mark_story
9296f770d5
Adding SecurityComponent::$csrfLimit
...
This property allows you to control the number of tokens
that will be kept active. Its possible to make really large
CSRF collection sizes. Capping the number of tokens allows developers
to better control session sizes.
2011-12-03 20:13:17 -05:00
mark_story
e421b3bc8f
Adding SecurityComponent::generateToken()
...
This method allows end developers to add the csrf tokens
manually, if they aren't added automatically.
Tokens are cheap to generate, simplifying the logic
makes things a bit easier to understand.
2011-12-03 20:13:03 -05:00
mark_story
6d269ce25d
Merge branch '2.0' into 2.1
...
Conflicts:
lib/Cake/Config/config.php
lib/Cake/Console/Command/Task/ModelTask.php
lib/Cake/Console/Command/TestsuiteShell.php
lib/Cake/Model/CakeSchema.php
lib/Cake/Model/Datasource/Database/Sqlite.php
lib/Cake/Test/Case/Model/ModelTestBase.php
lib/Cake/Test/Case/Routing/DispatcherTest.php
lib/Cake/Test/Case/Utility/FileTest.php
lib/Cake/VERSION.txt
2011-12-03 13:45:28 -05:00
Kyle Robinson Young
8197f87dbc
Spelling and grammar fixes
2011-12-01 21:58:09 -08:00
Jose Lorenzo Rodriguez
f6534d2962
Fixing issue where changing the case for an action in the url would allow the action in the AuthComponent making it accessible to not-logged in users
2011-11-28 00:52:47 -04:30
mark_story
04463c4ee5
Fix errors found in review.
2011-11-27 23:51:49 -05:00
mark_story
cfbc43671e
Starting content type specific error pages.
...
- Adding RequestHandler to the error controller. This allows reuse
of all of Cake's internals.
- Adding a simple JsonView class to do serialized JSON views.
- Adding serialize hooks, and wiring things together.
2011-11-27 23:51:47 -05:00
Kyle Robinson Young
bc0e0b5c05
Add @link to CookieComponent docblocks
2011-11-22 22:32:13 -08:00
mark_story
21cd3f00ac
Merge branch '2.0' into 2.1
...
Conflicts:
lib/Cake/Test/Case/BasicsTest.php
2011-11-19 20:40:07 -05:00
mark_story
92aea9de88
Update comment.
2011-11-16 23:17:48 -05:00
mark_story
fa0ec44dfd
Merge branch '2.0' into 2.1
...
Conflicts:
lib/Cake/Test/Case/Console/Command/CommandListShellTest.php
lib/Cake/Test/Case/Error/ExceptionRendererTest.php
lib/Cake/Test/Case/Utility/DebuggerTest.php
lib/Cake/Test/Case/View/Helper/TextHelperTest.php
2011-11-16 21:31:16 -05:00
Ceeram
e5c8a446d6
Add sorting on joined model virtual field, fixes #2250
2011-11-17 00:18:12 +01:00
mark_story
fb7d931bef
Merge branch '2.0' into 2.1
...
Conflicts:
lib/Cake/Config/config.php
lib/Cake/VERSION.txt
2011-11-15 23:10:34 -05:00
Daniel Pakuschewski
841c0c2295
Dropped support for wildcard in AuthComponent::allow()
...
Conflicts:
lib/Cake/Controller/Component/AuthComponent.php
2011-11-15 23:01:04 -05:00
Ceeram
2bb4ed01be
Removing _Token from request data.
...
It is not used outside the component and could possibly affect Model::save().
Fixes #2256
Signed-off-by: mark_story <mark@mark-story.com>
2011-11-15 22:51:04 -05:00
mark_story
6e4493cc14
Fix ambiguous content types in RequestHandler.
...
Treat xhtml + html as content types that should trigger no
response/extension setting. They are different but similar in
that they both generally use the same HTML templates.
Fixes #2257
2011-11-15 22:48:54 -05:00
mark_story
550076d75e
Fix issue in RequestHandlerComponent.
...
Fixes issues where response and request properties would
not be set as the initialize() callback would have not fired.
Fixes #2190
Fixes #2189
2011-10-31 22:41:43 -04:00
mark_story
bf43a5ee24
Fix whitespace and add usage to doc block.
2011-10-31 21:56:16 -04:00
José Lorenzo Rodríguez
f51be0a82c
Merge pull request #278 from Danielpk/enhancement_auth_deny
...
Added enhancement to AuthComponent::deny().
2011-10-30 15:38:21 -07:00
Daniel Pakuschewski
09579198a9
Droped support to deny('*').
2011-10-29 13:54:35 -02:00
Gun.io Whitespace Robot
4742168253
Remove whitespace [Gun.io WhitespaceBot]
2011-10-28 18:25:08 -04:00
Daniel Luiz Pakuschewski
5246e7dd1d
Allow AuthComponent to deny all actions with single deny() or deny('*')
2011-10-26 22:07:17 -02:00
mark_story
d62351eb36
Revert the changes done to remove the 'cake' domain
...
After some discussion, polutting the app POT file
with unchanging Cake strings was incorrect. Having these
strings in a separate POT file allows reuse of translations across
projects.
Refs #2103
2011-10-23 20:36:31 -04:00
mark_story
e457c14dec
Fix issues with stateless authentication.
...
Cookies and sessions are no longer required for stateful authentication.
AuthComponent::user() also works correctly in these situations as well.
