Commit graph

732 commits

Author SHA1 Message Date
mark_story
cf45d3fab8 Merge branch 'master' into 2.6 2014-09-22 20:46:28 -04:00
Mischa ter Smitten
a69e9bc63b Cs fixes 2014-09-18 10:50:35 +02:00
mark_story
0d11cf7a33 Merge branch 'master' into 2.6 2014-09-14 23:26:33 -04:00
Joseph Sutton
faaba42aa7 Fixed type-casting for AuthComponent::login() 2014-09-14 11:15:08 -05:00
Joseph Sutton
87a58eeaea AuthComponent::login() returning deprecated method
Changed $this->loggedIn() to $this->user(), as per the PHPDOC for loggedIn() at line 817
2014-09-14 00:28:30 -05:00
ADmad
3fb252ad2f Merge branch 'master' into 2.6 2014-09-13 00:37:16 +05:30
euromark
04ef39217f Take care of more int casts. 2014-09-10 16:29:23 +02:00
euromark
e77f96d8b7 Use (int) cast instead of intval() function for performance reasons and to unify it. 2014-09-10 15:52:57 +02:00
mark_story
734bb9223b Merge branch 'master' into 2.6
Conflicts:
	lib/Cake/Core/App.php
	lib/Cake/VERSION.txt
2014-09-06 23:04:20 -04:00
Jeremy Harris
3a41433c94 Deprecated AuthComponent::mapActions 2014-09-04 08:35:40 -05:00
Marc Würth
67ba9cb406 Update all @deprecated annotations
to adhere to the @deprecated <version> <description> format, where version and description are mandatory.
2014-09-02 17:03:22 +02:00
Jeremy Harris
66b2173566 Made AuthComponent::mapActions() act as a getter refs #3331 2014-08-29 08:23:41 -05:00
euromark
5f5218f3b2 Fix cookie reading. 2014-08-06 22:53:54 +02:00
Steve Tauber
0af698c591 Updating RequestHandlerComponent to accept body of HTTP Delete requests 2014-07-29 16:08:33 +02:00
David Steinsland
b61972871a Fixed sending of headers when ajaxLogin is set 2014-07-22 13:21:42 +02:00
mark_story
b3dfad614a Correct pattern matching.
Instead of 10 digits, it should limit at 10 groups.

Refs 1988e89e73
2014-07-06 09:42:20 -04:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
mark_story
1988e89e73 Add an upper bound to the POST data SecurityComponent will consider.
'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
2014-07-03 22:02:00 -04:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60 Whitelist more URL-y characters in digest parsing.
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.

Refs #3779
2014-06-23 14:39:35 -04:00
euromark
a927f5d954 remove wrong App::uses() call 2014-06-17 05:10:19 +02:00
Bryan Crowe
1db10b4dd1 Basic grammar update to BasicAuthenticate docblock 2014-06-16 21:48:35 -04:00
ADmad
4ee7cf6564 Remove lies from API docblock for BasicAuthenticate class.
Add info on how to configure for cookieless/stateless operation without redirection.
2014-06-08 14:05:08 +05:30
mark_story
07b43403fb Fix doc errors in Component/Acl. 2014-06-06 13:57:15 -04:00
mark_story
7058921275 Fix doc comment errors in Acl classes. 2014-06-05 00:15:45 -04:00
mark_story
975e4c3af0 Allow username of 0 in basic authentication.
Refs #3624
2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47 Add tests for #3624
The username of '0' should be accepted by FormAuthenticate.

Refs #3624
2014-06-02 21:58:50 -04:00
KeinBaum
88b3629f4f #3623: Allow username "0" with FormAuthenticate 2014-06-02 19:11:02 +02:00
ADmad
3d9b2b80cb More API docblock fixes. 2014-06-01 03:06:05 +05:30
mark_story
b2207c1ca8 Reverse conditions to make the cheapest condition first.
We don't need to do a count() if the page is not 1.

