Commit graph

546 commits

Author SHA1 Message Date
mark_story
dcf7df39d2 Merge branch 'master' into 2.4 2013-06-21 17:47:37 -04:00
Marc Würth
2418ea0a57 Fixed typo in AuthComponent::redirectUrl 2013-06-21 16:49:31 +02:00
Rachman Chavik
0d486bdab4 AuthComponent: Allow suppressing authError message
When unauthenticated users accesses protected areas, they are greeted
with the default 'You are not allowed to access that location' which is
not desired in some cases.

This patch allows applications to suppress this message by setting
AuthComponent::authError to false bypassing the call to
SessionComponent::setFlash() altogether.

Refs: https://github.com/croogo/croogo/pull/175#discussion_r4714240
2013-06-17 09:33:59 +07:00
mark_story
cd3c54bb9d Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-06-10 22:12:10 -04:00
euromark
4518624187 more whitespace coding standard corrections 2013-06-09 17:39:48 +02:00
ADmad
636cc8c103 Merge branch 'master' into 2.4 2013-06-09 18:08:32 +05:30
mark_story
3aa189eb3a Fix cookie expiry time calculation on 32bit systems.
strtotime() misbehaves on 32bit systems when the resulting timestamp
would overflow an integer. Use a DateTime to workaround this issue.

Fixes #3868
2013-06-03 20:16:18 -04:00
ADmad
f3c69c9f40 docblock updates 2013-06-03 01:04:00 +05:30
ADmad
3303a2cda1 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Templates/skel/Config/Schema/db_acl.php
	lib/Cake/Console/Templates/skel/Config/Schema/i18n.php
	lib/Cake/Console/Templates/skel/Config/Schema/sessions.php
	lib/Cake/Console/Templates/skel/Config/acl.ini.php
	lib/Cake/Console/Templates/skel/Config/acl.php
	lib/Cake/Console/Templates/skel/Config/bootstrap.php
	lib/Cake/Console/Templates/skel/Config/core.php
	lib/Cake/Console/Templates/skel/Config/database.php.default
	lib/Cake/Console/Templates/skel/Config/email.php.default
	lib/Cake/Console/Templates/skel/Config/routes.php
	lib/Cake/Console/Templates/skel/Console/Command/AppShell.php
	lib/Cake/Console/Templates/skel/Console/cake.bat
	lib/Cake/Console/Templates/skel/Console/cake.php
	lib/Cake/Console/Templates/skel/Controller/AppController.php
	lib/Cake/Console/Templates/skel/Controller/PagesController.php
	lib/Cake/Console/Templates/skel/Model/AppModel.php
	lib/Cake/Console/Templates/skel/View/Errors/error400.ctp
	lib/Cake/Console/Templates/skel/View/Errors/error500.ctp
	lib/Cake/Console/Templates/skel/View/Helper/AppHelper.php
	lib/Cake/Console/Templates/skel/View/Layouts/Emails/html/default.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/ajax.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/default.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/error.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/flash.ctp
	lib/Cake/Console/Templates/skel/View/Pages/home.ctp
	lib/Cake/Console/Templates/skel/index.php
	lib/Cake/Console/Templates/skel/webroot/index.php
	lib/Cake/Console/Templates/skel/webroot/test.php
2013-06-02 18:03:59 +05:30
Marc Würth
4c9f0414cb Improved the DocBlocks and other code cleanup
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
2013-05-31 00:11:19 +02:00
ADmad
00f972f033 Deprecated AuthComponent::password() 2013-05-27 00:25:42 +05:30
ADmad
56fa0dccda Remove unnecessary overriding of '_findUser()' in 'DigestAuthenticate'. 2013-05-26 12:31:40 +05:30
ADmad
dd2892ad8d Added password hasher 2013-05-26 11:29:06 +05:30
ADmad
fb86859585 Merge branch 'master' into 2.4 2013-05-19 14:37:41 +05:30
mark_story
e23c4ffad9 Fix empty response bodies when redirect URL's are empty.
When redirecting XHR requests to an empty URL the response body should
not be overwritten.

Fixes #3835
2013-05-17 16:33:08 -04:00
ADmad
a10275fb8b Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/Model/Datasource/Database/PostgresTest.php
2013-05-05 14:36:46 +05:30
mark_story
2096d3f632 Clamp limit values to be unsigned integers.
This solves large page numbers potentially turning into scientific
notation when being formatted into queries. It also further safeguards
against SQL manipulation.

Refs #GH-1263
2013-05-02 22:36:50 -04:00
mark_story
37ce6dfc81 Only allow sort fields that match the current object alias.
Instead of modifying aliases that do not match, only allow aliases that
do match.

Refs #3803
2013-04-30 12:41:42 -04:00
euromark
09d9efe235 spelling corrections (a url to an URL, unify URL) 2013-04-29 11:05:17 +02:00
mark_story
62186ac8da Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-04-28 17:00:30 -04:00
mark_story
c327bdc4bd Enforce model aliases when generating order by clauses.
Invalid SQL could be created by sorting on an invalid alias, with
a field that exists on the model.

