Marc Würth
d9e5d0ca05
Re-add the Equifax Secure Certificate Authority
...
Port change 343e206360
from 3.x to 2.x
2016-04-13 12:27:59 +02:00
Mark Story
1d4e39a45a
Merge pull request #8625 from cakephp/jrbasso/2.x-fix-doc
...
Fixed doc formatting on CakeResponse::cookie
2016-04-11 15:05:23 -04:00
Marc Würth
4fd25e648c
Update bundled CA file
...
Same as https://github.com/cakephp/cakephp/pull/8608 for 3.x
2016-04-11 13:55:28 +02:00
Juan Basso
718a7479e2
Fixed doc formatting on CakeResponse::cookie
...
Fixed doc to show properly in the documentation. This change was already applied on master.
2016-04-10 23:34:01 -04:00
mark_story
79db545b69
Fix PHP 5.4 syntax.
2016-04-02 21:45:02 -04:00
mark_story
1333cc4b3e
Merge branch 'postlink-token' into 2.x
...
Fix inline postLink() calls corrupting the containing form's tampering
token.
Refs #8387
2016-04-01 23:08:41 -04:00
mark_story
c551faad46
Add tests for changes in #8387
...
Add tests covering the new behavior.
2016-04-01 23:08:31 -04:00
mark_story
84fc9498b5
Allow N11 exchange numbers as valid.
...
The previous code and commit (fa3d4a0bb5
)
were incorrect about invalid exchange numbers as 1-800-211-4511 is
a real phone number.
I've also removed a duplicate alternation pattern.
Refs #8567
2016-03-31 22:38:16 -04:00
mark_story
13b914917d
Update version number to 2.8.3
2016-03-28 22:17:27 -04:00
mark_story
1926d40d40
Fix possibility for spoofed files to pass validation.
...
Use `is_uploaded_file` to prevent crafty requests that contain bogus
files from getting through. A testing stub class was necessary to avoid
making significant changes to the test suite.
2016-03-28 22:10:36 -04:00
mark_story
c6db76d044
Instead of wiping the Router, just clear requests.
...
Clearing the router also removes routes which can cause assertions to
fail. By just removing the stored requests we avoid the error reported
in #8480 and not break as many tests.
2016-03-20 11:10:34 -04:00
mark_story
7ceb0993bf
Clear the router state after testAction().
...
When using array urls, internal state in the Router would cause requests
to be incorrectly handled causing multiple testAction calls in a single
test to fail. By reloading the router we start off with a clean slate
each time.
Refs #8480
2016-03-19 12:16:21 -04:00
Mark Story
01d3c2f599
Merge pull request #8475 from cakephp/issue-8468
...
Fix boolean values in select widgets.
2016-03-18 22:20:31 -04:00
mark_story
f57f038c09
Fix for PHP 5.3
2016-03-16 21:17:42 -04:00
Thomas Smith
3e86de5bcd
Replaced nested loop in merging hasMany children with one pass each through children and parents
2016-03-16 09:37:15 -07:00
mark_story
745f3a33e6
Fix boolean values in select widgets.
...
Boolean `false` should be treated like `0` when comparing option values.
Refs #8468
2016-03-15 22:59:03 -04:00
Mark Story
61b09024b0
Merge pull request #8470 from ravage84/patch-4
...
Add note about log levels on Wndows
2016-03-15 21:17:55 -04:00
Marc Würth
ca5e9c305f
Add note about log levels on Wndows
...
This is a problem if a developer on Windows tries to separate those three levels into separate streams without customizing the CakePHP default levels.
2016-03-15 19:37:14 +01:00
Marc Würth
adc450d18b
Remove outdated statement about log auto config
2016-03-15 19:33:14 +01:00
mark_story
22a2e93c4b
Update version number to 2.8.2
2016-03-13 23:01:17 -04:00
mark_story
af046fc7d6
Merge branch 'request-ip' into 2.x
2016-03-13 23:00:47 -04:00
mark_story
fef3090717
Fix incorrectly inheriting permissions.
...
When child inherits from a deny parent the '*' permission should reflect
permissions on all nodes not just the leaf node. Previously once a node
with all permissions set to inherit was found, the check would pass.