Refs #3333
2014-05-12 22:09:27 -04:00
Toby Cox
823f01601d enhancement to paginator
As pointed out, we need to make sure that we are also on the first page
to make this conditional clause valid
2014-05-12 21:49:08 -04:00
Toby Cox
296ea215b1 Enhancement to paginator
No point in finding the count (via model) if the returned result count
is less than our limit. We then know that the count is the count of our
results
2014-05-12 21:49:07 -04:00
mark_story
89cd114e6f Merge branch 'master' into 2.5 2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d Merge pull request #3448 from dereuromark/master-controller
Controller::referer() and local URL
2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1 Allowing same Authenticate object to be setup with different settings. 2014-05-06 22:10:41 +02:00
ADmad
d466e00644 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
	lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
	lib/Cake/Utility/Folder.php
	lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
euromark
7a287a6942 More coding standard corrections. 2014-04-29 14:19:33 +02:00
euromark
43d359b1d7 Make referer() behave as expected. 2014-04-28 17:23:26 +02:00
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
euromark
a7744e6ff4 a few more corrections 2014-04-08 01:49:33 +02:00
euromark
0ece694a75 microptimize options and default merge and other string key array merges 2014-04-08 01:25:14 +02:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
823909603a correct deprecation notices 2014-04-04 19:18:02 +02:00
mark_story
f9b45f1b60 Merge branch 'master' into 2.5 2014-03-30 21:24:55 -04:00
sam-at-github
5ceb4abe1a Removed arbitrary restriction on crud operations. Added some comments to explain parameters to mapActions() better. 2014-03-28 13:35:08 +11:00
mark_story
381b3fc9c3 Merge branch 'master' into 2.5 2014-03-25 21:30:56 -04:00
mark_story
de9a5a5845 Add deprecated flag to methods that are removed in 3.0.
A few methods in Controller were not marked as deprecated, but already
removed in 3.0. Shore up that difference.

Refs #3105
2014-03-23 20:40:17 -04:00
ADmad
abacf0d14b Remove setting of Controller::$ext by RequestHandler.
Closes #3022
2014-03-16 20:09:08 +05:30
Mark
3ca338fe26 Merge pull request #2781 from davidsteinsland/2.5
Fixed HTTP Status code when ajaxLogin is set
2014-03-06 12:37:51 +01:00
mark_story
0f584c0e8b Merge branch 'master' into 2.5 2014-02-24 21:19:17 -05:00
Sam
62cb733988 One liner. Dont call function parseAccept() twice in RequestHandlerComponent. 2014-02-21 00:54:10 +11:00
ADmad
9de3418079 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Permission.php
2014-02-11 18:17:59 +05:30
Eric Martins
2793dca671 Fix ApiGen errors 2014-02-07 18:29:54 -02:00
David Steinsland
f2b9aa5ca4 Fixed HTTP Status code when ajaxLogin is set 2014-02-05 16:05:02 +01:00
euromark
e3befe30df deprecated loggedIn 2014-01-07 16:12:38 +01:00
mark_story
3cee3b0e99 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/VERSION.txt
2013-12-30 21:28:22 -05:00
Bryan Crowe
49bb441cef Update some grammar in Controller 2013-12-30 00:13:26 -05:00
mark_story
a7ecf44007 Deprecated scaffold and scaffoldview.
They have already been removed in 3.0, so mark them accordingly.
2013-12-20 14:16:44 -05:00
ADmad
27979286b2 Revert change done in 11f543f1f2.
The change is unneeded now as Security::encrypt() no longer throws exception
for falsey values.
2013-12-15 20:29:41 +05:30
Mark Story
bf96ea36d9 Merge pull request #2482 from zoghal/2.5-cookie-fix2
fix CookieComponent - when write null or empty string
2013-12-14 16:21:58 -08:00
mark_story
c2b8778ce8 Merge branch 'master' into 2.5 2013-12-14 17:45:49 -05:00
Saleh Souzanchi
11f543f1f2 fix CookieComponent - when write null or empty string 2013-12-15 02:15:36 +03:30
Mark Story
384c3a815d Merge pull request #2350 from tuffz/formatting_app_uses_blocks
formatting app::uses blocks
2013-12-14 12:37:02 -08:00
mark_story
48d2618c62 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Routing/Router.php
2013-12-08 21:25:59 -05:00
ADmad
738d0e2277 Fixed edge case which allowed login with empty password.
Ensure skipping call to FormAuthenticate::_checkFields() does not allow
logging in with empty password. Closes #2441.
2013-12-07 18:40:08 +05:30
mark_story
8578708e76 Merge branch 'master' into 2.5 2013-12-01 21:37:37 -05:00
ADmad
c72def4840 Moved exception throwing to after paging info it set for request.
This fixes the regression caused in 2096d3f632. When catching exception
thrown by PaginatorComponent::paginate() in controller, developer again
has access to paging info in request object.