Fixes #2134
2011-10-23 12:54:51 -04:00
Renan Gonçalves
646b8f1aa0
Fixed issue when using multiple extensions in Router::parseExtensions() could result in undefined index notice by RequestHandlerComponent.
2011-10-19 15:36:00 +02:00
Rachman Chavik
2bb93761cc
fixing typos
2011-10-19 12:19:28 +07:00
ADmad
fc5a465189
Cleaning up code left over from 1.3. If no black-hole callback is specified Security::blackHole() now throws an exception. Closes #1532
2011-10-19 02:32:38 +05:30
Jose Lorenzo Rodriguez
91d0a081fb
Fixing more links in doc blocks
2011-10-15 11:38:49 -04:30
Jose Lorenzo Rodriguez
670917070e
Changing a bunch of links in doc blocks
2011-10-15 10:43:26 -04:30
mark_story
6bf6d79979
Removing 'cake' domain from core.
...
This domain was supposed to be replaced by cake_dev.
There are a number of translations that should be App land as well.
Such as those in helpers.
Fixes #2103
2011-10-14 21:01:17 -04:00
mark_story
4090b3e8c6
Fix content-type detection to accomodate jQuery.
...
Add tests for jQuery content type strings.
Refactor tests, add in missing assertions and missing parent calls.
The new behavior is more lenient and allows for a single requested
content type to switch the view type.
Fixes #2088
2011-10-12 23:21:07 -04:00
Renan Gonçalves
49f4035412
Fixing bug when trying to Paginate ordering by multiple keys.
2011-10-12 14:51:46 +02:00
mark_story
c4eb19ab91
Adding another import for helpers appended by RequestHandlerComponent.
...
Fixes #2084 .
2011-10-11 12:42:45 -04:00
mark_story
055224ef68
Merge remote-tracking branch 'origin/1.3' into merger
...
Conflicts:
cake/libs/controller/controller.php
cake/libs/model/datasources/dbo/dbo_mysqli.php
cake/tests/cases/libs/controller/controller.test.php
cake/tests/cases/libs/model/datasources/dbo/dbo_mysql.test.php
cake/tests/lib/cake_test_suite_dispatcher.php
lib/Cake/Model/Behavior/TranslateBehavior.php
lib/Cake/Model/Datasource/DataSource.php
lib/Cake/Model/Datasource/Database/Mysql.php
2011-10-06 21:06:40 -04:00
mark_story
9e080951b1
Adding additional documentation for CrudAuthorize.
...
Fixes #2034
2011-09-28 23:25:14 -04:00
mark_story
a5fe702624
Updating CrudAuthorize to work like ActionsAuthorize.
...
Updating tests.
Fixes #1749
2011-09-26 20:38:38 -04:00
mark_story
b1dad6e5bd
Adding session renewal upon login/logout.
...
This helps improve session security, as it reduces the opportunity
of replaying a session id successfully.
Fixes #836
2011-09-24 22:35:21 -04:00
mark_story
7cabb4e4d5
Extracting password hashing into as separate method.
...
This makes is much easier for a subclass to only change how passwords
are hashed.
2011-09-21 07:38:22 -04:00
Mark Story mark@mark-story.com
bb3a1d546b
Fixing RequesHandler::prefers(). It was previously entirely wrong.
...
It took the ordered list of accept types, and blindly assumed
the first in the list was the most preferred. This is an incorrect
assumption to make, as all types with the same q value are equal.
- Using CakeRequest::parseAccept() to access only the most preferred
content types.
- Using in_array() to check for the desired type.
- Updating tests for RequestHandler.
2011-09-01 00:20:54 +01:00
Juan Basso
840d27bbb9
Fixed the allow method to parameters not be required.
2011-08-30 21:12:57 -04:00
Juan Basso
7d0250ff47
Merge branch '2.0-api-doc' into 2.0
2011-08-26 20:22:26 -04:00
mark_story
6acf024a2b
Fixing incorrect keying for ext routing parameter. It was
...
nested under params[url][ext]. This makes it unlike
all other routing parameters. Having the nested value
also makes reversing requests harder, and generating urls more
difficult.
Adding a test for Router::reverse() and extensions.
Fixes #1923 , fixes #1928
2011-08-22 22:26:02 -04:00
Juan Basso
f7f3515135
Fixed documentation to methods that use func_get_args().
2011-08-21 21:45:34 -04:00
Juan Basso
689c7ffd45
Fixed some problems caused by the visibility changes.
2011-08-21 01:04:55 -04:00
Mark Story
58888399f1
Adding Todo about moving Cookie setting to CakeResponse.
2011-08-20 17:28:58 -04:00
Juan Basso
a1a049c700
Merge remote-tracking branch 'origin/2.0' into 2.0-api-doc
...
Conflicts:
lib/Cake/Model/Model.php
lib/Cake/View/Helper/CacheHelper.php
2011-08-20 01:47:27 -04:00
Juan Basso
61833294f0
Changed the visibility to methods that not affect others classes.
2011-08-20 01:39:30 -04:00
Juan Basso
f5a54d00dd
Changed methods and attributes from private to protected.
2011-08-20 00:43:34 -04:00
Ceeram
acdfb483a7
Change casing of delivery method being passed to transport(), to ensure correct transport class will be loaded
2011-08-19 16:47:46 +02:00
Juan Basso
0575e92833
Added visibility in some methods and attributes.
2011-08-18 22:30:28 -04:00