Instead it should cascade to the parent nodes and look for explicit
allow/deny.
Refs #8450
2016-03-11 23:18:50 -05:00
mark_story
48af49ddde
Don't trust CLIENT_IP
...
The client_ip header can easily be forged. In 'safe' modes we should
only trust the remote_addr which comes from the sapi. Remove support for
http_clientaddress as I can't seem to find where this ever came from in
PHP on the http specs.
2016-03-10 22:04:13 -05:00
Mark Story
18b0334890
Merge pull request #8384 from garas/mailtransport-log-subject
...
Email log missing Subject and To headers when using MailTransport
2016-03-02 21:29:13 -05:00
mark_story
3ad68db5eb
Tweak fix from #8359
...
This fixes a regression introduced in that change that we didn't
previously have tests for. The issue fixed in #8359 was related to
PHP7.0, whereas PHP5 didn't have an issue. Now both versions will work
the same.
2016-03-02 12:30:48 -05:00
Mark Story
63de5ca4ea
Merge pull request #8359 from phlyper/patch-1
...
verify exists index 0 in $ref
2016-03-02 12:27:49 -05:00
Markus Bauer
95558d0bba
Data passed through FormHelper::postLink is excluded from CSRF creation of an outer form. Subsequent fix for #8387 .
2016-03-02 03:02:43 +01:00
Markus Bauer
7df96b3912
Creating correct CSRF tokens when using FormHelper::postLink within another form. Fixes #8387
2016-03-02 02:51:06 +01:00
Alex
862397325d
fixed typo
2016-03-01 12:41:29 -08:00
Edgaras Janušauskas
2386a86adc
Include Subject and To in email log when using MailTransport
2016-03-01 22:21:14 +02:00
Alex
e5e4317217
Updated deprecated doc for flash method
2016-03-01 12:17:39 -08:00
mark_story
78f199f8a0
Update version number to 2.8.1
2016-02-27 22:31:18 -05:00
mark_story
3ed321dff4
Handle negative numbers in Redis correctly.
...
Update number sniff to handle negative numbers. We need to do number
sniffing so we can maintain compatbility between write() and
increment()/decrement().
Refs #8364
2016-02-27 00:07:58 -05:00
Mark Story
eae7a8926b
Merge pull request #8345 from cakephp/issue-8330
...
Fix parsing empty header values.
2016-02-26 23:01:59 -05:00
phlyper
7b9ff1c11b
verify exists index 0 in $ref
...
exemple
i have to get the referrer url from any page if exists
```
class AppController extends Controller {
......
public function beforeRender() {
parent::beforeRender();
$this->params['referer'] = $this->referer(null, true);
}
..........
}
```
2016-02-26 22:39:48 +01:00
mark_story
1709f54e38
Update documentation for Model::_readDataSource()
...
Update sample code to generate unique keys based on association
conditions as well. Because association conditions are not part of the
'query' they need to be handled separately.
Refs #8346
2016-02-26 12:39:29 -05:00
Mark Story
31b3f39b67
Merge pull request #8310 from cakephp/secure-random
...
2.x - Secure random
2016-02-25 22:05:08 -05:00
mark_story
1a170e1eec
Fix parsing empty header values.
...
Replace the complex and somewhat unfixable regexp based parser for
a parser that handles each line individually. Normalize multi-line
headers to replace multiple spaces with a single one. Section 4.2 of the
HTTP1.1 standard states
> Any LWS that occurs between field-content MAY be replaced with
> a single SP before interpreting the field value or forwarding the
> message downstream.
This makes me somewhat confident that we can safely normalize
multi-line HTTP header values.
Refs #8330
2016-02-24 22:25:58 -05:00
mark_story
9c0da41858
Skip test on PHP7 as the warning is not consistent.
2016-02-23 20:54:16 -05:00
Marc Würth
1258739411
Replace Set by Hash
...
References to the deprecated Set class don't make much sense.
2016-02-23 13:09:03 +01:00
Mark Story
ff6cdd4b73
Merge pull request #8279 from cakephp/issue-8114
...
Fix inherited permissions when checking the '*' permission.
2016-02-22 14:48:58 -05:00
mark_story
7e5f56362f
Deprecate bad methods.
