Commit graph

18087 commits

Author SHA1 Message Date
mark_story
a28158d614 Add additional test for f23d811ff5
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
Mark Story
5b46eb71ec Merge pull request #3397 from steinkel/fix-formhelper-with-model-mock
fixed FormHelper to allow create() on Mock Models without errors
2014-04-26 08:53:43 -04:00
ADmad
68572d8046 Cannot use php 5.4+ array syntax for 2.x. 2014-04-26 17:30:31 +05:30
Jorge González
5cf2ce723c fixed FormHelper to allow create() on Mock Models without errors 2014-04-26 10:33:58 +01:00
mark_story
460204913a Merge branch '2.5' into 2.6 2014-04-25 22:10:14 -04:00
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
Mark Story
4a24d6ea31 Merge pull request #3395 from ADmad/2.4-autolinkurl
Fix auto linking urls with subdomain with underscore.

Fixes #3392
2014-04-25 15:33:24 -04:00
ADmad
27699d1f12 Fix auto linking urls with subdomain with underscore.
Closes #3392
2014-04-25 22:28:34 +05:30
Mark Story
00be120e7a Merge pull request #3381 from planardothum/shell-requires-cli
Add check to abort if $argv is undefined.
2014-04-24 12:32:54 -04:00
Harold Putman
d62e5e1b00 Prevent infinite loop caused when argv not set.
If shell is invoked with the wrong PHP executable (not CLI) and argv is not an array,  array_search on null causes infinite number of error messages.
2014-04-24 11:48:19 -04:00
mark_story
9d19801cfa Clear data and validationErrors *after* calling clearCache().
Having both properties cleaned after clearCache() means that you can use
the model data in specialized clearCache() implementations.

Fixes #3386
2014-04-24 09:19:00 -04:00
Mark Story
5eff011711 Merge pull request #3387 from php-engineer/master-security-test
Correct parameter order
2014-04-24 07:06:12 -04:00
Stefan Dickmann
f90f718e11 change parameter order 2014-04-24 12:54:45 +02:00
ADmad
971a845eb1 Merge pull request #3379 from dereuromark/2.5-inflector
2.5 inflector
2014-04-24 13:13:59 +05:30
mark_story
eeb4e635a4 Merge branch '2.5' into 2.6 2014-04-23 22:22:11 -04:00
mark_story
04edb547f3 Merge branch 'master' into 2.5 2014-04-23 22:21:57 -04:00
mark_story
6f68049bf5 Reject file paths containing ...
Paths containing `..` are generally up to no good. Throw an exception,
as developers can use realpath() if they really need to get relative
paths.

Fixes #3370
2014-04-23 22:20:14 -04:00
mark_story
2333c3d535 Update docs for file().
Mention that relative paths will be prepended with APP.

Refs #3370
2014-04-23 22:15:10 -04:00
euromark
0c036f6370 Remove unncessary language support. 2014-04-23 18:07:08 +02:00
euromark
7e6bc48ef2 Complete Inflector transliterations. 2014-04-23 16:43:44 +02:00
Mark Story
a3ad1c859f Merge pull request #3376 from php-engineer/master-update-composer
update composer.json
2014-04-22 20:53:15 -04:00
Stefan Dickmann
01e95945ce update composer.json 2014-04-22 21:48:22 +02:00
ADmad
466714da62 Merge pull request #3373 from ADmad/2.5-cakeemail
Allow setting only default layout without specifying template in email c...
2014-04-22 23:58:57 +05:30
ADmad
ead494eec1 Allow setting only default layout without specifying template in email config.
Closes #3336
2014-04-22 20:02:36 +05:30
José Lorenzo Rodríguez
bd5ce96388 Merge pull request #3356 from ADmad/2.5-view-paths
Optimize view paths caching for plugins.
2014-04-20 09:20:58 +02:00
ADmad
6bdfdfd436 Optimize view paths caching for plugins.
Closes #2047
2014-04-20 02:02:07 +05:30
mark_story
6de35a357b Merge branch '2.5' into 2.6 2014-04-18 22:14:08 -04:00
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
Mark Story
e9c9e9697d Merge pull request #3319 from dogmatic69/patch-1
Fix closing non resource
2014-04-14 11:41:44 -04:00
Carl Sutton
5ac60288fd Fix closing non resource
I get a load of these errors when running tests in the shell, this check stops the errors from happening

