Commit graph

334 commits

Author SHA1 Message Date
nate
296e8989ba Adding GET/PUT/DELETE method checks to Security component, refactoring adding tests, closes #4231. Thanks joelmoss.
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6703 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-19 19:25:49 +00:00
mariano.iglesias
ab3b90503f Fixing issue in Security component with modeless field names, fixes #4454. Thanks vuego for the test and patch!
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6685 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-17 22:51:40 +00:00
mariano.iglesias
5f967487bb Encoding subject without modifying original, fixes #4489
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6683 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-17 22:12:58 +00:00
nate
dc5742d28f Correcting query order in DB_ACL::check(), fixes #4309
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6654 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-11 05:48:39 +00:00
nate
a89beea029 Correcting issue with permissions being incorrectly overwritten in ACL, fixes #4190
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6651 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-10 13:19:10 +00:00
phpnut
1d9a096376 "Fixes #4427, Current protected attribute Email::_newLine renders Email Component unusable for SMTP.
Original change to EmailComponent:_newLine reverted, related bug has been fixed elsewhere in the code."

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6632 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-04 11:46:09 +00:00
phpnut
d14b50fc92 "References #4394, additional fixes to multi record forms.
Added additional test cases"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6629 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-03 06:48:56 +00:00
phpnut
5d59938121 "Correcting code block"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6628 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-03 02:33:41 +00:00
phpnut
f2941a660e "References #4239 Added test from ticket to showing ticket is invalid.
Fixes #4394, fails when the hasMany multi-record form contains hidden fields.
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6627 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-03 02:29:17 +00:00
phpnut
358c529e7a "Fixes #4416, Email component uses invalid \"Content-Type\" for attachments.
Added fclose();
Removed unused code"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6623 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-02 18:57:29 +00:00
phpnut
c5f06674fa "Fixes #4394, SecurityComponent::!__validatePost fails on hasMany multi-record form.
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6618 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-04-02 06:08:55 +00:00
phpnut
fa787aa82b "Closes #4304, EmailComponent::!__getSmtpResponse not handling multiline messages"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6601 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-26 03:49:30 +00:00
nate
819cd1d667 Re-removing the Auth vulnerability re-introduced in [6593]
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6595 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-20 19:18:52 +00:00
phpnut
47eb421091 "Adding fix to Auth::identity(); for errors thrown on invalid input.
Added tests for invalid input.
Debug is turned off in this area of code because of the CakePHP errors handling, messages could cause long delays and exception noticed when debug > 0."

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6593 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-20 07:17:37 +00:00
phpnut
f6652d1b73 "Removing checks in Component::init(); to check for Security component.
Changed AuthComponent::startup() so that the password key $this->data is set to null when login fails instead of being unset."