...
These methods are bad and should feel bad.
2016-02-22 00:16:15 -05:00
mark_story
7df99fff1f
Backport Security::randomBytes() to 2.x
...
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.
I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.
Refs #8282
2016-02-22 00:14:44 -05:00
mark_story
ee2d222b85
Correct API docs for find().
...
Fixes #8308
2016-02-21 22:42:24 -05:00
mark_story
4389c79442
Update tests.
...
The old tests were relying on the fixed inherit bug. Instead check
a specific permission which will result in a deny.
Refs #8114
2016-02-18 21:24:52 -05:00
mark_story
8f3df8b13e
Make tests not fail when extensions are installed
...
If the extensions are installed but memcached/redis are not running
errors should not be emitted.
2016-02-18 21:14:55 -05:00
mark_story
7a5907057a
Ensure keys are strings before accessing them.
...
Some userland datasources (namely an oracle driver) manage to get arrays
into $stack.
Refs #8281
2016-02-18 21:03:57 -05:00
mark_story
b2509ea13d
Fix inherited permissions when checking the '*' permission.
...
When checking inherited permissions for '*' also copy inherited
permissions onto the inherited list. By copying the inherited values, we
get the union of explit allow and inherited permissions, which if all
things go well will match the permission key list.
Refs #8114
2016-02-16 22:30:19 -05:00
Mark Story
68082fad02
Merge pull request #8207 from CakeDC/feature/uuid
...
Add support for Postgres native uuid datatype
2016-02-16 21:53:08 -05:00
Chris Hallgren
bf22e84d65
CS fixes
2016-02-15 20:44:27 -06:00
Chris Hallgren
849abab6a4
Fixing test case
2016-02-15 19:34:05 -06:00
Chris Hallgren
0c183b9b8e
Read content type in a more compatible way.
...
Not all webservers set CONTENT_TYPE. The built-in PHP webserver for
example sets HTTP_CONTENT_TYPE instead. Add a public method to the
request object to smooth over this difference.
Refs #6051 , #8267
2016-02-15 19:31:24 -06:00
Seth Tanner
c05835d85d
refs #8027 combine if statements
2016-02-11 01:49:34 +00:00
Marc Würth
780b836d57
Deprecate SecurityComponent::requireAuth & SecurityComponent::requireAuth()
...
Backport of https://github.com/cakephp/cakephp/pull/8191
2016-02-10 13:37:10 +01:00
Marc Würth
b5655d63ff
Remove lighthouse references
2016-02-10 12:27:34 +01:00
Edgaras Janušauskas
5b10e3cac2
Use mixed return type for AuthComponent::user()
2016-02-09 23:04:26 +02:00
ADmad
8b15cf1455
Merge pull request #8209 from cakephp/issue-8201
...
Backport fix for Validation::uploadedFile to 2.x
2016-02-09 12:05:41 +05:30
mark_story
e4b939bba0
Backport fix for Validation::uploadedFile to 2.x
...
Don't fail validation when the keys are not the expected order.
Refs #8201
2016-02-08 22:37:25 -05:00
Mark Scherer
f1bea77d74
Fix bool check and also some doc blocks.
2016-02-09 01:18:43 +01:00
mark_story
80f18448b5
Update version number to 2.8.0
2016-02-06 20:59:33 -05:00
mark_story
c0d897b45c
Merge branch '2.x' into 2.8
2016-02-06 20:55:08 -05:00
mark_story
f5608226ce
Merge branch '2.7' into 2.x
2016-02-06 20:34:55 -05:00
mark_story
0309c483fb
Don't make variables we never use.
2016-02-06 20:34:19 -05:00
Mark Story
41a12e9aa2
Merge pull request #8067 from cakephp/issue-7906
...
Make the session cacheLimiter a configuration option.
2016-02-06 20:30:48 -05:00
mark_story
42ebfe8881
Update version number to 2.7.10
2016-02-05 21:38:51 -05:00
Mark Story
76f86b96bb
Merge pull request #8186 from tersmitten/fatal-error-uncaught-exception-configureexception-27
...
Expand path before is_file check
2016-02-05 12:34:22 -05:00
Mischa ter Smitten
5c8c22cf19
Expand path before is_file check
...