Fixes #3797
2013-04-27 13:29:29 -04:00
ADmad
19f8274a95 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-04-25 03:06:04 +05:30
Jose Lorenzo Rodriguez
db6dd18f86 Fixing case where it was possible to pass array data to FormAuthenticate
fields
2013-04-24 22:33:24 +02:00
ADmad
3db632732c Avoid unnecessary overhead if user record already available from session. 2013-04-23 01:35:04 +05:30
mark_story
3fc627c5f8 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/AuthComponent.php
	lib/Cake/Error/ErrorHandler.php
	lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
	lib/Cake/View/Helper/HtmlHelper.php
2013-03-30 22:12:27 -04:00
ADmad
342bf65811 Ensure referrer is saved in session even when AuthComponent::$loginRedirect is set.
Clarified redirectUrl() docblock.
2013-03-27 15:11:02 +05:30
Ceeram
89ecd95e55 fix failing tests 2013-03-18 18:47:05 +01:00
Ceeram
b28ea65b24 stop execution when unauthenticated, to prevent the page to show when canceling auth popup 2013-03-18 15:41:34 +01:00
ADmad
8e299fc404 Move 'Auth.redirect' session value clearing from AuthComponent::shutdown() to prevent unnecessary session start.
Closes #3702
2013-03-14 12:42:21 +05:30
ADmad
b7834a2b16 Implemented stateless login for Auth 2013-03-10 00:11:35 +05:30
mark_story
8209097bc3 Merge branch 'master' into 2.4 2013-03-09 12:40:59 -05:00
Adam Taylor
433dd09ec4 Fix typos 2013-03-05 00:05:14 -07:00
mark_story
4b13e0a5f2 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-03-04 21:55:29 -05:00
mark_story
d9fbe5e00a Tidy up doc blocks.
These kind of changes make tidyier method summaries in apigen.
2013-02-26 21:43:53 -05:00
mark_story
d1c88ebf8a Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Log/Engine/FileLog.php
	lib/Cake/Utility/Validation.php
	lib/Cake/View/Helper/HtmlHelper.php
2013-02-24 20:24:26 -05:00
euromark
111366d5c8 == to === and != to !== where applicable 2013-02-12 03:38:08 +01:00
ADmad
49157d83ae Breaking down AuthComponent::startup() into multiple methods for easier management and extension. 2013-02-10 13:49:07 +05:30
ADmad
a7c751922d Replace loose comparison with casting to boolean.
In any case AuthComponent::user() returns null not empty array when user isn't logged in.
2013-02-10 12:16:20 +05:30
mark_story
fee6172958 Update docs for SecurityComponent::requireAuth() 2013-02-09 14:06:24 -05:00
mark_story
e4110b1e01 Deprecate features in SecurityComponent
These features are available in CakeRequest now. The CakeRequest
version is improved as it raises more appropriate exceptions.
2013-02-09 13:57:55 -05:00
ADmad
a9bbfd80c7 Added type hinting 2013-02-09 18:09:11 +05:30
Graham Weldon
66d856d883 Added extra line for referencing license file for copyright 2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4 This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years.
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
2013-02-08 20:59:49 +09:00
mark_story
00078e007c Import ClassRegistry before using.
Fixes #3594
2013-02-01 10:46:25 -05:00
ADmad
04ec9dd614 Renamed AuthComponent::redirect() to AuthComponent::redirectUrl().
Closes #3268
2013-01-27 21:22:11 +05:30
mark_story
4af6039107 Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/Console/Command/Task/ModelTask.php
	lib/Cake/Model/Model.php
2013-01-26 21:16:26 -05:00
mark_story
631da2d04a Update doc block. 2013-01-18 11:05:02 -05:00
ADmad
676872d623 Allow AuthComponent::$unauthorizedRedirect to be an url.
Closes #3494
2013-01-12 11:25:13 +05:30
Mark Story
e7330fa585 Merge pull request #1067 from ceeram/paginatecount
Avoid calling paginateCount when there are no results.
2013-01-11 18:09:32 -08:00
euromark
11a88042bd fix doc block endings 2013-01-11 15:06:54 +01:00
Ceeram
88240b2874 avoid paginate count when no results 2013-01-10 16:39:07 +01:00
mark_story
4c98e39c1f Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/Controller/Component/SecurityComponent.php
2012-12-29 11:44:59 -05:00
mark_story
1117ad2f1c Blackhole requests when the action is the blackhole callback.
When a user requests the blackhole callback as an action we should
blackhole that request. The blackhole callback should not be URL
accessible.

Fixes #3496
2012-12-29 11:43:06 -05:00
José Lorenzo Rodríguez
5551727a4b Merge pull request #1051 from ADmad/2.3-paginatorcomponent
Throw exception if requested page number is out of range.
2012-12-28 05:52:55 -08:00
ADmad
594a19c4e1 Fix docblock 2012-12-28 02:02:05 +05:30
ADmad
fd16b8a1e5 Throw exception if requested page number is out of range.
Closes #3459
2012-12-28 01:37:25 +05:30
Ceeram
3f4d24bfc0 remove unused local variables and a few improvements 2012-12-23 13:53:13 +01:00
euromark
b811afbc44 double spaces to single ones 2012-12-22 23:48:15 +01:00
euromark
2b1e5b02b5 code cleanup 2012-12-21 00:40:12 +01:00
mark_story
8b0a7ee13d Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/VERSION.txt
2012-12-07 20:53:10 -05:00
euromark
881127ef4d unify new lines at the end of the file 2012-12-05 15:00:24 +01:00
ADmad
06c3f01af6 Fix docblock 2012-12-04 03:18:35 +05:30
ADmad
1de8ed18de Avoiding specifying 'maxLimit' too when setting 'limit' greater than default 'maxLimit' in code. 2012-11-30 11:26:10 +05:30
ADmad
72d6ca636f Docblock fixes 2012-11-29 04:36:29 +05:30
mark_story
739982addb Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/View/Helper.php
2012-11-25 23:33:16 -05:00
mark_story
b41705f59e Set headerCharset in EmailComponent.
Apply patch from 'Shota Watanabe', that sets headerCharset on CakeEmail
instances created from within EmailComponent.

