Commit graph

518 commits

Author SHA1 Message Date
mark_story
758599e6f4 Add once option to css().
The default value is false for backwards compatibility. In 3.0, the
default will be made consistent with script().

Refs #1973
Refs #3628
2014-06-04 22:15:56 -04:00
mark_story
db86b0c050 Don't disable the entire select when disabled is array(1)
When the disabled attribute is just array(1), then the attribute should
be filtered out of select element attributes. This is kind of a hacky
workaround but changing the underlying attribute handling is going to be
pretty tricky and far more dangerous.

Fixes #3546
2014-05-23 13:26:11 -04:00
mark_story
cd68002246 Add additional test case for named parameters.
Refs #3525
2014-05-22 14:14:35 -04:00
akiyan
781430c4af Removed unnecessary conditional branch, fixed test and comment. 2014-05-22 14:08:18 -04:00
akiyan
67f256297d Fixed secure form hash for special url.
No htmlspecialchars encode and without fragment identifer.
2014-05-22 14:08:11 -04:00
mark_story
e9ecfe0936 Remove x bit on files.
PHP files should not have executable permission set.
2014-05-13 12:30:14 -04:00
mark_story
89cd114e6f Merge branch 'master' into 2.5 2014-05-12 14:30:02 -04:00
mark_story
5469840c80 Fix incorrectly generated URL path.
Refs #3442
2014-05-07 08:52:42 -04:00
mark_story
1103ca7816 Ensure that only the path and query are used to make the hash.
While including the entire protocol, host, port, path and query would be
even better in theory, it gets complicated when proxies and load
balancers are involved.

Fixes #3442
2014-05-06 23:00:11 -04:00
mark_story
559d9d39e7 Make test names match the rest of the tests. 2014-05-06 22:13:44 -04:00
ADmad
d466e00644 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
	lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
	lib/Cake/Utility/Folder.php
	lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
euromark
fecf321cce This is a hotfix for TextHelper which seems to have gone wrong in a merge. tail() is missing completly and the docs for truncate() are the ones for tail(). This fixes it. 2014-05-02 13:33:57 +02:00
mark_story
e1057e3e6b Fix FormHelper::postLink() not working when SecurityComponent is enabled.
The action attribute value was not being included in the generated hash,
so postLink() forms never worked properly.

Fixes #3418
2014-04-29 11:23:52 -04:00
mark_story
cf96e9f54f Merge branch 'master' into 2.5 2014-04-26 22:04:19 -04:00
Mark Story
5b46eb71ec Merge pull request #3397 from steinkel/fix-formhelper-with-model-mock
fixed FormHelper to allow create() on Mock Models without errors
2014-04-26 08:53:43 -04:00
Jorge González
5cf2ce723c fixed FormHelper to allow create() on Mock Models without errors 2014-04-26 10:33:58 +01:00
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
ADmad
27699d1f12 Fix auto linking urls with subdomain with underscore.
Closes #3392
2014-04-25 22:28:34 +05:30
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
b150e33472 correct missed cs errors 2014-04-02 03:16:03 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
mark_story
8acb75425d Merge branch 'master' into 2.5
Conflicts:
	CONTRIBUTING.md
	lib/Cake/Model/Datasource/DboSource.php
2014-03-21 22:55:28 -04:00
mark_story
f12b272758 Fix a few flaky/bad attribute matchers. 2014-03-21 22:52:52 -04:00
mark_story
afc8587949 Merge branch 'master' into 2.5 2014-03-18 22:12:14 -04:00
mark_story
ee895a8bb1 Add form attribute to hidden inputs when present.
If inputs are placed outside of the form elements the form attribute
needs to be set on the hidden inputs. Without this attribute the empty
state does not submit correctly.

