euromark
b188d670b7
Make year range validation less strict by default.
2014-07-26 04:06:26 +02:00
Mark Story
d6733e3ad1
Merge pull request #4078 from dereuromark/master-bake
...
Fix project baking
2014-07-24 13:13:08 -04:00
euromark
99d6932ecc
Fix project baking
2014-07-24 18:43:48 +02:00
Mark Story
adf739b893
Merge pull request #4011 from ndm2/stmp-auth-reponse-evaluation-fix
...
Make SMTP auth reply code checks work properly.
2014-07-24 08:42:22 -04:00
José Lorenzo Rodríguez
94b9bf807b
Merge pull request #4076 from rchavik/2.5-space-in-url
...
Fix: Blackholed request when POSTing to a URL with space
2014-07-24 12:53:04 +02:00
Rachman Chavik
aad89444d1
Fix: Blackholed request when POSTing to a URL with space
...
Eg:
Actual Posted URL:
/admin/settings/settings/prefix/Access%20Control
$_GET value:
/admin/settings/settings/prefix/Access_Control
Since $unsetUrl differs, the $_GET value will get copied in to
CakeRequest::$query, causing CakeRequest::here() to return:
/admin/settings/settings/prefix/Access%20Control?%2Fadmin%2Fsettings%2Fsettings%2Fprefix%2FAccess_Control=
This confuses SecurityComponent in the following line:
f23d811ff5/lib/Cake/Controller/Component/SecurityComponent.php (L514)
2014-07-24 16:25:03 +07:00
Mark Story
d0a22ade39
Merge pull request #4044 from ravage84/patch-1
...
Added NetBeans project folder to .gitignore
2014-07-23 21:37:58 -04:00
mark_story
08de917b3c
Fix accidental typo in SQL file.
...
Fixes #4061
2014-07-22 09:38:46 -04:00
ADmad
80ba96cef6
Merge pull request #4060 from davidsteinsland/fix_ajax_login_header
...
Fixed sending of headers when ajaxLogin is set
2014-07-22 19:01:51 +05:30
David Steinsland
6e777a54a3
Mocking _sendHeader instead of send()
2014-07-22 15:05:06 +02:00
David Steinsland
d98abc58d1
Added test case for CakeResponse::send() and ajaxLogin
2014-07-22 14:45:18 +02:00
David Steinsland
b61972871a
Fixed sending of headers when ajaxLogin is set
2014-07-22 13:21:42 +02:00
mark_story
9b8e6403fd
Add indexes to db_acl.sql in skel directory.
...
Copy changes in app/Config/Schema into the skel directory.
Refs #4052
2014-07-21 21:31:05 -04:00
mark_story
b129ce512e
Update db_acl.sql to use correct column names.
...
The column names added in bb15271
were incorrect.
Fixes #4052
2014-07-21 21:30:05 -04:00
Marc Würth
cec7d5d03a
Added NetBeans project folder to .gitignore
...
Refs 78fb9b559a (commitcomment-7077015)
2014-07-21 10:08:43 +02:00
mark_story
ac9af7e326
Update version number to 2.5.3
2014-07-20 22:20:47 -04:00
mark_story
0dfce1abf3
Add .
to the list of allowed characters.
...
This was missed when the email validation rules were relaxed in
dc34d80f6f
.
Fixes #4027
2014-07-19 19:57:33 -04:00
Mark Story
52c8aa1b54
Merge pull request #4016 from ravage84/patch-1
...
Added *.mo and .idea to .gitignore
2014-07-18 14:04:44 -04:00
Marc Würth
78fb9b559a
Added *.mo and .idea to .gitignore
2014-07-18 19:11:56 +02:00
Mark Story
91b4ee8984
Merge pull request #4008 from davidyell/patch-3
...
Update ControllerTask.php
2014-07-18 10:50:39 -04:00
David Yell
28ec1c40a5
When specifying Session as a component and using Session flash messages, you end up with 'Paginator, Session, Session' which doesn't make sense. Added an array_unique to remove any duplicated components.
2014-07-18 15:37:22 +01:00
ndm2
f03bf8067c
Add some more exception message checks
2014-07-18 14:56:10 +02:00
ndm2
bf7d01ac66
Make SMTP auth reply code checks work properly.
2014-07-18 14:53:22 +02:00
José Lorenzo Rodríguez
b6eb5624f8
Merge pull request #3985 from dogmatic69/patch-3
...
Make the error message better for fixture errors
2014-07-15 14:30:18 +02:00
Carl Sutton
8d58d93636
Make the error message better for fixture errors
...
The stack trace has no details about which fixture is the actual problem.
