Commit graph

7813 commits

Author SHA1 Message Date
Mark Story
3bf93b7f76
Merge pull request #11526 from cakephp/post-conditions
Make postConditions() less permissive.
2017-12-15 14:36:38 -05:00
mark_story
340059be15 Check model names for bad characters as well. 2017-12-13 00:01:09 -05:00
mark_story
a9618f67f7 Use a permitted list instead of a ban list.
This should be safer as we are more confident on what is coming in.
2017-12-13 00:01:05 -05:00
Koji Tanaka
fba7f1c617
Fix Phpdoc for CakeObject::log() 2017-12-12 20:00:21 +09:00
mark_story
f66dec8a96 Make postConditions() less permissive.
We were notified by `ooooooo_q` that postConditions() is vulnerable to
SQL injection if used without SecurityComponent tampering prevention.

This change attempts to make postConditions() safer by exploding in
unsafe scenarios.
2017-12-10 21:44:47 -05:00
chinpei215
6ad30946d8 Fix CS 2017-12-04 23:31:32 +09:00
chinpei215
9f65402d2c Fix CakeRequest::referer(true) returning scheme-relative URLs
Backport of #11503 (and #8795)
2017-12-04 21:18:27 +09:00
dereuromark
eaf7454628 Clarify migration path to 3.x 2017-11-29 19:57:01 +01:00
Mark Story
abec95d3ea
Merge pull request #11469 from db-bogdan/issue11468
fixes #11468 sending user data on basic auth in API environment
2017-11-28 21:52:59 -05:00
chinpei215
4ae9f13dfd Fix 'order' not working with a single expressions 2017-11-29 00:17:57 +09:00
db-bogdan
e824346cca extra fix 2017-11-28 11:43:55 +02:00
db-bogdan
94e06dfeb3 add unit test 2017-11-28 11:31:46 +02:00
db-bogdan
5695fef46f fixes #11468 2017-11-27 11:59:34 +02:00
Mischa ter Smitten
d7b9e55e98 Fix indent 2017-11-23 14:12:13 +01:00
Mischa ter Smitten
05954ff405 Consistency changes 2017-11-23 10:09:25 +01:00
Mischa ter Smitten
4faac8e09a Improved readability 2017-11-23 10:06:14 +01:00
Mischa ter Smitten
bc1678cf2a Add option to make _validAgentAndTime 3.x compatible 2017-11-23 10:02:38 +01:00
Val Bancer
a2cc9843e4
added missing ob_end_flush() call 2017-11-21 15:20:14 +01:00
mark_story
10fcd7633d Update version number to 2.10.5 2017-11-20 21:09:55 -05:00
mark_story
f788c90b3c Fix typo 2017-11-05 22:34:47 -05:00
Mark Story
b175270f62
Merge pull request #11404 from ynaderi/2.x
- DigestAuthenticate modification for cakephp 2.X
2017-11-05 22:34:17 -05:00
Yaser Naderi
26a683f36f - DigestAuthenticate modification for cakephp 2.X 2017-11-03 14:53:54 -04:00
Milan van As
7de5ae4438 Force email domain lookups to work in fallback case. 2017-10-25 08:45:57 +02:00
saeideng
b59b64db29 replace tab with space 2017-10-21 22:44:15 +03:30
mark_story
549c181926 Update version number to 2.10.4 2017-10-18 21:54:49 -04:00
chinpei215
19bbb7da17 Simplify CookieComponent::read()
Also, this commit fixes an issue of when the second level key is empty.
Previously, read('foo.0') returned incorrect result.
2017-10-16 21:01:19 +09:00
chinpei215
bbea91090d Fix CookieComponent::delete() not working for deep children 2017-10-16 20:55:00 +09:00
mark_story
e85f489c1f Add test for #11284 2017-10-13 21:55:56 -04:00
Mark Story
d3a4ce1216 Merge pull request #11284 from kolorafa/patch-1
msSQL - also handle offset as string
2017-10-13 21:55:21 -04:00
Mark Story
fb44035177 Merge pull request #11299 from tenkoma/2.x-fix-cc-number-jcb-pattern
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 10:09:19 -04:00
Koji Tanaka
7d2d902b57 [2.x]Fix Credit card number pattern(JCB) is wrong 2017-10-08 16:15:10 +09:00
Mark Story
e889535e41 Merge pull request #11288 from mensler/session-without-cookies-2.x
Check for session.use_trans_sid and session ID in URL when cookies are disabled (2.x)
2017-10-07 12:17:30 -04:00
Clemens Weiß
61eddc6bde Fixed formatting 2017-10-07 11:11:45 +02:00
Mark Story
a71cad0420 Merge pull request #11283 from chinpei215/2.x-cookie-component-1
[2.x] Fix fatal error thrown when replacing scalar with array
2017-10-06 16:45:38 -04:00
Clemens Weiß
7f64ea37f9 Restored formatting 2017-10-06 17:11:09 +02:00
Clemens Weiß
5d5e791a31 Check for session.use_trans_sid and session ID in URL in case cookies are disabled (backport of cakephp/cakephp#10828 for 2.x) 2017-10-06 17:04:53 +02:00
chinpei215
deac8f9109 Backport #7080, #8233 and #11060 2017-10-06 22:02:37 +09:00
chinpei215
ccf634e5f3 Docblock update 2017-10-06 21:59:48 +09:00
chinpei215
959f45a6c6 Fix fatal error thrown when replacing scalar with array
Refs #11280
2017-10-06 13:43:32 +09:00
kolorafa
22d2564de9 msSQL - also handle offset as string
When doing pagination you could get offset not as a int(eg. 10) but string(eg. "10") and it will not paginate at all.

