Commit graph

19256 commits

Author SHA1 Message Date
mark_story
edfda47cf4 Fix missing HTML encoding in Debugger
Fix missing HTML encoding when error messages contain HTML. This can
happen when user data is used as an offset in an array in an unchecked
way.

Thanks to Teppei Fukuda for reporting this issue via the responsible
security disclosure process.
2016-12-10 08:47:13 -05:00
Mark Story
420336f536 Merge pull request #9843 from cakephp/php71
Add PHP7.1 to test matrix.
2016-12-07 21:40:54 -05:00
mark_story
12cdc247ac Fix PHPCS errors. 2016-12-07 00:38:55 -05:00
mark_story
0a2a400ea4 Fix type error tests to work in PHP5 & PHP7.1
Catch the TypeErrors that are raised and make the match the PHP5
behavior of a converted error.
2016-12-06 21:21:52 -05:00
Mark Story
9e6e08704e Merge pull request #9838 from cakephp/issue-9779
Fix CookieComponent erroring on corrupted data.
2016-12-05 16:44:24 -05:00
mark_story
e3221b1c38 Fix errors in php7.1
* The constructor of errors has changed in PHP 7.1
* mcrypt is no longer available in PHP 7.1 by default.
2016-12-05 16:14:33 -05:00
mark_story
caaf748883 Add PHP7.1 to test matrix. 2016-12-05 09:22:48 -05:00
Mark Story
14192ba1e8 Merge pull request #9840 from chinpei215/2.x-blank-redir
Fix redirectUrl issue when loginRedirect is empty
2016-12-04 09:26:19 -05:00
chinpei215
26731b93bf Use ternary operator 2016-12-04 21:55:29 +09:00
chinpei215
b7481096c8 Fix redirectUrl issue when loginRedirect is empty
Fixes #9819
2016-12-04 20:06:24 +09:00
mark_story
934bb00b36 Add tests showing recent changes fix #9784 2016-12-03 14:14:57 -05:00
mark_story
27f951fb41 Don't emit errors when operating on corrupted cookie data.
When deleting from corrupted cookie data, there shouldn't be any errors.

Refs #9779
2016-12-03 14:10:47 -05:00
Mark Story
307ad80358 Merge pull request #9826 from gemal/2.x
add new locales fixes #9825
2016-12-01 20:37:34 -05:00
Henrik Gemal
75bb30f6b2 add new locales fixes #9825 2016-12-01 12:39:47 +01:00
mark_story
410df003e6 Update version number to 2.9.3 2016-11-27 21:25:11 -05:00
Mark Story
1152cbcd2d Merge pull request #9807 from cakephp/2.x-pages-controller
Fix directory traversal of .ctp files
2016-11-27 21:11:17 -05:00
chinpei215
74c2ded872 Fix directory traversal of .ctp files 2016-11-27 18:14:44 +09:00
Mark Sch
02df9ff72e Add a note about $boot 2016-11-26 18:10:37 +01:00
Mark Sch
43aa5dd502 Merge pull request #9803 from chinpei215/revert-9577
Revert #9577
2016-11-26 18:08:40 +01:00
chinpei215
f9d2a52152 Revert "Remove dead code"
This reverts commit bf908762db.
2016-11-27 01:25:01 +09:00
mark_story
bbb87b3e87 Use null instead of false for failure.
null is better to indicate that a thing doesn't exist.
2016-11-26 10:38:28 -05:00
Mark Story
ba9f62a7a0 Merge pull request #9747 from tersmitten/cache-does-not-expose-configured-engines
Expose Cache engines
2016-11-26 10:16:20 -05:00
Mark Story
2e30cf7b89 Merge pull request #9782 from cakephp/acl-constructor
Fix AclNode constructor.
2016-11-24 16:56:02 -05:00
mark_story
e057b5572c Fix PHPCS. 2016-11-21 20:51:12 -05:00
mark_story
71b7d6211b Fix AclNode constructor.
It should forward the settings from ClassRegistry::init() so that
aliases can be customized as needed.

