Use Configure::write(\'Acl.classname\', \'' . ACL_CLASSNAME . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Acl.classname', ACL_CLASSNAME); $_this->write('Acl.classname', ACL_CLASSNAME);
} }
if (defined('ACL_DATABASE')) { if (defined('ACL_DATABASE')) {
trigger_error('ACL_DATABASE Deprecated. Use Configure::write(\'Acl.database\'); in APP/config/core.php', E_USER_WARNING); trigger_error('ACL_DATABASE Deprecated. Use Configure::write(\'Acl.database\', \'' . ACL_CLASSNAME . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Acl.database', ACL_CLASSNAME); $_this->write('Acl.database', ACL_CLASSNAME);
} }
if (defined('CAKE_SESSION_SAVE')) {
trigger_error('CAKE_SESSION_SAVE Deprecated. Use Configure::write(\'Session.save\', \'' . CAKE_SESSION_SAVE . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Session.save', CAKE_SESSION_SAVE);
}
if (defined('CAKE_SESSION_TABLE')) {
trigger_error('CAKE_SESSION_TABLE Deprecated. Use Configure::write(\'Session.table\', \'' . CAKE_SESSION_TABLE . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Session.table', CAKE_SESSION_TABLE);
}
if (defined('CAKE_SESSION_STRING')) {
trigger_error('CAKE_SESSION_STRING Deprecated. Use Configure::write(\'Security.salt\', \'' . CAKE_SESSION_STRING . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Security.salt', CAKE_SESSION_STRING);
}
if (defined('CAKE_SESSION_COOKIE')) {
trigger_error('CAKE_SESSION_COOKIE Deprecated. Use Configure::write(\'Session.cookie\', \'' . CAKE_SESSION_COOKIE . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Session.cookie', CAKE_SESSION_COOKIE);
}
if (defined('CAKE_SECURITY')) {
trigger_error('CAKE_SECURITY Deprecated. Use Configure::write(\'Security.level\', \'' . CAKE_SECURITY . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Security.level', CAKE_SECURITY);
}
if (defined('CAKE_SESSION_TIMEOUT')) {
trigger_error('CAKE_SESSION_TIMEOUT Deprecated. Use Configure::write(\'Session.timeout\', \'' . CAKE_SESSION_TIMEOUT . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Session.timeout', CAKE_SESSION_TIMEOUT);
}
if (defined('AUTO_SESSION')) {
trigger_error('AUTO_SESSION Deprecated. Use Configure::write(\'Session.start\', \'' . AUTO_SESSION . '\'); in APP/config/core.php', E_USER_WARNING);
$_this->write('Session.start', AUTO_SESSION);
}
} }
} }
?> ?>

View file

@ -786,7 +786,7 @@ class AuthComponent extends Object {
return $data; return $data;
} }
/** /**
* Hash a password with the application's salt value (as defined in CAKE_SESSION_STRING) * Hash a password with the application's salt value (as defined with Configure::write('Security.salt');
* *
* @access public * @access public
* @param string $password * @param string $password
@ -794,7 +794,7 @@ class AuthComponent extends Object {
* @return string * @return string
*/ */
function password($password) { function password($password) {
return Security::hash(CAKE_SESSION_STRING . $password); return Security::hash(Configure::read('Security.salt') . $password);
} }
/** /**
* Component shutdown. If user is logged in, wipe out redirect. * Component shutdown. If user is logged in, wipe out redirect.

View file

@ -116,7 +116,7 @@ class CookieComponent extends Object {
* @var string * @var string
* @access protected * @access protected
*/ */
var $key = CAKE_SESSION_STRING; var $key = null;
/** /**
* Values stored in the cookie. * Values stored in the cookie.
* *
@ -190,6 +190,7 @@ class CookieComponent extends Object {
*/ */
function startup() { function startup() {
$this->__expire($this->time); $this->__expire($this->time);
$this->key = Configure::read('Security.salt');
if (isset($_COOKIE[$this->name])) { if (isset($_COOKIE[$this->name])) {
$this->__values = $this->__decrypt($_COOKIE[$this->name]); $this->__values = $this->__decrypt($_COOKIE[$this->name]);