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6589 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-17 02:31:55 +00:00
phpnut
ecfd70052d "Fixes #4353, SecurityComponent's requireLogin not working if URL spelled different than defined action name
Was not able to reproduce this on local system running php 5, more then likely this is a php 4 issue and not php 5 like ticket suggests.
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6588 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-17 02:28:04 +00:00
nate
38c7dab9f5 Fixing RequestHandlerComponent::prefers() when using extensions, fixes #4056
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6575 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-15 05:48:56 +00:00
phpnut
5374807164 "Fixes #3846, Security blackhole when no radio selected
Fixes #3920, Multiple select w/ checkboxes issues warning when all are unselected
Fixes #3962, validation POST never pass when select multiple is submit
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6546 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-10 00:25:59 +00:00
phpnut
63144591c6 "Fixes #3820, Email Component only sends message if using template and layout.
Fixes #4019, email component: attaching file is broke, fixes undefined variable, allows full paths to attachment.
Fixes #4171, Email Component: Lost a head line 'period' via SMTP method.
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6522 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-08 20:26:16 +00:00
nate
ab50975306 Correcting UPDATE query generation to support SQL standards and MySQL-specific features in parallel, fixes #4080
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6491 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-03-01 03:12:12 +00:00
nate
bd2ac9a1c1 Fixing Auth component so login still works when you allow('*'), fixes #4159
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6473 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-02-24 03:20:43 +00:00
nate
d301d7a566 Adding Flash client detection to RequestHandler
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6460 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-02-14 05:32:46 +00:00
nate
3e36695b1f Adding RequestHandlerComponent::beforeRedirect() callback to handle Ajax redirects, delaying initialization of content-types, fixes #2680
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6445 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-02-07 00:03:59 +00:00
nate
71bd08b950 Refactoring Auth / Security::hash()
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6426 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-02-02 04:51:49 +00:00
gwoo
edcdcf3235 updating form helper labels for multiple records, fixes #3880, updating custom acl component loading, #3875
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6358 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-01-10 23:13:53 +00:00
phpnut
c8172ed96a "Fixes #3851, Acl component fails to check() if a permission is denied in action (*)"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6342 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-01-09 00:39:00 +00:00
phpnut
43eab108c7 "Fixes #3811, $_SESSION not found
Fixes #3823, Session not restarted after instantiating new SessionComponent
Fixes #3850, Configuration Session.start and SessionComponent::!__active aren't handle correctly"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6341 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-01-08 15:46:02 +00:00
phpnut
348df0fca2 "Fixes #3849, Deprecated loadView() call in email component when using theme"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6333 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-01-08 02:48:07 +00:00
phpnut
aa32649c02 "Closes #2608, CSRF usability problems
Closes #3436, Security Component and multiple instances of the webapp"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6301 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-01-02 00:38:35 +00:00
phpnut
cb53dc61b0 "Closes #2897, Built-in file validation.
Implemented Validation::extension(); and Vaidation::range();
Updated copyright notices in all files"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6296 3807eeeb-6ff5-0310-8944-8be069107fe0
2008-01-01 22:18:17 +00:00
phpnut
0644112ca9 "Closes #3560, edit form use PUT so SecurityComponent::validatePost() don't call on submit"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6259 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-25 10:49:29 +00:00
phpnut
f9c1058a20 "Closes #3295, Centralize encoding / charset setting in one Configure setting"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6253 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-25 09:08:36 +00:00
phpnut
69b2ad7556 "Closes #3338, Allow AuthComponent::allow to take an array as an argument"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6251 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-25 08:11:26 +00:00
phpnut
b96a3a2e6f "Closes #3216, Allow condition overrides in AuthComponent::identify()"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6248 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-25 07:33:29 +00:00
phpnut
1489239252 "Closes #2215, Santize Class and EmailComponent need some header injection protection and cleaning"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6244 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-25 05:30:54 +00:00
nate
9d58121205 Removing trailing slash from normalized URLs in AuthComponent, moving AuthComponent::_normalizeURL() to Router::normalize(), refactoring (Ticket #3042)
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6145 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-13 07:03:59 +00:00
gwoo
b6b2696488 allowing RequestHandler to load helpers for extension from any path, closes #2230
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6141 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-11 03:01:46 +00:00
phpnut
8a2b51c3ec "Removing all shortcut function usage from the core"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6128 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-08 06:08:03 +00:00
phpnut
aa86d05b96 "Fixes #2298, Mail subject is not influenced by charset-setting"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6109 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-12-03 00:16:27 +00:00
phpnut
586ff7201c "Fixes #3640, Auth component and i18n conflict"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6084 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-26 17:51:10 +00:00
gwoo
be8acb877a updating AuthComponent to use ClassRegistry::init()
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6068 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-24 06:13:16 +00:00
phpnut
d4a0f8300e "Fixes #3634, Email Component and PHP4. Double headers being set for To: and Subject:"
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6047 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-22 17:12:03 +00:00
gwoo
d8e206b9f9 updating controller and auth, fixes #3539
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6036 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-21 17:37:55 +00:00
phpnut
c000940e36 Closes #2119 Only define clone() in PHP4 when it hasn't been already defined.
Closes #2213, Support multiple plugin paths.
Closes #2234, filepaths to behavior classes should be cached in class.paths.php also
Closes #2345, ability to group components into subfolders
Closes #2645, Improvement to basic.php for class loading.
Fixes #3526, Cache::write, when using just the config name, it fails.
Fixes #3559, loading plugin model as assoc don't work.
Closes #3567 Controller Folders (Note this does not need routing to work, but controller names can not conflict with others in the same application so naming must still be unique)
Fixes #3579, email.php component: Parse error with php 4.

