From 43d359b1d7e083c9c7cb9afb5ad7995d2aea1641 Mon Sep 17 00:00:00 2001 From: euromark Date: Mon, 28 Apr 2014 17:23:26 +0200 Subject: [PATCH 01/13] Make referer() behave as expected. --- lib/Cake/Controller/Controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Cake/Controller/Controller.php b/lib/Cake/Controller/Controller.php index 00b80fb2f..ca311fe86 100644 --- a/lib/Cake/Controller/Controller.php +++ b/lib/Cake/Controller/Controller.php @@ -970,7 +970,7 @@ class Controller extends Object implements CakeEventListener { $referer = $this->request->referer($local); if ($referer === '/' && $default) { - return Router::url($default, true); + return Router::url($default, !$local); } return $referer; } From 8679c5cd180419e272833c4d1fa2f41844fc89de Mon Sep 17 00:00:00 2001 From: euromark Date: Mon, 28 Apr 2014 17:33:56 +0200 Subject: [PATCH 02/13] Fix test --- lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php index 122cadb18..bc544be18 100644 --- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php +++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php @@ -938,7 +938,7 @@ class AuthComponentTest extends CakeTestCase { array($CakeRequest, $CakeResponse) ); - $expected = Router::url($this->Auth->loginRedirect, true); + $expected = Router::url($this->Auth->loginRedirect); $Controller->expects($this->once()) ->method('redirect') ->with($this->equalTo($expected)); From ead6c837c8437d2cb8d4e2a539f02bae052cc78d Mon Sep 17 00:00:00 2001 From: ADmad Date: Sun, 4 May 2014 18:37:41 +0530 Subject: [PATCH 03/13] Add formatting rules for .yml files to editorconfig. --- .editorconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.editorconfig b/.editorconfig index 217a0e30c..74a1d63d7 100644 --- a/.editorconfig +++ b/.editorconfig @@ -11,3 +11,7 @@ trim_trailing_whitespace = true [*.bat] end_of_line = crlf + +[*.yml] +indent_style = space +indent_size = 2 From 559d9d39e7000b39d4fa990fcac6d4d46de239f7 Mon Sep 17 00:00:00 2001 From: mark_story Date: Tue, 6 May 2014 22:13:44 -0400 Subject: [PATCH 04/13] Make test names match the rest of the tests. --- lib/Cake/Test/Case/View/Helper/FormHelperTest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index 6974c22f4..a64161535 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -1275,7 +1275,7 @@ class FormHelperTest extends CakeTestCase { * * @return void */ - public function testFormSecuredFileInput() { + public function testSecuredFileInput() { $this->Form->request['_Token'] = array('key' => 'testKey'); $this->assertEquals(array(), $this->Form->fields); @@ -1292,7 +1292,7 @@ class FormHelperTest extends CakeTestCase { * * @return void */ - public function testFormSecuredMultipleSelect() { + public function testSecuredMultipleSelect() { $this->Form->request['_Token'] = array('key' => 'testKey'); $this->assertEquals(array(), $this->Form->fields); $options = array('1' => 'one', '2' => 'two'); @@ -1311,7 +1311,7 @@ class FormHelperTest extends CakeTestCase { * * @return void */ - public function testFormSecuredRadio() { + public function testSecuredRadio() { $this->Form->request['_Token'] = array('key' => 'testKey'); $this->assertEquals(array(), $this->Form->fields); $options = array('1' => 'option1', '2' => 'option2'); @@ -1326,7 +1326,7 @@ class FormHelperTest extends CakeTestCase { * * @return void */ - public function testFormSecuredAndDisabledNotAssoc() { + public function testSecuredAndDisabledNotAssoc() { $this->Form->request['_Token'] = array('key' => 'testKey'); $this->Form->select('Model.select', array(1, 2), array('disabled')); @@ -1348,7 +1348,7 @@ class FormHelperTest extends CakeTestCase { * * @return void */ - public function testFormSecuredAndDisabled() { + public function testSecuredAndDisabled() { $this->Form->request['_Token'] = array('key' => 'testKey'); $this->Form->checkbox('Model.checkbox', array('disabled' => true)); From 1103ca781640992ce98029a634f4ef2cc1590eb4 Mon Sep 17 00:00:00 2001 From: mark_story Date: Tue, 6 May 2014 23:00:11 -0400 Subject: [PATCH 05/13] Ensure that only the path and query are used to make the hash. While including the entire protocol, host, port, path and query would be even better in theory, it gets complicated when proxies and load balancers are involved. Fixes #3442 --- .../Test/Case/View/Helper/FormHelperTest.php | 28 +++++++++++++++++++ lib/Cake/View/Helper/FormHelper.php | 7 ++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index a64161535..ec1dbcfbb 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -1370,6 +1370,34 @@ class FormHelperTest