Commit graph

375 commits

Author SHA1 Message Date
Jose Lorenzo Rodriguez
9d07fc4330 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/ShellDispatcher.php
	lib/Cake/Utility/CakeNumber.php
	lib/Cake/View/Elements/sql_dump.ctp
2013-08-11 23:31:10 +02:00
mark_story
9efad54e31 Fix missing expiry times on cookies.
When writing multiple cookies in a single request with the default
expiry time, cookies after the first should continue to have the default
expiry time used.

Fixes #3965
2013-08-06 22:01:13 -04:00
ADmad
38b050a711 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Command/ConsoleShell.php
2013-08-04 19:26:55 +05:30
Simon Males
0adef209e3 Camel case SecurityComponent::blackHole() method call 2013-08-02 12:07:33 +08:00
Phally
a70e004cda Corrects bad merge.
Bad merge: d161b21ae1

Fixes #3938.
2013-07-26 20:00:32 +02:00
Phally
6b41eaa950 Merge branch 'master' into 2.4 2013-07-26 19:44:11 +02:00
Phally
f7eab23a5c Strips the base off the generated URL from the AuthComponent.
Fixes #3922.
2013-07-26 15:18:28 +02:00
euromark
8b21710c95 whitespace correction 2013-07-25 13:26:21 +02:00
mark_story
e03d3df0fe Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/View/HelperTest.php
	lib/Cake/VERSION.txt
2013-07-17 22:40:09 -04:00
mark_story
a8f4ec0450 Simplify whitelist logic. 2013-07-16 19:33:06 -04:00
mark_story
b873186468 Fix being unable to sort on custom synthetic columns.
If a sort field whitelist is used we should trust its data and also
trust that the developer wanted what they asked for. This solves issues
where it was impossible to sort on synthetic columns added in custom
find types.

Fixes #3919
2013-07-16 10:19:18 -04:00
ADmad
d161b21ae1 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/AuthComponent.php
2013-07-14 10:58:55 +05:30
mark_story
d40c7376ce Rebalance where URL normalization happens in AuthComponent.
Make URL's not include the base path when storing them in the session.
This makes future redirection simpler. When URL's are an array use
Router::url() on them.

Fixes #3916
2013-07-12 21:54:22 -04:00
mark_story
8133f72b53 Update AuthComponent to not strip when normalizing URLs.
Revert most of the changes done to fix #3897 originally and try
a different strategy of solving the base path issues and not breaking
apps running in a subdirectory.

Fixes #3916
2013-07-12 21:17:25 -04:00
ADmad
4ded269549 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php
	lib/Cake/VERSION.txt
2013-07-07 12:22:12 +05:30
Marc Würth
a397f034e6 Some love for a deprecated class
Whitespace and wording.

Optionally we could include a version number until when this class will work. I assumed this will be 3.0...
http://www.phpdoc.org/docs/latest/for-users/phpdoc/tags/deprecated.html
I treid that but after I let apigen generate the doc and I saw it did nothing special about it ;-/
2013-07-06 19:50:26 +02:00
euromark
af455b4121 correct return types in doc blocks 2013-07-05 17:19:22 +02:00
euromark
e7f380d2b7 doublespace to single space 2013-07-05 14:36:40 +02:00
euromark
c989624f80 whitespace coding standards 2013-07-05 14:15:18 +02:00
mark_story
22a198a8ba Merge branch 'master' into 2.4 2013-07-04 21:40:51 -04:00
euromark
f680c763b2 ticket-3902 - paginator and display of order via model default order 2013-07-04 13:07:14 +02:00
José Lorenzo Rodríguez
9c4775a220 Merge pull request #1393 from markstory/constant-time-login
Hash passwords even when users don't exist.
2013-07-03 13:49:03 -07:00
mark_story
c597855fe4 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/Network/CakeRequestTest.php
2013-07-03 14:21:09 -04:00
mark_story
17e4eee73d Hash passwords even when users don't exist.
Not hashing passwords when users don't exist means there is an
opportunity for timing attacks when people use blowfish or other
expensive hashing algorithms.
2013-07-01 21:52:15 -04:00
Mark Story
94db8fbed6 Merge pull request #1380 from ceeram/2.4-ext
Set extension with multiple accept based on order in parseExtensions.
2013-06-30 19:42:50 -07:00
Marc Würth
e84bf65016 Typo in FormAuthenticate.php 2013-07-01 00:03:03 +02:00
mark_story
f09693f6e8 Merge branch 'master' into 2.4 2013-06-29 23:26:26 -04:00
mark_story
1d18a4f702 Fix issue where redirectURLs were not generated correctly.
When the first path segment matches the base path an incorrect URL was
generated. Trimming slashes off makes Router normalize the URL correctly
as the leading / implies that the base is already prepended.