For example DataTables plugin pass offset from params and all params from http request are strings wrapped in numbers.
Adding ctype_digit($offset) will also check the case.
2017-10-05 11:45:33 +02:00
LustyRain
e1e5a292f2 Fix: revert return 2017-10-05 00:09:51 +09:00
LustyRain
0f00d73c70 Fix delete space, restored return 2017-10-04 21:02:48 +09:00
LustyRain
1f09318724 Fix delete space, restored return 2017-10-04 20:40:57 +09:00
LustyRain
8bb07c0fd7 Fix called twice 2017-10-04 11:39:31 +09:00
LustyRain
31b13edf8a Fix: phpdoc miss
## did
- void unReturn
- miss return void
- add return type
- type miss typing
- add param type and return type
  - string → string|array
- change ClassName
2017-10-04 00:22:42 +09:00
LustyRain
bececc421d Fix: void unreturn 2017-10-02 15:40:48 +09:00
Ionut-Mihai Burlacu
31ed2d5dfb Test Case 2017-09-22 11:45:38 +03:00
Ionut-Mihai Burlacu
5540569fcc Test Case 2017-09-22 11:39:39 +03:00
Ionut-Mihai Burlacu
3bc55f6341 Fixes #11221 2017-09-21 14:33:10 +03:00
mark_story
c3a612aa94 Update version number to 2.10.3 2017-09-17 22:12:29 -04:00
LustyRain
715dca8701 fixed basic.php
The return value is incorrect
2017-09-15 11:42:54 +09:00
Jeremy Harris
0558c253f6
Replaced short array syntax with longer form 2017-08-31 09:02:08 -05:00
Jeremy Harris
f9f06e68b1
Stacking messages in SessionComponent::setFlash 2017-08-30 10:06:56 -05:00
mark_story
81d824077a Update version number to 2.10.2 2017-08-29 21:19:36 -04:00
Jeremy Harris
2e75f12a4f
Fixed SessionHelper not handling stacked messages 2017-08-22 10:06:37 -05:00
Mike Fellows
0b658697f2 Sqlserver DboSource does not allow the persistent option to be true.
This is backported from CakePHP 3.  The SQL Server PHP PDO driver does not
support the PDO::ATTR_PERSISTENT attribute.  So throw an exception if the
'persistent' option is set in the database config.  Also removes that
option from the Sqlserver base config.
2017-08-16 11:23:42 -07:00
Mark Story
12a2909e71 Merge pull request #11000 from bancer/truncate-performance-2
Improved performance of CakeFixtureManager.
2017-08-11 21:48:01 -04:00
mark_story
be534eacef Fix hiddenField option not working for radio.
The hiddenField option was not working as documented for radio buttons.
Instead of using the provided value, the hidden input's value was
hardcoded to ''

