Schlaefer
1e961a8aac
increases time window in CSRF token expiry tests to 2 seconds
...
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354
fixes #3887 CSRF reusable token expires
2014-07-06 10:39:00 +02:00
euromark
974ca851c2
Correct doc blocks according to cs guidelines.
...
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60
Whitelist more URL-y characters in digest parsing.
...
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.
Refs #3779
2014-06-23 14:39:35 -04:00
mark_story
975e4c3af0
Allow username of 0 in basic authentication.
...
Refs #3624
2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47
Add tests for #3624
...
The username of '0' should be accepted by FormAuthenticate.
Refs #3624
2014-06-02 21:58:50 -04:00
mark_story
66e733f8b1
Fix test I forgot to fix in b8fa7ce134
2014-05-13 22:12:39 -04:00
mark_story
a34d5f733d
Fix PaginatorComponent tests.
...
Because count() queries don't happen in many cases now, the lastQueries
index needs to shift up by one because a query isn't happening anymore.
Refs #3333
2014-05-12 22:10:27 -04:00
mark_story
89cd114e6f
Merge branch 'master' into 2.5
2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d
Merge pull request #3448 from dereuromark/master-controller
...
Controller::referer() and local URL
2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1
Allowing same Authenticate object to be setup with different settings.
2014-05-06 22:10:41 +02:00
ADmad
d466e00644
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Model/Datasource/DboSource.php
lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
lib/Cake/Utility/Folder.php
lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
mark_story
1d1a2f859c
Fix coding standards error.
2014-04-28 20:56:06 -04:00
euromark
8679c5cd18
Fix test
2014-04-28 17:33:56 +02:00
mark_story
cf96e9f54f
Merge branch 'master' into 2.5
2014-04-26 22:04:19 -04:00
mark_story
a28158d614
Add additional test for f23d811ff5
...
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
ADmad
68572d8046
Cannot use php 5.4+ array syntax for 2.x.
2014-04-26 17:30:31 +05:30
mark_story
de0062de77
Merge branch 'master' into 2.5
2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5
Use the form action URL in generated form hashes.
...
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.
Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60
Merge branch 'master' into 2.5
2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d
Updated documentation
...
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
Jose Lorenzo Rodriguez
343d3279b9
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Test/Case/Utility/FileTest.php
lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
0d09a54033
more missing doc block tags added
2014-04-02 03:02:37 +02:00
ADmad
abacf0d14b
Remove setting of Controller::$ext by RequestHandler.
...
Closes #3022
2014-03-16 20:09:08 +05:30
mark_story
6c3bc48ce0
Merge branch 'master' into 2.5
2014-03-06 17:45:00 -05:00
Mark
3ca338fe26
Merge pull request #2781 from davidsteinsland/2.5
...
Fixed HTTP Status code when ajaxLogin is set
2014-03-06 12:37:51 +01:00
ndm2
01e1b5ca61
Fix failing tests caused by already existing classes
2014-03-01 20:24:32 +01:00
ndm2
008ad3237c
Fix verification of expected invocations #2919
2014-03-01 19:06:17 +01:00
mark_story
2c5d96e916
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
mark_story
827dc77a11
Fix incorrect assertion.
2014-02-11 22:00:24 -05:00
mark_story
a5d50da040
Remove dead and unused code.
2014-02-11 16:38:24 -05:00
David Steinsland
f2b9aa5ca4
Fixed HTTP Status code when ajaxLogin is set
2014-02-05 16:05:02 +01:00
José Lorenzo Rodríguez
e36c954da7
Merge pull request #2693 from ADmad/2.5-session-start
...
Don't start a session if it's known to be empty.
2014-02-01 04:08:48 -08:00
Rachman Chavik
b83b59a9d7
Log errors instead of calling trigger_error()
2014-01-29 17:51:07 +07:00
ADmad
84932fcc4a
Don't start a session if it's known to be empty.
...
If an app only reads/checks the session there's no need to start a
session to know that the read/checked session value is empty.
Fixes #1981
2014-01-22 01:17:16 +05:30
euromark
97e43e5806
unify to expected
2014-01-09 16:52:21 +01:00
euromark
29e15386b2
Follow the deprecation note of 2.1 migration guide and switch to fetch(title)
...
correct assert order for test
2014-01-09 16:45:49 +01:00
ADmad
27979286b2
Revert change done in 11f543f1f2
.
...
The change is unneeded now as Security::encrypt() no longer throws exception
for falsey values.
2013-12-15 20:29:41 +05:30
Mark Story
bf96ea36d9
Merge pull request #2482 from zoghal/2.5-cookie-fix2
...
fix CookieComponent - when write null or empty string
2013-12-14 16:21:58 -08:00
Saleh Souzanchi
11f543f1f2
fix CookieComponent - when write null or empty string
2013-12-15 02:15:36 +03:30
José Lorenzo Rodríguez
6358741944
Merge pull request #2449 from cakephp/fix-session-cyclic-error
...
Fixed error in CakeSession that would call start() in an infinite loop
2013-12-09 02:18:21 -08:00
Jose Lorenzo Rodriguez
3a2c497206
Fixed failing test
2013-12-08 14:08:57 +01:00
ADmad
738d0e2277
Fixed edge case which allowed login with empty password.
...
Ensure skipping call to FormAuthenticate::_checkFields() does not allow
logging in with empty password. Closes #2441 .
2013-12-07 18:40:08 +05:30
ADmad
c72def4840
Moved exception throwing to after paging info it set for request.
...
This fixes the regression caused in 2096d3f632
. When catching exception
thrown by PaginatorComponent::paginate() in controller, developer again
has access to paging info in request object.
Closes #2402
2013-11-30 19:00:08 +05:30
Marc Würth
7cfa0116f4
Removed "PHP 5" from file header DocBlocks
...
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
Luis Ramos
e33653a8d7
Add test case
2013-10-30 16:06:27 -06:00
mark_story
07f4779efe
Fix cookie component being inconsistent about writes.
...
Instead of treating multi-key and single key writes differently, they
should be treated consistently to allow simpler and more consistent interactions
with the stored data. This also results in fewer cookies being sent
across the wire which is an added benefit.
Fixes #2182
2013-10-28 23:13:51 -04:00
euromark
1cb24ae537
CS fixes using phpcs-fixer auto-correction.
2013-10-12 01:27:00 +02:00
Bryan Crowe
c1dd0e4393
Changed url to URL where appropriate
2013-10-07 23:17:58 -04:00
mark_story
530731ec5d
More gracefully handle invalid data in Accept headers.
...
Some browsers have invalid accept headers, we should ignore the invalid
extension data as assuming it will be a qualifier can result in
incorrect results.
Fixes #4105
2013-10-02 11:29:04 -04:00