Fixes #3897
2013-06-29 23:26:13 -04:00
Ceeram
6a0185d7e6 Set extension with multiple accept based on order in parseExtensions, currently with multiple accepted types, no extension is set at all 2013-06-27 14:34:00 +02:00
mark_story
dcf7df39d2 Merge branch 'master' into 2.4 2013-06-21 17:47:37 -04:00
Marc Würth
2418ea0a57 Fixed typo in AuthComponent::redirectUrl 2013-06-21 16:49:31 +02:00
Rachman Chavik
0d486bdab4 AuthComponent: Allow suppressing authError message
When unauthenticated users accesses protected areas, they are greeted
with the default 'You are not allowed to access that location' which is
not desired in some cases.

This patch allows applications to suppress this message by setting
AuthComponent::authError to false bypassing the call to
SessionComponent::setFlash() altogether.

Refs: https://github.com/croogo/croogo/pull/175#discussion_r4714240
2013-06-17 09:33:59 +07:00
mark_story
cd3c54bb9d Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-06-10 22:12:10 -04:00
euromark
4518624187 more whitespace coding standard corrections 2013-06-09 17:39:48 +02:00
ADmad
636cc8c103 Merge branch 'master' into 2.4 2013-06-09 18:08:32 +05:30
mark_story
3aa189eb3a Fix cookie expiry time calculation on 32bit systems.
strtotime() misbehaves on 32bit systems when the resulting timestamp
would overflow an integer. Use a DateTime to workaround this issue.

Fixes #3868
2013-06-03 20:16:18 -04:00
ADmad
f3c69c9f40 docblock updates 2013-06-03 01:04:00 +05:30
ADmad
3303a2cda1 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Templates/skel/Config/Schema/db_acl.php
	lib/Cake/Console/Templates/skel/Config/Schema/i18n.php
	lib/Cake/Console/Templates/skel/Config/Schema/sessions.php
	lib/Cake/Console/Templates/skel/Config/acl.ini.php
	lib/Cake/Console/Templates/skel/Config/acl.php
	lib/Cake/Console/Templates/skel/Config/bootstrap.php
	lib/Cake/Console/Templates/skel/Config/core.php
	lib/Cake/Console/Templates/skel/Config/database.php.default
	lib/Cake/Console/Templates/skel/Config/email.php.default
	lib/Cake/Console/Templates/skel/Config/routes.php
	lib/Cake/Console/Templates/skel/Console/Command/AppShell.php
	lib/Cake/Console/Templates/skel/Console/cake.bat
	lib/Cake/Console/Templates/skel/Console/cake.php
	lib/Cake/Console/Templates/skel/Controller/AppController.php
	lib/Cake/Console/Templates/skel/Controller/PagesController.php
	lib/Cake/Console/Templates/skel/Model/AppModel.php
	lib/Cake/Console/Templates/skel/View/Errors/error400.ctp
	lib/Cake/Console/Templates/skel/View/Errors/error500.ctp
	lib/Cake/Console/Templates/skel/View/Helper/AppHelper.php
	lib/Cake/Console/Templates/skel/View/Layouts/Emails/html/default.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/ajax.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/default.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/error.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/flash.ctp
	lib/Cake/Console/Templates/skel/View/Pages/home.ctp
	lib/Cake/Console/Templates/skel/index.php
	lib/Cake/Console/Templates/skel/webroot/index.php
	lib/Cake/Console/Templates/skel/webroot/test.php
2013-06-02 18:03:59 +05:30
Marc Würth
4c9f0414cb Improved the DocBlocks and other code cleanup
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
2013-05-31 00:11:19 +02:00
ADmad
00f972f033 Deprecated AuthComponent::password() 2013-05-27 00:25:42 +05:30
ADmad
56fa0dccda Remove unnecessary overriding of '_findUser()' in 'DigestAuthenticate'. 2013-05-26 12:31:40 +05:30
ADmad
dd2892ad8d Added password hasher 2013-05-26 11:29:06 +05:30
ADmad
fb86859585 Merge branch 'master' into 2.4 2013-05-19 14:37:41 +05:30
mark_story
e23c4ffad9 Fix empty response bodies when redirect URL's are empty.
When redirecting XHR requests to an empty URL the response body should
not be overwritten.

Fixes #3835
2013-05-17 16:33:08 -04:00
ADmad
a10275fb8b Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/Model/Datasource/Database/PostgresTest.php
2013-05-05 14:36:46 +05:30
mark_story
2096d3f632 Clamp limit values to be unsigned integers.
This solves large page numbers potentially turning into scientific
notation when being formatted into queries. It also further safeguards
against SQL manipulation.

Refs #GH-1263
2013-05-02 22:36:50 -04:00
mark_story
37ce6dfc81 Only allow sort fields that match the current object alias.
Instead of modifying aliases that do not match, only allow aliases that
do match.

Refs #3803
2013-04-30 12:41:42 -04:00
euromark
09d9efe235 spelling corrections (a url to an URL, unify URL) 2013-04-29 11:05:17 +02:00
mark_story
62186ac8da Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-04-28 17:00:30 -04:00
mark_story
c327bdc4bd Enforce model aliases when generating order by clauses.
Invalid SQL could be created by sorting on an invalid alias, with
a field that exists on the model.

Fixes #3797
2013-04-27 13:29:29 -04:00