Commit graph

6069 commits

Author SHA1 Message Date
chinpei215
0c1fc36b14 Fix an infinite recursion caused by missing plugin
When a MissingPluginException has caught when rendering an exception,
we should disable the plugin as needed to prevent an infinite recursion.
2014-07-09 15:55:41 +09:00
mark_story
b3dfad614a Correct pattern matching.
Instead of 10 digits, it should limit at 10 groups.

Refs 1988e89e73
2014-07-06 09:42:20 -04:00
Schlaefer
1e961a8aac increases time window in CSRF token expiry tests to 2 seconds
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
José Lorenzo Rodríguez
396725dc8c Merge pull request #3880 from markstory/incorrect-validation
Fix issues with Validation::inList() and SecurityComponent
2014-07-05 14:41:15 +02:00
Ceeram
a266a9493d minor optimisation, refs comments on 81875cfeb1 2014-07-04 17:25:41 +02:00
ADmad
1eccec02e4 Merge pull request #3872 from CostaC/response-sharable-fix
Fix for CakeResponse::sharable() header to include private caches
2014-07-04 10:32:51 +05:30
mark_story
3936cce4b8 Disallow hexadecimal input with inList.
Instead of turning on/off strict mode based on the user supplied input,
cast everything to strings and always use a strict check. This avoids
the potential issue of a bad user using hexadecimal when they should not
be allowed to do so. Thanks to 'Kurita Takashi' for pointing this out.
2014-07-03 22:10:49 -04:00
mark_story
1988e89e73 Add an upper bound to the POST data SecurityComponent will consider.
'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
2014-07-03 22:02:00 -04:00
mark_story
765be87d88 Overwrite the schemaName property if it is not defined in the class.
If a model class does not define a schemaName we should use the
datasource's schemaName. We can assume that people using schemaName want
to lock the model onto a specific schema given the changes in #3210

Fixes #3720
2014-07-03 21:53:54 -04:00
Costa Caruso
8bfebd64fb Fix for failing test "Whitespace found at end of line" 2014-07-03 15:45:03 -04:00
Costa Caruso
4f559f5cc9 Fixed failing test for CakeResponse::sharable + spacing 2014-07-03 15:03:48 -04:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
33a5b6e451 Fix additional missing API doc tags. 2014-07-02 23:38:34 -04:00
Costa Caruso
1164c0bcad Fix for CakeResponse::sharable() header to include private caches 2014-07-02 17:34:09 -04:00
Mark Story
2c53bc8a1b Merge pull request #3838 from cakephp/revert-3646-no-truncate-fixture
Revert "No truncate when drop table."

Not truncating tables when they are created causes a number of 
issues in ControllerTestCases as indicated by the comments in #3646 post merge.
2014-07-01 22:02:57 -04:00
mark_story
adcf9ab723 Fix failing test.
CakeEmail now has a default validation pattern.

Refs #3742
2014-06-30 13:29:39 -04:00
mark_story
dc34d80f6f Relax email validation rules even more.
While filter_var() allows a number of email addresses that
Validation::email() does not, it misses out of email address that
contain IDN host names, and unicode mailboxes. Both of these are
generally deliverable, and should be permitted. filter_var() also fails
on local mailboxes like `root@localhost` which is useful in the context
of cron jobs.

