chinpei215
a6b0271560
Remove Security::engine()
...
We disscussed and decided to avoid auto selecting which extension to use.
Instead, call Configure::write('Security.useOpenSsl', true) manually.
2018-02-24 12:17:51 +09:00
chinpei215
d7ed0339b1
Make mcrypt optional
...
Now Security::encrypt() and Security::decrypt() works with openssl
if the mcrypt extension is unavailable.
Note that Security::rijndael() doesn't work with openssl.
2018-01-19 23:54:53 +09:00
Mark Story
fb44035177
Merge pull request #11299 from tenkoma/2.x-fix-cc-number-jcb-pattern
...
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 10:09:19 -04:00
Koji Tanaka
7d2d902b57
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 16:15:10 +09:00
chinpei215
deac8f9109
Backport #7080 , #8233 and #11060
2017-10-06 22:02:37 +09:00
Marc Würth
d03a682eeb
Use HTTPS for the bakery.cakephp.org URL
2017-06-11 00:27:59 +02:00
Marc Würth
da8414e13b
Use HTTPS for the opensource.org MIT license URL
2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50
Use HTTPS for the book.cakephp.org URL
2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9
Use HTTPS for the cakefoundation.org URL
2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15
Use HTTPS for the cakephp.org URL
2017-06-10 23:40:28 +02:00
mark_story
ea05b04193
Add additional test for -0.0
...
In PHP5 `-0.0` doesn't work. Include the other way of making -0 for
PHP5.
Refs #10521
2017-04-16 23:00:31 -04:00
mark_story
9007a7fe58
Fix notBlank() to pass on -0.0
...
Copy the implementation from 3.x as it works with -0.0 already.
Refs #10521
2017-04-16 09:57:36 -04:00
mark_story
e698891d09
Hash::filter() should not exclude 0.0
...
Refs #10385
2017-03-09 21:29:44 -05:00
mark_story
3f10a0227a
Allow false/true to be read as keys in Hash::get().
...
While these are not values within the documented types, there exist use
cases in CakeSession that necessitate these to be supported types.
Refs #10196
2017-02-13 21:50:51 -05:00
Mischa ter Smitten
6818268a27
New Validation::(min|max)ByteLength() addition
2017-01-30 03:22:48 +09:00
mark_story
273a8a2d7d
Add support for the parseHuge option.
...
Sometimes people need to load huge XML files. Add an option to enable
people to enable this flag.
Refs #10031
2017-01-13 21:26:54 -05:00
mark_story
53bcc1550f
Fix PHPCS error.
2016-12-13 22:50:07 -05:00
mark_story
99af4bba83
Merge branch 'domingues-2x' into 2.x
...
Refs #9870
2016-12-13 22:48:12 -05:00
mark_story
3c44ddd10b
Add tests for #9870
2016-12-13 22:47:57 -05:00
Mark Story
4a4c83c3e9
Merge pull request #9859 from cakephp/debugger-encoding
...
2.x - Debugger encoding
2016-12-13 19:26:52 -05:00
mark_story
ee7739a3bf
Try another approach to get the same error in all php versions.
2016-12-13 00:46:13 -05:00
mark_story
69afeb08af
Skip error encoding test in PHP5.3
...
Index errors work funny in PHP5.3, which makes testing them not work
like other versions of PHP.
2016-12-12 21:28:20 -05:00
mark_story
edfda47cf4
Fix missing HTML encoding in Debugger
...
Fix missing HTML encoding when error messages contain HTML. This can
happen when user data is used as an offset in an array in an unchecked
way.
Thanks to Teppei Fukuda for reporting this issue via the responsible
security disclosure process.
2016-12-10 08:47:13 -05:00
mark_story
e3221b1c38
Fix errors in php7.1
...
* The constructor of errors has changed in PHP 7.1
* mcrypt is no longer available in PHP 7.1 by default.
2016-12-05 16:14:33 -05:00
mark_story
e057b5572c
Fix PHPCS.
2016-11-21 20:51:12 -05:00
mark_story
71b7d6211b
Fix AclNode constructor.
...
It should forward the settings from ClassRegistry::init() so that
aliases can be customized as needed.
Refs #9766
2016-11-19 22:30:18 -04:00
mark_story
66363e6bea
Add tests for #9766
...
