From 17c3358d772cd0459431105207e0041297bbbc70 Mon Sep 17 00:00:00 2001 From: mark_story Date: Tue, 29 Sep 2015 21:41:33 -0400 Subject: [PATCH 01/15] Revert part of the changes in 1ede742d92 These variables are used by the HTML test reporter. --- lib/Cake/TestSuite/Reporter/CakeHtmlReporter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Cake/TestSuite/Reporter/CakeHtmlReporter.php b/lib/Cake/TestSuite/Reporter/CakeHtmlReporter.php index d877d556f..3e68005f3 100644 --- a/lib/Cake/TestSuite/Reporter/CakeHtmlReporter.php +++ b/lib/Cake/TestSuite/Reporter/CakeHtmlReporter.php @@ -58,7 +58,7 @@ class CakeHtmlReporter extends CakeBaseReporter { */ public function paintDocumentStart() { ob_start(); - $this->params['baseDir']; + $baseDir = $this->params['baseDir']; include CAKE . 'TestSuite' . DS . 'templates' . DS . 'header.php'; } @@ -69,7 +69,7 @@ class CakeHtmlReporter extends CakeBaseReporter { * @return void */ public function paintTestMenu() { - $this->baseUrl() . '?show=cases'; + $cases = $this->baseUrl() . '?show=cases'; $plugins = App::objects('plugin', null, false); sort($plugins); include CAKE . 'TestSuite' . DS . 'templates' . DS . 'menu.php'; From e2c303b2b92129d3761ba6d2853bab13b0f35b9d Mon Sep 17 00:00:00 2001 From: Ian den Hartog Date: Thu, 1 Oct 2015 21:47:30 +0200 Subject: [PATCH 02/15] Add support for Self Signed certificates with smtp --- lib/Cake/Network/CakeSocket.php | 14 ++++++++++++++ lib/Cake/Network/Email/SmtpTransport.php | 6 +++++- lib/Cake/Test/Case/Network/Email/CakeEmailTest.php | 3 ++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index aebdee191..13ce21be0 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -406,5 +406,19 @@ class CakeSocket { throw new SocketException($errorMessage); } +/** + * Accept Self-signed certificate on current stream socket + * + * @return bool True on success + * @see stream_context_set_option + */ + public function enableSelfSigned() { + $options['ssl'] = array( + 'allow_self_signed' => true, + 'verify_peer' => false, + 'verify_peer_name' => false + ); + return stream_context_set_option($this->connection, $options); + } } diff --git a/lib/Cake/Network/Email/SmtpTransport.php b/lib/Cake/Network/Email/SmtpTransport.php index 73af32b46..ab9a00755 100644 --- a/lib/Cake/Network/Email/SmtpTransport.php +++ b/lib/Cake/Network/Email/SmtpTransport.php @@ -118,7 +118,8 @@ class SmtpTransport extends AbstractTransport { 'username' => null, 'password' => null, 'client' => null, - 'tls' => false + 'tls' => false, + 'selfSigned' => false ); $this->_config = array_merge($default, $this->_config, $config); return $this->_config; @@ -168,6 +169,9 @@ class SmtpTransport extends AbstractTransport { $this->_smtpSend("EHLO {$host}", '250'); if ($this->_config['tls']) { $this->_smtpSend("STARTTLS", '220'); + if ($this->_config['selfSigned']) { + $this->_socket->enableSelfSigned(); + } $this->_socket->enableCrypto('tls'); $this->_smtpSend("EHLO {$host}", '250'); } diff --git a/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php b/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php index a86412ce6..0243db242 100644 --- a/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php +++ b/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php @@ -946,7 +946,8 @@ class CakeEmailTest extends CakeTestCase { 'username' => null, 'password' => null, 'client' => null, - 'tls' => false + 'tls' => false, + 'selfSigned' => false ); $this->assertEquals($expected, $this->CakeEmail->transportClass()->config()); From 3fa5c4ff9406309aa52dcf5ef604ebbcae882dd6 Mon Sep 17 00:00:00 2001 From: mark_story Date: Thu, 1 Oct 2015 21:03:56 -0400 Subject: [PATCH 03/15] Update version number to 2.7.5 --- lib/Cake/VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Cake/VERSION.txt b/lib/Cake/VERSION.txt index da75153a0..dbae9b960 100644 --- a/lib/Cake/VERSION.txt +++ b/lib/Cake/VERSION.txt @@ -17,4 +17,4 @@ // @license http://www.opensource.org/licenses/mit-license.php MIT License // +--------------------------------------------------------------------------------------------+ // //////////////////////////////////////////////////////////////////////////////////////////////////// -2.7.4 +2.7.5 From 506051f688431f6234edfb818c191f1d7a9df384 Mon Sep 17 00:00:00 2001 From: mark_story Date: Thu, 1 Oct 2015 21:46:21 -0400 Subject: [PATCH 04/15] Correct input generation for postgres numeric types. Numeric types in postgres are treated like decimals, except they can have no length, precision or scale components defined. IE does not accept 1.00000 as a valid step attribute so we'll default to any when we encounter decimal types with no length. Refs #7497 --- lib/Cake/Test/Case/View/Helper/FormHelperTest.php | 12 ++++++++++++ lib/Cake/View/Helper/FormHelper.php | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index 1058bc72f..535396b6b 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -353,6 +353,7 @@ class ValidateUser extends CakeTestModel { 'email' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'), 'balance' => array('type' => 'float', 'null' => false, 'length' => '5,2'), 'cost_decimal' => array('type' => 'decimal', 'null' => false, 'length' => '6,3'), + 'null_decimal' => array('type' => 'decimal', 'null' => false, 'length' => null), 'ratio' => array('type' => 'decimal', 'null' => false, 'length' => '10,6'), 'population' => array('type' => 'decimal', 'null' => false, 'length' => '15,0'), 'created' => array('type' => 'date', 'null' => '1', 'default' => '', 'length' => ''), @@ -2045,6 +2046,17 @@ class FormHelperTest extends CakeTestCase { ); $this->assertTags($result, $expected); + $result = $this->Form->input('ValidateUser.null_decimal'); + $expected = array( + 'div' => array('class'), + 'label' => array('for'), + 'Null Decimal', + '/label', + 'input' => array('name', 'type' => 'number', 'step' => 'any', 'id'), + '/div', + ); + $this->assertTags($result, $expected); + $result = $this->Form->input('ValidateUser.ratio'); $expected = array( 'div' => array('class'), diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index 4f56e515b..3d1860688 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -1209,10 +1209,10 @@ class FormHelper extends AppHelper { if ($options['type'] === 'number' && !isset($options['step']) ) { - if ($type === 'decimal') { + if ($type === 'decimal' && isset($fieldDef['length'])) { $decimalPlaces = substr($fieldDef['length'], strpos($fieldDef['length'], ',') + 1); $options['step'] = sprintf('%.' . $decimalPlaces . 'F', pow(10, -1 * $decimalPlaces)); - } elseif ($type === 'float') { + } elseif ($type === 'float' || $type === 'decimal') { $options['step'] = 'any'; } } From 5c722c666578df3e9710ae60372837c597b88099 Mon Sep 17 00:00:00 2001 From: Ian den Hartog Date: Fri, 2 Oct 2015 10:04:17 +0200 Subject: [PATCH 05/15] Fix peer verification --- lib/Cake/Network/CakeSocket.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index 13ce21be0..56c370494 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -413,12 +413,7 @@ class CakeSocket { * @see stream_context_set_option */ public function enableSelfSigned() { - $options['ssl'] = array( - 'allow_self_signed' => true, - 'verify_peer' => false, - 'verify_peer_name' => false - ); - return stream_context_set_option($this->connection, $options); + return stream_context_set_option($this->connection, 'ssl', 'allow_self_signed', true); } } From bb7e7850ae6205c2d474cfc534efc1ec8e10cfe3 Mon Sep 17 00:00:00 2001 From: Ian den Hartog Date: Fri, 2 Oct 2015 16:17:26 +0200 Subject: [PATCH 06/15] Add test for Self-signed certificates --- lib/Cake/Network/CakeSocket.php | 1 + lib/Cake/Test/Case/Network/CakeSocketTest.php | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index 56c370494..7adff35bb 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -410,6 +410,7 @@ class CakeSocket { * Accept Self-signed certificate on current stream socket * * @return bool True on success + * @link http://php.net/manual/en/context.ssl.php About the 'allow_self_signed' option. * @see