Fixes #3398
2012-11-25 23:00:43 -05:00
Ceeram
eadc3a75e5 fix coding standards 2012-11-21 15:39:03 +01:00
Heath Nail
895fcac0cd Improve Blowfish Docblocks 2012-11-12 14:36:43 -05:00
mark_story
e0aab77dab Merge branch 'master' into 2.3
Conflicts:
	app/Config/Schema/i18n.php
	lib/Cake/I18n/Multibyte.php
	lib/Cake/Test/Case/Log/CakeLogTest.php
	lib/Cake/Test/Case/Routing/DispatcherTest.php
2012-11-10 21:33:26 -05:00
mark_story
3de72baeb1 Remove int cast from authentication adapters.
Forcing an int cast makes using the contain option difficult as you are
also required to manually set the recursive option. Omitting the
cast allows recursive to be set to null.

Fixes #3347
2012-11-06 20:27:28 -05:00
dogmatic69
641ba9f3e6 Merge branch '2.3' into type-checks
Conflicts:
	lib/Cake/Error/ExceptionRenderer.php
	lib/Cake/Routing/Dispatcher.php
2012-10-24 19:03:44 +01:00
mark_story
f457f07b5c Force field validation to use sha1
When using blowfish as your application's hashing strategy, form field
validation would fail horribly.  Forcing sha1 fixes this and restores
behavior consistent with 2.2.x

Fixes #3280
2012-10-18 21:26:26 -04:00
Adam Taylor
4090c2e932 Remove trailing whitespace from comments
See http://groups.google.com/d/topic/cakephp-core/fuHTYMKVJno/discussion
2012-10-15 18:19:37 -06:00
ADmad
1c0492eb8b Allow throwing exception instead of redirecting upon unauthorized access attempt. Closes #591 2012-10-04 18:40:57 +05:30
dogmatic69
408e619c9f Merge branch '2.3' into type-checks
Conflicts:
	lib/Cake/Console/Command/Task/ModelTask.php
	lib/Cake/Controller/Component/RequestHandlerComponent.php
	lib/Cake/Model/Datasource/Database/Mysql.php
	lib/Cake/Utility/CakeNumber.php
2012-10-01 02:08:00 +01:00
euromark
b47e3a7d92 move charset/App.encoding into CakeResponse 2012-09-27 20:28:19 +02:00
Jose Lorenzo Rodriguez
d5c9d97dc1 Merge remote-tracking branch 'origin/master' into 2.3
Conflicts:
	lib/Cake/Model/Behavior/TranslateBehavior.php
	lib/Cake/Model/CakeSchema.php
	lib/Cake/Utility/CakeTime.php
	lib/Cake/Utility/ClassRegistry.php
	lib/Cake/View/MediaView.php
2012-09-25 16:36:03 +02:00
dogmatic69
8dc4de5de8 converting if ($foo != false) to if ($foo) 2012-09-21 23:32:52 +01:00
dogmatic69
b1f26b59a3 converting if ($foo != null) to if ($foo) 2012-09-21 23:30:43 +01:00
euromark
213d4caa85 coding standards 2012-09-20 01:50:15 +02:00
dogmatic69
aa87791432 replacing is_integer() with is_int() 2012-09-15 11:15:01 +01:00
Mark Story
89c98233b5 Merge pull request #843 from dereuromark/2.3-ticket-3172
check() for CookieComponent and Configure
2012-09-14 18:22:34 -07:00
euromark
6d3e0a25b2 save some memory usage (PHP < 5.4) in case of huge content and cut off the isset call 2012-09-15 02:33:05 +02:00
Mark Story
a5481f1c2c Merge pull request #839 from dogmatic69/cleanup-request-handler
Cleaning up the RequestHandlerCompoent
2012-09-14 12:36:39 -07:00
dogmatic69
22a2e1b51e converting $foo == / $foo == 0 to !$foo (and a few $foo === 0) 2012-09-14 18:42:25 +01:00
dogmatic69
cf8fccae96 converting $foo == null / $foo == false to !$foo 2012-09-14 18:26:30 +01:00
dogmatic69
e09bf02467 Cleaning up the RequestHandlerCompoent
removing redundant code and shifting a few things around so there
are less nested ifs and making things easier to follow.

Removing some variable setting, returning function calls instead.
2012-09-14 17:19:40 +01:00
Mark Story
ec4333de29 Merge pull request #845 from dogmatic69/security-component-cleanup
You cant pass func_get_args() in PHP < 5.3
2012-09-14 08:17:11 -07:00
dogmatic69
c7faad9f78 You cant pass func_get_args() in PHP < 5.3 2012-09-14 15:29:48 +01:00
mark_story
0282194c20 Make permission denied redirects host relative.
This helps fix infinite redirect loops when HTTP_X_FORWARDED_HOST is
set, and fixes redirects back to external domains on authentication
errors.

