mscherer
dda9e83ab6
Refactor Object to CakeObject for future PHP7 comp.
2016-04-08 14:33:26 +02:00
mark_story
fef3090717
Fix incorrectly inheriting permissions.
...
When child inherits from a deny parent the '*' permission should reflect
permissions on all nodes not just the leaf node. Previously once a node
with all permissions set to inherit was found, the check would pass.
Instead it should cascade to the parent nodes and look for explicit
allow/deny.
Refs #8450
2016-03-11 23:18:50 -05:00
mark_story
b2509ea13d
Fix inherited permissions when checking the '*' permission.
...
When checking inherited permissions for '*' also copy inherited
permissions onto the inherited list. By copying the inherited values, we
get the union of explit allow and inherited permissions, which if all
things go well will match the permission key list.
Refs #8114
2016-02-16 22:30:19 -05:00
Marc Würth
b5655d63ff
Remove lighthouse references
2016-02-10 12:27:34 +01:00
mark_story
3b5a71df37
Merge branch '2.7' into 2.8
2016-01-28 21:51:59 -05:00
mark_story
fc57dee72f
Fix error in PHP 5.3
2016-01-28 21:50:56 -05:00
mark_story
3e67685c7c
Merge branch '2.7' into 2.8
2016-01-21 21:46:51 -05:00
mark_story
4b8d628a2e
Backport SecurityComponent fixes from #8071 to 2.x
...
If the request manages to have data set outside of post/put we should
still validate the request body. This expands SecurityComponent to cover
PATCH and DELETE methods, as well as request methods that should be
safe, but somehow end up not safe.
2016-01-20 21:34:58 -05:00
Larry E. Masters
0aa8847762
Merge pull request #7840 from cakephp/2.8-PHP7
...
2.8 PHP7 compatibility
2015-12-29 00:27:33 -05:00
Larry E. Masters
e7a313edee
getting sloppy as I get older, fixing code sniffer errors
2015-12-29 00:06:44 -05:00
Larry E. Masters
b1d93377b6
Removing invalid test
2015-12-28 23:36:37 -05:00
Larry E. Masters
027e32ce00
Reverted change setting $_SESSION to an array. Commenting out a test that is invalid.
...
This test creates a numeric key of 0 in $_SESSION which is not a valid session key. This causes error - session_write_close(): Skipping numeric key 0 error.
2015-12-28 17:19:31 -05:00
Larry E. Masters
3c21f4a8af
Fixes session_write_close(): Skipping numeric key 0 error
2015-12-28 11:18:03 -05:00
Larry E. Masters
894d233fd6
add @throws anotation to fix travis PHP_CODESNIFFER warnings
2015-12-13 15:16:49 -06:00
Larry E. Masters
48e018e707
Allowing tests to run on PHP 7
2015-12-13 14:12:31 -06:00
Mark Scherer
f662b2f5aa
Skip error for now.
2015-12-06 12:50:09 +01:00
mark_story
48450e71fa
Merge branch '2.7' into 2.8
2015-11-11 22:53:45 -05:00
Jorge González
cb6a17c34e
add Flash back to Controller, fix Scaffold to use Flash instead
2015-11-04 10:41:35 +00:00
mark_story
8c404ad6a7
Merge branch '2.7' into 2.8
2015-10-17 21:00:26 -04:00
mark_story
dea32345c8
Add failing test for #7570
...
Documented behavior that exists in 3.x is not working in 2.x
2015-10-17 20:54:40 -04:00
mark_story
ae83e197dc
Merge branch '2.8' of github.com:cakephp/cakephp into 2.8
2015-09-27 11:13:12 -04:00
Marc Würth
1ede742d92
Various improvements to the CakePHP test files
...
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
Mark Scherer
81cbb52f74
Only array-wrap 'order' if it's not already an array.
2015-09-22 13:04:28 +02:00
mark_story
07c2047984
Merge branch '2.7' of github.com:cakephp/cakephp into 2.7
2015-08-06 21:43:40 -04:00
mark_story
056f24a774
Forbid direct prefix access with mixed casing.
...
Changing the casing up should not allow prefix method access.
2015-08-05 23:05:30 -04:00
mark_story
9f20330d17
Fix fatal error on null subject.
...
Refs #7176
2015-08-05 22:20:39 -04:00
Mark Scherer
52e79987a2
Replacing self with static due to PHP5.3+. Following #7040 .
2015-07-21 10:22:53 +02:00
mark_story
9b313f86e4
Add tests for #7034
...
These tests ensure that redirect() is never called which ensures the
Location header is never set. Ajax requests when no loginElement is
defined should get an empty response with a 403 status code.
2015-07-16 23:00:20 -04:00
Chris Kim
94fbc6e5f2
Don't map text/plain to csv. Backport from 3.0. Refs #1696
...
Jquery sets accepts header similar to "text/plain, */*; q=0.01" by
default for xhr requests. Due to this RequestHandler used to set
extension to csv thereby causing View class to look for views under
non-existent csv folders.
