Nicola Beghin
5fb1b71cb6
code style fix
2017-03-15 17:22:31 +01:00
Nicola Beghin
74f700882c
local variable optimization
2017-03-15 16:27:27 +01:00
Nicola Beghin
089a0ae087
using $request->header in place of $_SERVER['HTTP_AUTHORIZATION']
2017-03-15 15:06:39 +01:00
Nicola Beghin
a15c5c7a70
BasicAuthenticate - added check to avoid parsing if "Authorization: Bearer <token>" is in place
2017-03-15 14:08:17 +01:00
Nicola Beghin
f5795f05a5
BasicAuthenticate - code styling and strong type comparison
2017-03-15 13:59:56 +01:00
Javier Melero
ba121d8c32
Wrong return type hint in Controller::redirect #9987
2017-01-09 07:38:41 -03:00
mark_story
837741db66
Merge branch '2.x' into 2.next
2016-12-13 22:48:44 -05:00
Mark Story
9e6e08704e
Merge pull request #9838 from cakephp/issue-9779
...
Fix CookieComponent erroring on corrupted data.
2016-12-05 16:44:24 -05:00
chinpei215
26731b93bf
Use ternary operator
2016-12-04 21:55:29 +09:00
chinpei215
b7481096c8
Fix redirectUrl issue when loginRedirect is empty
...
Fixes #9819
2016-12-04 20:06:24 +09:00
mark_story
27f951fb41
Don't emit errors when operating on corrupted cookie data.
...
When deleting from corrupted cookie data, there shouldn't be any errors.
Refs #9779
2016-12-03 14:10:47 -05:00
mark_story
c0150f62ed
Merge branch '2.x' into 2.next
2016-11-06 21:42:31 -05:00
Rodrigo Pérez
20da4484de
refs #backport-paginate-multiple-queries Backporting cakephp 3.3 feature to paginate multiple queries
2016-11-04 11:10:28 +00:00
xhs345
e1c5ef9e7a
Add clear option to Flash Message
...
To give user the option to disable Stacking of messages and being consistent with 3.x
2016-10-30 20:39:00 -07:00
Val Bancer
744b455de1
fixed configuration of 'enabled' setting in components inside a
...
component
2016-10-28 22:14:20 +02:00
xhs345
c59fb85da8
Add support for stacking Flash messages
...
See Issue #7830
2016-10-28 09:10:01 -07:00
chinpei215
d7ae1c92e7
Backport test cases and make sure those pass
2016-10-16 22:04:24 +09:00
chinpei215
0d96b9ff64
Backport changes in SecurityComponent and FormHelper
2016-10-16 21:55:05 +09:00
Nicola Beghin
41851d60b4
fix HTTP Basic Auth on FastCGI PHP
2016-08-28 19:16:59 +02:00
mark_story
61b3fbd605
Merge branch '2.x' into 2.next
2016-08-09 22:12:26 -04:00
Kim Biesbjerg
f22129b9c7
Store user data in memory on login for stateless auth adapters
2016-07-06 00:25:46 +02:00
mark_story
432eb9c432
Merge branch '2.x' into 2.next
2016-06-27 21:47:47 -04:00
Iñigo In The Cloud
2c112095a9
Issue #9040 - Auth saving json in Auth.redirect
...
AuthComponent is storing JSON or any other AJAX request URL into the session variable Auth.redirect used for login redirect if the AJAX request does not send the X-Requested-With:XMLHttpRequest header.
If you send an ajax request without that header and your request is not a (.json) it will store the URL anyway.
2016-06-27 14:15:05 -04:00
Richard Torenvliet
e31ce0d58f
Add the HTTP Patch to the Content-Type check mechanism
...
Currently when a request is of type 'patch' it is ignored. This commit makes
sure that the Content-Type is checked when a patch request is provided.
2016-05-18 14:54:52 +02:00
mscherer
dda9e83ab6
Refactor Object to CakeObject for future PHP7 comp.
2016-04-08 14:33:26 +02:00
Alex
862397325d
fixed typo
2016-03-01 12:41:29 -08:00
Alex
e5e4317217
Updated deprecated doc for flash method
2016-03-01 12:17:39 -08:00
mark_story
7df99fff1f
Backport Security::randomBytes() to 2.x
...
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.
I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.
Refs #8282
2016-02-22 00:14:44 -05:00
Marc Würth
780b836d57
Deprecate SecurityComponent::requireAuth & SecurityComponent::requireAuth()
...
Backport of https://github.com/cakephp/cakephp/pull/8191
2016-02-10 13:37:10 +01:00
Edgaras Janušauskas
5b10e3cac2
Use mixed return type for AuthComponent::user()
2016-02-09 23:04:26 +02:00
mark_story
3b5a71df37
Merge branch '2.7' into 2.8
2016-01-28 21:51:59 -05:00
Edgaras Janušauskas
6e54a7391c
Use more specific datatypes in PHPDoc
2016-01-28 23:10:51 +02:00
mark_story
3e67685c7c
Merge branch '2.7' into 2.8
2016-01-21 21:46:51 -05:00
mark_story
4b8d628a2e
Backport SecurityComponent fixes from #8071 to 2.x
...