Fixes #3207
2012-09-14 09:39:45 -04:00
dogmatic69
2c70319d27 Cleaning up the AuthComponent
Simplify if statements, return early and less variable use
2012-09-14 01:50:24 +01:00
Mark Story
51e0715001 Merge pull request #838 from dogmatic69/security-component-cleanup
cleaning up the code, removing extra variables set and un-needed else
2012-09-13 14:50:37 -07:00
dogmatic69
bf18fc4dda cleaning up the code, removing extra variables set and un-needed else 2012-09-13 22:10:57 +01:00
dogmatic69
eb98fed1e3 Cleaning up the paginator component by removing extra else statements and shifting code around. 2012-09-13 21:49:21 +01:00
Ceeram
0b0d83f261 remove cookie reading in startup 2012-09-07 00:04:03 +02:00
Kyle Robinson Young
bc40ac7d3f Remove unused variables and code 2012-09-05 17:19:13 -07:00
mark_story
6664acba79 Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/VERSION.txt
2012-09-05 20:15:36 -04:00
Kyle Robinson Young
602240c08e Fix $readReceipt variable in EmailComponent::send 2012-09-05 12:49:09 -07:00
euromark
2170d87488 check() for CookieComponent and Configure (similar to CakeSession::check()) 2012-09-04 01:04:48 +02:00
mark_story
6a95b5746a Remove un-necessary parameter. 2012-08-30 14:48:13 +01:00
mark_story
19c2a58185 Fix strict errors. 2012-08-30 14:46:29 +01:00
Ceeram
f1ce3f9ae5 remove settings parameter from initialize as this is not being passed. only the constructor gets settings passed 2012-08-27 11:42:57 +02:00
Thom Seddon
f3ba2bdb7d Remove legacy test for all actions allowed (*) in startup and tidy code 2012-08-24 19:30:25 +01:00
Mark Story
fe3d99cdfc Merge pull request #775 from sitedyno/BlowfishAuthenticate
Add BlowfishAuthenticate adapter.
2012-08-23 13:16:34 -07:00
Heath Nail
d24bbcb255 Add BlowfishAuthenticate adapter. 2012-08-23 11:23:51 -04:00
mark_story
c83e941497 Merge branch 'master' into 2.3 2012-08-15 21:00:49 -04:00
mark_story
cdc70fc427 Make RequestHandlerComponent better simulate GET requests.
Modify the global state to simulate a GET request.  This avoids issues
where PUT data would be processed during simulated redirect.

Fixes #3113
2012-08-14 12:46:47 -04:00
Ceeram
21431cba64 Add viewClass map method to RequestHandler component, to map content types to viewclass. 2012-08-10 09:54:22 +02:00
Tigran Gabrielyan
617d470427 Renamed disabledActions to unlockedActions 2012-08-03 11:01:19 -07:00
Tigran Gabrielyan
df8ec17626 Added disabledActions feature to SecurityComponent 2012-08-02 18:27:52 -07:00
mark_story
d94cdc67fe Merge branch 'master' into 2.3 2012-07-27 22:38:24 -04:00
Spencer Ellinor
8a41fb0c34 Fix issue and remove unneccesary code. The (fixed) conditional doesn't do anything, since if Hash::get returns null, the function still returns null. 2012-07-25 15:09:22 -04:00
Mark Story
f77bebcc38 Merge pull request #730 from dereuromark/2.3-missing-app-uses
another correction for app uses
2012-07-21 18:50:52 -07:00
euromark
93eb8c2c58 another correction for app uses 2012-07-22 03:38:39 +02:00
mark_story
71507796c7 Add docs. 2012-07-21 21:35:45 -04:00
euromark
4fe1ab1bf6 missing app uses statements 2012-07-21 13:34:33 +02:00
Christian Winther
bce82a2322 Better custom find for pagination
Instead of shuffling the paginator settings you can now simply add a new "findType" key and it will automatically change the find() type accordingly
2012-07-19 15:57:51 +02:00
mark_story
3c6b50953b Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/VERSION.txt
2012-07-18 22:12:51 -04:00
euromark
3945c0e6a8 rtim files 2012-07-18 03:55:29 +02:00
mark_story
3baaecc81c Type check before unset()
Calling unset() on string indices fails fatally on 5.3.x and lower.

Fixes #3027
2012-07-11 15:54:24 -04:00
mark_story
f528bb29ba Fix lint error. 2012-07-05 22:50:54 -04:00
Rachman Chavik
22373868bb if blackHoleCallback is set, requests _must_ get blackholed 2012-07-03 19:27:02 +07:00
Ceeram
03e2263b69 Merge branch '2.1' into 2.2 2012-06-19 18:35:36 +02:00
mark_story
f9ddc9c64c Move error disabling to the error controller. 2012-06-18 22:08:39 -04:00
mark_story
7ef83b89f5 Merge branch '2.1' into 2.2
h origin especially if it merges an updated upstream into a topic branch.
2012-06-17 20:54:59 -04:00
mark_story
fec6c1c6cb Fix security component causing black holes on error pages.
Fixes #2966
2012-06-17 20:50:00 -04:00
mark_story
8da42dfcfa Merge branch '2.1' into 2.2 2012-06-02 20:57:05 -04:00
mark_story
d1819dcabb Fix page 0 issue.
Refs #2929
2012-06-02 20:56:38 -04:00
mark_story
15a423ad70 Restrict page number passed to view.
Limit the page number to the max page number when passing data to the
view.  This prevents the helper from generating a huge number of links.