View file

@ -7,7 +7,7 @@
* *
* PHP versions 4 and 5 * PHP versions 4 and 5
* *
* CakePHP(tm) : Rapid Development Framework <http://www.cakephp.org/> * CakePHP(tm) : Rapid Development Framework <http://www.cakephp.org/>
* Copyright 2005-2007, Cake Software Foundation, Inc. * Copyright 2005-2007, Cake Software Foundation, Inc.
* 1785 E. Sahara Avenue, Suite 490-204 * 1785 E. Sahara Avenue, Suite 490-204
* Las Vegas, Nevada 89104 * Las Vegas, Nevada 89104
@ -121,7 +121,7 @@ class SecurityComponent extends Object {
*/ */
var $components = array('RequestHandler', 'Session'); var $components = array('RequestHandler', 'Session');
/** /**
* Component startup. All security checking happens here. * Component startup. All security checking happens here.
* *
* @param object $controller * @param object $controller
* @return unknown * @return unknown
@ -250,7 +250,7 @@ class SecurityComponent extends Object {
function loginRequest($options = array()) { function loginRequest($options = array()) {
$options = am($this->loginOptions, $options); $options = am($this->loginOptions, $options);
$this->__setLoginDefaults($options); $this->__setLoginDefaults($options);
$auth = 'WWW-Authenticate: ' . ucfirst($options['type']); $auth = 'WWW-Authenticate: ' . ucfirst($options['type']);
$out = array('realm="' . $options['realm'] . '"'); $out = array('realm="' . $options['realm'] . '"');
if (low($options['type']) == 'digest') { if (low($options['type']) == 'digest') {
@ -485,9 +485,9 @@ class SecurityComponent extends Object {
$parts = preg_split('/\/|\./', $value); $parts = preg_split('/\/|\./', $value);
if (count($parts) == 1) { if (count($parts) == 1) {
$key1[] = $controller->modelClass . '.' . $parts['0']; $key1[] = $controller->modelClass . '.' . $parts['0'];
} elseif (count($parts) == 2) { } elseif (count($parts) == 2) {
$key1[] = $parts['0'] . '.' . $parts['1']; $key1[] = $parts['0'] . '.' . $parts['1'];
} }
} }
@ -526,7 +526,7 @@ class SecurityComponent extends Object {
} }
} }
foreach ($k as $lookup) { foreach ($k as $lookup) {
if (isset($controller->data[$newKey][$lookup])) { if (isset($controller->data[$newKey][$lookup])) {
unset($controller->data[$key][$lookup]); unset($controller->data[$key][$lookup]);
} elseif ($controller->data[$key][$lookup] === '0') { } elseif ($controller->data[$key][$lookup] === '0') {
@ -544,8 +544,11 @@ class SecurityComponent extends Object {
continue; continue;
} }
if (!array_key_exists($key, $value)) { if (!array_key_exists($key, $value)) {
$field[$key] = array_keys($value); if (isset($field[$key])) {
$field[$key] = array_merge($merge, $field[$key]); $field[$key] = array_merge($field[$key], array_keys($value));
} else {
$field[$key] = array_keys($value);
}
} }
} }
@ -555,7 +558,7 @@ class SecurityComponent extends Object {
} }
} }
ksort($field); ksort($field);
$check = urlencode(Security::hash(serialize($field) . CAKE_SESSION_STRING)); $check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
if ($form !== $check) { if ($form !== $check) {
if (!$this->blackHole($controller, 'auth')) { if (!$this->blackHole($controller, 'auth')) {

View file

@ -27,6 +27,7 @@
* @lastmodified $Date$ * @lastmodified $Date$
* @license http://www.opensource.org/licenses/mit-license.php The MIT License * @license http://www.opensource.org/licenses/mit-license.php The MIT License
*/ */
uses('session');
/** /**
* Session Component. * Session Component.
* *
@ -50,14 +51,14 @@ class SessionComponent extends CakeSession {
* @param string $base * @param string $base
*/ */
function __construct($base = null) { function __construct($base = null) {
if (!defined('AUTO_SESSION') || AUTO_SESSION === true) { if (Configure::read('Session.start') === true) {
parent::__construct($base); parent::__construct($base);
} else { } else {
$this->__active = false; $this->__active = false;
} }
} }
/** /**
* Turn sessions on if AUTO_SESSION is set to false in core.php * Turn sessions on if 'Session.start' is set to false in core.php
* *
* @param string $base * @param string $base
*/ */
@ -240,4 +241,4 @@ class SessionComponent extends CakeSession {
} }
} }
} }
?> ?>

View file

@ -420,8 +420,8 @@ class Debugger extends Object {
* @access public * @access public
*/ */
function checkSessionKey() { function checkSessionKey() {
if (CAKE_SESSION_STRING == 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi') { if (Configure::read('Security.salt') == 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi') {
trigger_error(__('Please change the value of CAKE_SESSION_STRING in app/config/core.php to a salt value specific to your application', true), E_USER_NOTICE); trigger_error(__('Please change the value of \'Security.salt\' in app/config/core.php to a salt value specific to your application', true), E_USER_NOTICE);
} }
} }
/** /**