I'm not able to reproduce incorrect aliases coming out of ClassRegistry.
As reported.
2016-11-19 10:02:09 -04:00
mark_story
c935bed8f6
Fix PHPCS
2016-10-21 18:35:05 -04:00
mark_story
816801902e
Allow '' to be a valid key for Hash, and Session
...
By removing a bunch of empty() guards we can make '' behave like all the
other key names. This does change the existing behavior/tests around ''
key, but I think that is ok given the need to manipulate ''.
Refs #9632
2016-10-21 10:54:39 -04:00
mark_story
e8d63725d8
Merge branch '2.x' into 2.next
2016-09-04 23:54:22 -04:00
mark_story
2ffde69d5b
Skip test that always fails on PHP5.3
2016-08-29 21:56:30 -04:00
mark_story
d1cfe203c4
Fix PHPCS error.
2016-08-29 21:53:47 -04:00
Mark Story
51963ab8fc
Merge pull request #9349 from cakephp/2.x-sort-locale
...
2.x sort locale backport
2016-08-26 11:13:21 -04:00
Mark Sch
ee319baec1
Backport skip
2016-08-26 16:15:39 +02:00
mscherer
03df288e78
Re-add spacing.
2016-08-26 14:45:59 +02:00
mscherer
dab4b85596
Backport Hash::sort() support for type locale.
2016-08-26 14:32:21 +02:00
ndm2
87d86aaed9
Fix/tighten Folder::inPath()
checks.
...
The current checks are way too relaxed, and are more like testing
for a substring, which makes it easy for invalid paths to slip
trough, for example `/foo/var/www` is falsely tested to reside in
`/var/www`.
Passing an empty path never worked properly, it was triggering a
warning, didn't worked on Windows, and the behavior that the current
top level directory would be assumed for empty paths wasn't
documented.
Similar is true for relative paths. While they did match at one point,
this was incorrect behavior, and matching actual path fragments seems
out of scope for this method.
This change makes the `$path` argument required, requires it to be an
absolute path, and throws an exception in case a non-absolute path is
being passed.
2016-08-26 13:45:45 +02:00
Marc Würth
f2638b3e38
Remove superfluous "Class" from doc blocks
2016-08-10 12:22:09 +02:00
mark_story
61b3fbd605
Merge branch '2.x' into 2.next
2016-08-09 22:12:26 -04:00
mark_story
234f732d6d
Attempt to get tests passing on travis.
...
Also attempt to get stickler to ignore the 2.x branch.
2016-07-01 17:52:02 -04:00
mark_story
d816ea6e16
Add test showing that niceShort translates month names.
...
Refs #8968
2016-07-01 17:51:23 -04:00
mark_story
432eb9c432
Merge branch '2.x' into 2.next
2016-06-27 21:47:47 -04:00
Steampilot
723ed96fd6
Added sorting by modified time in Folder util
2016-05-12 16:28:04 +02:00
mark_story
12c6fd4e22
Merge branch '2.x' into 2.next
2016-05-02 21:58:41 -04:00
Philippe Saint-Just
c2f028ab49
Fix spacing
2016-04-30 13:13:14 -04:00
Philippe Saint-Just
cd07850337
Merge branch 'backport-8741-8690' into 2.x
2016-04-30 13:11:34 -04:00
mark_story
8b5023282e
Randomly generate a salt when the salt is '' or null.
...
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.
Refs #8650
2016-04-15 21:49:17 -04:00
mscherer
dda9e83ab6
Refactor Object to CakeObject for future PHP7 comp.
2016-04-08 14:33:26 +02:00
mark_story
84fc9498b5
Allow N11 exchange numbers as valid.
...
The previous code and commit (fa3d4a0bb5
)
were incorrect about invalid exchange numbers as 1-800-211-4511 is
a real phone number.
I've also removed a duplicate alternation pattern.
Refs #8567
2016-03-31 22:38:16 -04:00
mark_story
1926d40d40
Fix possibility for spoofed files to pass validation.
...
Use `is_uploaded_file` to prevent crafty requests that contain bogus
files from getting through. A testing stub class was necessary to avoid
making significant changes to the test suite.
2016-03-28 22:10:36 -04:00