mark_story
ccc9006620
Unset the active user data on logout.
...
When using stateless authentication the current user should be cleared
after logout to maintain consistency with session based authentication.
Refs #10422
2017-03-16 11:31:20 -04:00
Mark Story
420336f536
Merge pull request #9843 from cakephp/php71
...
Add PHP7.1 to test matrix.
2016-12-07 21:40:54 -05:00
mark_story
12cdc247ac
Fix PHPCS errors.
2016-12-07 00:38:55 -05:00
mark_story
0a2a400ea4
Fix type error tests to work in PHP5 & PHP7.1
...
Catch the TypeErrors that are raised and make the match the PHP5
behavior of a converted error.
2016-12-06 21:21:52 -05:00
Mark Story
9e6e08704e
Merge pull request #9838 from cakephp/issue-9779
...
Fix CookieComponent erroring on corrupted data.
2016-12-05 16:44:24 -05:00
mark_story
e3221b1c38
Fix errors in php7.1
...
* The constructor of errors has changed in PHP 7.1
* mcrypt is no longer available in PHP 7.1 by default.
2016-12-05 16:14:33 -05:00
chinpei215
26731b93bf
Use ternary operator
2016-12-04 21:55:29 +09:00
chinpei215
b7481096c8
Fix redirectUrl issue when loginRedirect is empty
...
Fixes #9819
2016-12-04 20:06:24 +09:00
mark_story
934bb00b36
Add tests showing recent changes fix #9784
2016-12-03 14:14:57 -05:00
mark_story
27f951fb41
Don't emit errors when operating on corrupted cookie data.
...
When deleting from corrupted cookie data, there shouldn't be any errors.
Refs #9779
2016-12-03 14:10:47 -05:00
chinpei215
74c2ded872
Fix directory traversal of .ctp files
2016-11-27 18:14:44 +09:00
Val Bancer
744b455de1
fixed configuration of 'enabled' setting in components inside a
...
component
2016-10-28 22:14:20 +02:00
mark_story
e8d63725d8
Merge branch '2.x' into 2.next
2016-09-04 23:54:22 -04:00
Marc Würth
f2638b3e38
Remove superfluous "Class" from doc blocks
2016-08-10 12:22:09 +02:00
mark_story
61b3fbd605
Merge branch '2.x' into 2.next
2016-08-09 22:12:26 -04:00
Kim Biesbjerg
1d7a4da903
Fixed wrong assertion
2016-07-07 09:24:33 +02:00
Kim Biesbjerg
0ea315b2e0
Add assertion to prove session is not started on stateless login
2016-07-07 08:58:51 +02:00
Kim Biesbjerg
c63de8d9f5
Added test to prove stateless login sets user
2016-07-06 12:34:23 +02:00
mark_story
432eb9c432
Merge branch '2.x' into 2.next
2016-06-27 21:47:47 -04:00
Aloïs Thévenot
b737e9f732
#8844 Add test
2016-05-27 12:50:23 +00:00
mscherer
e84ff5e0d5
Fix doc block param types.
2016-04-08 15:12:48 +02:00
mscherer
dda9e83ab6
Refactor Object to CakeObject for future PHP7 comp.
2016-04-08 14:33:26 +02:00
mark_story
fef3090717
Fix incorrectly inheriting permissions.
...
When child inherits from a deny parent the '*' permission should reflect
permissions on all nodes not just the leaf node. Previously once a node
with all permissions set to inherit was found, the check would pass.
Instead it should cascade to the parent nodes and look for explicit
allow/deny.
Refs #8450
2016-03-11 23:18:50 -05:00
mark_story
b2509ea13d
Fix inherited permissions when checking the '*' permission.
...
When checking inherited permissions for '*' also copy inherited
permissions onto the inherited list. By copying the inherited values, we
get the union of explit allow and inherited permissions, which if all
things go well will match the permission key list.
