Commit graph

494 commits

Author SHA1 Message Date
Marc Würth
f2638b3e38 Remove superfluous "Class" from doc blocks 2016-08-10 12:22:09 +02:00
Kim Biesbjerg
1d7a4da903 Fixed wrong assertion 2016-07-07 09:24:33 +02:00
Kim Biesbjerg
0ea315b2e0 Add assertion to prove session is not started on stateless login 2016-07-07 08:58:51 +02:00
Kim Biesbjerg
c63de8d9f5 Added test to prove stateless login sets user 2016-07-06 12:34:23 +02:00
Aloïs Thévenot
b737e9f732 #8844 Add test 2016-05-27 12:50:23 +00:00
mark_story
fef3090717 Fix incorrectly inheriting permissions.
When child inherits from a deny parent the '*' permission should reflect
permissions on all nodes not just the leaf node. Previously once a node
with all permissions set to inherit was found, the check would pass.
Instead it should cascade to the parent nodes and look for explicit
allow/deny.

Refs #8450
2016-03-11 23:18:50 -05:00
mark_story
b2509ea13d Fix inherited permissions when checking the '*' permission.
When checking inherited permissions for '*' also copy inherited
permissions onto the inherited list. By copying the inherited values, we
get the union of explit allow and inherited permissions, which if all
things go well will match the permission key list.

Refs #8114
2016-02-16 22:30:19 -05:00
Marc Würth
b5655d63ff Remove lighthouse references 2016-02-10 12:27:34 +01:00
mark_story
3b5a71df37 Merge branch '2.7' into 2.8 2016-01-28 21:51:59 -05:00
mark_story
fc57dee72f Fix error in PHP 5.3 2016-01-28 21:50:56 -05:00
mark_story
3e67685c7c Merge branch '2.7' into 2.8 2016-01-21 21:46:51 -05:00
mark_story
4b8d628a2e Backport SecurityComponent fixes from #8071 to 2.x
If the request manages to have data set outside of post/put we should
still validate the request body. This expands SecurityComponent to cover
PATCH and DELETE methods, as well as request methods that should be
safe, but somehow end up not safe.
2016-01-20 21:34:58 -05:00
Larry E. Masters
0aa8847762 Merge pull request #7840 from cakephp/2.8-PHP7
2.8 PHP7 compatibility
2015-12-29 00:27:33 -05:00
Larry E. Masters
e7a313edee getting sloppy as I get older, fixing code sniffer errors 2015-12-29 00:06:44 -05:00
Larry E. Masters
b1d93377b6 Removing invalid test 2015-12-28 23:36:37 -05:00
Larry E. Masters
027e32ce00 Reverted change setting $_SESSION to an array. Commenting out a test that is invalid.
This test creates a numeric key of 0 in $_SESSION which is not a valid session key. This causes error - session_write_close(): Skipping numeric key 0 error.
2015-12-28 17:19:31 -05:00
Larry E. Masters
3c21f4a8af Fixes session_write_close(): Skipping numeric key 0 error 2015-12-28 11:18:03 -05:00
Larry E. Masters
894d233fd6 add @throws anotation to fix travis PHP_CODESNIFFER warnings 2015-12-13 15:16:49 -06:00
Larry E. Masters
48e018e707 Allowing tests to run on PHP 7 2015-12-13 14:12:31 -06:00
Mark Scherer
f662b2f5aa Skip error for now. 2015-12-06 12:50:09 +01:00
mark_story
48450e71fa Merge branch '2.7' into 2.8 2015-11-11 22:53:45 -05:00
Jorge González
cb6a17c34e add Flash back to Controller, fix Scaffold to use Flash instead 2015-11-04 10:41:35 +00:00
mark_story
8c404ad6a7 Merge branch '2.7' into 2.8 2015-10-17 21:00:26 -04:00
mark_story
dea32345c8 Add failing test for #7570
Documented behavior that exists in 3.x is not working in 2.x
2015-10-17 20:54:40 -04:00
mark_story
ae83e197dc Merge branch '2.8' of github.com:cakephp/cakephp into 2.8 2015-09-27 11:13:12 -04:00
Marc Würth
1ede742d92 Various improvements to the CakePHP test files
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
Mark Scherer
81cbb52f74 Only array-wrap 'order' if it's not already an array. 2015-09-22 13:04:28 +02:00
mark_story
07c2047984 Merge branch '2.7' of github.com:cakephp/cakephp into 2.7 2015-08-06 21:43:40 -04:00
mark_story
056f24a774 Forbid direct prefix access with mixed casing.
Changing the casing up should not allow prefix method access.
2015-08-05 23:05:30 -04:00
mark_story
9f20330d17 Fix fatal error on null subject.
Refs #7176
2015-08-05 22:20:39 -04:00
Mark Scherer
52e79987a2 Replacing self with static due to PHP5.3+. Following #7040. 2015-07-21 10:22:53 +02:00
mark_story
9b313f86e4 Add tests for #7034
These tests ensure that redirect() is never called which ensures the
Location header is never set. Ajax requests when no loginElement is
defined should get an empty response with a 403 status code.
2015-07-16 23:00:20 -04:00
Chris Kim
94fbc6e5f2 Don't map text/plain to csv. Backport from 3.0. Refs #1696
Jquery sets accepts header similar to "text/plain, */*; q=0.01" by
default for xhr requests. Due to this RequestHandler used to set
extension to csv thereby causing View class to look for views under
non-existent csv folders.
2015-07-07 15:19:45 -04:00
Highstrike
a9d77d26f0 fix failing tests
fixing...
2015-06-25 13:40:50 +03:00
Highstrike
58983f717a 2.7.0-RC Auth doesn't use the new Flash component
Changed 'Flash.' to 'Message.' and also provided backwards compatibility
in FlashHelper->render
2015-06-24 14:06:35 +03:00
Mark Scherer
4f3602ad5f Adjust bake, docblocks and tests for notBlank. 2015-05-17 22:27:16 +02:00
mark_story
0b916cedbb Merge branch 'master' into 2.7 2015-03-09 21:55:20 -04:00
mark_story
02c9dda9a7 Make maxLimit and limit settings independent.
Having maxLimit infer what it should be based on limit was not a very
transparent default behavior. The documentation states that maxLimit
will default to 100, but the code would default it to 'limit' if set.
This created confusing behavior when only one setting was defined.