Fixes #2929
2012-06-02 20:26:09 -04:00
Mark Story
085ad0bb42 Merge pull request #672 from sitedyno/cookie-encryption-#471
Add stronger encryption, and make it available in cookiecomponent.

Fixes #471
Fixes #176
Fixes #2043
Fixes #1524
2012-05-31 17:44:49 -07:00
Ceeram
6c9b2a1fec Fix user() return value for nested data 2012-05-31 15:13:24 +02:00
Heath Nail
304d001dfb Implement rijndael optional cookie encryption. 2012-05-30 03:49:25 -04:00
Jelle Henkens
f7ce5262b7 Updating mixed @param documentation to seperate list of accepted types 2012-05-21 21:55:10 +01:00
Mark Story
37d235fa16 Merge pull request #594 from tigrang/auth-ext
Added `contain` option to AuthComponent's Authentication objects
2012-05-09 17:48:44 -07:00
Jose Lorenzo Rodriguez
bf0f5ab118 Merge remote-tracking branch 'origin/2.1' into 2.2 2012-04-29 20:05:39 -04:30
Kyle Robinson Young
b8488b8dfe Update 1.x @link in docblocks 2012-04-26 19:49:18 -07:00
mark_story
b6de177ffa Merge branch '2.1' into 2.2 2012-04-23 21:50:36 -04:00
mark_story
9e3fe633bb Remove double encoding on addresses in EmailComponent.
CakeEmail should be handling all the encoding now, duplicating it is
silly.

Fixes #2797
2012-04-23 21:41:31 -04:00
mark_story
9f9feec222 Merge branch '2.2-hash' into 2.2
Conflicts:
	lib/Cake/Test/Case/Model/Datasource/DboSourceTest.php
	lib/Cake/View/Helper/FormHelper.php
2012-04-10 21:32:37 -04:00
Ceeram
c2a8fca00c Merge branch '2.1' into 2.2
Conflicts:
	lib/Cake/Test/Case/Model/Datasource/DboSourceTest.php
2012-04-05 23:27:21 +02:00
Ceeram
223604fb0d update docblock of AclComponent 2012-04-05 13:51:00 +02:00
Tigran Gabrielyan
3c4087da4f Fixing default value of contain 2012-04-04 19:06:54 -07:00
Tigran Gabrielyan
bf628c493c Added ability for Auth login to use contain 2012-04-04 18:09:38 -07:00
mark_story
f09e5a36d2 Fix SessionComponent::id() not returning the id.
When reading the id() with SessionComponent, the session should
auto start, otherwise you could get null back. This makes the return
more consistent.

Fixes #2749
2012-04-03 13:21:52 -04:00
mark_story
475a1596b7 Merge branch '2.1' into 2.2 2012-04-01 15:37:21 -04:00
Kyle Robinson Young
319d154aee Default to loginRedirect, if set, on authError in AuthComponent
Implements #2390
Based on the patch written by @dereuromark
2012-03-27 22:51:47 -07:00
mark_story
19e0d8d946 Switch usage to Hash where possible. 2012-03-26 22:32:53 -04:00
mark_story
c58b61c17b Merge branch '2.1' into 2.2
Conflicts:
	lib/Cake/Test/Case/Model/ModelWriteTest.php
2012-03-18 21:26:45 -04:00
mark_story
6a55749e27 Fix reading multiple keys in a single request.
Fixes #2676
2012-03-15 21:45:48 -04:00
Rachman Chavik
8fdb11121e Merge branch '2.1' into 2.2 2012-03-15 20:07:26 +07:00
mark_story
f1931e43ef Add class_exists() check for view class.
Check that the view class hasn't already been mapped in the autoloader
before mapping it. This allows developers to map view classes from
plugins.

Fixes #2684
2012-03-14 20:57:11 -04:00
mark_story
4e94ebe710 Fix doc blocks. 2012-03-13 21:04:56 -04:00
Juan Basso
c754fb2dcb Updated copyright to 2012. 2012-03-12 22:46:46 -04:00
Juan Basso
3b1bd90ad6 Updated copyright to 2012. 2012-03-12 22:46:07 -04:00
Ceeram
a4952166f7 make acl methods available in permission model 2012-03-11 17:07:42 +01:00
Thomas Ploch
79cab67be7 Adding missing 'recursive' option to DigestAuthenticate object.
Used integer casting in _findUser() method for 'recursive' option.
2012-03-05 11:06:46 +01:00
mark_story
61aba0f0f8 Fix most coding standard issues in Controller. 2012-03-03 19:27:46 -05:00
euromark
22452f61f8 type hinting controllers and views 2012-02-25 19:46:06 -05:00
Mark Story
9e8152f949 Merge pull request #417 from 0x20h/php-acl
PHP config file based ACL implementation
2012-02-19 19:34:56 -08:00
Majna
0cd9a93e9e Remove unused variables and statements. 2012-02-17 21:10:43 +01:00
mark_story
6fda055a1e Move initialize logic to __construct().
Fixes #2582
2012-02-15 14:15:44 -05:00
Thomas Ploch
574b5dcd41 Merge branch '2.1' of https://github.com/cakephp/cakephp into 2.1-cookie-response 2012-02-13 09:56:39 +01:00
Jose Lorenzo Rodriguez
4f176d4284 Merge remote-tracking branch 'origin/2.0' into 2.1 2012-02-12 21:04:35 -04:30
mark_story
ad09b910ee Remove pointless comparison. 2012-02-12 10:09:25 -05:00
mark_story
2afb05b590 Merge branch '2.0' into 2.1
Conflicts:
	app/View/Pages/home.ctp
	lib/Cake/Config/config.php
	lib/Cake/Core/App.php
	lib/Cake/VERSION.txt
	lib/Cake/View/Helper/NumberHelper.php
2012-02-12 10:06:13 -05:00
mark_story
ab09229d40 Update API docs
View switching only happens for known mime types.
Refs #2565
2012-02-11 11:45:06 -05:00
mark_story
7e17da0ae8 Fix notice error when reading empty values.
When reading empty values a notice error would be triggered.
Slicing the first char off and comparing that solves this.