extends CakeTestCase { $this->assertEquals($expected, $this->Form->fields); } +/** + * Test that only the path + query elements of a form's URL show up in their hash. + * + * @return void + */ + public function testSecuredFormUrlIgnoresHost() { + $this->Form->request['_Token'] = array('key' => 'testKey'); + + $expected = '5181b484c13caea4776618ed26a3aebbb026ecd8%3A'; + $this->Form->create('Address', array( + 'url' => array('controller' => 'articles', 'action' => 'view', 1, '?' => array('page' => 1)) + )); + $result = $this->Form->secure(); + $this->assertContains($expected, $result); + + $this->Form->create('Address', array('url' => 'http://localhost/articles/view/1?page=1')); + $result = $this->Form->secure(); + $this->assertContains($expected, $result, 'Full URL should only use path and query.'); + + $this->Form->create('Address', array('url' => '/articles/view/1?page=1')); + $result = $this->Form->secure(); + $this->assertContains($expected, $result, 'URL path + query should work.'); + + $this->Form->create('Address', array('url' => '/articles/view/1')); + $result = $this->Form->secure(); + $this->assertNotContains($expected, $result, 'URL is different'); + } + /** * testDisableSecurityUsingForm method * diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index 26250768d..5c125ab5f 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -466,7 +466,12 @@ class FormHelper extends AppHelper { $this->setEntity($model, true); $this->_introspectModel($model, 'fields'); } - $this->_lastAction = $action; + $query = parse_url($action, PHP_URL_QUERY); + if ($query) { + $query .= '?'; + } + $this->_lastAction = parse_url($action, PHP_URL_PATH) . $query; + return $this->Html->useTag('form', $action, $htmlAttributes) . $append; } From 5469840c80dda7e2d345f889a1ae0aa8b2722294 Mon Sep 17 00:00:00 2001 From: mark_story Date: Wed, 7 May 2014 08:43:25 -0400 Subject: [PATCH 06/13] Fix incorrectly generated URL path. Refs #3442 --- lib/Cake/Test/Case/View/Helper/FormHelperTest.php | 2 +- lib/Cake/View/Helper/FormHelper.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index ec1dbcfbb..eaba991dc 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -1378,7 +1378,7 @@ class FormHelperTest extends CakeTestCase { public function testSecuredFormUrlIgnoresHost() { $this->Form->request['_Token'] = array('key' => 'testKey'); - $expected = '5181b484c13caea4776618ed26a3aebbb026ecd8%3A'; + $expected = '0ff0c85cd70584d8fd18fa136846d22c66c21e2d%3A'; $this->Form->create('Address', array( 'url' => array('controller' => 'articles', 'action' => 'view', 1, '?' => array('page' => 1)) )); diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index 5c125ab5f..2e8c2298e 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -468,7 +468,7 @@ class FormHelper extends AppHelper { } $query = parse_url($action, PHP_URL_QUERY); if ($query) { - $query .= '?'; + $query = '?' . $query; } $this->_lastAction = parse_url($action, PHP_URL_PATH) . $query; From 51909ae7388b4c2fee24bce8cb78e75dbe8e82dc Mon Sep 17 00:00:00 2001 From: mark_story Date: Fri, 9 May 2014 17:01:22 -0400 Subject: [PATCH 07/13] Only parse URLs when they contain :// Parsing incomplete URLs fails in PHP5.2. --- lib/Cake/View/Helper/FormHelper.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index 2e8c2298e..69e7ed2b5 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -466,11 +466,13 @@ class FormHelper extends AppHelper { $this->setEntity($model, true); $this->_introspectModel($model, 'fields'); } - $query = parse_url($action, PHP_URL_QUERY); - if ($query) { - $query = '?' . $query; + + $this->_lastAction = $action; + if (strpos($action, '://')) { + $query = parse_url($action, PHP_URL_QUERY); + $query = $query ? '?' . $query : ''; + $this->_lastAction = parse_url($action, PHP_URL_PATH) . $query; } - $this->_lastAction = parse_url($action, PHP_URL_PATH) . $query; return $this->Html->useTag('form', $action, $htmlAttributes) . $append; } From cc49d28ef8baa5612a6e3806b16e1372b91f0f4f Mon Sep 17 00:00:00 2001 From: mark_story Date: Sat, 10 May 2014 22:02:22 -0400 Subject: [PATCH 08/13] Fix double / in missing component error page. Fixes #3466 --- lib/Cake/View/Errors/missing_component.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Cake/View/Errors/missing_component.ctp b/lib/Cake/View/Errors/missing_component.ctp index ae72b0ea7..2d384b2d7 100644 --- a/lib/Cake/View/Errors/missing_component.ctp +++ b/lib/Cake/View/Errors/missing_component.ctp @@ -25,7 +25,7 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';

