Commit graph

17083 commits

Author SHA1 Message Date
euromark
b188d670b7 Make year range validation less strict by default. 2014-07-26 04:06:26 +02:00
Mark Story
d6733e3ad1 Merge pull request #4078 from dereuromark/master-bake
Fix project baking
2014-07-24 13:13:08 -04:00
euromark
99d6932ecc Fix project baking 2014-07-24 18:43:48 +02:00
Mark Story
adf739b893 Merge pull request #4011 from ndm2/stmp-auth-reponse-evaluation-fix
Make SMTP auth reply code checks work properly.
2014-07-24 08:42:22 -04:00
José Lorenzo Rodríguez
94b9bf807b Merge pull request #4076 from rchavik/2.5-space-in-url
Fix: Blackholed request when POSTing to a URL with space
2014-07-24 12:53:04 +02:00
Rachman Chavik
aad89444d1 Fix: Blackholed request when POSTing to a URL with space
Eg:

Actual Posted URL:
    /admin/settings/settings/prefix/Access%20Control
$_GET value:
    /admin/settings/settings/prefix/Access_Control

Since $unsetUrl differs, the $_GET value will get copied in to
CakeRequest::$query, causing CakeRequest::here() to return:

    /admin/settings/settings/prefix/Access%20Control?%2Fadmin%2Fsettings%2Fsettings%2Fprefix%2FAccess_Control=

This confuses SecurityComponent in the following line:

    f23d811ff5/lib/Cake/Controller/Component/SecurityComponent.php (L514)
2014-07-24 16:25:03 +07:00
Mark Story
d0a22ade39 Merge pull request #4044 from ravage84/patch-1
Added NetBeans project folder to .gitignore
2014-07-23 21:37:58 -04:00
mark_story
08de917b3c Fix accidental typo in SQL file.
Fixes #4061
2014-07-22 09:38:46 -04:00
ADmad
80ba96cef6 Merge pull request #4060 from davidsteinsland/fix_ajax_login_header
Fixed sending of headers when ajaxLogin is set
2014-07-22 19:01:51 +05:30
David Steinsland
6e777a54a3 Mocking _sendHeader instead of send() 2014-07-22 15:05:06 +02:00
David Steinsland
d98abc58d1 Added test case for CakeResponse::send() and ajaxLogin 2014-07-22 14:45:18 +02:00
David Steinsland
b61972871a Fixed sending of headers when ajaxLogin is set 2014-07-22 13:21:42 +02:00
mark_story
9b8e6403fd Add indexes to db_acl.sql in skel directory.
Copy changes in app/Config/Schema into the skel directory.

Refs #4052
2014-07-21 21:31:05 -04:00
mark_story
b129ce512e Update db_acl.sql to use correct column names.
The column names added in bb15271 were incorrect.

Fixes #4052
2014-07-21 21:30:05 -04:00
Marc Würth
cec7d5d03a Added NetBeans project folder to .gitignore
Refs 78fb9b559a (commitcomment-7077015)
2014-07-21 10:08:43 +02:00
mark_story
ac9af7e326 Update version number to 2.5.3 2014-07-20 22:20:47 -04:00
mark_story
0dfce1abf3 Add . to the list of allowed characters.
This was missed when the email validation rules were relaxed in
dc34d80f6f.

Fixes #4027
2014-07-19 19:57:33 -04:00
Mark Story
52c8aa1b54 Merge pull request #4016 from ravage84/patch-1
Added *.mo and .idea to .gitignore
2014-07-18 14:04:44 -04:00
Marc Würth
78fb9b559a Added *.mo and .idea to .gitignore 2014-07-18 19:11:56 +02:00
Mark Story
91b4ee8984 Merge pull request #4008 from davidyell/patch-3
Update ControllerTask.php
2014-07-18 10:50:39 -04:00
David Yell
28ec1c40a5 When specifying Session as a component and using Session flash messages, you end up with 'Paginator, Session, Session' which doesn't make sense. Added an array_unique to remove any duplicated components. 2014-07-18 15:37:22 +01:00
ndm2
f03bf8067c Add some more exception message checks 2014-07-18 14:56:10 +02:00
ndm2
bf7d01ac66 Make SMTP auth reply code checks work properly. 2014-07-18 14:53:22 +02:00
José Lorenzo Rodríguez
b6eb5624f8 Merge pull request #3985 from dogmatic69/patch-3
Make the error message better for fixture errors
2014-07-15 14:30:18 +02:00
Carl Sutton
8d58d93636 Make the error message better for fixture errors
The stack trace has no details about which fixture is the actual problem.
2014-07-15 13:21:48 +01:00
José Lorenzo Rodríguez
070d80029f Merge pull request #3976 from davidyell/patch-2
Update CONTRIBUTING.md
2014-07-14 10:40:19 +02:00
David Yell
7b4c5236cf Update CONTRIBUTING.md
Added some helpful links. Updated PHPUnit version requirement.
2014-07-14 09:37:50 +01:00
Mark Story
5ebed62134 Merge pull request #3959 from chinpei215/master-issue3857-fix
Fix a race condition problem