Refs #5973
2015-02-27 22:35:52 -05:00
mark_story
63769ae4a6 Merge branch 'master' into 2.7
Conflicts:
	lib/Cake/VERSION.txt
2015-02-26 12:50:35 -05:00
mark_story
c92cfb413f Allow numeric sorts in PaginatorComponent.
When paginating data, we should not ignore numerically indexed order
conditions. Instead they should be handled similar to Model::find().

This creates a slightly different behavior when model's have default
sorting applied as more default sort options forms will be honoured.

Refs #5964
2015-02-25 21:38:56 -05:00
Mark Story
9f1f158cc0 Merge pull request #5855 from tanuck/2.7-custom-flash-message
Backport of 3.x flash messages #5823
2015-02-14 22:07:30 -05:00
mark_story
3dfa22b021 Fix order of hasOne assocation.
This should fix non-deterministic failures.
2015-02-10 22:46:53 -05:00
James Tancock
e173c29d33 Fix for phpcs 2015-02-04 15:31:50 +00:00
James Tancock
b8b6b67abd Tests for ported Flash component & helper 2015-02-04 15:05:40 +00:00
mark_story
396d501d1e Fix / being handled incorrect by referer()
Backport changes in #4987 to 2.x. This solves issues with duplicate base
directories when redirecting back to '/'

Fixes #4812
2015-01-15 21:26:34 -05:00
Sebastien Barre
20e2882bf6 Remove duplicate class declaration 2014-11-23 21:49:29 -05:00
Sebastien Barre
5ac47487f9 Merge branch 'ticket-5041' of github.com:sebastienbarre/cakephp into ticket-5041
Conflicts:
	lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
2014-11-22 13:38:11 -05:00
Sebastien Barre
a2e7896038 Fix uses, style 2014-11-22 13:31:39 -05:00
Sebastien Barre
7da48669c8 Have BaseAuthenticate implement CakeEventListener instead 2014-11-22 13:31:38 -05:00
Sebastien Barre
50e5b5e8fe Move App::uses() again 2014-11-22 13:31:38 -05:00