Commit graph

2905 commits

Author SHA1 Message Date
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
ADmad
27699d1f12 Fix auto linking urls with subdomain with underscore.
Closes #3392
2014-04-25 22:28:34 +05:30
Stefan Dickmann
f90f718e11 change parameter order 2014-04-24 12:54:45 +02:00
ADmad
971a845eb1 Merge pull request #3379 from dereuromark/2.5-inflector
2.5 inflector
2014-04-24 13:13:59 +05:30
mark_story
04edb547f3 Merge branch 'master' into 2.5 2014-04-23 22:21:57 -04:00
mark_story
6f68049bf5 Reject file paths containing ...
Paths containing `..` are generally up to no good. Throw an exception,
as developers can use realpath() if they really need to get relative
paths.

Fixes #3370
2014-04-23 22:20:14 -04:00
euromark
0c036f6370 Remove unncessary language support. 2014-04-23 18:07:08 +02:00
euromark
7e6bc48ef2 Complete Inflector transliterations. 2014-04-23 16:43:44 +02:00
ADmad
ead494eec1 Allow setting only default layout without specifying template in email config.
Closes #3336
2014-04-22 20:02:36 +05:30
ADmad
6bdfdfd436 Optimize view paths caching for plugins.
Closes #2047
2014-04-20 02:02:07 +05:30
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
mark_story
f1b57d14ab Revert changed added in #2750.
While the had the potential to make 404s going through AssetDispatcher
much faster, they broke plugins + extension routing. While explicit
extensions could be fixed, routing all extensions could not. Because we
are trying to keep 2.x as API compatible as possible it makes sense to
revert the previous changes.
2014-04-13 20:00:34 -04:00
mark_story
749f2b99d9 Don't 404 extensions that could be handled by routing.
Fixes an error in #2750 where routed extensions would always return
404's for plugin requests. When a file extenion could be handled by
router, AssetDispatcher cannot 404 the request.

Refs #3305
2014-04-13 06:48:51 -04:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
mark_story
bf9c3029cb Merge branch 'master' into 2.5 2014-04-10 20:51:49 -04:00
mark_story
c6173a0054 Add tests for #3288 and remove nested ternaries.
Nested ternaries are complicated to maintain and hard to read. Break
down the nested ternary into two conditionals.
2014-04-10 20:37:08 -04:00
euromark
8e0f15b3d6 Revert the removal of a BC relevant part. 2014-04-10 20:11:58 +02:00
euromark
9058f0f6f1 Make CakePlugin::loadAll behave correctly regarding merging of settings. 2014-04-08 12:18:17 +02:00
Mark Story
caf0217fe0 Merge pull request #3259 from dereuromark/2.5-array-merge
microptimize options and default merge and other string key array merges
2014-04-07 21:44:38 -04:00
mark_story
b05ab740d6 Merge branch '2.5-AssetDispatcher-404' into 2.5
Return a 404 much earlier when handling missing theme/plugin assets.

Fixes #2750
2014-04-07 21:43:37 -04:00
mark_story
7eb569c439 Add test case for #2750 2014-04-07 21:26:11 -04:00
euromark
0ece694a75 microptimize options and default merge and other string key array merges 2014-04-08 01:25:14 +02:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
mark_story
4ec81542db Fix email rendering when using 2 different plugins.
When an email template and layout are in different plugins the incorrect
plugin would be used for the layout.

Fixes #3062
2014-04-04 21:45:04 -04:00
euromark
b150e33472 correct missed cs errors 2014-04-02 03:16:03 +02:00
euromark
e544340d67 fix indentation 2014-04-02 03:12:22 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
euromark
44952b06a4 cs 2014-04-02 02:23:43 +02:00
Bryan Crowe
b93f373f16 Fix yoda condition in File test 2014-03-31 17:40:35 -04:00
ADmad
10f294d6bb Remove $reponse param of Dispatcher::_invoke().
Use controller's $response property by default.
2014-03-30 19:29:07 +05:30
mark_story
ff73229ab8 Fix failing tests.
Not everyone uses the same database names as me.
2014-03-24 10:04:19 -04:00
mark_story
2fe8c4050b Insert manual joins *after* generated joins.
Re-order query joins to make manually added joins be performed after
generated joins. This removes the need to workaround the current join
order, or redefine all association joins when you want to add an
additional join on a leaf table.

Refs #2179
Refs #2346
2014-03-23 21:09:08 -04:00
func0der
06f47ee01f Introduced I18n category constants (#1894)
Replaced all hard coded category values
2014-03-23 17:00:17 +01:00
Mark Story
dea6709d89 Merge pull request #3014 from ndm2/smtp-extensibility-response-access
SMTP transport - Extensibility and response access
2014-03-23 09:24:21 -04:00
mark_story
8acb75425d Merge branch 'master' into 2.5
Conflicts:
	CONTRIBUTING.md
	lib/Cake/Model/Datasource/DboSource.php
2014-03-21 22:55:28 -04:00
mark_story
f12b272758 Fix a few flaky/bad attribute matchers. 2014-03-21 22:52:52 -04:00
mark_story
af68f61e7a Make assertTags() run much faster.
Generating the various permutations a priori is incredibly expensive
with sets of attributes. Using nested loops that look for matches is
more efficient.

Add replacments for `.*` and `.+` in preg:/ prefixed attribute matchers
so they do not greedily eat all content. This also requires that preg:/
based attribute matchers *must* be quoted.

Fixes #3072
2014-03-21 22:52:52 -04:00
wbkostan
fea60bfe51 Update InflectorTest.php
Added test cases for changes to inflector which affected words ending -aves. Author acknowledges the homonym conflict with 'leaves' and 'leaves', but preferences the word whose singular avoids an exception to the inflection rule.
2014-03-19 19:17:52 -04:00
mark_story
afc8587949 Merge branch 'master' into 2.5 2014-03-18 22:12:14 -04:00
mark_story
ee895a8bb1 Add form attribute to hidden inputs when present.
If inputs are placed outside of the form elements the form attribute
needs to be set on the hidden inputs. Without this attribute the empty
state does not submit correctly.

Fixes #3053
2014-03-18 22:11:57 -04:00
Hadrien
d55a167830 Themed CakeEmail should load view helpers with the theme set 2014-03-18 14:22:24 +01:00
mark_story
9888209e9a Add tests and fix issues with multiple trailing whitespaces.
Closes #3016
2014-03-17 13:08:46 -04:00
ADmad
abacf0d14b Remove setting of Controller::$ext by RequestHandler.
Closes #3022
2014-03-16 20:09:08 +05:30
ndm2
0ae225615c Match SP as per rfc2821 2014-03-15 11:47:13 +01:00
ndm2
c1824071c9 Expose last SMTP response. 2014-03-13 16:28:54 +01:00
mark_story
c5b6dda82f Merge branch 'master' into 2.5 2014-03-11 21:02:27 -04:00
mark_story
c0ac61117e Only sort the keys once per request instead of on each match.
Sorting the keys property by value sorts keys with the same prefix for
free. This does change the order of the keys, but I don't think that is
actually a large issue as it is just a list.

Refs #2991
2014-03-10 21:42:26 -04:00
Mike Gibson
1202658396 Added a test case 2014-03-10 12:03:04 +00:00
Rachman Chavik
aa0f1c1862 Fix: Stray [] syntax in php 5.3 codebase 2014-03-07 09:23:06 +07:00