mark_story
2096d3f632
Clamp limit values to be unsigned integers.
...
This solves large page numbers potentially turning into scientific
notation when being formatted into queries. It also further safeguards
against SQL manipulation.
Refs #GH-1263
2013-05-02 22:36:50 -04:00
mark_story
37ce6dfc81
Only allow sort fields that match the current object alias.
...
Instead of modifying aliases that do not match, only allow aliases that
do match.
Refs #3803
2013-04-30 12:41:42 -04:00
euromark
09d9efe235
spelling corrections (a url to an URL, unify URL)
2013-04-29 11:05:17 +02:00
mark_story
62186ac8da
Merge branch 'master' into 2.4
...
Conflicts:
lib/Cake/VERSION.txt
2013-04-28 17:00:30 -04:00
mark_story
c327bdc4bd
Enforce model aliases when generating order by clauses.
...
Invalid SQL could be created by sorting on an invalid alias, with
a field that exists on the model.
Fixes #3797
2013-04-27 13:29:29 -04:00
ADmad
19f8274a95
Merge branch 'master' into 2.4
...
Conflicts:
lib/Cake/VERSION.txt
2013-04-25 03:06:04 +05:30
Jose Lorenzo Rodriguez
db6dd18f86
Fixing case where it was possible to pass array data to FormAuthenticate
...
fields
2013-04-24 22:33:24 +02:00
ADmad
3db632732c
Avoid unnecessary overhead if user record already available from session.
2013-04-23 01:35:04 +05:30
mark_story
3fc627c5f8
Merge branch 'master' into 2.4
...
Conflicts:
lib/Cake/Controller/Component/AuthComponent.php
lib/Cake/Error/ErrorHandler.php
lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
lib/Cake/View/Helper/HtmlHelper.php
2013-03-30 22:12:27 -04:00
ADmad
342bf65811
Ensure referrer is saved in session even when AuthComponent::$loginRedirect is set.
...
Clarified redirectUrl() docblock.
2013-03-27 15:11:02 +05:30
Ceeram
89ecd95e55
fix failing tests
2013-03-18 18:47:05 +01:00
Ceeram
b28ea65b24
stop execution when unauthenticated, to prevent the page to show when canceling auth popup
2013-03-18 15:41:34 +01:00
ADmad
8e299fc404
Move 'Auth.redirect' session value clearing from AuthComponent::shutdown() to prevent unnecessary session start.
...
Closes #3702
2013-03-14 12:42:21 +05:30
ADmad
b7834a2b16
Implemented stateless login for Auth
2013-03-10 00:11:35 +05:30
mark_story
8209097bc3
Merge branch 'master' into 2.4
2013-03-09 12:40:59 -05:00
Adam Taylor
433dd09ec4
Fix typos
2013-03-05 00:05:14 -07:00
mark_story
4b13e0a5f2
Merge branch 'master' into 2.4
...
Conflicts:
lib/Cake/VERSION.txt
2013-03-04 21:55:29 -05:00
mark_story
d9fbe5e00a
Tidy up doc blocks.
...
These kind of changes make tidyier method summaries in apigen.
2013-02-26 21:43:53 -05:00
mark_story
d1c88ebf8a
Merge branch 'master' into 2.4
...
Conflicts:
lib/Cake/Log/Engine/FileLog.php
lib/Cake/Utility/Validation.php
lib/Cake/View/Helper/HtmlHelper.php
2013-02-24 20:24:26 -05:00
euromark
111366d5c8
== to === and != to !== where applicable
2013-02-12 03:38:08 +01:00
ADmad
49157d83ae
Breaking down AuthComponent::startup() into multiple methods for easier management and extension.
2013-02-10 13:49:07 +05:30
ADmad
a7c751922d
Replace loose comparison with casting to boolean.
...
In any case AuthComponent::user() returns null not empty array when user isn't logged in.
2013-02-10 12:16:20 +05:30
mark_story
fee6172958
Update docs for SecurityComponent::requireAuth()
2013-02-09 14:06:24 -05:00
mark_story
e4110b1e01
Deprecate features in SecurityComponent
...
These features are available in CakeRequest now. The CakeRequest
version is improved as it raises more appropriate exceptions.
