While including the entire protocol, host, port, path and query would be
even better in theory, it gets complicated when proxies and load
balancers are involved.
Fixes#3442
@deprecated is flagging the function element as deprecated in all IDE's that support phpDOC tags. There is no phpDoc tag to deprecate a function parameter.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.
Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
If inputs are placed outside of the form elements the form attribute
needs to be set on the hidden inputs. Without this attribute the empty
state does not submit correctly.
Fixes#3053
For convenience I think it might be valuable to allow addCrumb (and possibly other similar functions) to return $this to permit chained calls such as this:
$this->Html->addCrumb('Admin', '/admin')->addCrumb('Blogs', '/admin/users')->addCrumb('Add');
as opposed to the considerably more verbose version that needs to be used now:
$this->Html->addCrumb('Admin', '/admin');
$this->Html->addCrumb('Blogs', '/admin/users');
$this->Html->addCrumb('Add');
I'm not sure if this violates some API conventions for helpers but it does seem rather more convenient to work with to me.
Adds the explanation for the URL available option, which is really useful when dealing with non-default CakePHP routes, now lacking from the official documentation.
Add whitespace lookbehind to ensure the email address is preceded by
whitespace, this obviously means that emails starting with word/symbols
are not detected, however those symbols are generally valid in an email
address anyways, and will form the local part.
Fixes#2403
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
The input URL was not correctly handled as an asset URL and thus was
not correctly HTML or URL escaped. This created invalid HTML when
favicon URLs included query string arguments.
Refs #2233
