adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-03-27 12:12:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

merging master into 1.3

Browse source
This commit is contained in:
gwoo 2009-05-04 16:06:08 -07:00
commit d2667c0e6f
6 changed files with 45 additions and 11 deletions

3
cake/dispatcher.php
View file

@ -344,7 +344,8 @@ class Dispatcher extends Object {
return $this->base = $base; return $this->base = $base;
} }
if (!$baseUrl) { if (!$baseUrl) {
$base = dirname(env('PHP_SELF')); $replace = array('<', '>', '*', '\'', '"');
$base = str_replace($replace, '', dirname(env('PHP_SELF')));
if ($webroot === 'webroot' && $webroot === basename($base)) { if ($webroot === 'webroot' && $webroot === basename($base)) {
$base = dirname($base); $base = dirname($base);

2
cake/libs/http_socket.php
View file

@ -846,7 +846,7 @@ class HttpSocket extends CakeSocket {
$cookies = array(); $cookies = array();
foreach ((array)$header['Set-Cookie'] as $cookie) { foreach ((array)$header['Set-Cookie'] as $cookie) {
$parts = preg_split('/(?<![^;]");[ \t]*/', $cookie); $parts = preg_split('/(?<![^;]");[ \t]*/', $cookie);
list($name, $value) = explode('=', array_shift($parts)); list($name, $value) = explode('=', array_shift($parts), 2);
$cookies[$name] = compact('value'); $cookies[$name] = compact('value');
foreach ($parts as $part) { foreach ($parts as $part) {
if (strpos($part, '=') !== false) { if (strpos($part, '=') !== false) {

5
cake/libs/model/model.php
View file

@ -1007,7 +1007,10 @@ class Model extends Overloadable {
} }
if ($id !== null && $id !== false) { if ($id !== null && $id !== false) {
$this->data = $this->find(array($this->alias . '.' . $this->primaryKey => $id), $fields); $this->data = $this->find('first', array(
'conditions' => array($this->alias . '.' . $this->primaryKey => $id),
'fields' => $fields
));
return $this->data; return $this->data;
} else { } else {
return false; return false;

17
cake/tests/cases/dispatcher.test.php
View file

@ -1907,6 +1907,23 @@ class DispatcherTest extends CakeTestCase {
unset($_POST['_method']); unset($_POST['_method']);
} }
/**
* Tests that invalid characters cannot be injected into the application base path.
*
* @return void
*/
function testBasePathInjection() {
$self = $_SERVER['PHP_SELF'];
$_SERVER['PHP_SELF'] = urldecode(
"/index.php/%22%3E%3Ch1%20onclick=%22alert('xss');%22%3Eheya%3C/h1%3E"
);
$dispatcher =& new Dispatcher();
$result = $dispatcher->baseUrl();
$expected = '/index.php/h1 onclick=alert(xss);heya';
$this->assertEqual($result, $expected);
}
/** /**
* testEnvironmentDetection method * testEnvironmentDetection method
* *

10
cake/tests/cases/libs/http_socket.test.php
View file

@ -1156,7 +1156,8 @@ class HttpSocketTest extends CakeTestCase {
$header = array( $header = array(
'Set-Cookie' => array( 'Set-Cookie' => array(
'foo=bar', 'foo=bar',
'people=jim,jack,johnny";";Path=/accounts' 'people=jim,jack,johnny";";Path=/accounts',
'google=not=nice'
), ),
'Transfer-Encoding' => 'chunked', 'Transfer-Encoding' => 'chunked',
'Date' => 'Sun, 18 Nov 2007 18:57:42 GMT', 'Date' => 'Sun, 18 Nov 2007 18:57:42 GMT',
@ -1168,7 +1169,10 @@ class HttpSocketTest extends CakeTestCase {
), ),
'people' => array( 'people' => array(
'value' => 'jim,jack,johnny";"', 'value' => 'jim,jack,johnny";"',
'path' => '/accounts' 'path' => '/accounts',
),
'google' => array(
'value' => 'not=nice',
) )
); );
$this->assertEqual($cookies, $expected); $this->assertEqual($cookies, $expected);
@ -1179,7 +1183,7 @@ class HttpSocketTest extends CakeTestCase {
$this->assertEqual($cookies, $expected); $this->assertEqual($cookies, $expected);
$header['Set-Cookie'] = 'foo=bar'; $header['Set-Cookie'] = 'foo=bar';
unset($expected['people'], $expected['cakephp']); unset($expected['people'], $expected['cakephp'], $expected['google']);
$cookies = $this->Socket->parseCookies($header); $cookies = $this->Socket->parseCookies($header);
$this->assertEqual($cookies, $expected); $this->assertEqual($cookies, $expected);
} }

19
cake/tests/cases/libs/router.test.php
View file

@ -658,14 +658,23 @@ class RouterTest extends CakeTestCase {
Router::reload(); Router::reload();
Router::setRequestInfo(array( Router::setRequestInfo(array(
array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit', 'pass' => array(
array(0 => '6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(), 'url' => 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit',
array('url' => 'admin/shows/show_tickets/edit/6')), 'pass' => array('6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(),
array('plugin' => NULL, 'controller' => NULL, 'action' => NULL, 'base' => '', 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/'))); 'url' => array('url' => 'admin/shows/show_tickets/edit/6')
),
array(
'plugin' => null, 'controller' => null, 'action' => null, 'base' => '',
'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/'
)
));
Router::parse('/'); Router::parse('/');
$result = Router::url(array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6', 'admin' => true, 'prefix' => 'admin', )); $result = Router::url(array(
'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6',
'admin' => true, 'prefix' => 'admin'
));
$expected = '/admin/shows/show_tickets/edit/6'; $expected = '/admin/shows/show_tickets/edit/6';
$this->assertEqual($result, $expected); $this->assertEqual($result, $expected);
} }