Closes #2402
2013-11-30 19:00:08 +05:30
ADmad
dda6080579 Merge branch 'master' into 2.5 2013-11-19 00:27:12 +05:30
Eric Büttner
1e3865acc7 formatting app::uses blocks (refs #2265) 2013-11-18 11:56:00 +01:00
Marc Würth
229bd69903 Added link to three hash methods 2013-11-17 03:40:39 +01:00
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
Kim Egede Jakobsen
f0205f53ad Try to make same comments for constructors.
Conflicts:
	lib/Cake/I18n/L10n.php
2013-11-11 11:03:57 +01:00
mark_story
afd182898f Merge branch 'master' into 2.5 2013-11-01 16:54:57 -04:00
Luis Ramos
db63ba2d8f Parse cookie values "{}" & "[]" as array 2013-10-30 15:26:50 -06:00
ADmad
d9ca148499 Merge branch 'master' into 2.5
Conflicts:
	CONTRIBUTING.md
	lib/Cake/Model/Model.php
	lib/Cake/VERSION.txt
2013-10-30 02:34:09 +05:30
mark_story
a753718387 Update docs for CookieComponent::delete().
Refs #2182
2013-10-28 23:13:51 -04:00
mark_story
07f4779efe Fix cookie component being inconsistent about writes.
Instead of treating multi-key and single key writes differently, they
should be treated consistently to allow simpler and more consistent interactions
with the stored data. This also results in fewer cookies being sent
across the wire which is an added benefit.

Fixes #2182
2013-10-28 23:13:51 -04:00
Bryan Crowe
a943ea5c34 Add space between classname(s) 2013-10-22 22:59:50 -04:00
Bryan Crowe
d39ced8381 Correct 'an URL' to 'a URL' in docblocks 2013-10-22 00:09:34 -04:00
mark_story
5a394c379a Merge branch 'master' into 2.5 2013-10-14 22:57:50 -04:00
euromark
ee0ed3a43a coding standards 2013-10-13 18:18:24 +02:00
Jose Lorenzo Rodriguez
df549898ad Merge remote-tracking branch 'origin/2.5' into k-halaburda-master 2013-10-12 01:05:02 +02:00
Bryan Crowe
4242bd4f3d Additional Cake references to CakePHP and docblock typo 2013-10-09 19:38:16 -04:00
Bryan Crowe
c1dd0e4393 Changed url to URL where appropriate 2013-10-07 23:17:58 -04:00
mark_story
60b0893c79 Merge branch 'master' into 2.5 2013-10-06 23:49:32 -03:00
mark_story
314ae1c8b4 Merge branch 'master' of github.com:cakephp/cakephp 2013-10-01 15:12:34 -04:00
Simon Males
c998888fe7 Do not assume CONTENT_TYPE is available.
In some server environments notably the CLI server, _SERVER['CONTENT_TYPE'] is not available.
In these cases, fall back to the HTTP_CONTENT_TYPE header.

Refs #GH-1661
2013-10-01 15:10:33 -04:00
mark_story
5e9b22271a Merge branch 'master' into 2.5 2013-09-27 22:26:33 -04:00
Frank de Graaf
3e8af8b180 Merge pull request #1689 from dereuromark/master-cakephp-name
Cake to CakePHP name
2013-09-27 12:16:25 -07:00
Frank de Graaf
ceb78fee9c Merge pull request #1671 from ADmad/bugfix/auth-infinite-redirect
Fixed infinite redirects when authenticated user tried to access login p...
2013-09-27 12:13:36 -07:00
euromark
df269ba0ef Cake to CakePHP name 2013-09-27 19:36:43 +02:00
ADmad
4dbf9107a8 Fixed infinite redirects for authenticated users accessing login page. 2013-09-27 22:33:07 +05:30
mark_story
cc5795c67d Merge branch 'master' into 2.5 2013-09-26 10:07:10 -04:00
Bryan Crowe
ab4bc16463 Updated Controller:: doc block and ControllerMergeVarsTest:: 2013-09-25 22:53:23 -04:00
Bryan Crowe
915b51b239 Updated JavaScript casing and JsHelper references in doc blocks 2013-09-25 22:46:38 -04:00
Bryan Crowe
1393325ad1 Use instanceof instead of is_a() in Controller.php 2013-09-23 21:37:27 -04:00
mark_story
a7a6fcae8a Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/VERSION.txt
2013-09-17 10:11:24 -04:00
euromark
e3a3946e89 address casting cs 2013-09-17 15:15:25 +02:00
euromark
12f2f729c8 more cs 2013-09-17 14:53:07 +02:00
euromark
382f75dbfc cs corrections, bool to boolean and int to integer. 2013-09-17 14:44:34 +02:00
mark_story
a2bd91638e Merge branch 'master' into 2.5 2013-09-12 19:47:13 -04:00
euromark
a796b26f13 fix renderLayout and update deprecated and outdated code 2013-09-13 00:09:31 +02:00
ADmad
1d0c785725 Fixed setting of order in Paginator options when using model's order. Refs f680c76, #3902 2013-09-10 22:47:31 +05:30
mark_story
59bb05b433 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/VERSION.txt
2013-09-02 11:35:09 -04:00
Renan Gonçalves
6750a65e1b Merge pull request #1568 from markstory/2.5-encrypt
2.5 - Add Security::encrypt() and Security::decrypt()
2013-09-02 01:19:47 -07:00
euromark
a36456cc87 Correct doc blocks for AuthComponent 2013-08-31 19:58:10 -07:00
mark_story
005a7d841d Add support for aes encrypted cookies.
With Security supporting AES encryption it is also ideal to have AES
compatible cookies. Refactor and simplify code. Dynamic invocation of
static method is a bit obtuse and the various methods don't all have the
same arguments.
2013-08-27 21:34:18 -04:00
euromark
1aba204ec7 remove $name where not necessary to unify this in 2.x 2013-08-25 21:19:55 +02:00
euromark
361980fade remove code, class names and paths from translation strings. 2013-08-21 00:05:53 +02:00
mark_story
0f2d59d987 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Network/CakeResponse.php
	lib/Cake/TestSuite/CakeTestCase.php
2013-08-18 23:10:08 -04:00
euromark
6cf147e8c8 unify null checks - avoid method call in favor of strict check 2013-08-16 20:12:49 +02:00
dmromanov
56ef44f495 Excluded method names from several tanslation strings
Removed unnecessary sprintfs
2013-08-16 13:42:28 +04:00
mark_story
26769edd04 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Utility/CakeTime.php
	lib/Cake/VERSION.txt
2013-08-12 14:39:02 -04:00
Mark Story
2f5963e2d3 Merge pull request #1496 from ravage84/else-clause-after-redirect
Removed else clauses after redirects and added return before redirect() ...
2013-08-12 11:05:39 -07:00
euromark
b09dc7213a deprecate Controller::flash() and adjust some other deprecation messages. 2013-08-12 12:51:12 +02:00
Jose Lorenzo Rodriguez
9d07fc4330 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/ShellDispatcher.php
	lib/Cake/Utility/CakeNumber.php
	lib/Cake/View/Elements/sql_dump.ctp
2013-08-11 23:31:10 +02:00
Marc Würth
4c13a39f3e Removed else clauses after redirects and added return before redirect() and flash() calls 2013-08-08 21:10:41 +02:00
euromark
fc2d28974b remove undocumented code and uncessary in_array() checks + cleanup 2013-08-08 03:56:58 +02:00
mark_story
9efad54e31 Fix missing expiry times on cookies.
When writing multiple cookies in a single request with the default
expiry time, cookies after the first should continue to have the default
expiry time used.

Fixes #3965
2013-08-06 22:01:13 -04:00
ADmad
38b050a711 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Command/ConsoleShell.php
2013-08-04 19:26:55 +05:30
Simon Males
0adef209e3 Camel case SecurityComponent::blackHole() method call 2013-08-02 12:07:33 +08:00
mark_story
95b74bd9ef Make sure ComponentCollection has the controller dependency.
Add setter method as changing ComponentCollection's constructor now is
not possible. This fixes issues where components that rely on
Collection->getController() in their constructor can work properly.