View file

@ -154,7 +154,7 @@ class Folder extends Object{
if (!in_array($n, $exceptions)) { if (!in_array($n, $exceptions)) {
$item = $n; $item = $n;
} }
} elseif ((!preg_match('#^\.+$#', $n) && $exceptions == false) || ($exceptions == true && !preg_match('#^\.(.*)$#', $n))) { } elseif ((!preg_match('/^\\.+$/', $n) && $exceptions == false) || ($exceptions == true && !preg_match('/^\\.(.*)$/', $n))) {
$item = $n; $item = $n;
} }
@ -244,7 +244,7 @@ class Folder extends Object{
* @static * @static
*/ */
function isWindowsPath($path) { function isWindowsPath($path) {
if (preg_match('#^[A-Z]:\\\#i', $path)) { if (preg_match('/^[A-Z]:\\\\/i', $path)) {
return true; return true;
} }
return false; return false;
@ -258,7 +258,7 @@ class Folder extends Object{
* @static * @static
*/ */
function isAbsolute($path) { function isAbsolute($path) {
$match = preg_match('#^\/#', $path) || preg_match('#^[A-Z]:\\\#i', $path); $match = preg_match('/^\\//', $path) || preg_match('/^[A-Z]:\\\\/i', $path);
return $match; return $match;
} }
/** /**
@ -270,7 +270,7 @@ class Folder extends Object{
* @static * @static
*/ */
function isSlashTerm($path) { function isSlashTerm($path) {
if (preg_match('#[\\\/]$#', $path)) { if (preg_match('/[\/\\\]$/', $path)) {
return true; return true;
} }
return false; return false;
@ -412,10 +412,11 @@ class Folder extends Object{
* Returns an array of nested directories and files in each directory * Returns an array of nested directories and files in each directory
* *
* @param string $path the directory path to build the tree from * @param string $path the directory path to build the tree from
* @return mixed array of nested directories and fiels in each directory * @param = boolean $hidden return hidden files and directories
* @return mixed array of nested directories and files in each directory
* @access public * @access public
*/ */
function tree($path) { function tree($path, $hidden = true) {
$path = rtrim($path, DS); $path = rtrim($path, DS);
$this->__files = array(); $this->__files = array();
$this->__directories = array($path); $this->__directories = array($path);
@ -423,7 +424,7 @@ class Folder extends Object{
while (count($this->__directories)) { while (count($this->__directories)) {
$dir = array_pop($this->__directories); $dir = array_pop($this->__directories);
$this->__tree($dir); $this->__tree($dir, $hidden);
array_push($directories, $dir); array_push($directories, $dir);
} }
@ -434,25 +435,30 @@ class Folder extends Object{
* Private method to list directories and files in each directory * Private method to list directories and files in each directory
* *
* @param string $path * @param string $path
* @param = boolean $hidden
* @access private * @access private
*/ */
function __tree($path) { function __tree($path, $hidden) {
if (is_dir($path)) { if (is_dir($path)) {
$dirHandle = @opendir($path); $dirHandle = @opendir($path);
while (false !== ($item = @readdir($dirHandle))) { while (false !== ($item = @readdir($dirHandle))) {
if ($item != '.' && $item != '..') { $found = false;
$item = $path . DS . $item;
if (is_dir($item)) { if (($hidden === true && $item != '.' && $item != '..') || ($hidden === false && !preg_match('/^\\.(.*)$/', $item))) {
array_push($this->__directories, $item); $found = $path . DS . $item;
}
if ($found !== false) {
if (is_dir($found)) {
array_push($this->__directories, $found);
} else { } else {
array_push($this->__files, $item); array_push($this->__files, $found);
} }
} }
} }
closedir($dirHandle);
} }
closedir($dirHandle);
} }
/** /**
* Create a directory structure recursively. * Create a directory structure recursively.

View file

@ -243,7 +243,7 @@ class ConnectionManager extends Object {
* *
*/ */
function __destruct() { function __destruct() {
if (CAKE_SESSION_SAVE == 'database' && function_exists('session_write_close')) { if (Configure::read('Session.save') == 'database' && function_exists('session_write_close')) {
session_write_close(); session_write_close();
} }
} }

View file

@ -66,7 +66,7 @@ class Security extends Object {
*/ */
function inactiveMins() { function inactiveMins() {
$_this =& Security::getInstance(); $_this =& Security::getInstance();
switch(CAKE_SECURITY) { switch(Configure::read('Security.level')) {
case 'high': case 'high':
return 10; return 10;
break; break;

