Commit graph

768 commits

Author SHA1 Message Date
Val Bancer
320cdf98ee Add undocumented properties (#12717)
See https://book.cakephp.org/2.0/en/controllers/request-response.html#accessing-request-parameters and https://api.cakephp.org/2.10/source-class-UpgradeShell.html#345-403

* Initialize $params to null
* Document more magic properties, trigger deprecated notices
* Use $controller->request->params instead $controller->params
* Remove unused variable
* Improve documentation, add type checks.
* It seems like $this->uses can also be of type false; however, parameter
$array of array_unshift() does only seem to accept array.
* Declare undeclared property
* Add extra type checks
* Adjust type check
* Improve documentation, initiate uninitialized variables.
* Improve documentation, reset variable
2018-11-15 20:41:57 -05:00
Wouter
6c86981858
Make docs compatible with CakeSession 2018-06-12 10:24:24 +02:00
Mark Story
3bf93b7f76
Merge pull request #11526 from cakephp/post-conditions
Make postConditions() less permissive.
2017-12-15 14:36:38 -05:00
mark_story
340059be15 Check model names for bad characters as well. 2017-12-13 00:01:09 -05:00
mark_story
a9618f67f7 Use a permitted list instead of a ban list.
This should be safer as we are more confident on what is coming in.
2017-12-13 00:01:05 -05:00
mark_story
f66dec8a96 Make postConditions() less permissive.
We were notified by `ooooooo_q` that postConditions() is vulnerable to
SQL injection if used without SecurityComponent tampering prevention.

This change attempts to make postConditions() safer by exploding in
unsafe scenarios.
2017-12-10 21:44:47 -05:00
db-bogdan
5695fef46f fixes #11468 2017-11-27 11:59:34 +02:00
mark_story
f788c90b3c Fix typo 2017-11-05 22:34:47 -05:00
Mark Story
b175270f62
Merge pull request #11404 from ynaderi/2.x
- DigestAuthenticate modification for cakephp 2.X
2017-11-05 22:34:17 -05:00
Yaser Naderi
26a683f36f - DigestAuthenticate modification for cakephp 2.X 2017-11-03 14:53:54 -04:00
saeideng
b59b64db29 replace tab with space 2017-10-21 22:44:15 +03:30
chinpei215
19bbb7da17 Simplify CookieComponent::read()
Also, this commit fixes an issue of when the second level key is empty.
Previously, read('foo.0') returned incorrect result.
2017-10-16 21:01:19 +09:00
chinpei215
bbea91090d Fix CookieComponent::delete() not working for deep children 2017-10-16 20:55:00 +09:00
chinpei215
959f45a6c6 Fix fatal error thrown when replacing scalar with array
Refs #11280
2017-10-06 13:43:32 +09:00
LustyRain
31b13edf8a Fix: phpdoc miss
## did
- void unReturn
- miss return void
- add return type
- type miss typing
- add param type and return type
  - string → string|array
- change ClassName
2017-10-04 00:22:42 +09:00
LustyRain
bececc421d Fix: void unreturn 2017-10-02 15:40:48 +09:00
Jeremy Harris
0558c253f6
Replaced short array syntax with longer form 2017-08-31 09:02:08 -05:00
Jeremy Harris
f9f06e68b1
Stacking messages in SessionComponent::setFlash 2017-08-30 10:06:56 -05:00
mark_story
aaa37fa809 Merge branch '2.next' of github.com:cakephp/cakephp into 2.next 2017-06-26 21:51:55 -04:00
mark_story
2032fef772 Merge branch '2.x' into 2.next 2017-06-26 21:51:41 -04:00
Mark Story
52790443e8 Merge pull request #9705 from CakeDC/feature/backport-paginate-multiple-queries
2.next - Backport multiple paginators
2017-06-14 21:41:13 -04:00
Mark Story
8289b367f9 Merge pull request #10698 from lucasferreira/2.next
Cake 2.x - Some fix into Paginator component for order / sort classic sintax
2017-06-14 00:13:00 -04:00
Marc Würth
da8414e13b Use HTTPS for the opensource.org MIT license URL 2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50 Use HTTPS for the book.cakephp.org URL 2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9 Use HTTPS for the cakefoundation.org URL 2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15 Use HTTPS for the cakephp.org URL 2017-06-10 23:40:28 +02:00
mark_story
cf679a3233 Merge branch '2.x' into 2.next 2017-05-27 21:47:22 -04:00
Lucas Ferreira
b539161b2d - Some fix into Paginator component for order / sort classic sintax 2017-05-26 15:05:18 -03:00
Mark Story
57ddc24b35 Merge pull request #10647 from josephzidell/2.next-custom-config-dir-loc
Add constant specifying the location of the Config dir
2017-05-14 21:41:09 -04:00
Joe
70ead28a1d Redo commits on 2.next branch 2017-05-12 02:02:36 -04:00
chinpei215
a97bd234ee Fix _validatePost returns true when empty form is submitted
Backport of #10625
2017-05-06 21:59:29 +09:00
mark_story
5e35064a0b Read basic auth credentials from Authorization header
Merge branch 'issue-9365' into 2.x

