Commit graph

58 commits

Author SHA1 Message Date
mark_story
8b5023282e Randomly generate a salt when the salt is '' or null.
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.

Refs #8650
2016-04-15 21:49:17 -04:00
mark_story
7e5f56362f Deprecate bad methods.
These methods are bad and should feel bad.
2016-02-22 00:16:15 -05:00
mark_story
7df99fff1f Backport Security::randomBytes() to 2.x
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.

I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.

Refs #8282
2016-02-22 00:14:44 -05:00
Larry E. Masters
6a68032e0b FIxing srand() expects parameter 1 to be integer, string given
Type casting to integer
2015-12-13 14:18:59 -06:00
Mark Scherer
52e79987a2 Replacing self with static due to PHP5.3+. Following #7040. 2015-07-21 10:22:53 +02:00
mark_story
ac9a212d44 Merge branch 'master' into 2.7
Conflicts:
	lib/Cake/Utility/String.php
2015-01-11 15:25:18 -05:00
antograssiot
c2f298a8b7 Replace our custom code fence with markdown standard fence 2015-01-09 13:47:25 +01:00
euromark
52ecccb1a2 App::uses and usage replacements for String => CakeText. 2015-01-05 01:00:57 +01:00
Marc Würth
67ba9cb406 Update all @deprecated annotations
to adhere to the @deprecated <version> <description> format, where version and description are mandatory.
2014-09-02 17:03:22 +02:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
390441d3b9 Accept older blowfish hashes.
Both `2a` and `2x` are valid types of blowfish hashes, that while being
older should be accepted.

Backport 00c94bd582b83f8b92228b750aea0e8816a4ea89 from 3.x to 2.5.x,
I see this as a bug fix as it fixes incompatibilities with hashes
created by hash_password().

Refs #3575
2014-05-28 22:53:21 -04:00
ADmad
7a4244d0a6 More docblock CS fixes. 2014-05-28 22:09:54 +05:30
mark_story
2c5d96e916 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
ADmad
54a395cc3e Updated docblock.
BlowfishAuthenticate is deprecated.
2014-02-13 17:54:53 +05:30
ADmad
8a666fb37e Don't throw exception when trying to encrypt falsey value. 2013-12-15 19:28:56 +05:30
ADmad
dda6080579 Merge branch 'master' into 2.5 2013-11-19 00:27:12 +05:30
Marc Würth
229bd69903 Added link to three hash methods 2013-11-17 03:40:39 +01:00
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
mark_story
13b870d7e1 Fix coding standards error. 2013-09-01 21:44:45 -04:00
mark_story
95ad5f5c78 Add hmac to encrypted data.
Using an HMAC ensures that the ciphertext has not been
modified.
2013-08-29 14:40:01 -04:00
mark_story
c5092851d1 Fix compatibility with PHP 5.2 2013-08-27 23:03:08 -04:00
mark_story
215d43eb06 Add encrypt() and decrypt() methods.
These methods use AES-256 and provide a simple to use API with easy to
remember names.
2013-08-27 21:20:22 -04:00
dmromanov
56ef44f495 Excluded method names from several tanslation strings
Removed unnecessary sprintfs
2013-08-16 13:42:28 +04:00
mark_story
26769edd04 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Utility/CakeTime.php
	lib/Cake/VERSION.txt
2013-08-12 14:39:02 -04:00
Marc Würth
7d4f229310 Fixed statement about Security:hash's salt parameter
Just nitpicking, but it prepends the salt, not appends it:
https://github.com/cakephp/cakephp/blob/master/lib/Cake/Utility/Security.php#L120
2013-08-12 12:52:34 +02:00
euromark
b09dc7213a deprecate Controller::flash() and adjust some other deprecation messages. 2013-08-12 12:51:12 +02:00
Marc Würth
4c9f0414cb Improved the DocBlocks and other code cleanup
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
2013-05-31 00:11:19 +02:00
mark_story
06e7ba66c9 Update docs for Security::cipher()
This method is not cryptographically strong. Note that, and the
issues related to suhosin.

Related to #GH-1100
2013-05-06 23:03:20 -04:00
Adam Taylor
433dd09ec4 Fix typos 2013-03-05 00:05:14 -07:00
euromark
111366d5c8 == to === and != to !== where applicable 2013-02-12 03:38:08 +01:00
mark_story
974ac44fb4 Use random iv values in rijndael.
Using fixed iv values has a number of known problems like dictionary
attacks against the cipher key. Use a random iv value for all future
encrpyted values. Provide backwards compatibility for values encrypted
with fixed iv's, and silently upgrade values for enhanced security.
2013-02-09 20:48:27 -05:00
mark_story
613aa19d94 Use constants instead of strings.
Using built-in constants where possible is generally a good idea,
making code less error prone.
2013-02-09 14:14:27 -05:00
Graham Weldon
66d856d883 Added extra line for referencing license file for copyright 2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4 This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years.
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
2013-02-08 20:59:49 +09:00
AD7six
51946ff8fd Remove Security.level from core.php
it's not used by cake, and it can confuse users familiar with 1.3
that this setting exists yet doesn't do anything in later versions
2013-01-22 09:56:01 +01:00
euromark
b811afbc44 double spaces to single ones 2012-12-22 23:48:15 +01:00
mark_story
27d7e2865e Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/Console/Command/ConsoleShell.php
	lib/Cake/Network/CakeSocket.php
	lib/Cake/Network/Http/HttpResponse.php
	lib/Cake/Utility/Folder.php
	lib/Cake/View/MediaView.php
	lib/Cake/basics.php
2012-11-20 23:02:33 -05:00
Ceeram
e02eab05d5 Remove all todo from core, create tickets for them 2012-11-14 14:59:51 +01:00
Heath Nail
895fcac0cd Improve Blowfish Docblocks 2012-11-12 14:36:43 -05:00
Ceeram
0196c6f686 code optimizing and simplify _crypt(), see PR #853 2012-11-01 14:15:52 +01:00
dogmatic69
cf8fccae96 converting $foo == null / $foo == false to !$foo 2012-09-14 18:26:30 +01:00
mark_story
6664acba79 Merge branch 'master' into 2.3
Conflicts:
	lib/Cake/VERSION.txt
2012-09-05 20:15:36 -04:00
Kyle Robinson Young
200dd2dc9b Code standards fixes, unneeded break statements 2012-09-04 11:30:52 -07:00
mark_story
24b68ec1db Ensure = is removed from generated salt values. 2012-08-24 09:35:33 -04:00
mark_story
2359fb7e2e Simplify number formatting. 2012-07-22 21:28:49 -04:00
Heath Nail
434d3a7137 Add bcrypt support to Security::hash() 2012-07-22 21:15:00 -04:00
Heath Nail
304d001dfb Implement rijndael optional cookie encryption. 2012-05-30 03:49:25 -04:00
Juan Basso
c754fb2dcb Updated copyright to 2012. 2012-03-12 22:46:46 -04:00
mark_story
9d325fe46e Fixing most coding standard issues in Utility/ 2012-03-03 17:31:47 -05:00
Jose Lorenzo Rodriguez
cfd2d9e00b Updating all @package annotations in doc blocks 2011-07-26 01:46:14 -04:30