stream_context_set_option */ public function enableSelfSigned() { diff --git a/lib/Cake/Test/Case/Network/CakeSocketTest.php b/lib/Cake/Test/Case/Network/CakeSocketTest.php index 1d095e8da..91cc1f4d4 100644 --- a/lib/Cake/Test/Case/Network/CakeSocketTest.php +++ b/lib/Cake/Test/Case/Network/CakeSocketTest.php @@ -349,6 +349,18 @@ class CakeSocketTest extends CakeTestCase { $this->assertTrue($this->Socket->encrypted); } +/** + * testEnableCryptoSelfSigned + * + * @return void + */ + public function testEnableCryptoSelfSigned() { + $this->_connectSocketToSslTls(); + $this->assertTrue($this->Socket->enableSelfSigned()); + $this->assertTrue($this->Socket->enableCrypto('tls', 'client')); + $this->Socket->disconnect(); + } + /** * test getting the context for a socket. * From 86da57d2be98ff2b4798b63ea2b837d41a4b2b82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20W=C3=BCrth?= Date: Sun, 4 Oct 2015 15:38:48 +0200 Subject: [PATCH 07/15] Minor improvements to the front controller --- app/webroot/index.php | 10 +++------- .../Console/Templates/skel/webroot/index.php | 19 ++++++++++++------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/app/webroot/index.php b/app/webroot/index.php index a6481b24a..2bf59fd46 100644 --- a/app/webroot/index.php +++ b/app/webroot/index.php @@ -1,7 +1,5 @@ Date: Tue, 6 Oct 2015 10:10:34 +0200 Subject: [PATCH 08/15] Change names --- lib/Cake/Network/CakeSocket.php | 2 +- lib/Cake/Network/Email/SmtpTransport.php | 6 +++--- lib/Cake/Test/Case/Network/CakeSocketTest.php | 2 +- lib/Cake/Test/Case/Network/Email/CakeEmailTest.php | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index 7adff35bb..2ad6832dc 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -413,7 +413,7 @@ class CakeSocket { * @link http://php.net/manual/en/context.ssl.php About the 'allow_self_signed' option. * @see stream_context_set_option */ - public function enableSelfSigned() { + public function allowSelfSigned() { return stream_context_set_option($this->connection, 'ssl', 'allow_self_signed', true); } } diff --git a/lib/Cake/Network/Email/SmtpTransport.php b/lib/Cake/Network/Email/SmtpTransport.php index ab9a00755..3f4144a65 100644 --- a/lib/Cake/Network/Email/SmtpTransport.php +++ b/lib/Cake/Network/Email/SmtpTransport.php @@ -119,7 +119,7 @@ class SmtpTransport extends AbstractTransport { 'password' => null, 'client' => null, 'tls' => false, - 'selfSigned' => false + 'ssl_allow_self_signed' => false ); $this->_config = array_merge($default, $this->_config, $config); return $this->_config; @@ -169,8 +169,8 @@ class SmtpTransport extends AbstractTransport { $this->_smtpSend("EHLO {$host}", '250'); if ($this->_config['tls']) { $this->_smtpSend("STARTTLS", '220'); - if ($this->_config['selfSigned']) { - $this->_socket->enableSelfSigned(); + if ($this->_config['ssl_allow_self_signed']) { + $this->_socket->allowSelfSigned(); } $this->_socket->enableCrypto('tls'); $this->_smtpSend("EHLO {$host}", '250'); diff --git a/lib/Cake/Test/Case/Network/CakeSocketTest.php b/lib/Cake/Test/Case/Network/CakeSocketTest.php index 91cc1f4d4..ff975564d 100644 --- a/lib/Cake/Test/Case/Network/CakeSocketTest.php +++ b/lib/Cake/Test/Case/Network/CakeSocketTest.php @@ -356,7 +356,7 @@ class CakeSocketTest extends CakeTestCase { */ public function testEnableCryptoSelfSigned() { $this->_connectSocketToSslTls(); - $this->assertTrue($this->Socket->enableSelfSigned()); + $this->assertTrue($this->Socket->allowSelfSigned()); $this->assertTrue($this->Socket->enableCrypto('tls', 'client')); $this->Socket->disconnect(); } diff --git a/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php b/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php index 0243db242..d27f2f709 100644 --- a/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php +++ b/lib/Cake/Test/Case/Network/Email/CakeEmailTest.php @@ -947,7 +947,7 @@ class CakeEmailTest extends CakeTestCase { 'password' => null, 'client' => null, 'tls' => false, - 'selfSigned' => false + 'ssl_allow_self_signed' => false ); $this->assertEquals($expected, $this->CakeEmail->transportClass()->config()); From f57cdb7568d4998ad5e94d06d2b599f74210adda Mon Sep 17 00:00:00 2001 From: Mohsen Date: Wed, 7 Oct 2015 15:07:37 +0330 Subject: [PATCH 09/15] PaginatorHelper::meta() skips url parameters and disrespects defined routes PaginatorHelper::meta() skips url parameters (passed and named) which results in urls not respecting defined routes. It means PaginatorHelper::meta() does not generate same url as PaginatorHelper::prev() & PaginatorHelper::next(). --- lib/Cake/View/Helper/PaginatorHelper.