mark_story
45695b6b5c
Fix missing field identifier quoting for COUNT(DISTINCT in SQLServer.
...
Refs #11186
2018-01-09 17:01:00 -05:00
Mark Story
ab272b09c7
Merge pull request #11581 from bancer/issue-11131-long-cache-key
...
Hash group cache keys to prevent key overflows in some cache engines
2018-01-06 22:05:39 -05:00
Mark Story
83928f9d74
Merge pull request #11590 from cakephp/issue-11588
...
Buffer contents of HtmlReporter.
2017-12-31 21:13:28 -05:00
Koji Tanaka
400d45f56c
fix code style
2017-12-31 17:05:26 +09:00
Koji Tanaka
74a8611eef
[2.x]Fix can't load aliased component on ControllerTestCase
2017-12-31 15:44:05 +09:00
mark_story
d2c4bf2bb2
Buffer contents of HtmlReporter.
...
Collect HTML output into a buffer so we can provide compatibility across
PHPUnit 3.x and 4.x
Refs #11588
2017-12-30 23:47:11 -05:00
Val Bancer
0f51c75157
replaced vsprintf to implode
2017-12-28 16:15:14 +01:00
Val Bancer
7ae84e3d5d
Makes the cache key shorter by using md5()
2017-12-28 10:02:35 +01:00
mark_story
51206d7358
Update version number to 2.10.6
2017-12-18 21:15:48 -05:00
Mark Story
3bf93b7f76
Merge pull request #11526 from cakephp/post-conditions
...
Make postConditions() less permissive.
2017-12-15 14:36:38 -05:00
mark_story
340059be15
Check model names for bad characters as well.
2017-12-13 00:01:09 -05:00
mark_story
a9618f67f7
Use a permitted list instead of a ban list.
...
This should be safer as we are more confident on what is coming in.
2017-12-13 00:01:05 -05:00
Koji Tanaka
fba7f1c617
Fix Phpdoc for CakeObject::log()
2017-12-12 20:00:21 +09:00
mark_story
f66dec8a96
Make postConditions() less permissive.
...
We were notified by `ooooooo_q` that postConditions() is vulnerable to
SQL injection if used without SecurityComponent tampering prevention.
This change attempts to make postConditions() safer by exploding in
unsafe scenarios.
2017-12-10 21:44:47 -05:00
chinpei215
6ad30946d8
Fix CS
2017-12-04 23:31:32 +09:00
chinpei215
9f65402d2c
Fix CakeRequest::referer(true) returning scheme-relative URLs
...
Backport of #11503 (and #8795 )
2017-12-04 21:18:27 +09:00
dereuromark
eaf7454628
Clarify migration path to 3.x
2017-11-29 19:57:01 +01:00
Mark Story
abec95d3ea
Merge pull request #11469 from db-bogdan/issue11468
...
fixes #11468 sending user data on basic auth in API environment
2017-11-28 21:52:59 -05:00
chinpei215
4ae9f13dfd
Fix 'order' not working with a single expressions
2017-11-29 00:17:57 +09:00
db-bogdan
e824346cca
extra fix
2017-11-28 11:43:55 +02:00
db-bogdan
94e06dfeb3
add unit test
2017-11-28 11:31:46 +02:00
db-bogdan
5695fef46f
fixes #11468
2017-11-27 11:59:34 +02:00
Mischa ter Smitten
d7b9e55e98
Fix indent
2017-11-23 14:12:13 +01:00
Mischa ter Smitten
05954ff405
Consistency changes
2017-11-23 10:09:25 +01:00
Mischa ter Smitten
4faac8e09a
Improved readability
2017-11-23 10:06:14 +01:00
Mischa ter Smitten
bc1678cf2a
Add option to make _validAgentAndTime
3.x compatible
2017-11-23 10:02:38 +01:00
Val Bancer
a2cc9843e4
added missing ob_end_flush() call
2017-11-21 15:20:14 +01:00
mark_story
10fcd7633d
Update version number to 2.10.5
2017-11-20 21:09:55 -05:00
mark_story
f788c90b3c
Fix typo
2017-11-05 22:34:47 -05:00
Mark Story
b175270f62
Merge pull request #11404 from ynaderi/2.x
...
- DigestAuthenticate modification for cakephp 2.X
2017-11-05 22:34:17 -05:00
Yaser Naderi
26a683f36f
- DigestAuthenticate modification for cakephp 2.X
2017-11-03 14:53:54 -04:00
Milan van As
7de5ae4438
Force email domain lookups to work in fallback case.
2017-10-25 08:45:57 +02:00
saeideng
b59b64db29
replace tab with space
2017-10-21 22:44:15 +03:30
mark_story
549c181926
Update version number to 2.10.4
2017-10-18 21:54:49 -04:00
chinpei215
19bbb7da17
Simplify CookieComponent::read()
...
Also, this commit fixes an issue of when the second level key is empty.
Previously, read('foo.0') returned incorrect result.
2017-10-16 21:01:19 +09:00
chinpei215
bbea91090d
Fix CookieComponent::delete() not working for deep children
2017-10-16 20:55:00 +09:00
mark_story
e85f489c1f
Add test for #11284
2017-10-13 21:55:56 -04:00
Mark Story
d3a4ce1216
Merge pull request #11284 from kolorafa/patch-1
...
msSQL - also handle offset as string
2017-10-13 21:55:21 -04:00
Mark Story
fb44035177
Merge pull request #11299 from tenkoma/2.x-fix-cc-number-jcb-pattern
...
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 10:09:19 -04:00
Koji Tanaka
7d2d902b57
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 16:15:10 +09:00
Mark Story
e889535e41
Merge pull request #11288 from mensler/session-without-cookies-2.x
...
Check for session.use_trans_sid and session ID in URL when cookies are disabled (2.x)
2017-10-07 12:17:30 -04:00
Clemens Weiß
61eddc6bde
Fixed formatting
2017-10-07 11:11:45 +02:00
Mark Story
a71cad0420
Merge pull request #11283 from chinpei215/2.x-cookie-component-1
...
[2.x] Fix fatal error thrown when replacing scalar with array
2017-10-06 16:45:38 -04:00
Clemens Weiß
7f64ea37f9
Restored formatting
2017-10-06 17:11:09 +02:00
Clemens Weiß
5d5e791a31
Check for session.use_trans_sid and session ID in URL in case cookies are disabled (backport of cakephp/cakephp#10828 for 2.x)
2017-10-06 17:04:53 +02:00
chinpei215
deac8f9109
Backport #7080 , #8233 and #11060
2017-10-06 22:02:37 +09:00
chinpei215
ccf634e5f3
Docblock update
2017-10-06 21:59:48 +09:00
chinpei215
959f45a6c6
Fix fatal error thrown when replacing scalar with array
...
Refs #11280
2017-10-06 13:43:32 +09:00
kolorafa
22d2564de9
msSQL - also handle offset as string
...
When doing pagination you could get offset not as a int(eg. 10) but string(eg. "10") and it will not paginate at all.
For example DataTables plugin pass offset from params and all params from http request are strings wrapped in numbers.
Adding ctype_digit($offset) will also check the case.
2017-10-05 11:45:33 +02:00
LustyRain
e1e5a292f2
Fix: revert return
2017-10-05 00:09:51 +09:00