If the request manages to have data set outside of post/put we should
still validate the request body. This expands SecurityComponent to cover
PATCH and DELETE methods, as well as request methods that should be
safe, but somehow end up not safe.
2016-01-20 21:34:58 -05:00
@zuborawka
3d0bda0df8
Update comment block
...
Add an annotation for FlashComponent
2016-01-07 23:12:01 +09:00
Mark Scherer
12b4c9ba24
Fix bracket syntax.
2015-12-23 21:45:15 +01:00
Mark Scherer
8b5ef12ccb
Always return response in redirect() for testing.
2015-12-23 21:29:19 +01:00
Mark S
b76a235175
Remove default overwrites that are useless
2015-12-08 18:21:51 +01:00
Jorge González
5845cad93f
fix phpcs
2015-11-04 16:37:21 +00:00
Jorge González
cb6a17c34e
add Flash back to Controller, fix Scaffold to use Flash instead
2015-11-04 10:41:35 +00:00
mark_story
925647ae2b
Simplify code used to generate plugin flash messages.
2015-10-17 20:59:02 -04:00
gmponos
fd50d1976a
Flash Component was not handling plugin option
2015-10-17 20:55:52 -04:00
Marc Würth
ed410dd12c
Do not mix void with other return types
...
Inspired by #7527
2015-10-10 15:49:00 +02:00
Mark Story
12f5aee5a2
Merge pull request #7447 from ravage84/2.7-lib-improvements
...
Various improvements to the CakePHP lib files
2015-09-25 12:14:00 -04:00
Marc Würth
e690662f0e
Various improvments to the CakePH Plib files
...
Mostly CS, doc blocks and explicit returning nulls.
2015-09-25 17:11:20 +02:00
mark_story
07c2047984
Merge branch '2.7' of github.com:cakephp/cakephp into 2.7
2015-08-06 21:43:40 -04:00
mark_story
056f24a774
Forbid direct prefix access with mixed casing.
...
Changing the casing up should not allow prefix method access.
2015-08-05 23:05:30 -04:00
mark_story
9f20330d17
Fix fatal error on null subject.
...
Refs #7176
2015-08-05 22:20:39 -04:00
Mark Scherer
52e79987a2
Replacing self with static due to PHP5.3+. Following #7040 .
2015-07-21 10:22:53 +02:00
David Yell
4af2e5489b
Update deprecated method in docblocks
...
So that the docblock doesn't point you to another deprecated method which then points you to the actual method.
2015-07-17 16:14:06 +02:00
adam1010
1922a18d07
Ajax requests not properly returning 403
...
When an AJAX request is made to a page that's not authorized, an infinite redirect loop to /status:403/exit:1 is triggered. This bug has existed at least since CakePHP v2.3.0. The main use case is when a user's session has expired and they try to use an authenticated feature as a logged-out user.
2015-07-16 22:47:13 -04:00
Highstrike
8257100f54
How about this?
2015-06-24 15:46:48 +03:00
Highstrike
58983f717a
2.7.0-RC Auth doesn't use the new Flash component
...
Changed 'Flash.' to 'Message.' and also provided backwards compatibility
in FlashHelper->render
2015-06-24 14:06:35 +03:00
mark_story
d7d8b90986
Merge branch '2.6' into 2.7
2015-05-28 19:34:59 -04:00
mark_story
65691836be
Fix syntax errors in PHP <5.4
2015-05-28 17:39:52 -04:00
mark_story
995d8d22c6
Disable reading XML files and URLs when handling user data.
...
Allowing users to load arbitrary files/URLs with Xml is not desirable
when handing user input.
2015-05-27 09:45:53 -04:00
mark_story
8cadb553d7
Merge branch 'master' into 2.7
2015-03-14 22:08:53 -04:00
mark_story
8e735c2db0
Fix class name in scaffold error.
...
Fixes #6061
2015-03-12 22:00:03 -04:00
mark_story
0b916cedbb
Merge branch 'master' into 2.7
2015-03-09 21:55:20 -04:00
mark_story
02c9dda9a7
Make maxLimit and limit settings independent.
...
Having maxLimit infer what it should be based on limit was not a very
transparent default behavior. The documentation states that maxLimit
will default to 100, but the code would default it to 'limit' if set.
This created confusing behavior when only one setting was defined.
Refs #5973
2015-02-27 22:35:52 -05:00
mark_story
63769ae4a6
Merge branch 'master' into 2.7
...
Conflicts:
lib/Cake/VERSION.txt
2015-02-26 12:50:35 -05:00
mark_story
c92cfb413f
Allow numeric sorts in PaginatorComponent.
...
When paginating data, we should not ignore numerically indexed order
conditions. Instead they should be handled similar to Model::find().
This creates a slightly different behavior when model's have default
sorting applied as more default sort options forms will be honoured.