Adding new class and file importer.
Updated most of the core to use the importer.
Added ClassRegsitry::init() that will create and instance of an object and store it in the registry.
Deprecated most of the load functions in basics.php
Plugin model loading now forces using the dot notation, to use models within a plugin, all the model associations must be in the PluginName.Model syntax, if this is not used, the plugin will look for the models in the main app/models directory first, if not found then it will search the plugin directories recursively until it finds a model.
	var $belongsTo = array('SomeModel'); will look for some_model.php in the app/models
	var $belongsTo = array('MyPlugin.SomeModel'); will look for some_model.php in my_plugin/models
	var $belongsTo = array('MyPlugin.MyPlugin', 'SomeModel'); will used my_plugin/models/my_plugin.php and app/models/some_model.php
	
The controllers of the plugin will still look for the default models inside the plugin if var $uses is not set:
	var $uses = array('SomeModel'); will look for some_model.php in the app/models
	var $uses = array('MyPlugin.SomeModel'); will look for some_model.php in my_plugin/models
	var $uses = array('MyPlugin.MyPlugin', 'SomeModel'); will used my_plugin/models/my_plugin.php and app/models/some_model.php

All of the above will work between plugins and main app
These changes also allow placing model and controllers is sub directories
Removed old class.paths.php file generation 

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6001 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-16 09:35:19 +00:00
phpnut
18c7a00a47 Correcting issues with Sessions and Controller::redirect()
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5999 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-16 03:52:14 +00:00
phpnut
6d867d72a9 Fixes #3547, EmailComponent: SMTP: Cc and Bcc recipients must be sent through RCPT TO - also need different formatting.
Fixes #3548, EmailComponent: SMTP: No subject, and no recipient headers.

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5985 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-12 03:26:34 +00:00
phpnut
e584f7bd0c Fixing undefined index notice when missing * errors are thrown
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5983 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-12 02:04:54 +00:00
phpnut
11d295eb0c Fixes #3507 Session Security.level "high", session destroyed on media 404.
Added ability to turn off HTTP_USER_AGENT check in a Controller::beforeFilter(),
Added id() to Session helper and component to return current Session id, the component accepts a $id parameter to force setting the Session id which must be called in a Controller::beforeFilter().
Sessions id are not longer renewed if a request is from Ajax, or from requestAction();
When Security.level (1.2) or CAKE_SECURITY (1.1) is set the 'high' renewing of Session id only happens if request is 2 seconds after the last request.
Added $_Session[Config][timeout] which forces renewing Session if request are within the 2 second limit and over 10 request.
If an application is expected to make multiple request (more than 10) to the server in a single proccess, Configure::write('Security.level', 'medium'); (1.2) or $this->Session->security = 'medium'; (1.1) should be used in a beforeFilter for the specific methods.
1.2 Sessions allow using CacheEngines to store Sessions, be aware that using memory caching as the only storage of Sessions is not reliable. Further work will be done to allow using the CacheEngines with database Sessions, etc.

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5982 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-12 01:36:20 +00:00
gwoo
70366e99e0 change error message format for i18n in Auth, closes #3539
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5976 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-09 15:41:06 +00:00
phpnut
4e163f471f Fixes #3520, EmailComponent: Doesn't catch valid SMTP authentication response.
Fixes #3521, EmailComponent: Violates SMTP protocol - "Improper use of SMTP command pipelining"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5959 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-06 06:09:06 +00:00