View file

@ -80,7 +80,7 @@ class CakeSession extends Object {
*/ */
var $lastError = null; var $lastError = null;
/** /**
* CAKE_SECURITY setting, "high", "medium", or "low". * 'Security.level' setting, "high", "medium", or "low".
* *
* @var string * @var string
* @access public * @access public
@ -115,16 +115,13 @@ class CakeSession extends Object {
* @access public * @access public
*/ */
function __construct($base = null, $start = true) { function __construct($base = null, $start = true) {
if (!defined('CAKE_SESSION_TABLE')) {
define('CAKE_SESSION_TABLE', 'cake_sessions');
}
if (CAKE_SESSION_SAVE === 'database' && !class_exists('ConnectionManager')) { if (Configure::read('Session.save') === 'database' && !class_exists('ConnectionManager')) {
uses('model' . DS . 'connection_manager'); uses('model' . DS . 'connection_manager');
} }
if (env('HTTP_USER_AGENT') != null) { if (env('HTTP_USER_AGENT') != null) {
$this->_userAgent = md5(env('HTTP_USER_AGENT') . CAKE_SESSION_STRING); $this->_userAgent = md5(env('HTTP_USER_AGENT') . Configure::read('Security.salt'));
} else { } else {
$this->_userAgent = ""; $this->_userAgent = "";
} }
@ -143,17 +140,19 @@ class CakeSession extends Object {
$this->host = substr($this->host, 0, strpos($this->host, ':')); $this->host = substr($this->host, 0, strpos($this->host, ':'));
} }
$this->sessionTime = $this->time + (Security::inactiveMins() * CAKE_SESSION_TIMEOUT); if (!class_exists('Security')) {
$this->security = CAKE_SECURITY; uses('security');
}
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level');
if (function_exists('session_write_close')) { if (function_exists('session_write_close')) {
session_write_close(); session_write_close();
} }
$this->__initSession(); $this->__initSession();
session_cache_limiter ("must-revalidate"); $this->__startSession();
session_start();
header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
$this->__checkValid(); $this->__checkValid();
} }
parent::__construct(); parent::__construct();
@ -377,7 +376,7 @@ class CakeSession extends Object {
} }
if (isset($_COOKIE[session_name()])) { if (isset($_COOKIE[session_name()])) {
setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path); setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
} }
$_SESSION = array(); $_SESSION = array();
@ -409,7 +408,7 @@ class CakeSession extends Object {
break; break;
} }
switch(CAKE_SESSION_SAVE) { switch(Configure::read('Session.cookie')) {
case 'cake': case 'cake':
if (!isset($_SESSION)) { if (!isset($_SESSION)) {
if (function_exists('ini_set')) { if (function_exists('ini_set')) {
@ -417,7 +416,7 @@ class CakeSession extends Object {
ini_set('url_rewriter.tags', ''); ini_set('url_rewriter.tags', '');
ini_set('session.serialize_handler', 'php'); ini_set('session.serialize_handler', 'php');
ini_set('session.use_cookies', 1); ini_set('session.use_cookies', 1);
ini_set('session.name', CAKE_SESSION_COOKIE); ini_set('session.name', Configure::read('Session.cookie'));
ini_set('session.cookie_lifetime', $this->cookieLifeTime); ini_set('session.cookie_lifetime', $this->cookieLifeTime);
ini_set('session.cookie_path', $this->path); ini_set('session.cookie_path', $this->path);
ini_set('session.auto_start', 0); ini_set('session.auto_start', 0);
@ -433,7 +432,7 @@ class CakeSession extends Object {
ini_set('session.save_handler', 'user'); ini_set('session.save_handler', 'user');
ini_set('session.serialize_handler', 'php'); ini_set('session.serialize_handler', 'php');
ini_set('session.use_cookies', 1); ini_set('session.use_cookies', 1);
ini_set('session.name', CAKE_SESSION_COOKIE); ini_set('session.name', Configure::read('Session.cookie'));
ini_set('session.cookie_lifetime', $this->cookieLifeTime); ini_set('session.cookie_lifetime', $this->cookieLifeTime);
ini_set('session.cookie_path', $this->path); ini_set('session.cookie_path', $this->path);
ini_set('session.auto_start', 0); ini_set('session.auto_start', 0);
@ -450,7 +449,7 @@ class CakeSession extends Object {
if (!isset($_SESSION)) { if (!isset($_SESSION)) {
if (function_exists('ini_set')) { if (function_exists('ini_set')) {
ini_set('session.use_trans_sid', 0); ini_set('session.use_trans_sid', 0);
ini_set('session.name', CAKE_SESSION_COOKIE); ini_set('session.name', Configure::read('Session.cookie'));
ini_set('session.cookie_lifetime', $this->cookieLifeTime); ini_set('session.cookie_lifetime', $this->cookieLifeTime);
ini_set('session.cookie_path', $this->path); ini_set('session.cookie_path', $this->path);
} }
@ -458,7 +457,7 @@ class CakeSession extends Object {
break; break;
default: default:
if (!isset($_SESSION)) { if (!isset($_SESSION)) {
$config = CONFIGS . CAKE_SESSION_SAVE . '.php'; $config = CONFIGS . Configure::read('Session.cookie') . '.php';
if (is_file($config)) { if (is_file($config)) {
require_once ($config); require_once ($config);
@ -467,6 +466,22 @@ class CakeSession extends Object {
break; break;
} }
} }
/**
* Helper method to start a session
*
* @access private
*/
function __startSession() {
if (headers_sent()) {
if (!isset($_SESSION)) {
$_SESSION = array();
}
} else {
session_cache_limiter ("must-revalidate");
session_start();
header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
}
}
/** /**
* Helper method to create a new session. * Helper method to create a new session.
* *
@ -504,7 +519,7 @@ class CakeSession extends Object {
} }
if (isset($_COOKIE[session_name()])) { if (isset($_COOKIE[session_name()])) {
setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path); setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
} }
session_regenerate_id(); session_regenerate_id();
$newSessid = session_id(); $newSessid = session_id();
@ -590,7 +605,7 @@ class CakeSession extends Object {
*/ */
function __read($key) { function __read($key) {
$db =& ConnectionManager::getDataSource('default'); $db =& ConnectionManager::getDataSource('default');
$table = $db->fullTableName(CAKE_SESSION_TABLE, false); $table = $db->fullTableName(Configure::read('Session.table'), false);
$row = $db->query("SELECT " . $db->name($table.'.data') . " FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key), false); $row = $db->query("SELECT " . $db->name($table.'.data') . " FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key), false);
if ($row && !isset($row[0][$table]) && isset($row[0][0])) { if ($row && !isset($row[0][$table]) && isset($row[0][0])) {
@ -613,9 +628,9 @@ class CakeSession extends Object {
*/ */
function __write($key, $value) { function __write($key, $value) {
$db =& ConnectionManager::getDataSource('default'); $db =& ConnectionManager::getDataSource('default');
$table = $db->fullTableName(CAKE_SESSION_TABLE); $table = $db->fullTableName(Configure::read('Session.table'));
switch(CAKE_SECURITY) { switch(Configure::read('Security.level')) {
case 'high': case 'high':
$factor = 10; $factor = 10;
break; break;
@ -629,7 +644,7 @@ class CakeSession extends Object {
$factor = 10; $factor = 10;
break; break;
} }
$expires = time() + CAKE_SESSION_TIMEOUT * $factor; $expires = time() + Configure::read('Session.timeout') * $factor;
$row = $db->query("SELECT COUNT(id) AS count FROM " . $db->name($table) . " WHERE " $row = $db->query("SELECT COUNT(id) AS count FROM " . $db->name($table) . " WHERE "
. $db->name('id') . " = " . $db->name('id') . " = "
. $db->value($key), false); . $db->value($key), false);
@ -656,7 +671,7 @@ class CakeSession extends Object {
*/ */
function __destroy($key) { function __destroy($key) {
$db =& ConnectionManager::getDataSource('default'); $db =& ConnectionManager::getDataSource('default');
$table = $db->fullTableName(CAKE_SESSION_TABLE); $table = $db->fullTableName(Configure::read('Session.table'));
$db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key, 'integer')); $db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key, 'integer'));
return true; return true;
} }
@ -669,9 +684,9 @@ class CakeSession extends Object {
*/ */
function __gc($expires = null) { function __gc($expires = null) {
$db =& ConnectionManager::getDataSource('default'); $db =& ConnectionManager::getDataSource('default');
$table = $db->fullTableName(CAKE_SESSION_TABLE); $table = $db->fullTableName(Configure::read('Session.table'));
$db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.expires') . " < ". $db->value(time())); $db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.expires') . " < ". $db->value(time()));
return true; return true;
} }
} }
?> ?>

