With Security supporting AES encryption it is also ideal to have AES
compatible cookies. Refactor and simplify code. Dynamic invocation of
static method is a bit obtuse and the various methods don't all have the
same arguments.
When writing multiple cookies in a single request with the default
expiry time, cookies after the first should continue to have the default
expiry time used.
Fixes#3965
Add setter method as changing ComponentCollection's constructor now is
not possible. This fixes issues where components that rely on
Collection->getController() in their constructor can work properly.
Fixes#3946
If a sort field whitelist is used we should trust its data and also
trust that the developer wanted what they asked for. This solves issues
where it was impossible to sort on synthetic columns added in custom
find types.
Fixes#3919
Make URL's not include the base path when storing them in the session.
This makes future redirection simpler. When URL's are an array use
Router::url() on them.
Fixes#3916
Revert most of the changes done to fix#3897 originally and try
a different strategy of solving the base path issues and not breaking
apps running in a subdirectory.
Fixes#3916
Whitespace and wording.
Optionally we could include a version number until when this class will work. I assumed this will be 3.0...
http://www.phpdoc.org/docs/latest/for-users/phpdoc/tags/deprecated.html
I treid that but after I let apigen generate the doc and I saw it did nothing special about it ;-/
Not hashing passwords when users don't exist means there is an
opportunity for timing attacks when people use blowfish or other
expensive hashing algorithms.
When the first path segment matches the base path an incorrect URL was
generated. Trimming slashes off makes Router normalize the URL correctly
as the leading / implies that the base is already prepended.
Fixes#3897
When unauthenticated users accesses protected areas, they are greeted
with the default 'You are not allowed to access that location' which is
not desired in some cases.
This patch allows applications to suppress this message by setting
AuthComponent::authError to false bypassing the call to
SessionComponent::setFlash() altogether.
Refs: https://github.com/croogo/croogo/pull/175#discussion_r4714240