Markus Bauer
c0fb45e79e
Fix potential CSRF circumvention with custom HTTP methods ( #76 )
...
* Backported patch, fixing potential CSRF circumvention with custom HTTP methods.
Upstream: 0f818a23a8
* Fix unit tests for SecurityComponent
---------
Co-authored-by: Markus Bauer <markus.bauer@cispa.saarland>
2024-07-24 18:13:57 +02:00
Koji Tanaka
40d5f32516
test: Fix assertion of SecurityComponentTest::testCsrfNonceVacuum()
2023-01-11 22:45:29 +01:00
Koji Tanaka
b46b6c758f
test: Replace deprecated attributeEqualTo()
2023-01-11 22:45:29 +01:00
Koji Tanaka
2a7c06e16f
test: Replace PHPUnit's class name in tests
...
Co-authored-by: Kenshin Okinaka <okinakak@yahoo.co.jp>
2023-01-11 22:45:29 +01:00
Koji Tanaka
75437a4a85
test: Replace deprecated setExpectedException()
2023-01-11 22:45:29 +01:00
Koji Tanaka
b1417587ad
test: Replace deprecated @expectedException* to $this->expectException*()
2023-01-11 22:45:29 +01:00
Koji Tanaka
fe34a8551c
test: Replace deprecated @expectedException PHPUnit_Framework_Error
2023-01-11 22:45:29 +01:00
Koji Tanaka
c04692f76c
test: Replace deprecated @expectedException* to expectWarning*()/expectNotice*()
2023-01-11 22:45:29 +01:00
Koji Tanaka
dfc1c56625
test: Replace assertContains() with assertStringContainsString() for text assertion.
...
assertContains() can no longer be used for text containment assertion.
2023-01-11 22:45:29 +01:00
Koji Tanaka
6529d5a308
test: Replace deprecated assertNotRegExp() with assertDoesNotMatchRegularExpression().
...
Co-authored-by: Kenshin Okinaka <okinakak@yahoo.co.jp>
2023-01-11 22:45:29 +01:00
Koji Tanaka
883ce8041e
test: Replace deprecated assertRegExp() with assertMatchesRegularExpression().
...
Co-authored-by: Kenshin Okinaka <okinakak@yahoo.co.jp>
2023-01-11 22:45:29 +01:00
Koji Tanaka
927b57fa14
test: Add App::uses() missing in the test code.
2023-01-11 22:45:29 +01:00
Koji Tanaka
75716f76bc
test: Add return type declarations to overridden methods of TestCase classes.
2023-01-11 22:45:29 +01:00
Mark van Driel
d4c351563e
Test to prove issue with empty body for json
2019-08-19 14:52:46 +02:00
bancer
4db38f26ca
Improve unit test
2019-03-18 12:43:26 +01:00
bancer
2fe0af9fa9
Improve docs
2019-03-18 11:52:35 +01:00
bancer
534d9362e4
Add extra unit tests
2019-03-18 11:50:13 +01:00
Koji Tanaka
e1897a8498
Pass PaginatorComponentTest::testPaginateExtraParams()
2018-01-17 23:27:20 +09:00
Koji Tanaka
701519c637
Execute CakeSession::destroy() on a tearDown with implicit use session test
2018-01-16 00:47:34 +09:00
Mark Story
3bf93b7f76
Merge pull request #11526 from cakephp/post-conditions
...
Make postConditions() less permissive.
2017-12-15 14:36:38 -05:00
mark_story
340059be15
Check model names for bad characters as well.
2017-12-13 00:01:09 -05:00
mark_story
a9618f67f7
Use a permitted list instead of a ban list.
...
This should be safer as we are more confident on what is coming in.
2017-12-13 00:01:05 -05:00
mark_story
f66dec8a96
Make postConditions() less permissive.
...
We were notified by `ooooooo_q` that postConditions() is vulnerable to
SQL injection if used without SecurityComponent tampering prevention.