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/Cake/View/Helper/PaginatorHelper.php b/lib/Cake/View/Helper/PaginatorHelper.php index f5e3e72f2..43b49d13d 100644 --- a/lib/Cake/View/Helper/PaginatorHelper.php +++ b/lib/Cake/View/Helper/PaginatorHelper.php @@ -988,17 +988,18 @@ class PaginatorHelper extends AppHelper { public function meta($options = array()) { $model = isset($options['model']) ? $options['model'] : null; $params = $this->params($model); + $urlOptions = isset($this->options['url']) ? $this->options['url'] : array(); $links = array(); if ($this->hasPrev()) { $links[] = $this->Html->meta(array( 'rel' => 'prev', - 'link' => $this->url(array('page' => $params['page'] - 1), true) + 'link' => $this->url(array_merge($urlOptions, array('page' => $params['page'] - 1)), true) )); } if ($this->hasNext()) { $links[] = $this->Html->meta(array( 'rel' => 'next', - 'link' => $this->url(array('page' => $params['page'] + 1), true) + 'link' => $this->url(array_merge($urlOptions, array('page' => $params['page'] + 1)), true) )); } $out = implode($links); From de8aed534f0b60b20159ccd9844ebaa38c468756 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20W=C3=BCrth?= Date: Thu, 8 Oct 2015 16:31:01 +0200 Subject: [PATCH 10/15] Add false as return value of field() + improve DocBlocks --- lib/Cake/Model/Datasource/DboSource.php | 6 +++--- lib/Cake/Model/Model.php | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/Cake/Model/Datasource/DboSource.php b/lib/Cake/Model/Datasource/DboSource.php index a01cee654..3153e851c 100644 --- a/lib/Cake/Model/Datasource/DboSource.php +++ b/lib/Cake/Model/Datasource/DboSource.php @@ -739,9 +739,9 @@ class DboSource extends DataSource { /** * Returns a single field of the first of query results for a given SQL query, or false if empty. * - * @param string $name Name of the field - * @param string $sql SQL query - * @return mixed Value of field read. + * @param string $name The name of the field to get. + * @param string $sql The SQL query. + * @return mixed Value of field read, or false if not found. */ public function field($name, $sql) { $data = $this->fetchRow($sql); diff --git a/lib/Cake/Model/Model.php b/lib/Cake/Model/Model.php index 23f39d7cc..685332b49 100644 --- a/lib/Cake/Model/Model.php +++ b/lib/Cake/Model/Model.php @@ -1636,13 +1636,13 @@ class Model extends Object implements CakeEventListener { } /** - * Returns the contents of a single field given the supplied conditions, in the - * supplied order. + * Returns the content of a single field given the supplied conditions, + * of the first record in the supplied order. * - * @param string $name Name of field to get - * @param array $conditions SQL conditions (defaults to NULL) - * @param string $order SQL ORDER BY fragment - * @return string field contents, or false if not found + * @param string $name The name of the field to get. + * @param array $conditions SQL conditions (defaults to NULL). + * @param string $order SQL ORDER BY fragment. + * @return string|false Field content, or false if not found. * @link http://book.cakephp.org/2.0/en/models/retrieving-your-data.html#model-field */ public function field($name, $conditions = null, $order = null) { From ed410dd12cbb7ede3d0813157a756ba840240486 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20W=C3=BCrth?