Refs #5964
2015-02-25 21:38:56 -05:00
James Tancock
3cee029aa7
Removed usage of __() for InternalError
2015-02-12 15:09:18 +00:00
James Tancock
1cb670bdfa
Add deprecated doctag for current methods
2015-02-10 08:15:01 +00:00
James Tancock
e173c29d33
Fix for phpcs
2015-02-04 15:31:50 +00:00
James Tancock
2ff6bdccec
Back port of Flash component & helper
2015-02-04 12:18:31 +00:00
Mark Story
35e0dc2bbd
Merge pull request #5760 from cakephp/master
...
Merge master into 2.7
2015-01-27 20:48:15 -05:00
Mark Scherer
4fa5dd62c5
Remove conditional status setting.
2015-01-26 23:47:20 +01:00
Mark Scherer
70276b7a7a
Doc block adjustment.
2015-01-26 10:35:02 +01:00
Mark Scherer
e753fbadca
Fix ControllerTestCase redirect
2015-01-26 10:31:04 +01:00
mark_story
3078a1eb52
Merge branch 'master' into 2.7
...
Conflicts:
lib/Cake/VERSION.txt
2015-01-16 22:22:26 -05:00
mark_story
396d501d1e
Fix / being handled incorrect by referer()
...
Backport changes in #4987 to 2.x. This solves issues with duplicate base
directories when redirecting back to '/'
Fixes #4812
2015-01-15 21:26:34 -05:00
mark_story
ac9a212d44
Merge branch 'master' into 2.7
...
Conflicts:
lib/Cake/Utility/String.php
2015-01-11 15:25:18 -05:00
antograssiot
c2f298a8b7
Replace our custom code fence with markdown standard fence
2015-01-09 13:47:25 +01:00
euromark
52ecccb1a2
App::uses and usage replacements for String => CakeText.
2015-01-05 01:00:57 +01:00
Mark Story
7bbc3dfd90
Merge pull request #5470 from cakephp/2.7-session
...
Backport Session consume() to 2.x
2014-12-26 12:22:20 -05:00
euromark
545ff20e1d
Add component and helper wrapper methods.
2014-12-23 03:50:35 +01:00
Mark Story
1651e7742c
Merge pull request #5088 from sebastienbarre/ticket-5041
...
Ticket #5041 : have Auth::login() send Auth.afterIdentify event
2014-12-18 00:12:22 -05:00
mark_story
4d6611b328
Merge branch 'master' into 2.6
...
Conflicts:
lib/Cake/VERSION.txt
2014-12-17 21:38:32 -05:00
euromark
e1c128bb99
Consolidate with conditions sniff.
2014-12-09 03:17:35 +01:00
mark_story
ad2d6edda9
Merge branch 'master' into 2.6
2014-12-06 21:28:59 -05:00
Guy Warner
fb61d9393b
Add @trigger doc blocks of methods triggering CakeEvent
2014-11-30 14:45:40 -07:00
Sebastien Barre
7da48669c8
Have BaseAuthenticate implement CakeEventListener instead
2014-11-22 13:31:38 -05:00
Sebastien Barre
50e5b5e8fe
Move App::uses() again
2014-11-22 13:31:38 -05:00
Sebastien Barre
43413f029e
Ticket 5041: have Auth::login() send Auth.afterIdentify event
2014-11-22 13:31:38 -05:00
euromark
41c646c5a1
Simplification of return types. No need to return more mixed than necessary.
2014-11-08 20:07:47 +01:00
euromark
345a18f15f
Merge branch 'master' into 2.6
2014-11-05 23:29:06 +01:00
euromark
768f2c809c
Correct doc block return types.
2014-11-05 13:03:27 +01:00
Sebastien Barre
2995d9319c
Prepend model alias for safety
2014-11-01 09:36:59 -04:00
Sebastien Barre
417c137d11
Fix DigestAuthenticate test
2014-10-31 21:42:18 -04:00
Sebastien Barre
2f62ee2cde
ticket #5017 add userFields setting to BaseAuthenticate
2014-10-31 15:00:19 -04:00
mark_story
b98d2a3365
Merge branch 'master' into 2.6
2014-10-24 22:05:46 -04:00
mark_story
cdc67116c5
Handle query string arguments in digest auth data.
...
Handle &, ? in digest auth data uri.
Refs #4908
2014-10-17 23:12:41 -04:00
mark_story
87fcc9f0b9
Merge branch 'master' into 2.6
...
Conflicts:
lib/Cake/VERSION.txt
2014-10-13 21:11:38 -04:00
Bryan Crowe
e16bef1868
Fix missing 'r' from your
2014-10-08 15:06:30 -04:00
mark_story
cf45d3fab8
Merge branch 'master' into 2.6
2014-09-22 20:46:28 -04:00
Mischa ter Smitten
a69e9bc63b
Cs fixes
2014-09-18 10:50:35 +02:00
mark_story
0d11cf7a33
Merge branch 'master' into 2.6
2014-09-14 23:26:33 -04:00
Joseph Sutton
faaba42aa7
Fixed type-casting for AuthComponent::login()
2014-09-14 11:15:08 -05:00
Joseph Sutton
87a58eeaea
AuthComponent::login() returning deprecated method
...
Changed $this->loggedIn() to $this->user(), as per the PHPDOC for loggedIn() at line 817
2014-09-14 00:28:30 -05:00