Fixes #2537
2012-02-11 11:33:04 -05:00
mark_story
6f914174a6 Fix issues with double / & leading/trailing /
Authorize classes should remove // and leading trailing /
Without this incorrect paths that fail to match nodes can be
generated.  This also allows settings[actionPath] to be
permissive in what it accepts.

Fixes #2563
2012-02-11 10:29:18 -05:00
Thomas Ploch
059a5f21ed Fixed TODO: Refactored setting of Cookies into CakeResponse. 2012-02-09 14:24:10 +01:00
0x20h
3abfaeecf3 Don't let every role inherit from default role. Filter empty aco paths 2012-02-05 15:30:26 +01:00
mark_story
ace9fefb02 Merge branch '2.0' into 2.1 2012-02-03 21:54:50 -05:00
mark_story
e697c68da5 Uncommented code works better. 2012-02-01 20:24:02 -05:00
mark_story
b03d7ba9b3 Fix reset() missing delivery property.
Fixes #2533
2012-02-01 20:20:14 -05:00
mark_story
a4740f02f1 Remove odd inflection.
This additional inflection isn't needed.  People can type the classname
they want.

Refs #2514
2012-01-29 13:56:53 -05:00
mark_story
e770c7a72d Split the AclComponent classes up.
Refs #2514
2012-01-29 13:54:26 -05:00
Jose Lorenzo Rodriguez
a1daaf5960 Merge branch '2.1-http' into 2.1 2012-01-21 15:51:34 -04:30
mark_story
df5d9ac3d1 Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Model/Model.php
	lib/Cake/Test/Case/Routing/RouterTest.php
2012-01-20 20:28:15 -05:00
Jose Lorenzo Rodriguez
5df2a0957f Not sending the response in beforeRender, better let Dispatcher do its work 2012-01-19 22:26:32 -04:30
mark_story
ad304e0b43 Reformat long line. 2012-01-19 21:50:51 -05:00
Stefano Zoffoli
c3b806ce8c Prevent blackhole auth error where are present multi fields 2012-01-19 17:48:39 +01:00
Jose Lorenzo Rodriguez
979f7a28b5 Fixing a couple bugs in CakeResponse::checkNotModified() and implementing conditional rendering in
RequestHandlerComponent
2012-01-19 01:08:45 -04:30
Jose Lorenzo Rodriguez
b79e0ad8f3 Moving checkModified() to CakeResponse, having it in the RequestHandler has too restrivtive 2012-01-19 01:08:45 -04:30
Jose Lorenzo Rodriguez
dffe84cfbc Implementing RequestHandler::checkNotModified() as a helper for HTTP caching 2012-01-19 01:08:44 -04:30
0x20h
4532659fed code cleanup, added some tests 2012-01-18 20:59:44 +01:00
0x20h
9838338976 docblocks 2012-01-13 23:34:35 +01:00
0x20h
bfaea78504 allow more elaborate regex rules 2012-01-13 23:29:23 +01:00
0x20h
95a41af9db allow multiple roles for a rule to be specified as string or array 2012-01-13 22:02:25 +01:00
0x20h
ef5eead038 use more appropriate array key when passing options to the adapter 2012-01-13 21:55:47 +01:00
0x20h
153152642c PHP configuration file base Acl implementation 2012-01-13 21:43:48 +01:00
Mark Story
b76f8f8832 Merge pull request #260 from tPl0ch/2.1-authenticate
Added 'recursive' settings option to BaseAuthenticate and BasicAuthenticate
2012-01-12 18:53:19 -08:00
mark_story
7877e7f997 Make allow(null) and deny(null) consistent with no args.
No arguments and a single null should be handled the same.

Fixes #2461
2012-01-10 20:32:12 -05:00
mark_story
0e56d742b8 Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Model/BehaviorCollection.php
	lib/Cake/basics.php
2012-01-08 21:59:18 -05:00
mark_story
f4c27e04bc Fix errors generated when option['order'] is undefined.
Fixes #2447
2012-01-08 21:55:51 -05:00
ADmad
389072708a Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Test/Case/Model/ModelReadTest.php
	lib/Cake/Utility/Debugger.php
2011-12-22 03:15:04 +05:30
Kyle Robinson Young
d794084d38 More code standards formatting 2011-12-15 23:00:07 -08:00
Kyle Robinson Young
51f9837db4 Code standards formatting 2011-12-15 22:52:07 -08:00
mark_story
321caf6db6 Fix incorrect value being stored in Auth.redirect.
An incorrect value would be stored in Auth.redirect when
a custom route with the `pass` key set.