= Date: Sat, 10 Oct 2015 15:49:00 +0200 Subject: [PATCH 11/15] Do not mix void with other return types Inspired by #7527 --- lib/Cake/Controller/Component.php | 2 +- lib/Cake/Model/Datasource/DboSource.php | 2 +- lib/Cake/Routing/Router.php | 4 ++-- lib/Cake/View/Helper/PaginatorHelper.php | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/Cake/Controller/Component.php b/lib/Cake/Controller/Component.php index 4b81d8fe5..e395aded2 100644 --- a/lib/Cake/Controller/Component.php +++ b/lib/Cake/Controller/Component.php @@ -155,7 +155,7 @@ class Component extends Object { * @param string|array $url Either the string or URL array that is being redirected to. * @param int $status The status code of the redirect * @param bool $exit Will the script exit. - * @return array|void Either an array or null. + * @return array|null Either an array or null. * @link http://book.cakephp.org/2.0/en/controllers/components.html#Component::beforeRedirect */ public function beforeRedirect(Controller $controller, $url, $status = null, $exit = true) { diff --git a/lib/Cake/Model/Datasource/DboSource.php b/lib/Cake/Model/Datasource/DboSource.php index 3153e851c..75a18dcf4 100644 --- a/lib/Cake/Model/Datasource/DboSource.php +++ b/lib/Cake/Model/Datasource/DboSource.php @@ -3209,7 +3209,7 @@ class DboSource extends DataSource { * * @param string $table The name of the table to update. * @param string $column The column to use when resetting the sequence value. - * @return bool|void success. + * @return bool Success. */ public function resetSequence($table, $column) { } diff --git a/lib/Cake/Routing/Router.php b/lib/Cake/Routing/Router.php index cfc9bbd1c..5575fb6f0 100644 --- a/lib/Cake/Routing/Router.php +++ b/lib/Cake/Routing/Router.php @@ -207,8 +207,8 @@ class Router { /** * Set the default route class to use or return the current one * - * @param string $routeClass to set as default - * @return mixed void|string + * @param string $routeClass The route class to set as default. + * @return string|null The default route class. * @throws RouterException */ public static function defaultRouteClass($routeClass = null) { diff --git a/lib/Cake/View/Helper/PaginatorHelper.php b/lib/Cake/View/Helper/PaginatorHelper.php index f5e3e72f2..7998a0037 100644 --- a/lib/Cake/View/Helper/PaginatorHelper.php +++ b/lib/Cake/View/Helper/PaginatorHelper.php @@ -980,10 +980,10 @@ class PaginatorHelper extends AppHelper { * ### Options: * * - `model` The model to use defaults to PaginatorHelper::defaultModel() - * - `block` The block name to append the output to, or false/absenst to return as a string + * - `block` The block name to append the output to, or false/absent to return as a string * - * @param array $options Array of options - * @return string|void Meta links + * @param array $options Array of options. + * @return string|null Meta links. */ public function meta($options = array()) { $model = isset($options['model']) ? $options['model'] : null; From 29490eb84f4491a68c45bed515a2715148301114 Mon Sep 17 00:00:00 2001 From: mark_story Date: Sat, 10 Oct 2015 22:32:41 -0400 Subject: [PATCH 12/15] Add tests for #7516 --- .../Case/View/Helper/PaginatorHelperTest.php | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lib/Cake/Test/Case/View/Helper/PaginatorHelperTest.php b/lib/Cake/Test/Case/View/Helper/PaginatorHelperTest.php index cb271c6b0..f536ed596 100644 --- a/lib/Cake/Test/Case/View/Helper/PaginatorHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/PaginatorHelperTest.php @@ -2927,4 +2927,29 @@ class PaginatorHelperTest extends CakeTestCase { $this->assertSame($expected, $result); } +/** + * Verify that meta() uses URL options + * + * @return void + */ + public function testMetaPageUrlOptions() { + $this->Paginator->options(array( + 'url' => array('?' => array('a' => 'b')) + )); + $this->Paginator->request['paging'] = array( + 'Article' => array( + 'page' => 5, + 'prevPage' => true, + 'nextPage' => true, + 'pageCount' => 10, + 'options' => array(), + 'paramType' => 'querystring' + ) + ); + $expected = ''; + $expected .