Refs #11002
2017-08-08 22:02:07 -04:00
Luis Cano
1e5ea2451a Fixes "Whitespace found at end of line" 2017-08-08 14:42:57 -04:00
Luis Cano
3307665cbb Fixed syntax to work with PHP5.3 2017-08-08 14:28:11 -04:00
Luis Cano
9f175f22f4 Abiding to code standards 2017-08-08 12:59:33 -04:00
Luis Cano
90f14bc07b fixes cakephp/cakephp#11016 2017-08-08 12:28:57 -04:00
mark_story
95e0a21439 Update version number to 2.10.1 2017-08-07 21:21:35 -04:00
Val Bancer
d91059460b Improved performance of CakeFixtureManager. 2017-08-05 22:15:10 +02:00
bclay
8f92a87558 remove extra whitespace 2017-08-04 09:22:16 -04:00
bclay
38161917eb Address CakeEmail regression when data is defined with no mimetype 2017-08-03 17:00:58 -04:00
mark_story
7c2ad08da5 Clean up formatting.
Refs #10912
2017-08-03 13:17:05 -04:00
Val Bancer
746bb4619e Merge pull request #2 from cakephp/2.x
2.x to phpunit-5.7
2017-08-03 02:10:37 +02:00
Val Bancer
ac227f35a7 Merge pull request #1 from cakephp/2.x
2.x to phpunit-5.7
2017-07-28 09:18:37 +02:00
Mark Story
cd6fba1361 Revert "Takes into account the current recursive value in deleteAll()." 2017-07-24 00:09:01 -04:00
mark_story
fef1029f98 Update version number to 2.10.0 2017-07-22 15:06:53 -04:00
mark_story
aa6770fa45 Merge branch '2.x' into 2.next 2017-07-22 14:59:41 -04:00
Mark Story
314a2c0c4f Merge pull request #10863 from bancer/paginator-i18n-not
Pagination 'NOT' notation fails with i18n
2017-07-22 13:33:43 -04:00
Koji Tanaka
7e50fc9ee6 Add test for shell unknown option 2017-07-21 00:46:02 +09:00
Val Bancer
5e92034ad8 improved code style 2017-07-18 22:31:28 +02:00
Koji Tanaka
65841081e9 2.x Console: Display error message when unknown option is specified 2017-07-18 00:27:39 +09:00
Val Bancer
15f0fe31b1 Fixed PHPUnit 5.7 warnings 2017-07-16 16:02:31 +02:00
Val Bancer
7ba52d0c53 Fixed code style. 2017-07-16 00:27:20 +02:00
Val Bancer
93696b65e4 Fixed indefinite loop in getMock(). 2017-07-16 00:09:36 +02:00
Val Bancer
eefd3ac847 adapter for the getMock() depricated in phpunit 2017-07-15 23:23:14 +02:00
Val Bancer
d1c3cca924 makes the test more stable 2017-07-12 20:42:06 +02:00
Val Bancer
d71bc4acae Fixed code style 2017-07-12 01:00:33 +02:00
Val Bancer
5cc0d7a5cf Some tests refactored. Skipped non-compartible tests in MySQL
ONLY_FULL_GROUP_BY mode.
2017-07-12 00:46:02 +02:00
mark_story
0d68007e5c Revert changes in 2290b612f8
I think they broke the builds in our CI environments.