2015-07-07 15:19:45 -04:00
Highstrike
a9d77d26f0
fix failing tests
...
fixing...
2015-06-25 13:40:50 +03:00
Highstrike
58983f717a
2.7.0-RC Auth doesn't use the new Flash component
...
Changed 'Flash.' to 'Message.' and also provided backwards compatibility
in FlashHelper->render
2015-06-24 14:06:35 +03:00
Mark Scherer
4f3602ad5f
Adjust bake, docblocks and tests for notBlank.
2015-05-17 22:27:16 +02:00
mark_story
0b916cedbb
Merge branch 'master' into 2.7
2015-03-09 21:55:20 -04:00
mark_story
02c9dda9a7
Make maxLimit and limit settings independent.
...
Having maxLimit infer what it should be based on limit was not a very
transparent default behavior. The documentation states that maxLimit
will default to 100, but the code would default it to 'limit' if set.
This created confusing behavior when only one setting was defined.
Refs #5973
2015-02-27 22:35:52 -05:00
mark_story
63769ae4a6
Merge branch 'master' into 2.7
...
Conflicts:
lib/Cake/VERSION.txt
2015-02-26 12:50:35 -05:00
mark_story
c92cfb413f
Allow numeric sorts in PaginatorComponent.
...
When paginating data, we should not ignore numerically indexed order
conditions. Instead they should be handled similar to Model::find().
This creates a slightly different behavior when model's have default
sorting applied as more default sort options forms will be honoured.
Refs #5964
2015-02-25 21:38:56 -05:00
Mark Story
9f1f158cc0
Merge pull request #5855 from tanuck/2.7-custom-flash-message
...
Backport of 3.x flash messages #5823
2015-02-14 22:07:30 -05:00
mark_story
3dfa22b021
Fix order of hasOne assocation.
...
This should fix non-deterministic failures.
2015-02-10 22:46:53 -05:00
James Tancock
e173c29d33
Fix for phpcs
2015-02-04 15:31:50 +00:00
James Tancock
b8b6b67abd
Tests for ported Flash component & helper
2015-02-04 15:05:40 +00:00
mark_story
396d501d1e
Fix / being handled incorrect by referer()
...
Backport changes in #4987 to 2.x. This solves issues with duplicate base
directories when redirecting back to '/'
Fixes #4812
2015-01-15 21:26:34 -05:00
Sebastien Barre
20e2882bf6
Remove duplicate class declaration
2014-11-23 21:49:29 -05:00
Sebastien Barre
5ac47487f9
Merge branch 'ticket-5041' of github.com:sebastienbarre/cakephp into ticket-5041
...
Conflicts:
lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
2014-11-22 13:38:11 -05:00
Sebastien Barre
a2e7896038
Fix uses, style
2014-11-22 13:31:39 -05:00
Sebastien Barre
7da48669c8
Have BaseAuthenticate implement CakeEventListener instead
2014-11-22 13:31:38 -05:00
Sebastien Barre
50e5b5e8fe
Move App::uses() again
2014-11-22 13:31:38 -05:00
Sebastien Barre
d7b353dcf9
Move App::uses(), rename helper class to avoid conflict
2014-11-22 13:31:38 -05:00
Sebastien Barre
43413f029e
Ticket 5041: have Auth::login() send Auth.afterIdentify event
2014-11-22 13:31:38 -05:00
Sebastien Barre
4bada05028
Fix doc/style
2014-11-05 18:37:20 -05:00
Sebastien Barre
ee73c1732b
Have BaseAuthenticate implement CakeEventListener instead
2014-11-05 18:03:26 -05:00
Sebastien Barre
f78e6c0621
Move App::uses() again
2014-11-05 13:46:45 -05:00
Sebastien Barre
4c59ab6eca
Move App::uses(), rename helper class to avoid conflict
2014-11-05 13:36:29 -05:00
Sebastien Barre
0cdb93b265
Ticket 5041: have Auth::login() send Auth.afterIdentify event
2014-11-05 12:34:25 -05:00
Sebastien Barre
544ddac08c
Fix indentation
2014-10-31 16:38:09 -04:00
Sebastien Barre
60917974bf
Add test for userFields and related models
2014-10-31 16:35:55 -04:00
Sebastien Barre
f6c71024c5
Add test for the 'contain' setting, which was missing (unrelated to feature)
2014-10-31 16:04:09 -04:00
Sebastien Barre
2f62ee2cde
ticket #5017 add userFields setting to BaseAuthenticate
2014-10-31 15:00:19 -04:00
mark_story
b98d2a3365
Merge branch 'master' into 2.6
2014-10-24 22:05:46 -04:00
mark_story
cdc67116c5
Handle query string arguments in digest auth data.
...
Handle &, ? in digest auth data uri.
Refs #4908
2014-10-17 23:12:41 -04:00
Ceeram
fcffe3961f
Revert "add test to prove requesthandler works correct with Angular wonky accept headers"
...