= ''; + $result = $this->Paginator->meta(); + $this->assertSame($expected, $result); + } + } From cc3531d2886c96afb9c53e363cd4eaa04f92b2f3 Mon Sep 17 00:00:00 2001 From: mark_story Date: Mon, 12 Oct 2015 21:56:20 -0400 Subject: [PATCH 13/15] Move SSL context options into CakeSocket. Having all the options consolidated in one places enables all the SSL context options to be used in the SmtpTransport instead of just allowing self_signed as proposed in #7496 --- lib/Cake/Network/CakeSocket.php | 41 ++++++++++++++++ lib/Cake/Network/Http/HttpSocket.php | 47 ++----------------- lib/Cake/Test/Case/Network/CakeSocketTest.php | 32 ++++++++++++- .../Test/Case/Network/Http/HttpSocketTest.php | 43 ++--------------- 4 files changed, 79 insertions(+), 84 deletions(-) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index 2ad6832dc..396dfe93a 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -134,6 +134,7 @@ class CakeSocket { $scheme = $this->config['protocol'] . '://'; } + $this->_setSslContext($this->config['host']); if (!empty($this->config['context'])) { $context = stream_context_create($this->config['context']); } else { @@ -195,6 +196,46 @@ class CakeSocket { return $this->connected; } +/** + * Configure the SSL context options. + * + * @param string $host The host name being connected to. + */ + protected function _setSslContext($host) + { + foreach ($this->config as $key => $value) { + if (substr($key, 0, 4) !== 'ssl_') { + continue; + } + $contextKey = substr($key, 4); + if (empty($this->config['context']['ssl'][$contextKey])) { + $this->config['context']['ssl'][$contextKey] = $value; + } + unset($this->config[$key]); + } + if (version_compare(PHP_VERSION, '5.3.2', '>=')) { + if (!isset($this->config['context']['ssl']['SNI_enabled'])) { + $this->config['context']['ssl']['SNI_enabled'] = true; + } + if (version_compare(PHP_VERSION, '5.6.0', '>=')) { + if (empty($this->config['context']['ssl']['peer_name'])) { + $this->config['context']['ssl']['peer_name'] = $host; + } + } else { + if (empty($this->config['context']['ssl']['SNI_server_name'])) { + $this->config['context']['ssl']['SNI_server_name'] = $host; + } + } + } + if (empty($this->config['context']['ssl']['cafile'])) { + $this->config['context']['ssl']['cafile'] = CAKE . 'Config' . DS . 'cacert.pem'; + } + if (!empty($this->config['context']['ssl']['verify_host'])) { + $this->config['context']['ssl']['CN_match'] = $host; + } + unset($this->config['context']['ssl']['verify_host']); + } + /** * socket_stream_client() does not populate errNum, or $errStr when there are * connection errors, as in the case of SSL verification failure. diff --git a/lib/Cake/Network/Http/HttpSocket.php b/lib/Cake/Network/Http/HttpSocket.php index 0fdf4a12d..4c6c25675 100644 --- a/lib/Cake/Network/Http/HttpSocket.php +++ b/lib/Cake/Network/Http/HttpSocket.php @@ -72,7 +72,7 @@ class HttpSocket extends CakeSocket { * Contain information about the last response (read only) * * @var array - */ +*/ public $response = null; /** @@ -361,8 +361,6 @@ class HttpSocket extends CakeSocket { return false; } - $this->_configContext($this->request['uri']['host']); - $this->request['raw'] = ''; if ($this->request['line'] !== false) { $this->request['raw'] = $this->request['line']; @@ -374,6 +372,8 @@ class HttpSocket extends CakeSocket { $this->request['raw'] .= "\r\n"; $this->request['raw'] .= $this->request['body']; + + // SSL context is set during the connect() method. $this->write($this->request['raw']); $response = null; @@ -700,47 +700,6 @@ class HttpSocket extends CakeSocket { return true; } -/** - * Configure the socket's context. Adds in configuration - * that can not be declared in the class definition. - * - * @param string $host The host you're connecting to. - * @return void - */ - protected function _configContext($host) { - foreach ($this->config as $key => $value) { - if (substr($key, 0, 4) !