Commit graph

423 commits

Author SHA1 Message Date
Schlaefer
1e961a8aac increases time window in CSRF token expiry tests to 2 seconds
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60 Whitelist more URL-y characters in digest parsing.
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.

Refs #3779
2014-06-23 14:39:35 -04:00
mark_story
975e4c3af0 Allow username of 0 in basic authentication.
Refs #3624
2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47 Add tests for #3624
The username of '0' should be accepted by FormAuthenticate.

Refs #3624
2014-06-02 21:58:50 -04:00
mark_story
66e733f8b1 Fix test I forgot to fix in b8fa7ce134 2014-05-13 22:12:39 -04:00
mark_story
a34d5f733d Fix PaginatorComponent tests.
Because count() queries don't happen in many cases now, the lastQueries
index needs to shift up by one because a query isn't happening anymore.

Refs #3333
2014-05-12 22:10:27 -04:00
mark_story
89cd114e6f Merge branch 'master' into 2.5 2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d Merge pull request #3448 from dereuromark/master-controller
Controller::referer() and local URL
2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1 Allowing same Authenticate object to be setup with different settings. 2014-05-06 22:10:41 +02:00
ADmad
d466e00644 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
	lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
	lib/Cake/Utility/Folder.php
	lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
mark_story
1d1a2f859c Fix coding standards error. 2014-04-28 20:56:06 -04:00
euromark
8679c5cd18 Fix test 2014-04-28 17:33:56 +02:00
mark_story
cf96e9f54f Merge branch 'master' into 2.5 2014-04-26 22:04:19 -04:00
mark_story
a28158d614 Add additional test for f23d811ff5
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
ADmad
68572d8046 Cannot use php 5.4+ array syntax for 2.x. 2014-04-26 17:30:31 +05:30
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
ADmad
abacf0d14b Remove setting of Controller::$ext by RequestHandler.
Closes #3022
2014-03-16 20:09:08 +05:30
mark_story
6c3bc48ce0 Merge branch 'master' into 2.5 2014-03-06 17:45:00 -05:00
Mark
3ca338fe26 Merge pull request #2781 from davidsteinsland/2.5
Fixed HTTP Status code when ajaxLogin is set
2014-03-06 12:37:51 +01:00
ndm2
01e1b5ca61 Fix failing tests caused by already existing classes 2014-03-01 20:24:32 +01:00
ndm2
008ad3237c Fix verification of expected invocations #2919 2014-03-01 19:06:17 +01:00
mark_story
2c5d96e916 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
mark_story
827dc77a11 Fix incorrect assertion. 2014-02-11 22:00:24 -05:00
mark_story
a5d50da040 Remove dead and unused code. 2014-02-11 16:38:24 -05:00
David Steinsland
f2b9aa5ca4 Fixed HTTP Status code when ajaxLogin is set 2014-02-05 16:05:02 +01:00
José Lorenzo Rodríguez
e36c954da7 Merge pull request #2693 from ADmad/2.5-session-start
Don't start a session if it's known to be empty.
2014-02-01 04:08:48 -08:00
Rachman Chavik
b83b59a9d7 Log errors instead of calling trigger_error() 2014-01-29 17:51:07 +07:00
ADmad
84932fcc4a Don't start a session if it's known to be empty.
If an app only reads/checks the session there's no need to start a
session to know that the read/checked session value is empty.

Fixes #1981
2014-01-22 01:17:16 +05:30
euromark
97e43e5806 unify to expected 2014-01-09 16:52:21 +01:00
euromark
29e15386b2 Follow the deprecation note of 2.1 migration guide and switch to fetch(title)
correct assert order for test
2014-01-09 16:45:49 +01:00
ADmad
27979286b2 Revert change done in 11f543f1f2.
The change is unneeded now as Security::encrypt() no longer throws exception
for falsey values.
2013-12-15 20:29:41 +05:30
Mark Story
bf96ea36d9 Merge pull request #2482 from zoghal/2.5-cookie-fix2
fix CookieComponent - when write null or empty string
2013-12-14 16:21:58 -08:00
mark_story
c2b8778ce8 Merge branch 'master' into 2.5 2013-12-14 17:45:49 -05:00
Saleh Souzanchi
11f543f1f2 fix CookieComponent - when write null or empty string 2013-12-15 02:15:36 +03:30
José Lorenzo Rodríguez
6358741944 Merge pull request #2449 from cakephp/fix-session-cyclic-error
Fixed error in CakeSession that would call start() in an infinite loop
2013-12-09 02:18:21 -08:00
mark_story
48d2618c62 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Routing/Router.php
2013-12-08 21:25:59 -05:00
Jose Lorenzo Rodriguez
3a2c497206 Fixed failing test 2013-12-08 14:08:57 +01:00
ADmad
738d0e2277 Fixed edge case which allowed login with empty password.
Ensure skipping call to FormAuthenticate::_checkFields() does not allow
logging in with empty password. Closes #2441.
2013-12-07 18:40:08 +05:30
mark_story
8578708e76 Merge branch 'master' into 2.5 2013-12-01 21:37:37 -05:00
ADmad
c72def4840 Moved exception throwing to after paging info it set for request.
This fixes the regression caused in 2096d3f632. When catching exception
thrown by PaginatorComponent::paginate() in controller, developer again
has access to paging info in request object.

Closes #2402
2013-11-30 19:00:08 +05:30
ADmad
dda6080579 Merge branch 'master' into 2.5 2013-11-19 00:27:12 +05:30
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
mark_story
afd182898f Merge branch 'master' into 2.5 2013-11-01 16:54:57 -04:00