Fixes #3053
2014-03-18 22:11:57 -04:00
mark_story
6c3bc48ce0 Merge branch 'master' into 2.5 2014-03-06 17:45:00 -05:00
mark_story
5544fcc4c2 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/VERSION.txt
2014-03-03 21:20:58 -05:00
ndm2
008ad3237c Fix verification of expected invocations #2919 2014-03-01 19:06:17 +01:00
ADmad
a707709e1d Added test for FormHelper::radio().
Tests generating radio input for field with model other than one used
in create(). Refs #2911.
2014-02-28 02:34:16 +05:30
mark_story
0f584c0e8b Merge branch 'master' into 2.5 2014-02-24 21:19:17 -05:00
mark_story
0776b87214 Fix postLink() & postButton() with nested data.
Flatten deeply nested array data before generating hidden inputs.
This solves 'Array to string conversion' errors.

Closes #2894
2014-02-24 21:17:31 -05:00
jalbertocr
35f152b333 Make sure a datetime instance is valid to avoid fatal errors. 2014-02-19 20:50:30 -03:00
mark_story
3433f4a1f0 Clean up changes code standards and tests.
Refs #2582
2014-02-17 11:03:49 -05:00
Jonas
b32deed4aa changed FormHelper::secure() and FormHelper::end() to support attributes in the hidden CSRF-protection tags that are being generated for SecurityComponent to allow specification of additional html attributes like HTML5s "form" attribute. This allows separation of Form instantiation/controls and form data - for instance within html tables
improved tests for testing against additional attributes for Form::secure()

improved tests for testing against additional attributes for Form::end()

removed array cast, fixed test

fixed docblock format

format

Fixed a bug, this won't work as some forms are just empty
2014-02-17 10:54:02 -05:00
mark_story
be8ebfc005 Merge branch 'master' into 2.5 2014-02-05 09:22:46 -05:00
AD7six
adc0bf3ded BC fix for checkbox ids
Revert to previous behavior for id generation of checkboxes, This commit
can be reverted for 2.5+ is desired

Fixes #2733
2014-02-03 17:57:26 +00:00
mark_story
605351d0c9 Allow empty values in checkboxes.
Allow the checkbox value attribute to be empty. This is required to make
checkboxes with a value of 0.

Fixes #2717
2014-01-30 21:12:06 -05:00
Walter Nasich
43604f64d5 Rendering a proper value for html5 attribute 'step' 2014-01-30 17:17:50 -03:00
mark_story
75dd2ff1fb Merge branch 'master' into 2.5 2014-01-16 15:20:40 -05:00
mark_story
f25e84f4fb Don't select year 0 when there are all 0's.
Year 0 is almost never a 'good' selection value and causes odd behavior
when paired with MySQL.

Fixes #2658
2014-01-15 10:23:45 -05:00
mark_story
3cee3b0e99 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/VERSION.txt
2013-12-30 21:28:22 -05:00
Mark Story
1cb7e4f0ff Merge pull request #1635 from dereuromark/master-dom-ids
Fix duplicate ID generation of for multiple checkboxes.
2013-12-24 07:02:38 -08:00
euromark
b392254c92 fix cs 2013-12-24 15:20:32 +01:00
mark_story
7e5c0f7185 Merge branch 'master' into 2.5 2013-12-20 14:15:35 -05:00
mark_story
5bddc477a3 Fix incorrectly handled time values around 12:00:00
When using 12 hour formats & intervals, values around 12:00 were
incorrecly converted to midnight.

Fixes #2507
2013-12-19 17:36:27 -05:00
mark_story
30e139412d Fix input type inference when type=>checkbox
FormHelper should not infer types when the explicit type is checkbox.
Instead the provided type should be used.

Fixes #2491
2013-12-16 23:26:20 -05:00
euromark
8ebf004450 Also make DOM ids for radio element values unique. 2013-12-04 02:14:08 +01:00
euromark
587a04ab84 prevent possible XSS attack via form helper selects and unescaped output. 2013-12-04 01:51:39 +01:00
euromark
aae0f762dd Collision free approach to resolve the DOM ID issue in a clean way. Fix to generation of ids for multiple checkboxes. Resolves ticket 4064. 2013-12-04 01:30:57 +01:00