To allow symlinks to config files
2016-02-05 11:11:28 +01:00
Edgaras Janušauskas
f389231058
Improve ExtractTask when CakePHP installed via Composer
2016-02-03 14:52:15 +02:00
mark_story
d9992bcaca
Use safer methods to read session configuration.
...
Avoid potential undefined index warnings by using read() to safely fetch
data.
Refs #8101
2016-01-30 16:21:33 -05:00
Jorge M. González Martín
3ca3ffeeee
fix phpcs
2016-01-29 08:56:36 +00:00
mark_story
3b5a71df37
Merge branch '2.7' into 2.8
2016-01-28 21:51:59 -05:00
mark_story
fc57dee72f
Fix error in PHP 5.3
2016-01-28 21:50:56 -05:00
Mark Story
aa449b194d
Merge pull request #8125 from CakeDC/issue/7978
...
Add support for NOT IN in Model::find() conditions.
Refs #7978 fixing regex to take in account IN operator
2016-01-28 21:48:04 -05:00
Edgaras Janušauskas
6e54a7391c
Use more specific datatypes in PHPDoc
2016-01-28 23:10:51 +02:00
Edgaras Janušauskas
fde1d08b43
Fix PHPDoc @return by replacing $this to self
2016-01-28 23:10:42 +02:00
Yevgeny Tomenko
70c4e40532
Fix value check and formatting.
2016-01-28 23:36:07 +03:00
Pedro Fernandes Steimbruch
bf8e6ce576
Refs #7978 fixing code standard
2016-01-28 17:55:19 -02:00
Pedro Fernandes Steimbruch
eaeb7cea9e
Refs #7978 fixing regex to take in account IN operator
2016-01-28 17:34:08 -02:00
Yevgeny Tomenko
e83a532af0
Fixed array syntax.
2016-01-28 22:12:24 +03:00
Yevgeny Tomenko
06853a137a
Merge remote-tracking branch 'remotes/origin/2.8' into feature/uuid
2016-01-28 22:08:10 +03:00
Yevgeny Tomenko
209cdd71a9
code formatting fixes
2016-01-28 21:54:49 +03:00
Yevgeny Tomenko
296f698db3
Added test cases covering native uuid field usage for Postgres class
2016-01-28 21:13:33 +03:00
ADmad
a890d76990
Merge pull request #8107 from ndm2/2.7-fix-post-link-description
...
2.7 - Fix `FormHelper::postLink()` description.
2016-01-26 18:38:29 +05:30
ndm2
4e58d595ae
Fix FormHelper::postLink()
description.
...
Update description with a short explanation that considers the
`inline` and `block` options.
2016-01-26 10:59:03 +01:00
mark_story
0edec3cfc6
Update version number to 2.7.9
2016-01-24 21:48:49 -05:00
mark_story
3e67685c7c
Merge branch '2.7' into 2.8
2016-01-21 21:46:51 -05:00
mark_story
4b8d628a2e
Backport SecurityComponent fixes from #8071 to 2.x
...
If the request manages to have data set outside of post/put we should
still validate the request body. This expands SecurityComponent to cover
PATCH and DELETE methods, as well as request methods that should be
safe, but somehow end up not safe.
2016-01-20 21:34:58 -05:00
mark_story
91109c33b2
Merge branch '2.7' into 2.8
2016-01-19 21:15:08 -05:00
Mark Story
983a2f65e8
Merge pull request #8068 from cakephp/2.7-backport-shell-corrections
...
Backport CODE_ERROR constant and return as per expectation.
2016-01-19 17:38:18 -05:00
Larry E. Masters
7c37cf5b5f
Using _cookieName() instead session_name()
2016-01-19 16:29:56 -06:00
José Lorenzo Rodríguez
835fc9ce01
More CS fixes
2016-01-19 13:52:16 -04:30
mscherer
c06bde34d6
Backport CODE_ERROR constant and return as per expectation.