: - ' . h($class) . '', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . h($class) . '.php'); ?> + ' . h($class) . '', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . 'Component' . DS . h($class) . '.php'); ?> 

 <?php

From 28404ace9639c60b1a6a1cb6840b5e04f708f703 Mon Sep 17 00:00:00 2001
From: Julius Beckmann 
Date: Sun, 11 May 2014 22:15:35 +0200
Subject: [PATCH 09/13] Added PHP 5.6 to travis.

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index d67543c20..5dcc714d7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,6 +5,7 @@ php:
   - 5.3
   - 5.4
   - 5.5
+  - 5.6
 
 env:
   - DB=mysql

From ed83df5bedec77a300336ff7f0150aef280afa15 Mon Sep 17 00:00:00 2001
From: Stephen Cuppett 
Date: Sun, 11 May 2014 19:17:18 -0400
Subject: [PATCH 10/13] Fixes #3469, explicit isset check for counterCache

---
 lib/Cake/Model/Model.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Cake/Model/Model.php b/lib/Cake/Model/Model.php
index 746b2e03c..63fea7f1e 100644
--- a/lib/Cake/Model/Model.php
+++ b/lib/Cake/Model/Model.php
@@ -2106,7 +2106,7 @@ class Model extends Object implements CakeEventListener {
 	protected function _prepareUpdateFields($data) {
 		$foreignKeys = array();
 		foreach ($this->belongsTo as $assoc => $info) {
-			if ($info['counterCache']) {
+			if (isset($info['counterCache']) && $info['counterCache']) {
 				$foreignKeys[$assoc] = $info['foreignKey'];
 			}
 		}

From c8a2921b12eeb08c811832d415ca9f7d84bd97aa Mon Sep 17 00:00:00 2001
From: Julius Beckmann 
Date: Mon, 12 May 2014 08:42:17 +0200
Subject: [PATCH 11/13] Made PHP 5.6 a allowed failure on travis.

---
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 5dcc714d7..3d50d7a95 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,6 +13,8 @@ env:
   - DB=sqlite
 
 matrix:
+  allow_failures:
+    - php: 5.6
   include:
     - php: 5.4
       env:

From 92e6c138c5250e2980f77bcc0eaa44bc8df2f6f2 Mon Sep 17 00:00:00 2001
From: mark_story 
Date: Mon, 12 May 2014 14:29:10 -0400
Subject: [PATCH 12/13] Add missing static on Debugger::output()

This method should have been static the whole time, and the lack of
static was causing tests to fail on PHP 5.6
---
 lib/Cake/Utility/Debugger.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Cake/Utility/Debugger.php b/lib/Cake/Utility/Debugger.php
index ad6ff9a01..05c2e290f 100644
--- a/lib/Cake/Utility/Debugger.php
+++ b/lib/Cake/Utility/Debugger.php
@@ -698,7 +698,7 @@ class Debugger {
  * @deprecated Use Debugger::outputAs() and Debugger::addFormat(). Will be removed
  *   in 3.0
  */
-	public function output($format = null, $strings = array()) {
+	public static function output($format = null, $strings = array()) {
 		$self = Debugger::getInstance();
 		$data = null;
 

From 99cbaed298c254906f41af0221e71854d96ea153 Mon Sep 17 00:00:00 2001
From: mark_story 
Date: Mon, 12 May 2014 14:29:40 -0400
Subject: [PATCH 13/13] PHP 5.6 builds should now pass.

---
 .travis.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 3d50d7a95..5dcc714d7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,8 +13,6 @@ env:
   - DB=sqlite
 
 matrix:
-  allow_failures:
-    - php: 5.6
   include:
     - php: 5.4
       env: