Commit graph

7234 commits

Author SHA1 Message Date
mark_story
8cd5a64c27 Update version number to 2.8.4 2016-05-02 22:18:41 -04:00
Mark Sch
32cb25465f Make CS tests pass. 2016-05-02 10:42:42 +02:00
mark_story
ade9d8a811 Restore backwards compatibility with old 2.x in FormHelper.
Restore the behavior of the string 'action' option to its former glory.
While we've deprecated this it needs to continue working as it did
before.

Refs #8628
2016-05-01 22:21:23 -04:00
mark_story
ab79ab9c55 Fix short-array usage. 2016-04-30 14:14:45 -04:00
Philippe Saint-Just
c2f028ab49 Fix spacing 2016-04-30 13:13:14 -04:00
Philippe Saint-Just
cd07850337 Merge branch 'backport-8741-8690' into 2.x 2016-04-30 13:11:34 -04:00
mark_story
af953700b8 Fix short array usage.
Refs FIVESMX-8723
2016-04-29 09:28:05 -04:00
mark_story
cf55767fa0 Backport range parsing resiliancy fixes from 3.x
Refs #8723
2016-04-28 22:27:37 -04:00
Val Bancer
3368ae9b02 fixed locales alphabetical order 2016-04-27 14:59:47 +02:00
Val Bancer
3edbe1f5eb fixed locales alphabetical order 2016-04-27 14:04:40 +02:00
Val Bancer
f4866efffc restored deleted linebreak 2016-04-27 13:21:08 +02:00
Val Bancer
dee53e8298 added support for several european locales 2016-04-27 13:14:30 +02:00
mark_story
9536a10d6d Make schema import plugin friendly.
The changes in #8694 pointed out that schema importing doesn't play nice
with plugins. This corrects that.
2016-04-23 16:18:15 -04:00
mark_story
3a75e8aa72 Use import options when going through execute()
The `records` and `schema` options should work when using execute().
Previously they were not working. Furthermore, the records option did
a non-sensical thing where it both set import=>records and generated
static records from the live table. The `records` option now enables
the generation of static data from a live table, as I think this is
a more common scenario.

Refs #8693
2016-04-23 16:15:54 -04:00
mark_story
ce5d64b083 Remove whitespace. 2016-04-19 15:27:30 -04:00
felixmaier1989
b081ef5a38 Mock CakeResponse
Ability to set the class name to use for mocking the response object
2016-04-19 14:50:40 +07:00
mark_story
8b5023282e Randomly generate a salt when the salt is '' or null.
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.

Refs #8650
2016-04-15 21:49:17 -04:00
Mark Story
c6d5bfb2b9 Merge pull request #8653 from cakephp/fix-2x-tests
Attempt to fix tests in 2.x
2016-04-15 15:37:47 -04:00
mark_story
f451efa511 Attempt to fix tests in 2.x
Relying on tv.eurosport.com having a bad peer name is pretty fragile.
However, we can more easily rely on their cert coming from a CA we no
longer trust.
2016-04-14 15:28:34 -04:00
Mark Story
78cda8c25d Merge pull request #8638 from ravage84/patch-5
Re-add the Equifax Secure Certificate Authority
2016-04-14 15:21:18 -04:00
Marc Würth
25a0796865 Correct DocBlock for HttpException
http://api.cakephp.org/2.8/class-HttpException.html

> Class HttpException
> Base class that all Exceptions extend.

Which is actually the short description of  CakeBaseException.

http://api.cakephp.org/2.8/class-CakeBaseException.html

Probably because the DocBlock was placed before the if clause.
2016-04-14 14:42:01 +02:00
Marc Würth
d9e5d0ca05 Re-add the Equifax Secure Certificate Authority
Port change 343e206360 from 3.x to 2.x
2016-04-13 12:27:59 +02:00
Mark Story
1d4e39a45a Merge pull request #8625 from cakephp/jrbasso/2.x-fix-doc
Fixed doc formatting on CakeResponse::cookie
2016-04-11 15:05:23 -04:00
Marc Würth
4fd25e648c Update bundled CA file
Same as https://github.com/cakephp/cakephp/pull/8608 for 3.x
2016-04-11 13:55:28 +02:00
Juan Basso
718a7479e2 Fixed doc formatting on CakeResponse::cookie
Fixed doc to show properly in the documentation. This change was already applied on master.
2016-04-10 23:34:01 -04:00
mark_story
79db545b69 Fix PHP 5.4 syntax. 2016-04-02 21:45:02 -04:00
mark_story
1333cc4b3e Merge branch 'postlink-token' into 2.x
Fix inline postLink() calls corrupting the containing form's tampering
token.