2016-01-19 16:53:23 +01:00
José Lorenzo Rodríguez
2962b387d7
Fixed CS error
2016-01-19 11:17:06 -04:30
José Lorenzo Rodríguez
3ee9f97826
Trying to fix tests
2016-01-19 11:03:07 -04:30
José Lorenzo Rodríguez
dc83669e9b
using the right superglobal
2016-01-19 10:43:12 -04:30
José Lorenzo Rodríguez
93ba85b8b8
Fixed failing test
2016-01-19 08:37:36 -04:30
mark_story
57f620fc22
Make the session cacheLimiter a configuration option.
...
Instead of hardcoding to must-revalidate, developers can use a more
suitable option if they do not have to support IE8.
Refs #7096
2016-01-18 22:18:38 -05:00
Jose Lorenzo Rodriguez
bd53ef01a6
Better method overriding emulation for GET
2016-01-18 20:34:32 -04:30
Seth Tanner
e75858d342
refs #7929 update uuid test
2016-01-15 12:15:59 -08:00
Seth Tanner
47bf98cae4
refs # 7929 refactor uuid support to not break Backward Compatibility
2016-01-15 11:43:01 -08:00
Seth Tanner
66f3a7e487
refs issue #7929 add support for Postgres native uuid datatype
2016-01-14 09:37:06 -08:00
mark_story
a530414a88
Update version number to 2.8.0-RC1
2016-01-12 23:49:25 -05:00
mark_story
d773644232
Merge branch '2.7' into 2.8
2016-01-12 22:14:16 -05:00
Mischa ter Smitten
8d472a5d78
Memcached can not connect using a socket
...
Fixes #8018
2016-01-12 21:01:14 +01:00
Mark Story
eaac1bf31c
Merge pull request #7979 from cakephp/2.8-url-false
...
2.8 Url false for FormHelper::create()
2016-01-07 21:51:23 -05:00
@zuborawka
3d0bda0df8
Update comment block
...
Add an annotation for FlashComponent
2016-01-07 23:12:01 +09:00
Mark Scherer
3fb752a577
Fix CS
2016-01-07 11:09:48 +01:00
Mark Scherer
8423c004b9
Invert condition to avoid else.
2016-01-07 10:51:34 +01:00
Mark Scherer
b1f1003ebe
Allow 3.x backport of url=>false
in 2.x
2016-01-07 10:48:20 +01:00
Mark Story
6fbc029b9b
Merge pull request #7961 from cakephp/2.8-deprecate-action
...
Deprecate action in Form::create()
2016-01-06 21:54:42 -05:00
Mark S
daca52e37c
Use is_array() check
2016-01-06 18:05:01 +01:00
Gareth Ellis
af487e7f89
Fix spacing
2016-01-05 16:39:07 +00:00
Gareth Ellis
54b4170022
Add doc block for testAction magic method to enable IDE autocompletion in test classes
2016-01-05 11:57:40 +00:00
Mark Scherer
55ca2ddabd
Fix CS.
2016-01-04 15:53:48 +01:00
Mark Scherer
cd59ab9c40
Fix tests
2016-01-04 15:08:31 +01:00
Mark Scherer
7076e6d481
Add missing test that is present in 3.x.
2016-01-04 14:29:00 +01:00
Mark Scherer
a2ce6c8c1f
Deprecate action in Form::create()
2016-01-04 14:22:40 +01:00
mark_story
4de92123fa
Back port fixes from #7899 to 2.x
...
Fix XmlView failing when return => domdocument is used.
2016-01-03 22:08:09 -05:00
Larry E. Masters
0aa8847762
Merge pull request #7840 from cakephp/2.8-PHP7
...
2.8 PHP7 compatibility
2015-12-29 00:27:33 -05:00
Larry E. Masters
e7a313edee
getting sloppy as I get older, fixing code sniffer errors
2015-12-29 00:06:44 -05:00
Larry E. Masters
6ee621011b
Using function_exists instead of using constant
2015-12-28 23:50:35 -05:00
Larry E. Masters
b1d93377b6
Removing invalid test
2015-12-28 23:36:37 -05:00
Larry E. Masters
bc005cd014
Fixing Undefined index: Session
2015-12-28 23:32:18 -05:00
Larry E. Masters
a1e140cbe0
Removing check for set key
2015-12-28 23:26:58 -05:00
Larry E. Masters
a966e46545
Allowing returning numeric 0 from read
2015-12-28 23:26:06 -05:00
Larry E. Masters
a02fb9e771
Fixing code sniffer errors
2015-12-28 18:40:14 -05:00
Larry E. Masters
34b4261e6d
Fixes: A non well formed numeric value encountered - php 7
2015-12-28 17:42:56 -05:00
Larry E. Masters
a59ea13712
Fixes SessionComponentTest::testSessionValid. Refactored _hasSession and other erros on php 7
...
init would always set CakeSession::$_userAgent.