This change attempts to make postConditions() safer by exploding in
unsafe scenarios.
2017-12-10 21:44:47 -05:00
db-bogdan
e824346cca
extra fix
2017-11-28 11:43:55 +02:00
db-bogdan
94e06dfeb3
add unit test
2017-11-28 11:31:46 +02:00
chinpei215
19bbb7da17
Simplify CookieComponent::read()
...
Also, this commit fixes an issue of when the second level key is empty.
Previously, read('foo.0') returned incorrect result.
2017-10-16 21:01:19 +09:00
chinpei215
bbea91090d
Fix CookieComponent::delete() not working for deep children
2017-10-16 20:55:00 +09:00
chinpei215
959f45a6c6
Fix fatal error thrown when replacing scalar with array
...
Refs #11280
2017-10-06 13:43:32 +09:00
Jeremy Harris
f9f06e68b1
Stacking messages in SessionComponent::setFlash
2017-08-30 10:06:56 -05:00
mark_story
aa6770fa45
Merge branch '2.x' into 2.next
2017-07-22 14:59:41 -04:00
Val Bancer
85e0ebd7fd
more unit tests added
2017-07-05 23:22:58 +02:00
Val Bancer
50334679d6
added a unit test
2017-07-05 22:40:41 +02:00
Val Bancer
31fd4217b1
more PaginatorComponent unit tests
2017-07-04 23:01:17 +02:00
mark_story
aaa37fa809
Merge branch '2.next' of github.com:cakephp/cakephp into 2.next
2017-06-26 21:51:55 -04:00
mark_story
2032fef772
Merge branch '2.x' into 2.next
2017-06-26 21:51:41 -04:00
Mark Story
52790443e8
Merge pull request #9705 from CakeDC/feature/backport-paginate-multiple-queries
...
2.next - Backport multiple paginators
2017-06-14 21:41:13 -04:00
Mark Story
8289b367f9
Merge pull request #10698 from lucasferreira/2.next
...
Cake 2.x - Some fix into Paginator component for order / sort classic sintax
2017-06-14 00:13:00 -04:00
Marc Würth
da8414e13b
Use HTTPS for the opensource.org MIT license URL
2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50
Use HTTPS for the book.cakephp.org URL
2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9
Use HTTPS for the cakefoundation.org URL
2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15
Use HTTPS for the cakephp.org URL
2017-06-10 23:40:28 +02:00
Lucas Ferreira
3258199193
Remove personal comments for pull request
2017-05-31 08:33:41 -03:00
mark_story
cf679a3233
Merge branch '2.x' into 2.next
2017-05-27 21:47:22 -04:00
Lucas Ferreira
ee1980b8f5
- Tests for array order syntax fix
2017-05-26 18:36:50 -03:00
chinpei215
a97bd234ee
Fix _validatePost returns true when empty form is submitted
...
Backport of #10625
2017-05-06 21:59:29 +09:00
mark_story
5e35064a0b
Read basic auth credentials from Authorization header
...
Merge branch 'issue-9365' into 2.x
Refs #9365
2017-04-28 21:49:47 -04:00
mark_story
275385d676
Add test covering basic auth reading from headers.
...
In some FastCGI setups basic auth values will only be present in the
header. Fallback to reading that value if the PHP_AUTH super globals are
empty.
Refs #9365
2017-04-28 21:49:27 -04:00
chinpei215
31a1837c1d
Merge branch '2.x' into 2.next
...
Conflicts:
lib/Cake/Test/Case/View/Helper/FlashHelperTest.php
lib/Cake/VERSION.txt
lib/Cake/View/Helper/FlashHelper.php
2017-03-25 17:12:28 +09:00
mark_story
ccc9006620
Unset the active user data on logout.
...
When using stateless authentication the current user should be cleared
after logout to maintain consistency with session based authentication.
Refs #10422
2017-03-16 11:31:20 -04:00
mark_story
837741db66
Merge branch '2.x' into 2.next
2016-12-13 22:48:44 -05:00