Refs #8387
2016-04-01 23:08:41 -04:00
mark_story
c551faad46 Add tests for changes in #8387
Add tests covering the new behavior.
2016-04-01 23:08:31 -04:00
mark_story
84fc9498b5 Allow N11 exchange numbers as valid.
The previous code and commit (fa3d4a0bb5)
were incorrect about invalid exchange numbers as 1-800-211-4511 is
a real phone number.

I've also removed a duplicate alternation pattern.

Refs #8567
2016-03-31 22:38:16 -04:00
mark_story
13b914917d Update version number to 2.8.3 2016-03-28 22:17:27 -04:00
mark_story
1926d40d40 Fix possibility for spoofed files to pass validation.
Use `is_uploaded_file` to prevent crafty requests that contain bogus
files from getting through. A testing stub class was necessary to avoid
making significant changes to the test suite.
2016-03-28 22:10:36 -04:00
mark_story
c6db76d044 Instead of wiping the Router, just clear requests.
Clearing the router also removes routes which can cause assertions to
fail. By just removing the stored requests we avoid the error reported
in #8480 and not break as many tests.
2016-03-20 11:10:34 -04:00
mark_story
7ceb0993bf Clear the router state after testAction().
When using array urls, internal state in the Router would cause requests
to be incorrectly handled causing multiple testAction calls in a single
test to fail. By reloading the router we start off with a clean slate
each time.

Refs #8480
2016-03-19 12:16:21 -04:00
Mark Story
01d3c2f599 Merge pull request #8475 from cakephp/issue-8468
Fix boolean values in select widgets.
2016-03-18 22:20:31 -04:00
mark_story
f57f038c09 Fix for PHP 5.3 2016-03-16 21:17:42 -04:00
Thomas Smith
3e86de5bcd Replaced nested loop in merging hasMany children with one pass each through children and parents 2016-03-16 09:37:15 -07:00
mark_story
745f3a33e6 Fix boolean values in select widgets.
Boolean `false` should be treated like `0` when comparing option values.

Refs #8468
2016-03-15 22:59:03 -04:00
Mark Story
61b09024b0 Merge pull request #8470 from ravage84/patch-4
Add note about log levels on Wndows
2016-03-15 21:17:55 -04:00
Marc Würth
ca5e9c305f Add note about log levels on Wndows
This is a problem if a developer on Windows tries to separate those three levels into separate streams without customizing the CakePHP default levels.
2016-03-15 19:37:14 +01:00
Marc Würth
adc450d18b Remove outdated statement about log auto config 2016-03-15 19:33:14 +01:00
mark_story
22a2e93c4b Update version number to 2.8.2 2016-03-13 23:01:17 -04:00
mark_story
af046fc7d6 Merge branch 'request-ip' into 2.x 2016-03-13 23:00:47 -04:00
mark_story
fef3090717 Fix incorrectly inheriting permissions.
When child inherits from a deny parent the '*' permission should reflect
permissions on all nodes not just the leaf node. Previously once a node
with all permissions set to inherit was found, the check would pass.
Instead it should cascade to the parent nodes and look for explicit
allow/deny.

Refs #8450
2016-03-11 23:18:50 -05:00
mark_story
48af49ddde Don't trust CLIENT_IP
The client_ip header can easily be forged. In 'safe' modes we should
only trust the remote_addr which comes from the sapi. Remove support for
http_clientaddress as I can't seem to find where this ever came from in
PHP on the http specs.
2016-03-10 22:04:13 -05:00
Mark Story
18b0334890 Merge pull request #8384 from garas/mailtransport-log-subject
Email log missing Subject and To headers when using MailTransport
2016-03-02 21:29:13 -05:00
mark_story
3ad68db5eb Tweak fix from #8359
This fixes a regression introduced in that change that we didn't
previously have tests for. The issue fixed in #8359 was related to
PHP7.0, whereas PHP5 didn't have an issue. Now both versions will work
the same.
2016-03-02 12:30:48 -05:00
Mark Story
63de5ca4ea Merge pull request #8359 from phlyper/patch-1
verify exists index 0 in $ref
2016-03-02 12:27:49 -05:00
Markus Bauer
95558d0bba Data passed through FormHelper::postLink is excluded from CSRF creation of an outer form. Subsequent fix for #8387. 2016-03-02 03:02:43 +01:00
Markus Bauer
7df96b3912 Creating correct CSRF tokens when using FormHelper::postLink within another form. Fixes #8387 2016-03-02 02:51:06 +01:00
Alex
862397325d fixed typo 2016-03-01 12:41:29 -08:00