Commit graph

7715 commits

Author SHA1 Message Date
Val Bancer
7ae84e3d5d
Makes the cache key shorter by using md5() 2017-12-28 10:02:35 +01:00
mark_story
51206d7358 Update version number to 2.10.6 2017-12-18 21:15:48 -05:00
Mark Story
3bf93b7f76
Merge pull request #11526 from cakephp/post-conditions
Make postConditions() less permissive.
2017-12-15 14:36:38 -05:00
mark_story
340059be15 Check model names for bad characters as well. 2017-12-13 00:01:09 -05:00
mark_story
a9618f67f7 Use a permitted list instead of a ban list.
This should be safer as we are more confident on what is coming in.
2017-12-13 00:01:05 -05:00
Koji Tanaka
fba7f1c617
Fix Phpdoc for CakeObject::log() 2017-12-12 20:00:21 +09:00
mark_story
f66dec8a96 Make postConditions() less permissive.
We were notified by `ooooooo_q` that postConditions() is vulnerable to
SQL injection if used without SecurityComponent tampering prevention.

This change attempts to make postConditions() safer by exploding in
unsafe scenarios.
2017-12-10 21:44:47 -05:00
chinpei215
6ad30946d8 Fix CS 2017-12-04 23:31:32 +09:00
chinpei215
9f65402d2c Fix CakeRequest::referer(true) returning scheme-relative URLs
Backport of #11503 (and #8795)
2017-12-04 21:18:27 +09:00
dereuromark
eaf7454628 Clarify migration path to 3.x 2017-11-29 19:57:01 +01:00
Mark Story
abec95d3ea
Merge pull request #11469 from db-bogdan/issue11468
fixes #11468 sending user data on basic auth in API environment
2017-11-28 21:52:59 -05:00
chinpei215
4ae9f13dfd Fix 'order' not working with a single expressions 2017-11-29 00:17:57 +09:00
db-bogdan
e824346cca extra fix 2017-11-28 11:43:55 +02:00
db-bogdan
94e06dfeb3 add unit test 2017-11-28 11:31:46 +02:00
db-bogdan
5695fef46f fixes #11468 2017-11-27 11:59:34 +02:00
Mischa ter Smitten
d7b9e55e98 Fix indent 2017-11-23 14:12:13 +01:00
Mischa ter Smitten
05954ff405 Consistency changes 2017-11-23 10:09:25 +01:00
Mischa ter Smitten
4faac8e09a Improved readability 2017-11-23 10:06:14 +01:00
Mischa ter Smitten
bc1678cf2a Add option to make _validAgentAndTime 3.x compatible 2017-11-23 10:02:38 +01:00
Val Bancer
a2cc9843e4
added missing ob_end_flush() call 2017-11-21 15:20:14 +01:00
mark_story
10fcd7633d Update version number to 2.10.5 2017-11-20 21:09:55 -05:00
mark_story
f788c90b3c Fix typo 2017-11-05 22:34:47 -05:00
Mark Story
b175270f62
Merge pull request #11404 from ynaderi/2.x
- DigestAuthenticate modification for cakephp 2.X
2017-11-05 22:34:17 -05:00
Yaser Naderi
26a683f36f - DigestAuthenticate modification for cakephp 2.X 2017-11-03 14:53:54 -04:00
Milan van As
7de5ae4438 Force email domain lookups to work in fallback case. 2017-10-25 08:45:57 +02:00
saeideng
b59b64db29 replace tab with space 2017-10-21 22:44:15 +03:30
mark_story
549c181926 Update version number to 2.10.4 2017-10-18 21:54:49 -04:00
chinpei215
19bbb7da17 Simplify CookieComponent::read()
Also, this commit fixes an issue of when the second level key is empty.
Previously, read('foo.0') returned incorrect result.
2017-10-16 21:01:19 +09:00
chinpei215
bbea91090d Fix CookieComponent::delete() not working for deep children 2017-10-16 20:55:00 +09:00
mark_story
e85f489c1f Add test for #11284 2017-10-13 21:55:56 -04:00
Mark Story
d3a4ce1216 Merge pull request #11284 from kolorafa/patch-1
msSQL - also handle offset as string
2017-10-13 21:55:21 -04:00
Mark Story
fb44035177 Merge pull request #11299 from tenkoma/2.x-fix-cc-number-jcb-pattern
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 10:09:19 -04:00
Koji Tanaka
7d2d902b57 [2.x]Fix Credit card number pattern(JCB) is wrong 2017-10-08 16:15:10 +09:00
Mark Story
e889535e41 Merge pull request #11288 from mensler/session-without-cookies-2.x
Check for session.use_trans_sid and session ID in URL when cookies are disabled (2.x)
2017-10-07 12:17:30 -04:00
Clemens Weiß
61eddc6bde Fixed formatting 2017-10-07 11:11:45 +02:00
Mark Story
a71cad0420 Merge pull request #11283 from chinpei215/2.x-cookie-component-1
[2.x] Fix fatal error thrown when replacing scalar with array
2017-10-06 16:45:38 -04:00
Clemens Weiß
7f64ea37f9 Restored formatting 2017-10-06 17:11:09 +02:00
Clemens Weiß
5d5e791a31 Check for session.use_trans_sid and session ID in URL in case cookies are disabled (backport of cakephp/cakephp#10828 for 2.x) 2017-10-06 17:04:53 +02:00
chinpei215
deac8f9109 Backport #7080, #8233 and #11060 2017-10-06 22:02:37 +09:00
chinpei215
ccf634e5f3 Docblock update 2017-10-06 21:59:48 +09:00
chinpei215
959f45a6c6 Fix fatal error thrown when replacing scalar with array
Refs #11280
2017-10-06 13:43:32 +09:00
kolorafa
22d2564de9 msSQL - also handle offset as string
When doing pagination you could get offset not as a int(eg. 10) but string(eg. "10") and it will not paginate at all.

For example DataTables plugin pass offset from params and all params from http request are strings wrapped in numbers.
Adding ctype_digit($offset) will also check the case.
2017-10-05 11:45:33 +02:00
LustyRain
e1e5a292f2 Fix: revert return 2017-10-05 00:09:51 +09:00
LustyRain
0f00d73c70 Fix delete space, restored return 2017-10-04 21:02:48 +09:00
LustyRain
1f09318724 Fix delete space, restored return 2017-10-04 20:40:57 +09:00
LustyRain
8bb07c0fd7 Fix called twice 2017-10-04 11:39:31 +09:00
LustyRain
31b13edf8a Fix: phpdoc miss
## did
- void unReturn
- miss return void
- add return type
- type miss typing
- add param type and return type
  - string → string|array
- change ClassName
2017-10-04 00:22:42 +09:00
LustyRain
bececc421d Fix: void unreturn 2017-10-02 15:40:48 +09:00
Ionut-Mihai Burlacu
31ed2d5dfb Test Case 2017-09-22 11:45:38 +03:00
Ionut-Mihai Burlacu
5540569fcc Test Case 2017-09-22 11:39:39 +03:00