Fixes #3857
2014-07-13 22:03:06 -04:00
chinpei215
ca93bbcd15 Fix CS 2014-07-14 01:21:09 +09:00
chinpei215
ace30fdd8a Fix a race condition problem
Prevents Model::save() from generating a query with WHERE 1 = 1 on race condition.

Refs #3857
2014-07-12 23:27:39 +09:00
mark_story
03c2a8b722 Unify datetime column default values between MySQL and Postgres.
Datetime columns should have 'default' => null, in both Postgres and
MySQL.

Fixes #3837
2014-07-11 23:10:16 -04:00
mark_story
a098d96c94 Remove flaky test that was of questionable value. 2014-07-10 14:39:20 -04:00
Mark Story
5af65f3a28 Merge pull request #3927 from chinpei215/master-h-opt
A micro optimization of h()
2014-07-10 12:30:03 -04:00
chinpei215
1a58b76e42 A micro optimization of h()
In most cases, the first argument of h() will be a string.
2014-07-10 20:53:10 +09:00
Mark
106d4ef12e Merge pull request #3925 from davidyell/patch-1
Update Model.php
2014-07-10 12:49:30 +02:00
David Yell
79be5e6805 Update Model.php
Fixed the case on the link to the book, to match the anchor in the page.
2014-07-10 10:46:48 +01:00
Mark Story
77455e6eae Merge pull request #3913 from chinpei215/master-exception-renderer-fix
Fix an infinite recursion caused by missing plugin
2014-07-09 08:58:37 -04:00
chinpei215
0c1fc36b14 Fix an infinite recursion caused by missing plugin
When a MissingPluginException has caught when rendering an exception,
we should disable the plugin as needed to prevent an infinite recursion.
2014-07-09 15:55:41 +09:00
mark_story
b3dfad614a Correct pattern matching.
Instead of 10 digits, it should limit at 10 groups.

Refs 1988e89e73
2014-07-06 09:42:20 -04:00
Mark Story
1aa7331b0d Merge pull request #3888 from Schlaefer/fix-#3887-reusableCsrfExpires
fixes #3887 CSRF reusable token expires
2014-07-06 09:05:38 -04:00
Schlaefer
1e961a8aac increases time window in CSRF token expiry tests to 2 seconds
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
José Lorenzo Rodríguez
396725dc8c Merge pull request #3880 from markstory/incorrect-validation
Fix issues with Validation::inList() and SecurityComponent
2014-07-05 14:41:15 +02:00
euromark
009138b326 Fix CS 2014-07-05 13:49:50 +02:00
Mark Story
eb485f82b8 Merge pull request #3878 from ceeram/optimize
minor optimisation, refs comments on 81875cfeb1b8e5c414cf9de3c96dd2dde50...
2014-07-04 13:11:17 -04:00
Ceeram
a266a9493d minor optimisation, refs comments on 81875cfeb1 2014-07-04 17:25:41 +02:00
ADmad
1eccec02e4 Merge pull request #3872 from CostaC/response-sharable-fix
Fix for CakeResponse::sharable() header to include private caches
2014-07-04 10:32:51 +05:30
mark_story
3936cce4b8 Disallow hexadecimal input with inList.
Instead of turning on/off strict mode based on the user supplied input,
cast everything to strings and always use a strict check. This avoids
the potential issue of a bad user using hexadecimal when they should not
be allowed to do so. Thanks to 'Kurita Takashi' for pointing this out.
2014-07-03 22:10:49 -04:00
mark_story
1988e89e73 Add an upper bound to the POST data SecurityComponent will consider.
'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
2014-07-03 22:02:00 -04:00
mark_story
765be87d88 Overwrite the schemaName property if it is not defined in the class.
If a model class does not define a schemaName we should use the
datasource's schemaName. We can assume that people using schemaName want
to lock the model onto a specific schema given the changes in #3210

Fixes #3720
2014-07-03 21:53:54 -04:00