Refs #8114
2016-02-16 22:30:19 -05:00
Marc Würth
b5655d63ff
Remove lighthouse references
2016-02-10 12:27:34 +01:00
mark_story
3b5a71df37
Merge branch '2.7' into 2.8
2016-01-28 21:51:59 -05:00
mark_story
fc57dee72f
Fix error in PHP 5.3
2016-01-28 21:50:56 -05:00
mark_story
3e67685c7c
Merge branch '2.7' into 2.8
2016-01-21 21:46:51 -05:00
mark_story
4b8d628a2e
Backport SecurityComponent fixes from #8071 to 2.x
...
If the request manages to have data set outside of post/put we should
still validate the request body. This expands SecurityComponent to cover
PATCH and DELETE methods, as well as request methods that should be
safe, but somehow end up not safe.
2016-01-20 21:34:58 -05:00
Larry E. Masters
0aa8847762
Merge pull request #7840 from cakephp/2.8-PHP7
...
2.8 PHP7 compatibility
2015-12-29 00:27:33 -05:00
Larry E. Masters
e7a313edee
getting sloppy as I get older, fixing code sniffer errors
2015-12-29 00:06:44 -05:00
Larry E. Masters
b1d93377b6
Removing invalid test
2015-12-28 23:36:37 -05:00
Larry E. Masters
027e32ce00
Reverted change setting $_SESSION to an array. Commenting out a test that is invalid.
...
This test creates a numeric key of 0 in $_SESSION which is not a valid session key. This causes error - session_write_close(): Skipping numeric key 0 error.
2015-12-28 17:19:31 -05:00
Larry E. Masters
3c21f4a8af
Fixes session_write_close(): Skipping numeric key 0 error
2015-12-28 11:18:03 -05:00
Larry E. Masters
894d233fd6
add @throws anotation to fix travis PHP_CODESNIFFER warnings
2015-12-13 15:16:49 -06:00
Larry E. Masters
48e018e707
Allowing tests to run on PHP 7
2015-12-13 14:12:31 -06:00
Mark Scherer
f662b2f5aa
Skip error for now.
2015-12-06 12:50:09 +01:00
mark_story
48450e71fa
Merge branch '2.7' into 2.8
2015-11-11 22:53:45 -05:00
Jorge González
cb6a17c34e
add Flash back to Controller, fix Scaffold to use Flash instead
2015-11-04 10:41:35 +00:00
mark_story
8c404ad6a7
Merge branch '2.7' into 2.8
2015-10-17 21:00:26 -04:00
mark_story
dea32345c8
Add failing test for #7570
...
Documented behavior that exists in 3.x is not working in 2.x
2015-10-17 20:54:40 -04:00
mark_story
ae83e197dc
Merge branch '2.8' of github.com:cakephp/cakephp into 2.8
2015-09-27 11:13:12 -04:00
Marc Würth
1ede742d92
Various improvements to the CakePHP test files
...
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
Mark Scherer
81cbb52f74
Only array-wrap 'order' if it's not already an array.
2015-09-22 13:04:28 +02:00
mark_story
07c2047984
Merge branch '2.7' of github.com:cakephp/cakephp into 2.7
2015-08-06 21:43:40 -04:00
mark_story
056f24a774
Forbid direct prefix access with mixed casing.
...
Changing the casing up should not allow prefix method access.
2015-08-05 23:05:30 -04:00
mark_story
9f20330d17
Fix fatal error on null subject.
...
Refs #7176
2015-08-05 22:20:39 -04:00
Mark Scherer
52e79987a2
Replacing self with static due to PHP5.3+. Following #7040 .
2015-07-21 10:22:53 +02:00
mark_story
9b313f86e4
Add tests for #7034
...
These tests ensure that redirect() is never called which ensures the
Location header is never set. Ajax requests when no loginElement is
defined should get an empty response with a 403 status code.
2015-07-16 23:00:20 -04:00
Chris Kim
94fbc6e5f2
Don't map text/plain to csv. Backport from 3.0. Refs #1696
...
Jquery sets accepts header similar to "text/plain, */*; q=0.01" by
default for xhr requests. Due to this RequestHandler used to set
extension to csv thereby causing View class to look for views under
non-existent csv folders.
2015-07-07 15:19:45 -04:00