When a fullBaseURL is being used we should check for the exact base
string being a prefix and not just the string length as it could be full
of garbage.
Fixes#15163
See https://book.cakephp.org/2.0/en/controllers/request-response.html#accessing-request-parameters and https://api.cakephp.org/2.10/source-class-UpgradeShell.html#345-403
* Initialize $params to null
* Document more magic properties, trigger deprecated notices
* Use $controller->request->params instead $controller->params
* Remove unused variable
* Improve documentation, add type checks.
* It seems like $this->uses can also be of type false; however, parameter
$array of array_unshift() does only seem to accept array.
* Declare undeclared property
* Add extra type checks
* Adjust type check
* Improve documentation, initiate uninitialized variables.
* Improve documentation, reset variable
In eaa2bbbcae I changed the behavior to
now use the TitleCased name as I didn't understand the intended behavior
or how apache was working in the reporter's specific case.
Refs #9229
The client_ip header can easily be forged. In 'safe' modes we should
only trust the remote_addr which comes from the sapi. Remove support for
http_clientaddress as I can't seem to find where this ever came from in
PHP on the http specs.
This fixes a regression introduced in that change that we didn't
previously have tests for. The issue fixed in #8359 was related to
PHP7.0, whereas PHP5 didn't have an issue. Now both versions will work
the same.
exemple
i have to get the referrer url from any page if exists
```
class AppController extends Controller {
......
public function beforeRender() {
parent::beforeRender();
$this->params['referer'] = $this->referer(null, true);
}
..........
}
```
Not all webservers set CONTENT_TYPE. The built-in PHP webserver for
example sets HTTP_CONTENT_TYPE instead. Add a public method to the
request object to smooth over this difference.
Refs #6051, #8267
Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.
