mark_story
aaa37fa809
Merge branch '2.next' of github.com:cakephp/cakephp into 2.next
2017-06-26 21:51:55 -04:00
Marc Würth
da8414e13b
Use HTTPS for the opensource.org MIT license URL
2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50
Use HTTPS for the book.cakephp.org URL
2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9
Use HTTPS for the cakefoundation.org URL
2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15
Use HTTPS for the cakephp.org URL
2017-06-10 23:40:28 +02:00
Ikuo Degawa
655a5fe0ae
Fix broken cookie issue #10724
...
This change makes Security::cipher() encoding and decoding same as 2.7 and below.
2017-06-10 15:20:25 +09:00
Marc Würth
5c184190c5
Improve doc block
2016-11-17 14:55:01 +01:00
mark_story
efc2526600
Appease PHPCS.
2016-05-03 17:46:29 -04:00
mark_story
b6d631b987
Use strlen(). Comparing a string against a length will not do the right thing.
2016-05-03 17:27:16 -04:00
mark_story
8b5023282e
Randomly generate a salt when the salt is '' or null.
...
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.
Refs #8650
2016-04-15 21:49:17 -04:00
mark_story
7e5f56362f
Deprecate bad methods.
...
These methods are bad and should feel bad.
2016-02-22 00:16:15 -05:00
mark_story
7df99fff1f
Backport Security::randomBytes() to 2.x
...
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.
I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.
Refs #8282
2016-02-22 00:14:44 -05:00
Larry E. Masters
6a68032e0b
FIxing srand() expects parameter 1 to be integer, string given
...
Type casting to integer
2015-12-13 14:18:59 -06:00
Mark Scherer
52e79987a2
Replacing self with static due to PHP5.3+. Following #7040 .
2015-07-21 10:22:53 +02:00
mark_story
ac9a212d44
Merge branch 'master' into 2.7
...
Conflicts:
lib/Cake/Utility/String.php
2015-01-11 15:25:18 -05:00
antograssiot
c2f298a8b7
Replace our custom code fence with markdown standard fence
2015-01-09 13:47:25 +01:00
euromark
52ecccb1a2
App::uses and usage replacements for String => CakeText.
2015-01-05 01:00:57 +01:00
Marc Würth
67ba9cb406
Update all @deprecated annotations
...
to adhere to the @deprecated <version> <description> format, where version and description are mandatory.
2014-09-02 17:03:22 +02:00
euromark
974ca851c2
Correct doc blocks according to cs guidelines.
...
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
390441d3b9
Accept older blowfish hashes.
...
Both `2a` and `2x` are valid types of blowfish hashes, that while being
older should be accepted.
Backport 00c94bd582b83f8b92228b750aea0e8816a4ea89 from 3.x to 2.5.x,
I see this as a bug fix as it fixes incompatibilities with hashes
created by hash_password().
Refs #3575
2014-05-28 22:53:21 -04:00
ADmad
7a4244d0a6
More docblock CS fixes.
2014-05-28 22:09:54 +05:30
mark_story
2c5d96e916
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
ADmad
54a395cc3e
Updated docblock.
...
BlowfishAuthenticate is deprecated.
2014-02-13 17:54:53 +05:30
ADmad
8a666fb37e
Don't throw exception when trying to encrypt falsey value.
2013-12-15 19:28:56 +05:30
ADmad
dda6080579
Merge branch 'master' into 2.5
2013-11-19 00:27:12 +05:30
Marc Würth
229bd69903
Added link to three hash methods
2013-11-17 03:40:39 +01:00
Marc Würth
7cfa0116f4
Removed "PHP 5" from file header DocBlocks
...
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
mark_story
13b870d7e1
Fix coding standards error.
2013-09-01 21:44:45 -04:00
mark_story
95ad5f5c78
Add hmac to encrypted data.
...
Using an HMAC ensures that the ciphertext has not been
modified.
2013-08-29 14:40:01 -04:00
mark_story
c5092851d1
Fix compatibility with PHP 5.2
2013-08-27 23:03:08 -04:00
mark_story
215d43eb06
Add encrypt() and decrypt() methods.
...
These methods use AES-256 and provide a simple to use API with easy to
remember names.
2013-08-27 21:20:22 -04:00
dmromanov
56ef44f495
Excluded method names from several tanslation strings
...
Removed unnecessary sprintfs
2013-08-16 13:42:28 +04:00
mark_story
26769edd04
Merge branch 'master' into 2.4
...
Conflicts:
lib/Cake/Utility/CakeTime.php
lib/Cake/VERSION.txt
2013-08-12 14:39:02 -04:00
Marc Würth
7d4f229310
Fixed statement about Security:hash's salt parameter
...
Just nitpicking, but it prepends the salt, not appends it:
https://github.com/cakephp/cakephp/blob/master/lib/Cake/Utility/Security.php#L120
2013-08-12 12:52:34 +02:00
euromark
b09dc7213a
deprecate Controller::flash() and adjust some other deprecation messages.
2013-08-12 12:51:12 +02:00
Marc Würth
4c9f0414cb
Improved the DocBlocks and other code cleanup
...
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
2013-05-31 00:11:19 +02:00
mark_story
06e7ba66c9
Update docs for Security::cipher()
...
This method is not cryptographically strong. Note that, and the
issues related to suhosin.
Related to #GH-1100
2013-05-06 23:03:20 -04:00
Adam Taylor
433dd09ec4
Fix typos
2013-03-05 00:05:14 -07:00
euromark
111366d5c8
== to === and != to !== where applicable
2013-02-12 03:38:08 +01:00
mark_story
974ac44fb4
Use random iv values in rijndael.
...
Using fixed iv values has a number of known problems like dictionary
attacks against the cipher key. Use a random iv value for all future
encrpyted values. Provide backwards compatibility for values encrypted
with fixed iv's, and silently upgrade values for enhanced security.
2013-02-09 20:48:27 -05:00
mark_story
613aa19d94
Use constants instead of strings.
...
Using built-in constants where possible is generally a good idea,
making code less error prone.
2013-02-09 14:14:27 -05:00
Graham Weldon
66d856d883
Added extra line for referencing license file for copyright
2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4
This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years.
...
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
2013-02-08 20:59:49 +09:00
AD7six
51946ff8fd
Remove Security.level from core.php
...
it's not used by cake, and it can confuse users familiar with 1.3
that this setting exists yet doesn't do anything in later versions
2013-01-22 09:56:01 +01:00
euromark
b811afbc44
double spaces to single ones
2012-12-22 23:48:15 +01:00
mark_story
27d7e2865e
Merge branch 'master' into 2.3
...
Conflicts:
lib/Cake/Console/Command/ConsoleShell.php
lib/Cake/Network/CakeSocket.php
lib/Cake/Network/Http/HttpResponse.php
lib/Cake/Utility/Folder.php
lib/Cake/View/MediaView.php
lib/Cake/basics.php
2012-11-20 23:02:33 -05:00
Ceeram
e02eab05d5
Remove all todo from core, create tickets for them
2012-11-14 14:59:51 +01:00
Heath Nail
895fcac0cd
Improve Blowfish Docblocks
2012-11-12 14:36:43 -05:00
Ceeram
0196c6f686
code optimizing and simplify _crypt(), see PR #853
2012-11-01 14:15:52 +01:00
dogmatic69
cf8fccae96
converting $foo == null / $foo == false to !$foo
2012-09-14 18:26:30 +01:00