Fixes #2366
2011-12-15 22:56:39 -05:00
mark_story
2e8498e166 Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Model/Datasource/Database/Postgres.php
	lib/Cake/Test/Case/Console/TaskCollectionTest.php
	lib/Cake/Test/Case/Model/ModelIntegrationTest.php
	lib/Cake/Test/Case/Utility/ClassRegistryTest.php
	lib/Cake/Utility/ClassRegistry.php
2011-12-11 22:51:40 -05:00
Kyle Robinson Young
c836ba08a3 Add/move docblocks to make text available in the API docs 2011-12-08 07:35:02 -08:00
Kyle Robinson Young
1e1c7a036d Code consistency formatting tweaks 2011-12-06 12:52:48 -08:00
mark_story
545694d84b Fix undefined variable error. 2011-12-06 12:35:18 -05:00
mark_story
fc4846d676 Move overflow limits to only take effect after expiration. 2011-12-06 12:23:15 -05:00
mark_story
9296f770d5 Adding SecurityComponent::$csrfLimit
This property allows you to control the number of tokens
that will be kept active.  Its possible to make really large
CSRF collection sizes.  Capping the number of tokens allows developers
to better control session sizes.
2011-12-03 20:13:17 -05:00
mark_story
e421b3bc8f Adding SecurityComponent::generateToken()
This method allows end developers to add the csrf tokens
manually, if they aren't added automatically.

Tokens are cheap to generate, simplifying the logic
makes things a bit easier to understand.
2011-12-03 20:13:03 -05:00
mark_story
6d269ce25d Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Config/config.php
	lib/Cake/Console/Command/Task/ModelTask.php
	lib/Cake/Console/Command/TestsuiteShell.php
	lib/Cake/Model/CakeSchema.php
	lib/Cake/Model/Datasource/Database/Sqlite.php
	lib/Cake/Test/Case/Model/ModelTestBase.php
	lib/Cake/Test/Case/Routing/DispatcherTest.php
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2011-12-03 13:45:28 -05:00
Kyle Robinson Young
8197f87dbc Spelling and grammar fixes 2011-12-01 21:58:09 -08:00
Jose Lorenzo Rodriguez
f6534d2962 Fixing issue where changing the case for an action in the url would allow the action in the AuthComponent making it accessible to not-logged in users 2011-11-28 00:52:47 -04:30
mark_story
04463c4ee5 Fix errors found in review. 2011-11-27 23:51:49 -05:00
mark_story
cfbc43671e Starting content type specific error pages.
- Adding RequestHandler to the error controller.  This allows reuse
  of all of Cake's internals.
- Adding a simple JsonView class to do serialized JSON views.
- Adding serialize hooks, and wiring things together.
2011-11-27 23:51:47 -05:00
Kyle Robinson Young
bc0e0b5c05 Add @link to CookieComponent docblocks 2011-11-22 22:32:13 -08:00
mark_story
21cd3f00ac Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Test/Case/BasicsTest.php
2011-11-19 20:40:07 -05:00
mark_story
92aea9de88 Update comment. 2011-11-16 23:17:48 -05:00
mark_story
fa0ec44dfd Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Test/Case/Console/Command/CommandListShellTest.php
	lib/Cake/Test/Case/Error/ExceptionRendererTest.php
	lib/Cake/Test/Case/Utility/DebuggerTest.php
	lib/Cake/Test/Case/View/Helper/TextHelperTest.php
2011-11-16 21:31:16 -05:00
Ceeram
e5c8a446d6 Add sorting on joined model virtual field, fixes #2250 2011-11-17 00:18:12 +01:00
mark_story
fb7d931bef Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Config/config.php
	lib/Cake/VERSION.txt
2011-11-15 23:10:34 -05:00
Daniel Pakuschewski
841c0c2295 Dropped support for wildcard in AuthComponent::allow()
Conflicts:

	lib/Cake/Controller/Component/AuthComponent.php
2011-11-15 23:01:04 -05:00
Ceeram
2bb4ed01be Removing _Token from request data.
It is not used outside the component and could possibly affect Model::save().
Fixes #2256

Signed-off-by: mark_story <mark@mark-story.com>
2011-11-15 22:51:04 -05:00
mark_story
6e4493cc14 Fix ambiguous content types in RequestHandler.
Treat xhtml + html as content types that should trigger no
response/extension setting.  They are different but similar in
that they both generally use the same HTML templates.

Fixes #2257
2011-11-15 22:48:54 -05:00
mark_story
550076d75e Fix issue in RequestHandlerComponent.
Fixes issues where response and request properties would
not be set as the initialize() callback would have not fired.

Fixes #2190
Fixes #2189
2011-10-31 22:41:43 -04:00
mark_story
bf43a5ee24 Fix whitespace and add usage to doc block. 2011-10-31 21:56:16 -04:00
José Lorenzo Rodríguez
f51be0a82c Merge pull request #278 from Danielpk/enhancement_auth_deny
Added enhancement to AuthComponent::deny().
2011-10-30 15:38:21 -07:00
Daniel Pakuschewski
09579198a9 Droped support to deny('*'). 2011-10-29 13:54:35 -02:00
Gun.io Whitespace Robot
4742168253 Remove whitespace [Gun.io WhitespaceBot] 2011-10-28 18:25:08 -04:00
Daniel Luiz Pakuschewski
5246e7dd1d Allow AuthComponent to deny all actions with single deny() or deny('*') 2011-10-26 22:07:17 -02:00
mark_story
d62351eb36 Revert the changes done to remove the 'cake' domain
After some discussion, polutting the app POT file
with unchanging Cake strings was incorrect.  Having these
strings in a separate POT file allows reuse of translations across
projects.

