adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
19333 commits 7 branches 0 tags 44 MiB
Commit graph

71 commits

Author SHA1 Message Date
chinpei215
a6b0271560 Remove Security::engine() 
We disscussed and decided to avoid auto selecting which extension to use.
Instead, call Configure::write('Security.useOpenSsl', true) manually.
 2018-02-24 12:17:51 +09:00
chinpei215
fc397bd481 Pass MCRYPT_DEV_URANDOM to mcrypt_create_iv() explicitly 2018-01-20 00:25:35 +09:00
chinpei215
5289aae64e Change Security::randomBytes() to fallback to mcrypt_create_iv() 2018-01-19 23:54:58 +09:00
chinpei215
d7ed0339b1 Make mcrypt optional 
Now Security::encrypt() and Security::decrypt() works with openssl
if the mcrypt extension is unavailable.
Note that Security::rijndael() doesn't work with openssl.
 2018-01-19 23:54:53 +09:00
mark_story
aaa37fa809 Merge branch '2.next' of github.com:cakephp/cakephp into 2.next 2017-06-26 21:51:55 -04:00
Marc Würth
da8414e13b Use HTTPS for the opensource.org MIT license URL 2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50 Use HTTPS for the book.cakephp.org URL 2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9 Use HTTPS for the cakefoundation.org URL 2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15 Use HTTPS for the cakephp.org URL 2017-06-10 23:40:28 +02:00
Ikuo Degawa
655a5fe0ae Fix broken cookie issue #10724 
This change makes Security::cipher() encoding and decoding same as 2.7 and below.
 2017-06-10 15:20:25 +09:00
Marc Würth
5c184190c5 Improve doc block 2016-11-17 14:55:01 +01:00
mark_story
efc2526600 Appease PHPCS. 2016-05-03 17:46:29 -04:00
mark_story
b6d631b987 Use strlen(). Comparing a string against a length will not do the right thing. 2016-05-03 17:27:16 -04:00
mark_story
8b5023282e Randomly generate a salt when the salt is '' or null. 
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.

Refs #8650
 2016-04-15 21:49:17 -04:00
mark_story
7e5f56362f Deprecate bad methods. 
These methods are bad and should feel bad.
 2016-02-22 00:16:15 -05:00
mark_story
7df99fff1f Backport Security::randomBytes() to 2.x 
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.

I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.

Refs #8282
 2016-02-22 00:14:44 -05:00
Larry E. Masters
6a68032e0b FIxing srand() expects parameter 1 to be integer, string given 
Type casting to integer
 2015-12-13 14:18:59 -06:00
Mark Scherer
52e79987a2 Replacing self with static due to PHP5.3+. Following #7040. 2015-07-21 10:22:53 +02:00
mark_story
ac9a212d44 Merge branch 'master' into 2.7 
Conflicts:
	lib/Cake/Utility/String.php
 2015-01-11 15:25:18 -05:00
antograssiot
c2f298a8b7 Replace our custom code fence with markdown standard fence 2015-01-09 13:47:25 +01:00
euromark
52ecccb1a2 App::uses and usage replacements for String => CakeText. 2015-01-05 01:00:57 +01:00
Marc Würth
67ba9cb406 Update all @deprecated annotations 
to adhere to the @deprecated <version> <description> format, where version and description are mandatory.
 2014-09-02 17:03:22 +02:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines. 
Remove superfluous empty lines.
 2014-07-03 15:36:42 +02:00
mark_story
390441d3b9 Accept older blowfish hashes. 
Both `2a` and `2x` are valid types of blowfish hashes, that while being
older should be accepted.

Backport 00c94bd582b83f8b92228b750aea0e8816a4ea89 from 3.x to 2.5.x,
I see this as a bug fix as it fixes incompatibilities with hashes
created by hash_password().