Refs #10894
2017-07-11 10:01:08 -04:00
Val Bancer
2290b612f8 set order in HABTM in unit tests to make it stable in mysql 5.7 2017-07-11 00:14:08 +02:00
Val Bancer
d72c2d7e0e fixed code style, skipped pgsql and sqlite incompartible tests 2017-07-09 20:05:53 +02:00
Val Bancer
794ce22f37 fixed unit tests and docs 2017-07-09 19:24:51 +02:00
Val Bancer
f0bbcb3ffc fixed parsing of conditions with 'NOT' in TranslateBehavior 2017-07-08 16:51:32 +02:00
Val Bancer
3440615323 Refactroing in TranslateBehavior. Some code was moved to protected
methods, simplified the coditions.
2017-07-07 01:20:09 +02:00
Val Bancer
d9f2117436 more unit tests 2017-07-07 00:41:04 +02:00
Val Bancer
76ab1f4537 more unit tests 2017-07-06 00:03:00 +02:00
Val Bancer
85e0ebd7fd more unit tests added 2017-07-05 23:22:58 +02:00
Val Bancer
50334679d6 added a unit test 2017-07-05 22:40:41 +02:00
Val Bancer
31fd4217b1 more PaginatorComponent unit tests 2017-07-04 23:01:17 +02:00
mark_story
32f6b96060 Fix formatting. 2017-07-02 11:06:39 -04:00
Kurre Ståhlberg
4ec195f9c8 Fix error when default value is reported as CURRENT_TIMESTAMP() with parenthesis 2017-06-27 11:46:51 +03:00
mark_story
fb42b15ce8 Update version number to 2.10.0-RC1 2017-06-26 22:02:00 -04:00
mark_story
aaa37fa809 Merge branch '2.next' of github.com:cakephp/cakephp into 2.next 2017-06-26 21:51:55 -04:00
mark_story
2032fef772 Merge branch '2.x' into 2.next 2017-06-26 21:51:41 -04:00
Mark Story
8cd930d19e Merge pull request #10764 from bancer/translate-inner-joins
Add left join support in TranslateBehavior
2017-06-26 21:40:42 -04:00
Val Bancer
5b37d42f97 joinType moved from $settings to $runtime 2017-06-26 23:02:06 +02:00
Mark Story
2b8447dc5b Merge pull request #10766 from cakephp/issue-10763
Fix encoding of addreses contain comma & unicode
2017-06-16 21:37:54 -04:00
Mark Story
05d30a6f05 Merge pull request #10749 from ikuwow/2.next-fix-broken-cookie
Fix broken cookie issue
2017-06-15 21:15:13 -04:00
Mark Story
52790443e8 Merge pull request #9705 from CakeDC/feature/backport-paginate-multiple-queries
2.next - Backport multiple paginators
2017-06-14 21:41:13 -04:00
mark_story
c4766d667b Fix PHPCS error. 2017-06-14 09:38:06 -04:00
Mark Story
8289b367f9 Merge pull request #10698 from lucasferreira/2.next
Cake 2.x - Some fix into Paginator component for order / sort classic sintax
2017-06-14 00:13:00 -04:00
Val Bancer
0bfb19f126 left join support in TranslateBehavior 2017-06-12 21:41:35 +02:00
mark_story
738b20a19b Fix encoding of addreses containin comma & unicode
Email addresses that contain both unicode and commas will not be
correctly encoded by mime_encode_header if the comma precedes the
unicode. In this scenario we have to quote the encoded address.

