mark_story
efc2526600
Appease PHPCS.
2016-05-03 17:46:29 -04:00
mark_story
b6d631b987
Use strlen(). Comparing a string against a length will not do the right thing.
2016-05-03 17:27:16 -04:00
Philippe Saint-Just
cd07850337
Merge branch 'backport-8741-8690' into 2.x
2016-04-30 13:11:34 -04:00
mark_story
8b5023282e
Randomly generate a salt when the salt is '' or null.
...
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.
Refs #8650
2016-04-15 21:49:17 -04:00
mark_story
84fc9498b5
Allow N11 exchange numbers as valid.
...
The previous code and commit (fa3d4a0bb5
)
were incorrect about invalid exchange numbers as 1-800-211-4511 is
a real phone number.
I've also removed a duplicate alternation pattern.
Refs #8567
2016-03-31 22:38:16 -04:00
mark_story
1926d40d40
Fix possibility for spoofed files to pass validation.
...
Use `is_uploaded_file` to prevent crafty requests that contain bogus
files from getting through. A testing stub class was necessary to avoid
making significant changes to the test suite.
2016-03-28 22:10:36 -04:00
Mark Story
31b3f39b67
Merge pull request #8310 from cakephp/secure-random
...
2.x - Secure random
2016-02-25 22:05:08 -05:00
Marc Würth
1258739411
Replace Set by Hash
...
References to the deprecated Set class don't make much sense.
2016-02-23 13:09:03 +01:00
mark_story
7e5f56362f
Deprecate bad methods.
...
These methods are bad and should feel bad.
2016-02-22 00:16:15 -05:00
mark_story
7df99fff1f
Backport Security::randomBytes() to 2.x
...
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.
I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.
Refs #8282
2016-02-22 00:14:44 -05:00
mark_story
e4b939bba0
Backport fix for Validation::uploadedFile to 2.x
...
Don't fail validation when the keys are not the expected order.
Refs #8201
2016-02-08 22:37:25 -05:00
Larry E. Masters
0aa8847762
Merge pull request #7840 from cakephp/2.8-PHP7
...
2.8 PHP7 compatibility
2015-12-29 00:27:33 -05:00
mark_story
b5e64bbad5
Merge branch '2.7' into 2.8
2015-12-24 16:20:27 -05:00
mark_story
7d052bdbc1
Backport 5714cf14a9ca4b439b872aaf3ad6e5bfddda46ad to 2.x
...
Fix file:// paths being mishandled on windows.
While I don't think its feasible to fix all the cases reported in #7275
as certain paths have different meaning in windows, we can fix file://
not working.
Refs #7275
2015-12-24 16:19:57 -05:00
mark_story
37fe25909f
Merge branch '2.7' into 2.8
2015-12-20 21:59:43 -05:00
Larry E. Masters
6a68032e0b
FIxing srand() expects parameter 1 to be integer, string given
...
Type casting to integer
2015-12-13 14:18:59 -06:00
Yasushi Ichikawa
bed76acea1
fixed coding standards error
2015-11-29 23:37:07 +09:00
Yasushi Ichikawa
5b098af240
remove extract function in the Validation::comparison
2015-11-29 22:42:55 +09:00
mark_story
48450e71fa
Merge branch '2.7' into 2.8
2015-11-11 22:53:45 -05:00
mark_story
1a6f733286
Merge branch '27-pages-fix' into 2.7
2015-11-05 22:30:25 -05:00
Jose Lorenzo Rodriguez
18544c5aaa
Fix validation allowing arrays.
...
Accepting arrays can cause a number of adverse effects. While this may
be a breaking change the alternatives are worse.
2015-11-04 21:35:05 -05:00
ADmad
90c9ead8cd
Fix CS error
2015-10-30 09:28:03 +05:30
Mark Scherer
820fc2286f
Correct doc block.
2015-10-27 21:17:10 +01:00
mark_story
c26b7bbffe
Fix PHPCS errors and failing test.
...
Refs #7577
2015-10-20 21:08:57 -04:00
vanquang9387
13132cd113
Fix using php 5.4 array [ ]
2015-10-19 15:52:10 +07:00
vanquang9387
8b3bba3341
Reformat Validation class
2015-10-19 15:47:33 +07:00
vanquang9387
af8c992655
2.x uploadedFile validation (backported from #4524 )
2015-10-19 15:15:28 +07:00
Ashley Pinner
83b904bc7b
Remove censoring of schema and prefix from debug()
...