== 'ssl_') { - continue; - } - $contextKey = substr($key, 4); - if (empty($this->config['context']['ssl'][$contextKey])) { - $this->config['context']['ssl'][$contextKey] = $value; - } - unset($this->config[$key]); - } - if (version_compare(PHP_VERSION, '5.3.2', '>=')) { - if (!isset($this->config['context']['ssl']['SNI_enabled'])) { - $this->config['context']['ssl']['SNI_enabled'] = true; - } - if (version_compare(PHP_VERSION, '5.6.0', '>=')) { - if (empty($this->config['context']['ssl']['peer_name'])) { - $this->config['context']['ssl']['peer_name'] = $host; - } - } else { - if (empty($this->config['context']['ssl']['SNI_server_name'])) { - $this->config['context']['ssl']['SNI_server_name'] = $host; - } - } - } - if (empty($this->config['context']['ssl']['cafile'])) { - $this->config['context']['ssl']['cafile'] = CAKE . 'Config' . DS . 'cacert.pem'; - } - if (!empty($this->config['context']['ssl']['verify_host'])) { - $this->config['context']['ssl']['CN_match'] = $host; - } - unset($this->config['context']['ssl']['verify_host']); - } - /** * Takes a $uri array and turns it into a fully qualified URL string * diff --git a/lib/Cake/Test/Case/Network/CakeSocketTest.php b/lib/Cake/Test/Case/Network/CakeSocketTest.php index ff975564d..027f6a5ad 100644 --- a/lib/Cake/Test/Case/Network/CakeSocketTest.php +++ b/lib/Cake/Test/Case/Network/CakeSocketTest.php @@ -379,7 +379,37 @@ class CakeSocketTest extends CakeTestCase { $this->Socket = new CakeSocket($config); $this->Socket->connect(); $result = $this->Socket->context(); - $this->assertEquals($config['context'], $result); + $this->assertSame($config['context']['ssl']['capture_peer'], $result['ssl']['capture_peer']); } +/** + * test configuring the context from the flat keys. + * + * @return void + */ + public function testConfigContext() { + $this->skipIf(!extension_loaded('openssl'), 'OpenSSL is not enabled cannot test SSL.'); + $config = array( + 'host' => 'smtp.gmail.com', + 'port' => 465, + 'timeout' => 5, + 'ssl_verify_peer' => true, + 'ssl_allow_self_signed' => false, + 'ssl_verify_depth' => 5, + 'ssl_verify_host' => true, + ); + $this->Socket = new CakeSocket($config); + + $this->Socket->connect(); + $result = $this->Socket->context(); + + $this->assertTrue($result['ssl']['verify_peer']); + $this->assertFalse($result['ssl']['allow_self_signed']); + $this->assertEquals(5, $result['ssl']['verify_depth']); + $this->assertEquals('smtp.gmail.com', $result['ssl']['CN_match']); + $this->assertArrayNotHasKey('ssl_verify_peer', $this->Socket->config); + $this->assertArrayNotHasKey('ssl_allow_self_signed', $this->Socket->config); + $this->assertArrayNotHasKey('ssl_verify_host', $this->Socket->config); + $this->assertArrayNotHasKey('ssl_verify_depth', $this->Socket->config); + } } diff --git a/lib/Cake/Test/Case/Network/Http/HttpSocketTest.php b/lib/Cake/Test/Case/Network/Http/HttpSocketTest.php index 318e43401..559980494 100644 --- a/lib/Cake/Test/Case/Network/Http/HttpSocketTest.php +++ b/lib/Cake/Test/Case/Network/Http/HttpSocketTest.php @@ -314,23 +314,6 @@ class HttpSocketTest extends CakeTestCase { $response = $this->Socket->request(true); $this->assertFalse($response); - $context = array( - 'ssl' => array( - 'verify_peer' => true, - 'allow_self_signed' => false, - 'verify_depth' => 5, - 'SNI_enabled' => true, - 'CN_match' => 'www.cakephp.org', - 'cafile' => CAKE . 'Config' . DS . 'cacert.pem' - ) - ); - - if (version_compare(PHP_VERSION, '5.6.0', '>=')) { - $context['ssl']['peer_name'] = 'www.cakephp.org'; - } else { - $context['ssl']['SNI_server_name'] = 'www.cakephp.org'; - } - $tests = array( array( 'request' => 'http://www.cakephp.org/?foo=bar', @@ -341,7 +324,10 @@ class HttpSocketTest extends CakeTestCase { 'protocol' => 'tcp', 'port' => 80, 'timeout' => 30, - 'context' => $context, + 'ssl_verify_peer' => true, + 'ssl_allow_self_signed' => false, + 'ssl_verify_depth' => 5, + 'ssl_verify_host' => true, 'request' => array( 'uri' => array( 'scheme' => 'http', @@ -1843,27 +1829,6 @@ class HttpSocketTest extends CakeTestCase { $this->assertEquals(true, $return); } -/** - * test configuring the