Refs #2103
2011-10-23 20:36:31 -04:00
mark_story
e457c14dec Fix issues with stateless authentication.
Cookies and sessions are no longer required for stateful authentication.
AuthComponent::user() also works correctly in these situations as well.

Fixes #2134
2011-10-23 12:54:51 -04:00
Thomas Ploch
521dff8468 Added 'recursive' settings option to BaseAuthenticate and BasicAuthenticate to have a bit more fine grained control in custom Authenticate objects. 2011-10-19 17:54:08 +02:00
Renan Gonçalves
646b8f1aa0 Fixed issue when using multiple extensions in Router::parseExtensions() could result in undefined index notice by RequestHandlerComponent. 2011-10-19 15:36:00 +02:00
Rachman Chavik
2bb93761cc fixing typos 2011-10-19 12:19:28 +07:00
ADmad
fc5a465189 Cleaning up code left over from 1.3. If no black-hole callback is specified Security::blackHole() now throws an exception. Closes #1532 2011-10-19 02:32:38 +05:30
Jose Lorenzo Rodriguez
91d0a081fb Fixing more links in doc blocks 2011-10-15 11:38:49 -04:30
Jose Lorenzo Rodriguez
670917070e Changing a bunch of links in doc blocks 2011-10-15 10:43:26 -04:30
mark_story
6bf6d79979 Removing 'cake' domain from core.
This domain was supposed to be replaced by cake_dev.
There are a number of translations that should be App land as well.
Such as those in helpers.

Fixes #2103
2011-10-14 21:01:17 -04:00
mark_story
4090b3e8c6 Fix content-type detection to accomodate jQuery.
Add tests for jQuery content type strings.
Refactor tests, add in missing assertions and missing parent calls.
The new behavior is more lenient and allows for a single requested
content type to switch the view type.

Fixes #2088
2011-10-12 23:21:07 -04:00
Renan Gonçalves
49f4035412 Fixing bug when trying to Paginate ordering by multiple keys. 2011-10-12 14:51:46 +02:00
mark_story
c4eb19ab91 Adding another import for helpers appended by RequestHandlerComponent.
Fixes #2084.
2011-10-11 12:42:45 -04:00
mark_story
055224ef68 Merge remote-tracking branch 'origin/1.3' into merger
Conflicts:
	cake/libs/controller/controller.php
	cake/libs/model/datasources/dbo/dbo_mysqli.php
	cake/tests/cases/libs/controller/controller.test.php
	cake/tests/cases/libs/model/datasources/dbo/dbo_mysql.test.php
	cake/tests/lib/cake_test_suite_dispatcher.php
	lib/Cake/Model/Behavior/TranslateBehavior.php
	lib/Cake/Model/Datasource/DataSource.php
	lib/Cake/Model/Datasource/Database/Mysql.php
2011-10-06 21:06:40 -04:00
mark_story
9e080951b1 Adding additional documentation for CrudAuthorize.
Fixes #2034
2011-09-28 23:25:14 -04:00
mark_story
a5fe702624 Updating CrudAuthorize to work like ActionsAuthorize.
Updating tests.
Fixes #1749
2011-09-26 20:38:38 -04:00
mark_story
b1dad6e5bd Adding session renewal upon login/logout.
This helps improve session security, as it reduces the opportunity
of replaying a session id successfully.
Fixes #836
2011-09-24 22:35:21 -04:00
mark_story
7cabb4e4d5 Extracting password hashing into as separate method.
This makes is much easier for a subclass to only change how passwords
are hashed.
2011-09-21 07:38:22 -04:00
Mark Story mark@mark-story.com
bb3a1d546b Fixing RequesHandler::prefers(). It was previously entirely wrong.
It took the ordered list of accept types, and blindly assumed
the first in the list was the most preferred.  This is an incorrect
assumption to make, as all types with the same q value are equal.

- Using CakeRequest::parseAccept() to access only the most preferred
content types.
- Using in_array() to check for the desired type.
- Updating tests for RequestHandler.
2011-09-01 00:20:54 +01:00
Juan Basso
840d27bbb9 Fixed the allow method to parameters not be required. 2011-08-30 21:12:57 -04:00
Juan Basso
7d0250ff47 Merge branch '2.0-api-doc' into 2.0 2011-08-26 20:22:26 -04:00
mark_story
6acf024a2b Fixing incorrect keying for ext routing parameter. It was
nested under params[url][ext].  This makes it unlike
all other routing parameters.  Having the nested value
also makes reversing requests harder, and generating urls more
difficult.
Adding a test for Router::reverse() and extensions.
Fixes #1923, fixes #1928
2011-08-22 22:26:02 -04:00
Juan Basso
f7f3515135 Fixed documentation to methods that use func_get_args(). 2011-08-21 21:45:34 -04:00
Juan Basso
689c7ffd45 Fixed some problems caused by the visibility changes. 2011-08-21 01:04:55 -04:00
Mark Story
58888399f1 Adding Todo about moving Cookie setting to CakeResponse. 2011-08-20 17:28:58 -04:00
Juan Basso
a1a049c700 Merge remote-tracking branch 'origin/2.0' into 2.0-api-doc
Conflicts:
	lib/Cake/Model/Model.php
	lib/Cake/View/Helper/CacheHelper.php
2011-08-20 01:47:27 -04:00
Juan Basso
61833294f0 Changed the visibility to methods that not affect others classes. 2011-08-20 01:39:30 -04:00