2013-02-09 13:57:55 -05:00
ADmad
a9bbfd80c7
Added type hinting
2013-02-09 18:09:11 +05:30
Graham Weldon
66d856d883
Added extra line for referencing license file for copyright
2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4
This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years.
...
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
2013-02-08 20:59:49 +09:00
mark_story
00078e007c
Import ClassRegistry before using.
...
Fixes #3594
2013-02-01 10:46:25 -05:00
ADmad
04ec9dd614
Renamed AuthComponent::redirect() to AuthComponent::redirectUrl().
...
Closes #3268
2013-01-27 21:22:11 +05:30
mark_story
4af6039107
Merge branch 'master' into 2.3
...
Conflicts:
lib/Cake/Console/Command/Task/ModelTask.php
lib/Cake/Model/Model.php
2013-01-26 21:16:26 -05:00
mark_story
631da2d04a
Update doc block.
2013-01-18 11:05:02 -05:00
ADmad
676872d623
Allow AuthComponent::$unauthorizedRedirect to be an url.
...
Closes #3494
2013-01-12 11:25:13 +05:30
Mark Story
e7330fa585
Merge pull request #1067 from ceeram/paginatecount
...
Avoid calling paginateCount when there are no results.
2013-01-11 18:09:32 -08:00
euromark
11a88042bd
fix doc block endings
2013-01-11 15:06:54 +01:00
Ceeram
88240b2874
avoid paginate count when no results
2013-01-10 16:39:07 +01:00
mark_story
4c98e39c1f
Merge branch 'master' into 2.3
...
Conflicts:
lib/Cake/Controller/Component/SecurityComponent.php
2012-12-29 11:44:59 -05:00
mark_story
1117ad2f1c
Blackhole requests when the action is the blackhole callback.
...
When a user requests the blackhole callback as an action we should
blackhole that request. The blackhole callback should not be URL
accessible.
Fixes #3496
2012-12-29 11:43:06 -05:00
José Lorenzo Rodríguez
5551727a4b
Merge pull request #1051 from ADmad/2.3-paginatorcomponent
...
Throw exception if requested page number is out of range.
2012-12-28 05:52:55 -08:00
ADmad
594a19c4e1
Fix docblock
2012-12-28 02:02:05 +05:30
ADmad
fd16b8a1e5
Throw exception if requested page number is out of range.
...
Closes #3459
2012-12-28 01:37:25 +05:30
Ceeram
3f4d24bfc0
remove unused local variables and a few improvements
2012-12-23 13:53:13 +01:00
euromark
b811afbc44
double spaces to single ones
2012-12-22 23:48:15 +01:00
euromark
2b1e5b02b5
code cleanup
2012-12-21 00:40:12 +01:00
mark_story
8b0a7ee13d
Merge branch 'master' into 2.3
...
Conflicts:
lib/Cake/VERSION.txt
2012-12-07 20:53:10 -05:00
euromark
881127ef4d
unify new lines at the end of the file
2012-12-05 15:00:24 +01:00
ADmad
06c3f01af6
Fix docblock
2012-12-04 03:18:35 +05:30
ADmad
1de8ed18de
Avoiding specifying 'maxLimit' too when setting 'limit' greater than default 'maxLimit' in code.
2012-11-30 11:26:10 +05:30
ADmad
72d6ca636f
Docblock fixes
2012-11-29 04:36:29 +05:30
mark_story
739982addb
Merge branch 'master' into 2.3
...
Conflicts:
lib/Cake/View/Helper.php
2012-11-25 23:33:16 -05:00
mark_story
b41705f59e
Set headerCharset in EmailComponent.
...
Apply patch from 'Shota Watanabe', that sets headerCharset on CakeEmail
instances created from within EmailComponent.
Fixes #3398
2012-11-25 23:00:43 -05:00
Ceeram
eadc3a75e5
fix coding standards
2012-11-21 15:39:03 +01:00
Heath Nail
895fcac0cd
Improve Blowfish Docblocks
2012-11-12 14:36:43 -05:00
mark_story
e0aab77dab
Merge branch 'master' into 2.3
...