This reverts commit 8507ef83f1
.
Incorrect header was used for this test, Cake cannot safely determine correct header.
To get CakePHP to respond with json, you can modify the angular common headers.
2014-10-02 22:12:35 +02:00
Ceeram
8507ef83f1
add test to prove requesthandler works correct with Angular wonky accept headers
2014-10-02 16:07:10 +02:00
Jeremy Harris
66b2173566
Made AuthComponent::mapActions() act as a getter refs #3331
2014-08-29 08:23:41 -05:00
chinpei215
f3e1a18740
Fix a fatal error occurs in combination with a scaffold error.
2014-07-31 05:49:23 +09:00
mark_story
f9785042bc
Fix indentation.
...
Refs #4108
2014-07-29 21:53:55 -04:00
Steve Tauber
e6f6ded334
Adding unit test for HTTP DELETE and RequestHandlerComponent::requestedWith
2014-07-29 16:34:11 +02:00
David Steinsland
6e777a54a3
Mocking _sendHeader instead of send()
2014-07-22 15:05:06 +02:00
David Steinsland
d98abc58d1
Added test case for CakeResponse::send() and ajaxLogin
2014-07-22 14:45:18 +02:00
Schlaefer
1e961a8aac
increases time window in CSRF token expiry tests to 2 seconds
...
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354
fixes #3887 CSRF reusable token expires
2014-07-06 10:39:00 +02:00
euromark
974ca851c2
Correct doc blocks according to cs guidelines.
...
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60
Whitelist more URL-y characters in digest parsing.
...
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.
Refs #3779
2014-06-23 14:39:35 -04:00
mark_story
975e4c3af0
Allow username of 0 in basic authentication.
...
Refs #3624
2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47
Add tests for #3624
...
The username of '0' should be accepted by FormAuthenticate.
Refs #3624
2014-06-02 21:58:50 -04:00
mark_story
66e733f8b1
Fix test I forgot to fix in b8fa7ce134
2014-05-13 22:12:39 -04:00
mark_story
a34d5f733d
Fix PaginatorComponent tests.
...
Because count() queries don't happen in many cases now, the lastQueries
index needs to shift up by one because a query isn't happening anymore.
Refs #3333
2014-05-12 22:10:27 -04:00
mark_story
89cd114e6f
Merge branch 'master' into 2.5
2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d
Merge pull request #3448 from dereuromark/master-controller
...
Controller::referer() and local URL
2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1
Allowing same Authenticate object to be setup with different settings.
2014-05-06 22:10:41 +02:00
ADmad
d466e00644
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Model/Datasource/DboSource.php
lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
lib/Cake/Utility/Folder.php
lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
mark_story
1d1a2f859c
Fix coding standards error.
2014-04-28 20:56:06 -04:00
euromark
8679c5cd18
Fix test
2014-04-28 17:33:56 +02:00
mark_story
cf96e9f54f
Merge branch 'master' into 2.5
2014-04-26 22:04:19 -04:00
mark_story
a28158d614
Add additional test for f23d811ff5
...
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
ADmad
68572d8046
Cannot use php 5.4+ array syntax for 2.x.
2014-04-26 17:30:31 +05:30
mark_story
de0062de77
Merge branch 'master' into 2.5
2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5
Use the form action URL in generated form hashes.
...
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.
Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60
Merge branch 'master' into 2.5
2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d
Updated documentation
...
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
Jose Lorenzo Rodriguez
343d3279b9
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Test/Case/Utility/FileTest.php
lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
0d09a54033
more missing doc block tags added
2014-04-02 03:02:37 +02:00
ADmad
abacf0d14b
Remove setting of Controller::$ext by RequestHandler.
...
Closes #3022
2014-03-16 20:09:08 +05:30
mark_story
6c3bc48ce0
Merge branch 'master' into 2.5
2014-03-06 17:45:00 -05:00
Mark
3ca338fe26
Merge pull request #2781 from davidsteinsland/2.5
...
Fixed HTTP Status code when ajaxLogin is set
2014-03-06 12:37:51 +01:00
ndm2
01e1b5ca61
Fix failing tests caused by already existing classes
2014-03-01 20:24:32 +01:00
ndm2
008ad3237c
Fix verification of expected invocations #2919
2014-03-01 19:06:17 +01:00
mark_story
2c5d96e916
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
mark_story
827dc77a11
Fix incorrect assertion.
2014-02-11 22:00:24 -05:00
mark_story
a5d50da040
Remove dead and unused code.
2014-02-11 16:38:24 -05:00
David Steinsland
f2b9aa5ca4
Fixed HTTP Status code when ajaxLogin is set
2014-02-05 16:05:02 +01:00
José Lorenzo Rodríguez
e36c954da7
Merge pull request #2693 from ADmad/2.5-session-start
...
Don't start a session if it's known to be empty.
2014-02-01 04:08:48 -08:00