View file

@ -283,7 +283,7 @@ class FormHelper extends AppHelper {
} }
} }
ksort($fields); ksort($fields);
$append .= $this->hidden('_Token.fields', array('value' => urlencode(Security::hash(serialize($fields) . CAKE_SESSION_STRING)), 'id' => 'TokenFields' . mt_rand())); $append .= $this->hidden('_Token.fields', array('value' => urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt'))), 'id' => 'TokenFields' . mt_rand()));
$append .= '</p>'; $append .= '</p>';
return $append; return $append;
} }
@ -852,15 +852,16 @@ class FormHelper extends AppHelper {
$options = $this->__initInputField($fieldName, $options); $options = $this->__initInputField($fieldName, $options);
$model = $this->model(); $model = $this->model();
$value = ''; $value = '';
$key = '_' . $model;
if (isset($this->params['_Token']) && !empty($this->params['_Token'])) { if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
$options['name'] = str_replace($model, '_' . $model, $options['name']); $options['name'] = str_replace($model, $key, $options['name']);
} }
if (!empty($options['value']) || $options['value'] === '0') { if (!empty($options['value']) || $options['value'] === '0') {
$value = $options['value']; $value = $options['value'];
} }
$this->__secure($model, $value); $this->__secure($key, $value);
/*if (in_array($fieldName, array('_method', '_fields'))) { /*if (in_array($fieldName, array('_method', '_fields'))) {
$model = null; $model = null;