Conflicts:
app/Config/Schema/i18n.php
lib/Cake/I18n/Multibyte.php
lib/Cake/Test/Case/Log/CakeLogTest.php
lib/Cake/Test/Case/Routing/DispatcherTest.php
2012-11-10 21:33:26 -05:00
mark_story
3de72baeb1
Remove int cast from authentication adapters.
...
Forcing an int cast makes using the contain option difficult as you are
also required to manually set the recursive option. Omitting the
cast allows recursive to be set to null.
Fixes #3347
2012-11-06 20:27:28 -05:00
dogmatic69
641ba9f3e6
Merge branch '2.3' into type-checks
...
Conflicts:
lib/Cake/Error/ExceptionRenderer.php
lib/Cake/Routing/Dispatcher.php
2012-10-24 19:03:44 +01:00
mark_story
f457f07b5c
Force field validation to use sha1
...
When using blowfish as your application's hashing strategy, form field
validation would fail horribly. Forcing sha1 fixes this and restores
behavior consistent with 2.2.x
Fixes #3280
2012-10-18 21:26:26 -04:00
Adam Taylor
4090c2e932
Remove trailing whitespace from comments
...
See http://groups.google.com/d/topic/cakephp-core/fuHTYMKVJno/discussion
2012-10-15 18:19:37 -06:00
ADmad
1c0492eb8b
Allow throwing exception instead of redirecting upon unauthorized access attempt. Closes #591
2012-10-04 18:40:57 +05:30
dogmatic69
408e619c9f
Merge branch '2.3' into type-checks
...
Conflicts:
lib/Cake/Console/Command/Task/ModelTask.php
lib/Cake/Controller/Component/RequestHandlerComponent.php
lib/Cake/Model/Datasource/Database/Mysql.php
lib/Cake/Utility/CakeNumber.php
2012-10-01 02:08:00 +01:00
euromark
b47e3a7d92
move charset/App.encoding into CakeResponse
2012-09-27 20:28:19 +02:00
Jose Lorenzo Rodriguez
d5c9d97dc1
Merge remote-tracking branch 'origin/master' into 2.3
...
Conflicts:
lib/Cake/Model/Behavior/TranslateBehavior.php
lib/Cake/Model/CakeSchema.php
lib/Cake/Utility/CakeTime.php
lib/Cake/Utility/ClassRegistry.php
lib/Cake/View/MediaView.php
2012-09-25 16:36:03 +02:00
dogmatic69
8dc4de5de8
converting if ($foo != false) to if ($foo)
2012-09-21 23:32:52 +01:00
dogmatic69
b1f26b59a3
converting if ($foo != null) to if ($foo)
2012-09-21 23:30:43 +01:00
euromark
213d4caa85
coding standards
2012-09-20 01:50:15 +02:00
dogmatic69
aa87791432
replacing is_integer() with is_int()
2012-09-15 11:15:01 +01:00
Mark Story
89c98233b5
Merge pull request #843 from dereuromark/2.3-ticket-3172
...
check() for CookieComponent and Configure
2012-09-14 18:22:34 -07:00
euromark
6d3e0a25b2
save some memory usage (PHP < 5.4) in case of huge content and cut off the isset call
2012-09-15 02:33:05 +02:00
Mark Story
a5481f1c2c
Merge pull request #839 from dogmatic69/cleanup-request-handler
...
Cleaning up the RequestHandlerCompoent
2012-09-14 12:36:39 -07:00
dogmatic69
22a2e1b51e
converting $foo == / $foo == 0 to !$foo (and a few $foo === 0)
2012-09-14 18:42:25 +01:00
dogmatic69
cf8fccae96
converting $foo == null / $foo == false to !$foo
2012-09-14 18:26:30 +01:00
dogmatic69
e09bf02467
Cleaning up the RequestHandlerCompoent
...
removing redundant code and shifting a few things around so there
are less nested ifs and making things easier to follow.
Removing some variable setting, returning function calls instead.
2012-09-14 17:19:40 +01:00
Mark Story
ec4333de29
Merge pull request #845 from dogmatic69/security-component-cleanup
...