Fixes #3742
2014-06-30 10:42:37 -04:00
Mark
1686edf016 Revert "No truncate when drop table." 2014-06-30 14:14:20 +02:00
Mark Story
a966f089d2 Merge pull request #3832 from ADmad/2.5-inflector
Add pluralization rule for "stadia" to uninflected list.
2014-06-29 09:34:09 -04:00
ADmad
607200fa7b Add pluralization rule for "stadia".
Refs #3830
2014-06-29 14:51:23 +05:30
mark_story
91721244a4 Fix more doc block errors in lib/ 2014-06-27 22:58:34 -04:00
Bryan Crowe
a1ae31e554 Fix identifier typos 2014-06-26 23:06:08 -04:00
euromark
73dcb2cb91 cs correction 2014-06-26 14:22:34 +02:00
Renan Gonçalves
1a89a3cb9d Exiting with 1 when Exception::getCode() returns non-integer values.
From php.net/exception.getcode
> Returns the exception code as integer in Exception but possibly as other type in Exception descendants (for example as string in PDOException).
2014-06-26 13:26:20 +02:00
euromark
b3507b199a Update doc blocks regarding return $this 2014-06-25 00:06:51 +02:00
José Lorenzo Rodríguez
bf33e1cf57 Merge pull request #3761 from aka-toxa/master
improving acl perfomance
2014-06-24 21:58:30 +02:00
José Lorenzo Rodríguez
3df972faa2 Merge pull request #3782 from cakephp/issue-3779
Whitelist more URL-y characters in digest parsing.
2014-06-24 21:56:40 +02:00
José Lorenzo Rodríguez
e9e09bf19a Merge pull request #3788 from dereuromark/master-composer
Fix composer app issues with cake.php
2014-06-24 21:56:01 +02:00
euromark
05709908a7 Fix composer app issues with cake.php 2014-06-24 17:49:18 +02:00
suzuki86
8f9589f7c8 Fix typo 2014-06-25 00:20:54 +09:00
euromark
26fe1265ab Mark App::pluginPath as deprecated and don't use it anymore. 2014-06-24 11:52:29 +02:00
mark_story
b4bcd74e60 Whitelist more URL-y characters in digest parsing.
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.

Refs #3779
2014-06-23 14:39:35 -04:00
Anatoliy Petrovskiy
ad678e3988 improving acl perfomance 2014-06-23 13:51:52 +03:00
mark_story
59c3b73f7a Skip autoloaders for APCIterator
We can skip autoloaders for this class as it is provided by
a C extension and will never come from userland code.
2014-06-22 21:22:00 -04:00
mark_story
ffe811935c Remove else.
By returning early we can avoid the else statement entirely.
2014-06-20 16:07:47 -04:00
mark_story
e683616329 Apply patch from 'biesbjerg' to ApcEngine
This set of changes allows ApcEngine to work with APCu and newer
versions of APC.

Fixes #3749
2014-06-20 13:59:05 -04:00
Anatoliy Petrovskiy
bb15271622 improving acl perfomance by adding indexes on acl tables and reorganization joins in getting acl node function 2014-06-20 20:49:02 +03:00
euromark
d81d568cc0 make coredispatcher fully BC again 2014-06-20 14:05:18 +02:00
Mark Story
282a5d1cb5 Merge pull request #3731 from cakephp/issue-3656
Fix TextHelper::autoLinkEmail() near HTML

Refs #3656
2014-06-18 09:53:30 -04:00
Mark Story
163cacbd1d Merge pull request #3734 from voycey/patch-1
Add 'research' to the list of uninflected words.
2014-06-18 09:31:54 -04:00
Mark Story
c99c68684b Merge pull request #3646 from nanapi/no-truncate-fixture
Don't truncate test fixtures when the table has been freshly created.
2014-06-18 09:18:24 -04:00
Mark Story
562ed73562 Merge pull request #3726 from dereuromark/master-console-cake-unification
DS console cake unification
2014-06-18 08:55:53 -04:00
Dan Voyce
4915639efb Update Inflector.php
Added Research
2014-06-18 11:48:16 +10:00
euromark
6161aae54e also bring template one in sync. 2014-06-17 13:08:13 +02:00
euromark
a927f5d954 remove wrong App::uses() call 2014-06-17 05:10:19 +02:00
Bryan Crowe
1db10b4dd1 Basic grammar update to BasicAuthenticate docblock 2014-06-16 21:48:35 -04:00
mark_story
9136f63874 Fix autoLinkEmail() not working when emails are adjacent to HTML.
When an email address is adjacent to HTML it should be autolinked
correctly.

Refs #3656
2014-06-16 21:48:30 -04:00
mark_story
74d8e9ea40 Convert test to use a dataprovider instead of multiple calls.
Dataproviders are generally a bit easier to work with in the future.
2014-06-16 21:46:34 -04:00
euromark
a9de83daeb console cake cleanup and unification
remove duplicate define
2014-06-17 02:28:52 +02:00