View file

@ -57,14 +57,14 @@ class SessionHelper extends CakeSession {
* @param string $base * @param string $base
*/ */
function __construct($base = null) { function __construct($base = null) {
if (!defined('AUTO_SESSION') || AUTO_SESSION === true) { if (Configure::read('Session.start') === true) {
parent::__construct($base, false); parent::__construct($base, false);
} else { } else {
$this->__active = false; $this->__active = false;
} }
} }
/** /**
* Turn sessions on if AUTO_SESSION is set to false in core.php * Turn sessions on if 'Session.start' is set to false in core.php
* *
* @param string $base * @param string $base
*/ */

View file

@ -416,7 +416,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'some_pages/redirect/param:value/param2:value2'; $url = 'some_pages/redirect/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return' => 1)); $controller = $dispatcher->dispatch($url, array('return' => 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'privateAction'; $expected = 'privateAction';
@ -429,7 +429,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'some_pages/home/param:value/param2:value2'; $url = 'some_pages/home/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return'=> 1)); $controller = $dispatcher->dispatch($url, array('return'=> 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'missingAction'; $expected = 'missingAction';
$this->assertEqual($expected, $controller); $this->assertEqual($expected, $controller);
@ -441,7 +441,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'pages/home/param:value/param2:value2'; $url = 'pages/home/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return' => 1)); $controller = $dispatcher->dispatch($url, array('return' => 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'Pages'; $expected = 'Pages';
@ -462,7 +462,7 @@ class DispatcherTest extends UnitTestCase {
$Router =& Router::getInstance(); $Router =& Router::getInstance();
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return' => 1)); $controller = $dispatcher->dispatch($url, array('return' => 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'TestDispatchPages'; $expected = 'TestDispatchPages';
@ -492,7 +492,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'my_plugin/some_pages/home/param:value/param2:value2'; $url = 'my_plugin/some_pages/home/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return' => 1)); $controller = $dispatcher->dispatch($url, array('return' => 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
@ -534,7 +534,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'my_plugin/other_pages/index/param:value/param2:value2'; $url = 'my_plugin/other_pages/index/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return'=> 1)); $controller = $dispatcher->dispatch($url, array('return'=> 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'my_plugin'; $expected = 'my_plugin';
@ -566,7 +566,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'my_plugin/add/param:value/param2:value2'; $url = 'my_plugin/add/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return' => 1)); $controller = $dispatcher->dispatch($url, array('return' => 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'my_plugin'; $expected = 'my_plugin';
@ -615,7 +615,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'my_plugin/param:value/param2:value2'; $url = 'my_plugin/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return'=> 1)); $controller = $dispatcher->dispatch($url, array('return'=> 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'missingAction'; $expected = 'missingAction';
@ -634,7 +634,7 @@ class DispatcherTest extends UnitTestCase {
$url = 'test_dispatch_pages/admin_index/param:value/param2:value2'; $url = 'test_dispatch_pages/admin_index/param:value/param2:value2';
restore_error_handler(); restore_error_handler();
@$controller = $dispatcher->dispatch($url, array('return' => 1)); $controller = $dispatcher->dispatch($url, array('return' => 1));
set_error_handler('simpleTestErrorHandler'); set_error_handler('simpleTestErrorHandler');
$expected = 'privateAction'; $expected = 'privateAction';
@ -645,4 +645,4 @@ class DispatcherTest extends UnitTestCase {
$_GET = $this->_get; $_GET = $this->_get;
} }
} }
?> ?>

View file

@ -29,6 +29,7 @@
uses('controller' . DS . 'components' . DS .'auth', 'controller' . DS . 'components' . DS .'acl'); uses('controller' . DS . 'components' . DS .'auth', 'controller' . DS . 'components' . DS .'acl');
uses('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl'); uses('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl');
Configure::write('Security.salt', 'JfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
/** /**
* Short description for class. * Short description for class.
* *
@ -124,7 +125,7 @@ class AuthTest extends CakeTestCase {
$this->AuthUser =& new AuthUser(); $this->AuthUser =& new AuthUser();
$user['id'] = 1; $user['id'] = 1;
$user['username'] = 'mariano'; $user['username'] = 'mariano';
$user['password'] = Security::hash(CAKE_SESSION_STRING . 'cake'); $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
$this->AuthUser->save($user, false); $this->AuthUser->save($user, false);
$authUser = $this->AuthUser->find(); $authUser = $this->AuthUser->find();
@ -253,7 +254,11 @@ class AuthTest extends CakeTestCase {
} }
function testLoginRedirect() { function testLoginRedirect() {
$backup = $_SERVER['HTTP_REFERER']; if (isset($_SERVER['HTTP_REFERER'])) {
$backup = $_SERVER['HTTP_REFERER'];
} else {
$backup = null;
}
$_SERVER['HTTP_REFERER'] = false; $_SERVER['HTTP_REFERER'] = false;
@ -305,7 +310,7 @@ class AuthTest extends CakeTestCase {
$this->AuthUser =& new AuthUser(); $this->AuthUser =& new AuthUser();
$user['id'] = 1; $user['id'] = 1;
$user['username'] = 'mariano'; $user['username'] = 'mariano';
$user['password'] = Security::hash(CAKE_SESSION_STRING . 'cake'); $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
$this->AuthUser->save($user, false); $this->AuthUser->save($user, false);
$authUser = $this->AuthUser->find(); $authUser = $this->AuthUser->find();