Warning: 2 :: fclose() expects parameter 1 to be resource, integer given on line 298 of CORE\Cake\Console\ConsoleOutput.php
Trace:
fclose - [internal], line ??
ConsoleOutput::__destruct() - CORE\Cake\Console\ConsoleOutput.php, line 298
ToolbarComponent::_saveState() - APP\Plugin\DebugKit\Controller\Component\ToolbarComponent.php, line 307
ToolbarComponent::beforeRedirect() - APP\Plugin\DebugKit\Controller\Component\ToolbarComponent.php, line 307
ObjectCollection::trigger() - CORE\Cake\Utility\ObjectCollection.php, line 132
call_user_func - [internal], line ??
CakeEventManager::dispatch() - CORE\Cake\Event\CakeEventManager.php, line 247
Controller::redirect() - CORE\Cake\Controller\Controller.php, line 765
AuthComponent::_unauthenticated() - CORE\Cake\Controller\Component\AuthComponent.php, line 364
AuthComponent::startup() - CORE\Cake\Controller\Component\AuthComponent.php, line 304
ObjectCollection::trigger() - CORE\Cake\Utility\ObjectCollection.php, line 132
call_user_func - [internal], line ??
CakeEventManager::dispatch() - CORE\Cake\Event\CakeEventManager.php, line 247
Controller::startupProcess() - CORE\Cake\Controller\Controller.php, line 675
Dispatcher::_invoke() - CORE\Cake\Routing\Dispatcher.php, line 182
Dispatcher::dispatch() - CORE\Cake\Routing\Dispatcher.php, line 160
2014-04-14 14:15:46 +01:00
José Lorenzo Rodríguez
b9b1e85ff2 Merge pull request #3316 from bcrowe/hotfix-controller-template
Add newline after actions in controller template
2014-04-14 09:10:39 +02:00
ADmad
3f88709513 Merge pull request #3308 from cakephp/asset-dispatcher-fix
Don't 404 extensions that could be handled by routing.
2014-04-14 10:45:49 +05:30
Bryan Crowe
1a73906a50 Fix failing NoActions comparison test 2014-04-13 23:28:13 -04:00
Bryan Crowe
f7cc0c1802 Add newline after actions in controller template 2014-04-13 21:56:27 -04:00
mark_story
f1b57d14ab Revert changed added in #2750.
While the had the potential to make 404s going through AssetDispatcher
much faster, they broke plugins + extension routing. While explicit
extensions could be fixed, routing all extensions could not. Because we
are trying to keep 2.x as API compatible as possible it makes sense to
revert the previous changes.
2014-04-13 20:00:34 -04:00
mark_story
749f2b99d9 Don't 404 extensions that could be handled by routing.
Fixes an error in #2750 where routed extensions would always return
404's for plugin requests. When a file extenion could be handled by
router, AssetDispatcher cannot 404 the request.

Refs #3305
2014-04-13 06:48:51 -04:00
mark_story
d4ae2b0b88 Correct types for Validation::range().
Refs #3304
2014-04-13 06:16:24 -04:00
Mark Story
4b1d2b06c9 Merge pull request #3302 from dereuromark/2.5-webtestrunner
Fix CakeHtmlReporter output for HTML
2014-04-12 08:07:09 -04:00
euromark
4f3578ebda Fix CakeHtmlReporter output for HTML 2014-04-12 13:37:36 +02:00
Mark Story
d2fa1b444f Merge pull request #3301 from ubermaniac/Sqlserver-trim
Trim $sql before checking for SELECT
2014-04-11 18:48:41 -04:00
Joseph Woodruff
9aeea2fcc3 Trim $sql before checking for SELECT 2014-04-11 15:25:07 -06:00
Mark Story
fc1c686c31 Merge pull request #3297 from young-steveo/AclComponent-documentation-fix
Updated AclComponent documentation
2014-04-11 16:17:55 -04:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
mark_story
0fb1f82416 Bump version for 2.6.0-dev. 2014-04-10 22:28:17 -04:00
mark_story
6122869d89 Update version number to 2.5.0-RC1 2014-04-10 20:54:20 -04:00
mark_story
bf9c3029cb Merge branch 'master' into 2.5 2014-04-10 20:51:49 -04:00
mark_story
3e579571aa Merge branch 'hash-fix' from glaforge/patch-1 into master.
Closes #3288
2014-04-10 20:37:34 -04:00
mark_story
c6173a0054 Add tests for #3288 and remove nested ternaries.
Nested ternaries are complicated to maintain and hard to read. Break
down the nested ternary into two conditionals.
2014-04-10 20:37:08 -04:00
Mark Story
c24304fc53 Merge pull request #3287 from dereuromark/2.5-bc-fix
Revert the removal of a BC relevant part.
2014-04-10 20:29:16 -04:00