2014-07-15 13:21:48 +01:00
José Lorenzo Rodríguez
070d80029f
Merge pull request #3976 from davidyell/patch-2
...
Update CONTRIBUTING.md
2014-07-14 10:40:19 +02:00
David Yell
7b4c5236cf
Update CONTRIBUTING.md
...
Added some helpful links. Updated PHPUnit version requirement.
2014-07-14 09:37:50 +01:00
Mark Story
5ebed62134
Merge pull request #3959 from chinpei215/master-issue3857-fix
...
Fix a race condition problem
Fixes #3857
2014-07-13 22:03:06 -04:00
chinpei215
ca93bbcd15
Fix CS
2014-07-14 01:21:09 +09:00
chinpei215
ace30fdd8a
Fix a race condition problem
...
Prevents Model::save() from generating a query with WHERE 1 = 1 on race condition.
Refs #3857
2014-07-12 23:27:39 +09:00
mark_story
03c2a8b722
Unify datetime column default values between MySQL and Postgres.
...
Datetime columns should have 'default' => null, in both Postgres and
MySQL.
Fixes #3837
2014-07-11 23:10:16 -04:00
mark_story
a098d96c94
Remove flaky test that was of questionable value.
2014-07-10 14:39:20 -04:00
Mark Story
5af65f3a28
Merge pull request #3927 from chinpei215/master-h-opt
...
A micro optimization of h()
2014-07-10 12:30:03 -04:00
chinpei215
1a58b76e42
A micro optimization of h()
...
In most cases, the first argument of h() will be a string.
2014-07-10 20:53:10 +09:00
Mark
106d4ef12e
Merge pull request #3925 from davidyell/patch-1
...
Update Model.php
2014-07-10 12:49:30 +02:00
David Yell
79be5e6805
Update Model.php
...
Fixed the case on the link to the book, to match the anchor in the page.
2014-07-10 10:46:48 +01:00
Mark Story
77455e6eae
Merge pull request #3913 from chinpei215/master-exception-renderer-fix
...
Fix an infinite recursion caused by missing plugin
2014-07-09 08:58:37 -04:00
chinpei215
0c1fc36b14
Fix an infinite recursion caused by missing plugin
...
When a MissingPluginException has caught when rendering an exception,
we should disable the plugin as needed to prevent an infinite recursion.
2014-07-09 15:55:41 +09:00
mark_story
b3dfad614a
Correct pattern matching.
...
Instead of 10 digits, it should limit at 10 groups.
Refs 1988e89e73
2014-07-06 09:42:20 -04:00
Mark Story
1aa7331b0d
Merge pull request #3888 from Schlaefer/fix-#3887-reusableCsrfExpires
...
fixes #3887 CSRF reusable token expires
2014-07-06 09:05:38 -04:00
Schlaefer
1e961a8aac
increases time window in CSRF token expiry tests to 2 seconds
...
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354
fixes #3887 CSRF reusable token expires
2014-07-06 10:39:00 +02:00
José Lorenzo Rodríguez
396725dc8c
Merge pull request #3880 from markstory/incorrect-validation
...
Fix issues with Validation::inList() and SecurityComponent
2014-07-05 14:41:15 +02:00
euromark
009138b326
Fix CS
2014-07-05 13:49:50 +02:00
Mark Story
eb485f82b8
Merge pull request #3878 from ceeram/optimize
...
minor optimisation, refs comments on 81875cfeb1b8e5c414cf9de3c96dd2dde50...
2014-07-04 13:11:17 -04:00
Ceeram
a266a9493d
minor optimisation, refs comments on 81875cfeb1
2014-07-04 17:25:41 +02:00
ADmad
1eccec02e4
Merge pull request #3872 from CostaC/response-sharable-fix
...
Fix for CakeResponse::sharable() header to include private caches
2014-07-04 10:32:51 +05:30
mark_story
3936cce4b8
Disallow hexadecimal input with inList.
...
Instead of turning on/off strict mode based on the user supplied input,
cast everything to strings and always use a strict check. This avoids
the potential issue of a bad user using hexadecimal when they should not
be allowed to do so. Thanks to 'Kurita Takashi' for pointing this out.
2014-07-03 22:10:49 -04:00
mark_story
1988e89e73
Add an upper bound to the POST data SecurityComponent will consider.
...
'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
2014-07-03 22:02:00 -04:00
mark_story
765be87d88
Overwrite the schemaName property if it is not defined in the class.
...
If a model class does not define a schemaName we should use the
datasource's schemaName. We can assume that people using schemaName want
to lock the model onto a specific schema given the changes in #3210
Fixes #3720
2014-07-03 21:53:54 -04:00