View file

@ -27,16 +27,148 @@
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
*/ */
uses('controller' . DS . 'components' . DS .'security'); uses('controller' . DS . 'components' . DS .'security');
/**
* Short description for class.
*
* @package cake.tests
* @subpackage cake.tests.cases.libs.controller.components
*/
class SecurityTestController extends Controller {
var $name = 'SecurityTest';
var $components = array('Security');
function redirect($option, $code, $exit) {
return $code;
}
}
/** /**
* Short description for class. * Short description for class.
* *
* @package cake.tests * @package cake.tests
* @subpackage cake.tests.cases.libs.controller.components * @subpackage cake.tests.cases.libs.controller.components
*/ */
class SecurityComponentTest extends CakeTestCase { class SecurityComponentTest extends CakeTestCase {
function skip() { function setUp() {
$this->skipif (true, 'SecurityComponentTest not implemented'); $this->Controller =& new SecurityTestController();
restore_error_handler();
@$this->Controller->_initComponents();
set_error_handler('simpleTestErrorHandler');
}
function testStartup() {
$this->Controller->Security->startup($this->Controller);
$result = $this->Controller->params['_Token']['key'];
$this->assertNotNull($result);
$this->assertTrue($this->Controller->Session->check('_Token'));
}
function testValidatePostSimple() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$data['Model']['username'] = '';
$data['Model']['password'] = '';
$data['__Token']['key'] = $key;
$fields = array('Model' => array('username','password'),
'__Token' => array('key' => $key));
$fields = $this->__sortFields($fields);
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$data['__Token']['fields'] = $fields;
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
}
function testValidatePostCheckbox() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$data['Model']['username'] = '';
$data['Model']['password'] = '';
$data['_Model']['valid'] = '0';
$data['__Token']['key'] = $key;
$fields = array('Model' => array('username', 'password', 'valid'),
'_Model' => array('valid' => '0'),
'__Token' => array('key' => $key));
$fields = $this->__sortFields($fields);
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$data['__Token']['fields'] = $fields;
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
}
function testValidatePostHidden() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$data['Model']['username'] = '';
$data['Model']['password'] = '';
$data['_Model']['hidden'] = '0';
$data['__Token']['key'] = $key;
$fields = array('Model' => array('username', 'password', 'hidden'),
'_Model' => array('hidden' => '0'),
'__Token' => array('key' => $key));
$fields = $this->__sortFields($fields);
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$data['__Token']['fields'] = $fields;
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
}
function testValidateHiddenMultipleModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$data['Model']['username'] = '';
$data['Model']['password'] = '';
$data['_Model']['valid'] = '0';
$data['_Model2']['valid'] = '0';
$data['_Model3']['valid'] = '0';
$data['__Token']['key'] = $key;
$fields = array('Model' => array('username', 'password', 'valid'),
'Model2'=> array('valid'),
'Model3'=> array('valid'),
'_Model2'=> array('valid' => '0'),
'_Model3'=> array('valid' => '0'),
'_Model' => array('valid' => '0'),
'__Token' => array('key' => $key));
$fields = $this->__sortFields($fields);
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$data['__Token']['fields'] = $fields;
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
}
function __sortFields($fields) {
foreach ($fields as $key => $value) {
if(strpos($key, '_') !== 0) {
sort($fields[$key]);
}
}
ksort($fields);
return $fields;
} }
} }
?> ?>