Fixes #3946
2013-07-30 09:09:52 -04:00
ADmad
a691e70065 Docblock and return type fixes 2013-07-29 19:13:31 +05:30
Phally
a70e004cda Corrects bad merge.
Bad merge: d161b21ae1

Fixes #3938.
2013-07-26 20:00:32 +02:00
Phally
6b41eaa950 Merge branch 'master' into 2.4 2013-07-26 19:44:11 +02:00
Phally
f7eab23a5c Strips the base off the generated URL from the AuthComponent.
Fixes #3922.
2013-07-26 15:18:28 +02:00
euromark
8b21710c95 whitespace correction 2013-07-25 13:26:21 +02:00
mark_story
e03d3df0fe Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/View/HelperTest.php
	lib/Cake/VERSION.txt
2013-07-17 22:40:09 -04:00
mark_story
a8f4ec0450 Simplify whitelist logic. 2013-07-16 19:33:06 -04:00
mark_story
b873186468 Fix being unable to sort on custom synthetic columns.
If a sort field whitelist is used we should trust its data and also
trust that the developer wanted what they asked for. This solves issues
where it was impossible to sort on synthetic columns added in custom
find types.

Fixes #3919
2013-07-16 10:19:18 -04:00
ADmad
d161b21ae1 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/AuthComponent.php
2013-07-14 10:58:55 +05:30
mark_story
d40c7376ce Rebalance where URL normalization happens in AuthComponent.
Make URL's not include the base path when storing them in the session.
This makes future redirection simpler. When URL's are an array use
Router::url() on them.

Fixes #3916
2013-07-12 21:54:22 -04:00
mark_story
8133f72b53 Update AuthComponent to not strip when normalizing URLs.
Revert most of the changes done to fix #3897 originally and try
a different strategy of solving the base path issues and not breaking
apps running in a subdirectory.

Fixes #3916
2013-07-12 21:17:25 -04:00
ADmad
4ded269549 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php
	lib/Cake/VERSION.txt
2013-07-07 12:22:12 +05:30
Marc Würth
a397f034e6 Some love for a deprecated class
Whitespace and wording.

Optionally we could include a version number until when this class will work. I assumed this will be 3.0...
http://www.phpdoc.org/docs/latest/for-users/phpdoc/tags/deprecated.html
I treid that but after I let apigen generate the doc and I saw it did nothing special about it ;-/
2013-07-06 19:50:26 +02:00
euromark
af455b4121 correct return types in doc blocks 2013-07-05 17:19:22 +02:00
euromark
e7f380d2b7 doublespace to single space 2013-07-05 14:36:40 +02:00
euromark
c989624f80 whitespace coding standards 2013-07-05 14:15:18 +02:00
mark_story
22a198a8ba Merge branch 'master' into 2.4 2013-07-04 21:40:51 -04:00
euromark
f680c763b2 ticket-3902 - paginator and display of order via model default order 2013-07-04 13:07:14 +02:00
José Lorenzo Rodríguez
9c4775a220 Merge pull request #1393 from markstory/constant-time-login
Hash passwords even when users don't exist.
2013-07-03 13:49:03 -07:00
mark_story
c597855fe4 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/Network/CakeRequestTest.php
2013-07-03 14:21:09 -04:00
euromark
f389435bae coding standards and else block simplification 2013-07-03 19:27:17 +02:00
euromark
7cb19b97db coding standards and simplification of else cases as well as some minor fixes 2013-07-03 00:52:48 +02:00
mark_story
17e4eee73d Hash passwords even when users don't exist.
Not hashing passwords when users don't exist means there is an
opportunity for timing attacks when people use blowfish or other
expensive hashing algorithms.
2013-07-01 21:52:15 -04:00
Mark Story
94db8fbed6 Merge pull request #1380 from ceeram/2.4-ext
Set extension with multiple accept based on order in parseExtensions.
2013-06-30 19:42:50 -07:00
Marc Würth
e84bf65016 Typo in FormAuthenticate.php 2013-07-01 00:03:03 +02:00