Refs #9365
2017-04-28 21:49:47 -04:00
mark_story
275385d676 Add test covering basic auth reading from headers.
In some FastCGI setups basic auth values will only be present in the
header. Fallback to reading that value if the PHP_AUTH super globals are
empty.

Refs #9365
2017-04-28 21:49:27 -04:00
Nicola Beghin
09a981ba38 code style fix as requested 2017-04-23 18:44:42 +02:00
Nicola Beghin
99d02a8698 fix permission 2017-04-23 18:41:45 +02:00
Nicola Beghin
a1eb067c71 bugfix basic to Basic 2017-04-23 18:27:09 +02:00
chinpei215
31a1837c1d Merge branch '2.x' into 2.next
Conflicts:
	lib/Cake/Test/Case/View/Helper/FlashHelperTest.php
	lib/Cake/VERSION.txt
	lib/Cake/View/Helper/FlashHelper.php
2017-03-25 17:12:28 +09:00
Nicola Beghin
7cd9d4381a typo 2017-03-18 14:44:44 +01:00
Nicola Beghin
ca6ca9376e refactoring to avoid tampering with $_SERVER 2017-03-18 13:34:26 +01:00
mark_story
ccc9006620 Unset the active user data on logout.
When using stateless authentication the current user should be cleared
after logout to maintain consistency with session based authentication.

Refs #10422
2017-03-16 11:31:20 -04:00
Nicola Beghin
ff210b04d7 code style 2017-03-15 17:32:47 +01:00
Nicola Beghin
5fb1b71cb6 code style fix 2017-03-15 17:22:31 +01:00
Nicola Beghin
74f700882c local variable optimization 2017-03-15 16:27:27 +01:00
Nicola Beghin
089a0ae087 using $request->header in place of $_SERVER['HTTP_AUTHORIZATION'] 2017-03-15 15:06:39 +01:00
Nicola Beghin
a15c5c7a70 BasicAuthenticate - added check to avoid parsing if "Authorization: Bearer <token>" is in place 2017-03-15 14:08:17 +01:00
Nicola Beghin
f5795f05a5 BasicAuthenticate - code styling and strong type comparison 2017-03-15 13:59:56 +01:00
Javier Melero
ba121d8c32 Wrong return type hint in Controller::redirect #9987 2017-01-09 07:38:41 -03:00
mark_story
837741db66 Merge branch '2.x' into 2.next 2016-12-13 22:48:44 -05:00
Mark Story
9e6e08704e Merge pull request #9838 from cakephp/issue-9779
Fix CookieComponent erroring on corrupted data.
2016-12-05 16:44:24 -05:00
chinpei215
26731b93bf Use ternary operator 2016-12-04 21:55:29 +09:00