View file

@ -44,19 +44,6 @@ class FolderTest extends UnitTestCase {
$result = $Folder->pwd(); $result = $Folder->pwd();
$this->assertEqual($result, $path); $this->assertEqual($result, $path);
$result = $Folder->isWindowsPath($path);
$expected = (DS == '\\' ? true : false);
$this->assertEqual($result, $expected);
$result = $Folder->isAbsolute($path);
$this->assertTrue($result);
$result = $Folder->isSlashTerm($path);
$this->assertFalse($result);
$result = $Folder->isSlashTerm($path . DS);
$this->assertTrue($result);
$result = $Folder->addPathElement($path, 'test'); $result = $Folder->addPathElement($path, 'test');
$expected = $path . DS . 'test'; $expected = $path . DS . 'test';
$this->assertEqual($result, $expected); $this->assertEqual($result, $expected);
@ -132,12 +119,76 @@ class FolderTest extends UnitTestCase {
$result = $Folder->create($new); $result = $Folder->create($new);
$this->assertTrue($result); $this->assertTrue($result);
$result = $Folder->read(true, '.'); $result = $Folder->read(true);
$expected = array(array('0', 'cache', 'logs', 'sessions', 'tests'), array()); $expected = array(array('0', 'cache', 'logs', 'sessions', 'tests'), array());
$this->assertEqual($expected, $result); $this->assertEqual($expected, $result);
$result = $Folder->read(true, array('.', '..', 'logs'));
$expected = array(array('0', 'cache', 'sessions', 'tests'), array());
$this->assertEqual($expected, $result);
$result = $Folder->delete($new); $result = $Folder->delete($new);
$this->assertTrue($result); $this->assertTrue($result);
} }
function testFolderRead() {
$Folder =& new Folder(TMP);
$expected = array('cache', 'logs', 'sessions', 'tests');
$results = $Folder->read();
$this->assertEqual($results[0], $expected);
}
function testFolderTree() {
$Folder =& new Folder();
$expected = array(array(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding'),
array(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'config.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'paths.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0000_007f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0080_00ff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0100_017f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0180_024F.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0300_036f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0370_03ff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0400_04ff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0500_052f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '0530_058f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '10400_1044f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '10a0_10ff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '1e00_1eff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '1f00_1fff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '2100_214f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '2150_218f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '2460_24ff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '2c00_2c5f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '2c60_2c7f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . '2c80_2cff.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . 'fb00_fb4f.php',
CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config' . DS . 'unicode' . DS . 'casefolding' . DS . 'ff00_ffef.php'));
$results = $Folder->tree(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'config', false);
$this->assertEqual($results, $expected);
}
function testWindowsPath(){
$Folder =& new Folder();
$this->assertTrue($Folder->isWindowsPath('C:\cake'));
$this->assertTrue($Folder->isWindowsPath('c:\cake'));
}
function testIsAbsolute(){
$Folder =& new Folder();
$this->assertTrue($Folder->isAbsolute('C:\cake'));
$this->assertTrue($Folder->isAbsolute('/usr/local'));
$this->assertFalse($Folder->isAbsolute('cake/'));
}
function testIsSlashTerm(){
$Folder =& new Folder();
$this->assertTrue($Folder->isSlashTerm('C:\cake\\'));
$this->assertTrue($Folder->isSlashTerm('/usr/local/'));
$this->assertFalse($Folder->isSlashTerm('cake'));
}
} }
?> ?>

View file

@ -49,7 +49,7 @@ class TestManager {
} }
function _installSimpleTest() { function _installSimpleTest() {
vendor('simpletest'.DS.'unit_tester', 'simpletest'.DS.'web_tester', 'simpletest'.DS.'mock_objects'); vendor('simpletest'.DS.'unit_tester', 'simpletest'.DS.'mock_objects', 'simpletest'.DS.'web_tester');
require_once(LIB_TESTS . 'cake_web_test_case.php'); require_once(LIB_TESTS . 'cake_web_test_case.php');
require_once(LIB_TESTS . 'cake_test_case.php'); require_once(LIB_TESTS . 'cake_test_case.php');
} }
@ -74,7 +74,7 @@ class TestManager {
foreach ($testCases as $testCase) { foreach ($testCases as $testCase) {
$test->addTestFile($testCase); $test->addTestFile($testCase);
} }
$test->run($reporter); return $test->run($reporter);
} }
function runTestCase($testCaseFile, &$reporter) { function runTestCase($testCaseFile, &$reporter) {
@ -90,7 +90,7 @@ class TestManager {
} }
$test =& new GroupTest("Individual test case: " . $testCaseFile); $test =& new GroupTest("Individual test case: " . $testCaseFile);
$test->addTestFile($testCaseFileWithPath); $test->addTestFile($testCaseFileWithPath);
$test->run($reporter); return $test->run($reporter);
} }
function runGroupTest($groupTestName, $groupTestDirectory, &$reporter) { function runGroupTest($groupTestName, $groupTestDirectory, &$reporter) {
@ -104,7 +104,6 @@ class TestManager {
require_once $filePath; require_once $filePath;
$test =& new GroupTest($groupTestName . ' group test'); $test =& new GroupTest($groupTestName . ' group test');
foreach ($manager->_getGroupTestClassNames($filePath) as $groupTest) { foreach ($manager->_getGroupTestClassNames($filePath) as $groupTest) {
$testCase = new $groupTest(); $testCase = new $groupTest();
$test->addTestCase($testCase); $test->addTestCase($testCase);
@ -112,7 +111,7 @@ class TestManager {
$test->_label = $testCase->label; $test->_label = $testCase->label;
} }
} }
$test->run($reporter); return $test->run($reporter);
} }
function addTestCasesFromDirectory(&$groupTest, $directory = '.') { function addTestCasesFromDirectory(&$groupTest, $directory = '.') {
@ -365,4 +364,4 @@ class HtmlTestManager extends TestManager {
return $buffer; return $buffer;
} }
} }
?> ?>