As per discussion in #cakephp the other day, `debug()` will automatically censor out a list of keys, including `prefix` and `schema`. These are useful to see in output for debugging prefix routing, and should not automatically be considered sensitive information.
2015-10-15 12:55:32 +01:00
mark_story
a6a699b4b9
Merge branch '2.7' into 2.8
2015-09-28 21:17:45 -04:00
mark_story
13f147940f
Correct inflection of virus.
...
Instead of viri, it should be viruses.
Refs #7466
2015-09-28 21:04:23 -04:00
mark_story
8a57d78dba
Merge branch '2.7' into 2.8
2015-09-27 11:12:55 -04:00
Mark Story
12f5aee5a2
Merge pull request #7447 from ravage84/2.7-lib-improvements
...
Various improvements to the CakePHP lib files
2015-09-25 12:14:00 -04:00
Marc Würth
e690662f0e
Various improvments to the CakePH Plib files
...
Mostly CS, doc blocks and explicit returning nulls.
2015-09-25 17:11:20 +02:00
mark_story
77f2c8cb42
Use mb_strtolower in case-insensitive sorting.
...
We should try to support unicode everywhere people might use it.
2015-08-25 21:49:10 -04:00
mark_story
9b910dff31
Merge branch '2.8-hash-sort-ignore-case' into 2.8
...
Refs #7217
2015-08-25 21:46:08 -04:00
mark_story
a9ef1f8aea
Simplify branching and add default options.
...
Use fewer conditionals by merging defaults and avoid exceptions
by setting defaults as well.
Refs #7217
2015-08-25 21:39:02 -04:00
Mark Scherer
3cfc46db38
Fix merge to + operator.
2015-08-24 06:33:04 +02:00
Rachman Chavik
e6acacac03
CakeTime::listTimezones(): Add option to Display timezone abbreviations
...
Useful for countries that do not have many of its cities, even major ones,
listed. For eg: Indonesia, only have 4 cities listed.
For backward compatibility, abbreviations will not be shown.
Note: You might need to update timezonedb for PHP 5.3
Closes #7271
2015-08-21 10:54:33 +07:00
Adrian Gunawan
12e5719aad
Remove whitespace at end of line
2015-08-14 17:05:59 +10:00
Adrian Gunawan
80f6a97d93
Check === 'natural' was inadvertently removed
2015-08-14 15:32:23 +10:00
Adrian Gunawan
b89d8d5efa
Use array() instead of the short notation []
2015-08-14 14:15:00 +10:00
Adrian Gunawan
f23e6589d0
Overload $type parameter instead of adding another parameter for case insensitive sort
2015-08-13 11:16:32 +10:00
Adrian Gunawan
a217556c13
Ability for Hash::sort to sort case-insensitively
2015-08-12 14:35:11 +10:00
mark_story
b7c9ac913d
Backport fixes for comparison() and range() to 2.x
...
These fixes were released as a security update for 3.x, they also belong
in 2.x
2015-08-06 21:36:39 -04:00
José Lorenzo Rodríguez
355eb1859c
Merge pull request #7106 from cakephp/issue-7098
...
Consistently remove plugin names in object collections.
2015-07-28 15:58:41 +02:00
Mark Story
de4b44a37b
Merge pull request #7077 from dereuromark/2.7-static
...
Replacing self with static due to PHP5.3+. Following #7040 .
2015-07-23 22:27:37 -04:00
mark_story
418dcfd7f8
Consistently remove plugin names in object collections.
...
We were sometimes removing plugin prefixes (set, and some subclass
methods). But many other methods were missing the pluginSplit() feature.
This change makes all of the methods in ObjectCollection strip plugin
prefixes, which increases consistency across the framework.
Refs #7098
2015-07-23 21:46:21 -04:00
mark_story
e4b2428735
Fix PHPCS errors.
2015-07-21 16:28:17 -04:00
Mark Scherer
52e79987a2
Replacing self with static due to PHP5.3+. Following #7040 .
2015-07-21 10:22:53 +02:00
mark_story
bd23fdeebf
Simplify code and reduce test redundancy.
...
We don't need the additional parameter, and some of the tests weren't
covering unique scenarios.
Refs #7040
2015-07-20 22:16:50 -04:00