Refs #10763
2017-06-12 10:58:44 -04:00
Marc Würth
a99f60fb75 Revert URl change in test 2017-06-11 01:11:32 +02:00
Marc Würth
1ce2389069 Fix broken tests 2017-06-11 01:02:49 +02:00
Marc Würth
4dfae7ad7a Use HTTPS for other URLs 2017-06-11 00:50:09 +02:00
Marc Würth
88aadf3804 Use HTTPS for the www.cakephp.org URL
Do not change those in tests.
2017-06-11 00:43:06 +02:00
Marc Würth
deee18c96e Use HTTPS for the community.cakephp.org URL 2017-06-11 00:30:48 +02:00
Marc Würth
d5aa04e39d Use HTTPS for the plugins.cakephp.org URL 2017-06-11 00:28:44 +02:00
Marc Würth
d03a682eeb Use HTTPS for the bakery.cakephp.org URL 2017-06-11 00:27:59 +02:00
Marc Würth
98f31dd791 Use HTTPS for the api.cakephp.org URL 2017-06-11 00:26:56 +02:00
Marc Würth
da8414e13b Use HTTPS for the opensource.org MIT license URL 2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50 Use HTTPS for the book.cakephp.org URL 2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9 Use HTTPS for the cakefoundation.org URL 2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15 Use HTTPS for the cakephp.org URL 2017-06-10 23:40:28 +02:00
mark_story
f4ea6ca644 Don't use default in test.
It likely doesn't exist.
2017-06-10 17:35:45 -04:00
mark_story
ef45d24134 Fix tests that failed because of CONFIG dir change. 2017-06-10 17:31:29 -04:00
Ikuo Degawa
655a5fe0ae Fix broken cookie issue #10724
This change makes Security::cipher() encoding and decoding same as 2.7 and below.
2017-06-10 15:20:25 +09:00
Mischa ter Smitten
377aa2aa74 Drop short array syntax for PHP < 5.4 2017-06-08 20:31:34 +02:00
Mischa ter Smitten
ddbdf170e6 Fix discrepancy in Model::field when Model::id is null
When using ClassRegistry::init for instance
2017-06-08 20:22:29 +02:00
Val Bancer
2677cf4053 Takes into account the current recursive value in deleteAll(). 2017-06-07 23:38:12 +02:00
Lucas Ferreira
3258199193 Remove personal comments for pull request 2017-05-31 08:33:41 -03:00
mark_story
cf679a3233 Merge branch '2.x' into 2.next 2017-05-27 21:47:22 -04:00
Lucas Ferreira
ee1980b8f5 - Tests for array order syntax fix 2017-05-26 18:36:50 -03:00
Lucas Ferreira
b539161b2d - Some fix into Paginator component for order / sort classic sintax 2017-05-26 15:05:18 -03:00
Henrik Gemal
3f0fb07122 fix 2017-05-26 15:39:06 +02:00
Henrik Gemal
04e5fdc9b2 add polish locale 2017-05-26 11:11:10 +02:00
mark_story
bfd2d21d78 Update version number to 2.9.9 2017-05-25 21:15:23 -04:00
Marc Würth
bef0c766b6 Add inline type hint annotations
Improves the experience when debugging in an IDE
2017-05-16 13:24:25 +02:00
Mark Story
57ddc24b35 Merge pull request #10647 from josephzidell/2.next-custom-config-dir-loc
Add constant specifying the location of the Config dir
2017-05-14 21:41:09 -04:00
Joe
70ead28a1d Redo commits on 2.next branch 2017-05-12 02:02:36 -04:00
Mark Story
88a804f552 Merge pull request #10497 from swordbeta/2.next-update-phpunit
Make test suite compatible with PHPUnit 5.
2017-05-08 09:44:04 -04:00
chinpei215
a97bd234ee Fix _validatePost returns true when empty form is submitted
Backport of #10625
2017-05-06 21:59:29 +09:00
mark_story
5e35064a0b Read basic auth credentials from Authorization header
Merge branch 'issue-9365' into 2.x

Refs #9365
2017-04-28 21:49:47 -04:00
mark_story
275385d676 Add test covering basic auth reading from headers.
In some FastCGI setups basic auth values will only be present in the
header. Fallback to reading that value if the PHP_AUTH super globals are
empty.

Refs #9365
2017-04-28 21:49:27 -04:00
Nicola Beghin
09a981ba38 code style fix as requested 2017-04-23 18:44:42 +02:00
Nicola Beghin
99d02a8698 fix permission 2017-04-23 18:41:45 +02:00
Nicola Beghin
a1eb067c71 bugfix basic to Basic 2017-04-23 18:27:09 +02:00
mark_story
043b320358 Update version number to 2.9.8 2017-04-21 21:26:39 -04:00
Mark Story
eb937e3c79 Merge pull request #10557 from ndm2/2.x-fix-controller-test-case-base-incompatibility
2.x - Fix query string data in URL arrays not being passed anymore (#10517 follow-up)
2017-04-18 20:01:38 -04:00
ndm2
efb3474420 Fix query string data in URL arrays not being passed anymore.
refs #10555, #10517, #5473
2017-04-18 20:54:34 +02:00
mark_story
ea05b04193 Add additional test for -0.0
In PHP5 `-0.0` doesn't work. Include the other way of making -0 for
PHP5.

Refs #10521
2017-04-16 23:00:31 -04:00
mark_story
9007a7fe58 Fix notBlank() to pass on -0.0
Copy the implementation from 3.x as it works with -0.0 already.

Refs #10521
2017-04-16 09:57:36 -04:00
ndm2
d9059b6d3b Fix array_intersect_key() argument order, the source comes first. 2017-04-15 21:27:29 +02:00
ndm2
7d74818d9a Fix ControllerTestCase::testAction() incompatibility with App.base.
When using array URLs with `testAction()`, the generated URL possibly
contains the configured `App.base` path, which needs to be stripped when
set on the request object, as otherwise routes cannot be matched
correctly.

When passing the URL as an option to the `CakeRequest` constructor, the
it will be set as-is, unlike when the URL is being generated by
`CakeRequest::_url()`, which grabs the URL from the environment, and
strips the possible base path.
2017-04-13 14:15:32 +02:00