context from the flat keys. - * - * @return void - */ - public function testConfigContext() { - $this->Socket->expects($this->any()) - ->method('read')->will($this->returnValue(false)); - - $this->Socket->reset(); - $this->Socket->request('http://example.com'); - $this->assertTrue($this->Socket->config['context']['ssl']['verify_peer']); - $this->assertFalse($this->Socket->config['context']['ssl']['allow_self_signed']); - $this->assertEquals(5, $this->Socket->config['context']['ssl']['verify_depth']); - $this->assertEquals('example.com', $this->Socket->config['context']['ssl']['CN_match']); - $this->assertArrayNotHasKey('ssl_verify_peer', $this->Socket->config); - $this->assertArrayNotHasKey('ssl_allow_self_signed', $this->Socket->config); - $this->assertArrayNotHasKey('ssl_verify_host', $this->Socket->config); - $this->assertArrayNotHasKey('ssl_verify_depth', $this->Socket->config); - } - /** * Test that requests fail when peer verification fails. * From 3a4facbf8d8ef211f876ab5261737c47a182e8aa Mon Sep 17 00:00:00 2001 From: mark_story Date: Mon, 12 Oct 2015 21:58:24 -0400 Subject: [PATCH 14/15] Remove allowSelfSigned() method. This method is no longer needed as the low level socket understands the `ssl_*` options now. Refs #7496 --- lib/Cake/Network/CakeSocket.php | 12 ------------ lib/Cake/Network/Email/SmtpTransport.php | 3 --- lib/Cake/Test/Case/Network/CakeSocketTest.php | 12 ------------ 3 files changed, 27 deletions(-) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index 396dfe93a..b08d60b0a 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -446,16 +446,4 @@ class CakeSocket { $this->setLastError(null, $errorMessage); throw new SocketException($errorMessage); } - -/** - * Accept Self-signed certificate on current stream socket - * - * @return bool True on success - * @link http://php.net/manual/en/context.ssl.php About the 'allow_self_signed' option. - * @see stream_context_set_option - */ - public function allowSelfSigned() { - return stream_context_set_option($this->connection, 'ssl', 'allow_self_signed', true); - } } - diff --git a/lib/Cake/Network/Email/SmtpTransport.php b/lib/Cake/Network/Email/SmtpTransport.php index 3f4144a65..f37dadf99 100644 --- a/lib/Cake/Network/Email/SmtpTransport.php +++ b/lib/Cake/Network/Email/SmtpTransport.php @@ -169,9 +169,6 @@ class SmtpTransport extends AbstractTransport { $this->_smtpSend("EHLO {$host}", '250'); if ($this->_config['tls']) { $this->_smtpSend("STARTTLS", '220'); - if ($this->_config['ssl_allow_self_signed']) { - $this->_socket->allowSelfSigned(); - } $this->_socket->enableCrypto('tls'); $this->_smtpSend("EHLO {$host}", '250'); } diff --git a/lib/Cake/Test/Case/Network/CakeSocketTest.php b/lib/Cake/Test/Case/Network/CakeSocketTest.php index 027f6a5ad..d68774fe0 100644 --- a/lib/Cake/Test/Case/Network/CakeSocketTest.php +++ b/lib/Cake/Test/Case/Network/CakeSocketTest.php @@ -349,18 +349,6 @@ class CakeSocketTest extends CakeTestCase { $this->assertTrue($this->Socket->encrypted); } -/** - * testEnableCryptoSelfSigned - * - * @return void - */ - public function testEnableCryptoSelfSigned() { - $this->_connectSocketToSslTls(); - $this->assertTrue($this->Socket->allowSelfSigned()); - $this->assertTrue($this->Socket->enableCrypto('tls', 'client')); - $this->Socket->disconnect(); - } - /** * test getting the context for a socket. * From e0d2c45d9a9d507301f033fa50cd6931deccfb01 Mon Sep 17 00:00:00 2001 From: mark_story Date: Mon, 12 Oct 2015 22:20:15 -0400 Subject: [PATCH 15/15] Fix PHPCS error. --- lib/Cake/Network/CakeSocket.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php index b08d60b0a..74f2b60c0 100644 --- a/lib/Cake/Network/CakeSocket.php +++ b/lib/Cake/Network/CakeSocket.php @@ -201,8 +201,7 @@ class CakeSocket { * * @param string $host The host name being connected to. */ - protected function _setSslContext($host) - { + protected function _setSslContext($host) { foreach ($this->config as $key => $value) { if (substr($key, 0, 4) !== 'ssl_') { continue;