Commit graph

5543 commits

Author SHA1 Message Date
mark_story
a28158d614 Add additional test for f23d811ff5
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
Mark Story
5b46eb71ec Merge pull request #3397 from steinkel/fix-formhelper-with-model-mock
fixed FormHelper to allow create() on Mock Models without errors
2014-04-26 08:53:43 -04:00
ADmad
68572d8046 Cannot use php 5.4+ array syntax for 2.x. 2014-04-26 17:30:31 +05:30
Jorge González
5cf2ce723c fixed FormHelper to allow create() on Mock Models without errors 2014-04-26 10:33:58 +01:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
ADmad
27699d1f12 Fix auto linking urls with subdomain with underscore.
Closes #3392
2014-04-25 22:28:34 +05:30
Mark Story
00be120e7a Merge pull request #3381 from planardothum/shell-requires-cli
Add check to abort if $argv is undefined.
2014-04-24 12:32:54 -04:00
Harold Putman
d62e5e1b00 Prevent infinite loop caused when argv not set.
If shell is invoked with the wrong PHP executable (not CLI) and argv is not an array,  array_search on null causes infinite number of error messages.
2014-04-24 11:48:19 -04:00
mark_story
9d19801cfa Clear data and validationErrors *after* calling clearCache().
Having both properties cleaned after clearCache() means that you can use
the model data in specialized clearCache() implementations.

Fixes #3386
2014-04-24 09:19:00 -04:00
Stefan Dickmann
f90f718e11 change parameter order 2014-04-24 12:54:45 +02:00
mark_story
6f68049bf5 Reject file paths containing ...
Paths containing `..` are generally up to no good. Throw an exception,
as developers can use realpath() if they really need to get relative
paths.

Fixes #3370
2014-04-23 22:20:14 -04:00
mark_story
2333c3d535 Update docs for file().
Mention that relative paths will be prepended with APP.

Refs #3370
2014-04-23 22:15:10 -04:00
Carl Sutton
5ac60288fd Fix closing non resource
I get a load of these errors when running tests in the shell, this check stops the errors from happening

Warning: 2 :: fclose() expects parameter 1 to be resource, integer given on line 298 of CORE\Cake\Console\ConsoleOutput.php
Trace:
fclose - [internal], line ??
ConsoleOutput::__destruct() - CORE\Cake\Console\ConsoleOutput.php, line 298
ToolbarComponent::_saveState() - APP\Plugin\DebugKit\Controller\Component\ToolbarComponent.php, line 307
ToolbarComponent::beforeRedirect() - APP\Plugin\DebugKit\Controller\Component\ToolbarComponent.php, line 307
ObjectCollection::trigger() - CORE\Cake\Utility\ObjectCollection.php, line 132
call_user_func - [internal], line ??
CakeEventManager::dispatch() - CORE\Cake\Event\CakeEventManager.php, line 247
Controller::redirect() - CORE\Cake\Controller\Controller.php, line 765
AuthComponent::_unauthenticated() - CORE\Cake\Controller\Component\AuthComponent.php, line 364
AuthComponent::startup() - CORE\Cake\Controller\Component\AuthComponent.php, line 304
ObjectCollection::trigger() - CORE\Cake\Utility\ObjectCollection.php, line 132
call_user_func - [internal], line ??
CakeEventManager::dispatch() - CORE\Cake\Event\CakeEventManager.php, line 247
Controller::startupProcess() - CORE\Cake\Controller\Controller.php, line 675
Dispatcher::_invoke() - CORE\Cake\Routing\Dispatcher.php, line 182
Dispatcher::dispatch() - CORE\Cake\Routing\Dispatcher.php, line 160
2014-04-14 14:15:46 +01:00
Bryan Crowe
1a73906a50 Fix failing NoActions comparison test 2014-04-13 23:28:13 -04:00
Bryan Crowe
f7cc0c1802 Add newline after actions in controller template 2014-04-13 21:56:27 -04:00
mark_story
d4ae2b0b88 Correct types for Validation::range().
Refs #3304
2014-04-13 06:16:24 -04:00
Mark Story
d2fa1b444f Merge pull request #3301 from ubermaniac/Sqlserver-trim
Trim $sql before checking for SELECT
2014-04-11 18:48:41 -04:00
Joseph Woodruff
9aeea2fcc3 Trim $sql before checking for SELECT 2014-04-11 15:25:07 -06:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
mark_story
c6173a0054 Add tests for #3288 and remove nested ternaries.
Nested ternaries are complicated to maintain and hard to read. Break
down the nested ternary into two conditionals.
2014-04-10 20:37:08 -04:00
Guillaume Lafarge
db450a96e9 Fix Hash type casting
When using comparison with a boolean, as the filter is a string, we have to convert the data boolean to "boolean string" to avoid type-casting troubles.