You cant pass func_get_args() in PHP < 5.3
2012-09-14 08:17:11 -07:00
dogmatic69
c7faad9f78
You cant pass func_get_args() in PHP < 5.3
2012-09-14 15:29:48 +01:00
mark_story
0282194c20
Make permission denied redirects host relative.
...
This helps fix infinite redirect loops when HTTP_X_FORWARDED_HOST is
set, and fixes redirects back to external domains on authentication
errors.
Fixes #3207
2012-09-14 09:39:45 -04:00
dogmatic69
2c70319d27
Cleaning up the AuthComponent
...
Simplify if statements, return early and less variable use
2012-09-14 01:50:24 +01:00
Mark Story
51e0715001
Merge pull request #838 from dogmatic69/security-component-cleanup
...
cleaning up the code, removing extra variables set and un-needed else
2012-09-13 14:50:37 -07:00
dogmatic69
bf18fc4dda
cleaning up the code, removing extra variables set and un-needed else
2012-09-13 22:10:57 +01:00
dogmatic69
eb98fed1e3
Cleaning up the paginator component by removing extra else statements and shifting code around.
2012-09-13 21:49:21 +01:00
Ceeram
0b0d83f261
remove cookie reading in startup
2012-09-07 00:04:03 +02:00
Kyle Robinson Young
bc40ac7d3f
Remove unused variables and code
2012-09-05 17:19:13 -07:00
mark_story
6664acba79
Merge branch 'master' into 2.3
...
Conflicts:
lib/Cake/VERSION.txt
2012-09-05 20:15:36 -04:00
Kyle Robinson Young
602240c08e
Fix $readReceipt variable in EmailComponent::send
2012-09-05 12:49:09 -07:00
euromark
2170d87488
check() for CookieComponent and Configure (similar to CakeSession::check()
)
2012-09-04 01:04:48 +02:00
mark_story
6a95b5746a
Remove un-necessary parameter.
2012-08-30 14:48:13 +01:00
mark_story
19c2a58185
Fix strict errors.
2012-08-30 14:46:29 +01:00
Ceeram
f1ce3f9ae5
remove settings parameter from initialize as this is not being passed. only the constructor gets settings passed
2012-08-27 11:42:57 +02:00
Thom Seddon
f3ba2bdb7d
Remove legacy test for all actions allowed (*) in startup and tidy code
2012-08-24 19:30:25 +01:00
Mark Story
fe3d99cdfc
Merge pull request #775 from sitedyno/BlowfishAuthenticate
...
Add BlowfishAuthenticate adapter.
2012-08-23 13:16:34 -07:00
Heath Nail
d24bbcb255
Add BlowfishAuthenticate adapter.
2012-08-23 11:23:51 -04:00
mark_story
c83e941497
Merge branch 'master' into 2.3
2012-08-15 21:00:49 -04:00
mark_story
cdc70fc427
Make RequestHandlerComponent better simulate GET requests.
...
Modify the global state to simulate a GET request. This avoids issues
where PUT data would be processed during simulated redirect.
Fixes #3113
2012-08-14 12:46:47 -04:00
Ceeram
21431cba64
Add viewClass map method to RequestHandler component, to map content types to viewclass.
2012-08-10 09:54:22 +02:00
Tigran Gabrielyan
617d470427
Renamed disabledActions to unlockedActions
2012-08-03 11:01:19 -07:00
Tigran Gabrielyan
df8ec17626
Added disabledActions
feature to SecurityComponent
2012-08-02 18:27:52 -07:00
mark_story
d94cdc67fe
Merge branch 'master' into 2.3
2012-07-27 22:38:24 -04:00
Spencer Ellinor
8a41fb0c34
Fix issue and remove unneccesary code. The (fixed) conditional doesn't do anything, since if Hash::get returns null, the function still returns null.
2012-07-25 15:09:22 -04:00
Mark Story
f77bebcc38
Merge pull request #730 from dereuromark/2.3-missing-app-uses
...
another correction for app uses
2012-07-21 18:50:52 -07:00
euromark
93eb8c2c58
another correction for app uses
2012-07-22 03:38:39 +02:00
mark_story
71507796c7
Add docs.
2012-07-21 21:35:45 -04:00
euromark
4fe1ab1bf6
missing app uses statements
2012-07-21 13:34:33 +02:00