2015-12-28 17:26:35 -05:00
Larry E. Masters
027e32ce00
Reverted change setting $_SESSION to an array. Commenting out a test that is invalid.
...
This test creates a numeric key of 0 in $_SESSION which is not a valid session key. This causes error - session_write_close(): Skipping numeric key 0 error.
2015-12-28 17:19:31 -05:00
Larry E. Masters
c2449c9d16
Fixing Code Sniffer errors
2015-12-28 17:15:23 -05:00
Larry E. Masters
33f2f46868
Refactoring and emoving one isset check
2015-12-28 11:52:19 -05:00
Larry E. Masters
5c3bc44ef5
Initial fixes for failing session tests
2015-12-28 11:41:23 -05:00
Larry E. Masters
1fd329311b
Fixes tests to expect changes made to read and write methods - This could be a possible BC change
...
Since php 7 expects write to return true or false this needed to change, previous implementation would return the values sent to write on success and false on failure. Similar change to read method test CakeSession::read() now returns results or ''.
2015-12-28 11:29:17 -05:00
Larry E. Masters
3c21f4a8af
Fixes session_write_close(): Skipping numeric key 0 error
2015-12-28 11:18:03 -05:00
Larry E. Masters
46d385ac73
Should be able to write a file with no data in it.
2015-12-27 22:25:23 -05:00
mark_story
7c2ec5b451
Merge branch '2.7' into 2.8
2015-12-27 10:51:41 -05:00
mark_story
72b98f58a8
Backport paginator changes for string integers.
...
Backport the intent of #7845 into 2.x. The implementation differs a bit
from 3.x but paginator helper internals are pretty different in both
branches.
Refs #7092
2015-12-26 22:52:57 -05:00
mark_story
430612f1df
Split mega test up.
...
The previous testNumbers() method was a behemoth. Split out the
scenarios for first/last a bit.
Refs #7902
2015-12-26 22:37:25 -05:00
Mark S
bca3064df2
Merge pull request #7903 from cakephp/2.8-return-reponse
...
Always return response in redirect() for testing.
2015-12-26 16:16:43 +01:00
mark_story
b5e64bbad5
Merge branch '2.7' into 2.8
2015-12-24 16:20:27 -05:00
mark_story
7d052bdbc1
Backport 5714cf14a9ca4b439b872aaf3ad6e5bfddda46ad to 2.x
...
Fix file:// paths being mishandled on windows.
While I don't think its feasible to fix all the cases reported in #7275
as certain paths have different meaning in windows, we can fix file://
not working.
Refs #7275
2015-12-24 16:19:57 -05:00
Mark Scherer
12b4c9ba24
Fix bracket syntax.
2015-12-23 21:45:15 +01:00
Mark Scherer
8b5ef12ccb
Always return response in redirect() for testing.
2015-12-23 21:29:19 +01:00
Larry E. Masters
9abb4e19f2
Removing forced return true
2015-12-22 16:22:34 -05:00
Larry E. Masters
1c593eea63
Adding return types to Session test classes.
2015-12-22 16:20:24 -05:00
Larry E. Masters
dd11c63069
Changing return types
...
read now returns empty string instead of false when read method returns an empty value.
write, destroy and gc will return boolean type
2015-12-22 16:19:51 -05:00
Larry E. Masters
776c128fe0
Adding boolean return in Cache::gc
2015-12-22 16:15:53 -05:00
Mark S
fd021909ba
Remove an empty line output
2015-12-22 17:10:42 +01:00
mark_story
2ee72e2ad2
Update version number to 2.7.8
2015-12-21 14:55:52 -05:00
mark_story
8343f6c81d
Merge branch '2.8' of github.com:cakephp/cakephp into 2.8
2015-12-21 12:41:52 -05:00