## Example
```php
$users = [
    [
        'id' => 2,
        'username' => 'johndoe',
        'active' => true
    ],
    [   'id' => 5,
        'username' => 'kevin',
        'active' => true
    ],
    [
        'id' => 9,
        'username' => 'samantha',
        'active' => false
    ],
];
$unactiveUsers = Hash::extract($users, '{n}[active=false]');
print_r($unactiveUsers);
```

This example returns the two unwanted active users because `"false"` is `true` but not `false` :)

I think this pull request will fix this issue by converting true/false boolean to string (to match with our filter).
2014-04-10 20:19:32 +02:00
Mark Story
f9a6c1905b Merge pull request #3210 from ubermaniac/Sqlserver-schema-prefix
Sqlserver schema prefix #3208
2014-04-09 14:31:09 -04:00
euromark
6f53529520 Correct doc blocks 2014-04-06 22:27:51 +02:00
Jose Lorenzo Rodriguez
0d80c92ffb Revert "Merge pull request #3002 from moberemk/patch-2"
This reverts commit 8e3d6cffb7, reversing
changes made to 92800889a6.
2014-04-06 21:48:59 +02:00
José Lorenzo Rodríguez
8e3d6cffb7 Merge pull request #3002 from moberemk/patch-2
Allow chaining in the addCrumb method
2014-04-06 21:09:10 +02:00
mark_story
92800889a6 Update version number to 2.4.7 2014-04-04 22:25:48 -04:00
mark_story
7fb920c256 Add file missed in last commit. 2014-04-04 22:22:38 -04:00
mark_story
4ec81542db Fix email rendering when using 2 different plugins.
When an email template and layout are in different plugins the incorrect
plugin would be used for the layout.

Fixes #3062
2014-04-04 21:45:04 -04:00
mark_story
b8e21c99ee Only count _id if it is the last 3 characters in the field name.
This prevents issues when baking models for tables containing `_id`.

Fixes #3230
2014-04-04 21:26:31 -04:00
euromark
854a53b3cb generalize sentence 2014-04-04 19:19:10 +02:00
euromark
823909603a correct deprecation notices 2014-04-04 19:18:02 +02:00
Ceeram
5c31641ea8 Change argument type to mixed in docblock, as debug() and pr() accept not just a single type 2014-04-02 23:53:54 +02:00
Joseph Woodruff
8536371501 Sqlserver Datasource how properly appends the schemaName prefix in the describe() method 2014-04-02 13:59:04 -06:00
Joseph Woodruff
d526fdadc1 Base model class no longer changes an already defined schemaName value 2014-04-02 13:58:29 -06:00
José Lorenzo Rodríguez
bf28e69501 Merge pull request #3197 from dereuromark/master-cs
cs
2014-04-02 08:32:26 +02:00
euromark
b150e33472 correct missed cs errors 2014-04-02 03:16:03 +02:00
euromark
e544340d67 fix indentation 2014-04-02 03:12:22 +02:00
euromark
bbe3b6a439 more cs 2014-04-02 03:09:42 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
euromark
44952b06a4 cs 2014-04-02 02:23:43 +02:00
Brian Porter
e5dd8acb60 Adds phpunit required version to TestShell "not found" error message. 2014-04-01 11:08:46 -05:00
Bryan Crowe
b93f373f16 Fix yoda condition in File test 2014-03-31 17:40:35 -04:00
sam-at-github
dbbf6c6ad9 No array short syntax in 2.4\! 2014-03-29 22:40:58 +11:00
sam-at-github
863a8555d9 Fixed CS issues. Fixed bug - added missing condition to find. 2014-03-29 22:36:06 +11:00
sam-at-github
a3fe7cd245 on cake acl delete <> delete all matching records. Makes more sense than deleting one of possibly many. 2014-03-29 13:37:08 +11:00
sam-at-github
5ceb4abe1a Removed arbitrary restriction on crud operations. Added some comments to explain parameters to mapActions() better. 2014-03-28 13:35:08 +11:00
mark_story
6bf21c4a43 Update doc blocks to not be lies. 2014-03-27 11:55:54 -04:00
mark_story
de9a5a5845 Add deprecated flag to methods that are removed in 3.0.
A few methods in Controller were not marked as deprecated, but already
removed in 3.0. Shore up that difference.

Refs #3105
2014-03-23 20:40:17 -04:00
mark_story
75fcc7c2f8 Don't use count() in a loop.
Use do while so the count does not happen in a loop statement. This
makes the code linter happier.
2014-03-23 11:00:59 -04:00
Mark Story
90ca41d436 Merge pull request #2941 from lucasff/master
Allow the passing parameter escape of the getCrumbList method
2014-03-23 09:23:06 -04:00