Refs #9766
2016-11-19 22:30:18 -04:00
mark_story
66363e6bea Add tests for #9766
I'm not able to reproduce incorrect aliases coming out of ClassRegistry.
As reported.
2016-11-19 10:02:09 -04:00
Mark Sch
93e29e91ef Merge pull request #9767 from ravage84/patch-7
Improve doc block
2016-11-17 14:56:58 +01:00
Marc Würth
5c184190c5 Improve doc block 2016-11-17 14:55:01 +01:00
Mark Story
5f1463f45b Merge pull request #9750 from tersmitten/make-it-possible-to-configure-cachemethodhashalgo-in-dbosource
Make it possible to configure the cacheMethod hashing algorithm in DboSource
2016-11-14 12:00:33 -05:00
Mischa ter Smitten
e71afa225e Merge remote-tracking branch 'upstream/2.x' into make-it-possible-to-configure-cachemethodhashalgo-in-dbosource 2016-11-14 16:26:48 +01:00
Mark Story
de3a249199 Merge pull request #9749 from tersmitten/make-it-possible-to-filter-values-per-method-in-dbosourcecachemethod
Make it possible to filter values per method in DboSource::cacheMethod
2016-11-14 10:08:00 -05:00
Mischa ter Smitten
936b9924b3 Add tests for overridden cacheMethodFilter 2016-11-14 12:51:57 +01:00
Mischa ter Smitten
1952d2ee17 Add tests for cacheMethodFilter 2016-11-14 11:44:35 +01:00
Mischa ter Smitten
71535d2d2c Change cacheMethodFilters to be a method 2016-11-14 11:15:08 +01:00
Mischa ter Smitten
5947c2346b Fix failing test 2016-11-14 10:53:33 +01:00
Mischa ter Smitten
7ffb5c3600 Add tests for cacheMethodHasher 2016-11-14 10:00:47 +01:00
Mischa ter Smitten
e186ffc6d3 Change cacheMethodHashAlgo to be a method 2016-11-14 09:42:19 +01:00
Mark Story
c5ec8db59a Merge pull request #9743 from cakephp/new-pear-server
Update build config for new pear server.
2016-11-12 09:41:43 -05:00
mark_story
444cf1f16d Fix hostname. 2016-11-12 09:41:28 -05:00
Mark Story
56a57bdb00 Merge pull request #9748 from tersmitten/fix-typos
Fixed typos
2016-11-11 23:03:02 -05:00
Mischa ter Smitten
15ccf057f4 Make it possible to configure cacheMethodHashAlgo in DboSource 2016-11-12 00:18:13 +01:00
Mischa ter Smitten
58cc9b4596 Make it possible to filter values per method in DboSource::cacheMethod 2016-11-11 23:37:23 +01:00
Mischa ter Smitten
dec7f54ecb Fixed typos 2016-11-11 21:43:43 +01:00
Mischa ter Smitten
94572ae384 Do not use deprecated assertIsA 2016-11-11 21:41:23 +01:00
Mischa ter Smitten
175503fafa Expose engines
By implementing the `engine` method just like in version 3
2016-11-11 13:42:22 +01:00
mark_story
23009ae3cc Update build config for new pear server.
Point to the new dokku based pear server. Put the files in the new
location and rebuild the dokku app.
2016-11-10 19:41:07 -05:00
Mark Story
f46f042001 Merge pull request #9717 from bancer/shell-webroot
accept webroot shell parameter
2016-11-08 21:12:50 -05:00
Val Bancer
38518c201c doc blocks adjusted 2016-11-08 11:35:01 +01:00
Val Bancer
7ffa7acea6 fixed shell dispatcher failed unit test 2016-11-08 11:04:27 +01:00
Val Bancer
92e380737d fixed failing shell dispatcher test 2016-11-08 10:44:08 +01:00