Refs #3575
 2014-05-28 22:53:21 -04:00
ADmad
7a4244d0a6 More docblock CS fixes. 2014-05-28 22:09:54 +05:30
mark_story
2c5d96e916 Merge branch 'master' into 2.5 
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
 2014-02-16 14:24:19 -05:00
ADmad
54a395cc3e Updated docblock. 
BlowfishAuthenticate is deprecated.
 2014-02-13 17:54:53 +05:30
ADmad
8a666fb37e Don't throw exception when trying to encrypt falsey value. 2013-12-15 19:28:56 +05:30
ADmad
dda6080579 Merge branch 'master' into 2.5 2013-11-19 00:27:12 +05:30
Marc Würth
229bd69903 Added link to three hash methods 2013-11-17 03:40:39 +01:00
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks 
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
 2013-11-13 22:58:39 +01:00
mark_story
13b870d7e1 Fix coding standards error. 2013-09-01 21:44:45 -04:00
mark_story
95ad5f5c78 Add hmac to encrypted data. 
Using an HMAC ensures that the ciphertext has not been
modified.
 2013-08-29 14:40:01 -04:00
mark_story
c5092851d1 Fix compatibility with PHP 5.2 2013-08-27 23:03:08 -04:00
mark_story
215d43eb06 Add encrypt() and decrypt() methods. 
These methods use AES-256 and provide a simple to use API with easy to
remember names.
 2013-08-27 21:20:22 -04:00
dmromanov
56ef44f495 Excluded method names from several tanslation strings 
Removed unnecessary sprintfs
 2013-08-16 13:42:28 +04:00
mark_story
26769edd04 Merge branch 'master' into 2.4 
Conflicts:
	lib/Cake/Utility/CakeTime.php
	lib/Cake/VERSION.txt
 2013-08-12 14:39:02 -04:00
Marc Würth
7d4f229310 Fixed statement about Security:hash's salt parameter 
Just nitpicking, but it prepends the salt, not appends it:
https://github.com/cakephp/cakephp/blob/master/lib/Cake/Utility/Security.php#L120
 2013-08-12 12:52:34 +02:00
euromark
b09dc7213a deprecate Controller::flash() and adjust some other deprecation messages. 2013-08-12 12:51:12 +02:00
Marc Würth
4c9f0414cb Improved the DocBlocks and other code cleanup 
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
 2013-05-31 00:11:19 +02:00
mark_story
06e7ba66c9 Update docs for Security::cipher() 
This method is not cryptographically strong. Note that, and the
issues related to suhosin.

Related to #GH-1100
 2013-05-06 23:03:20 -04:00
Adam Taylor
433dd09ec4 Fix typos 2013-03-05 00:05:14 -07:00
euromark
111366d5c8 == to === and != to !== where applicable 2013-02-12 03:38:08 +01:00
mark_story
974ac44fb4 Use random iv values in rijndael. 
Using fixed iv values has a number of known problems like dictionary
attacks against the cipher key. Use a random iv value for all future
encrpyted values. Provide backwards compatibility for values encrypted
with fixed iv's, and silently upgrade values for enhanced security.
 2013-02-09 20:48:27 -05:00
mark_story
613aa19d94 Use constants instead of strings. 
Using built-in constants where possible is generally a good idea,
making code less error prone.
 2013-02-09 14:14:27 -05:00
Graham Weldon
66d856d883 Added extra line for referencing license file for copyright 2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4 This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years. 
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
 2013-02-08 20:59:49 +09:00
AD7six
51946ff8fd Remove Security.level from core.php 
it's not used by cake, and it can confuse users familiar with 1.3
that this setting exists yet doesn't do anything in later versions
 2013-01-22 09:56:01 +01:00
euromark
b811afbc44 double spaces to single ones 2012-12-22 23:48:15 +01:00
mark_story
27d7e2865e Merge branch 'master' into 2.3 
Conflicts:
	lib/Cake/Console/Command/ConsoleShell.php
	lib/Cake/Network/CakeSocket.php
	lib/Cake/Network/Http/HttpResponse.php
	lib/Cake/Utility/Folder.php
	lib/Cake/View/MediaView.php
	lib/Cake/basics.php
 2012-11-20 23:02:33 -05:00