Commit graph

774 commits

Author SHA1 Message Date
mark_story
5685c031e2 Disable autocomplete on CSRF/Security token fields.
New versions of Safari will overwrite these fields when a user uses the
back button. If one-time CSRF tokens are in use the request will be
blackholed.

Refs #10486
2017-04-05 13:02:17 -04:00
Mark van Driel
25d597910f Code cleanup 2017-03-08 23:19:37 +01:00
Mark van Driel
4728586365 Make error class of div in FormHelper::input configurable 2017-03-08 13:15:00 +01:00
kanonji
3978f87c58 Stringify values to avoid trap of in_array() type juggling 2017-02-28 03:33:50 +09:00
chinpei215
94d9bcd674 Fix FlashHelper::render() cannot render default messages
Fixes #9910
2017-01-05 19:00:52 +09:00
mark_story
8baf193995 Fix warning in PHP 7.1
Refs #9592
2016-10-11 16:59:35 -04:00
Mischa ter Smitten
1ccdc21d5b Possible fix for _lastAction method 2016-09-22 21:33:43 +02:00
mark_story
ad5130cd31 Merge branch '2.next' into 2.x 2016-09-18 22:22:56 -04:00
mark_story
4f70bdb3b8 The _lastAction property should not double include the base path.
FormHelper should not run URLs through Router twice when determining the
the form's lastAction attribute. However, because we're using the helper
method (see #9414) we do need to HTML decode the URL before using it in
form token generation.

Refs #9455
2016-09-13 22:21:01 -04:00
Val Bancer
5253f0b3bd fixes postLink form last action
https://github.com/cakephp/cakephp/issues/9392
2016-09-05 23:14:43 +02:00
mark_story
e8d63725d8 Merge branch '2.x' into 2.next 2016-09-04 23:54:22 -04:00
Mark van Driel
e3b0aca95e Removed bug fix for Helper::_confirm to keep the code compatible 2016-08-21 17:09:43 +02:00
Mark van Driel
34afc377ec Added support for confirm (message) option to submit in FormHelper 2016-08-20 12:51:13 +02:00
mark_story
61b3fbd605 Merge branch '2.x' into 2.next 2016-08-09 22:12:26 -04:00
antograssiot
6dbd5c659d fix api generation 2016-08-02 22:01:35 +02:00
mark_story
7c2d6ae197 Combine code paths.
At the end of both if/else arms we should have an array that can be
pushed through Hash::filter().

Refs #8654
2016-06-28 22:06:53 -04:00
nojimage
57e0a97483 refs #8654 FormHelper cleanup unlockFields key 2016-06-28 22:01:06 -04:00
mark_story
432eb9c432 Merge branch '2.x' into 2.next 2016-06-27 21:47:47 -04:00
mark_story
8c73086717 Fix PHPCS error. 2016-05-25 23:05:12 +02:00
mark_story
e78af35af7 Only clear the unlocked fields on end().
Doing this work on end() allows fields to be unlocked before the form is
created which can be helpful.

Refs #8880
2016-05-25 23:04:53 +02:00
Mark Story
b15560ea0c Merge pull request #8880 from nojimage/form-unlockfields-2x
Reset FormHelper::$_unlockFields for 2.x
2016-05-25 22:59:25 +02:00
mark_story
d5d46e21bd Fix indentation. 2016-05-22 16:39:49 -04:00
nojimage
850305a384 fixes reset FormHelper::$_unlockFields 2016-05-21 13:33:20 +09:00
xhs345
eeefa03546 Updated Radio and Inputs form helper
Also added UnitTest for radio fieldset class-name
2016-05-19 17:28:47 -07:00
xhs345
615be3ad14 Fix for Issue #8847
Add attribute 'fieldset' to Form->radio
2016-05-18 10:53:06 -07:00
mark_story
12c6fd4e22 Merge branch '2.x' into 2.next 2016-05-02 21:58:41 -04:00
schrolli
0de87cd74e Added also datetime, since it can have microseconds, too 2016-05-02 17:11:28 +02:00
mark_story
ade9d8a811 Restore backwards compatibility with old 2.x in FormHelper.
Restore the behavior of the string 'action' option to its former glory.
While we've deprecated this it needs to continue working as it did
before.

Refs #8628
2016-05-01 22:21:23 -04:00
schrolli
40b812e391 added field type "time" sothat no "maxlength" attribute is set for
the text-input element. This is neccessary when a "length" is
specified for a time-database-field. This length dictates the amount
of decimal digits, eg. milliseconds, and not the overall character size.
2016-05-01 05:56:50 +02:00
mark_story
1333cc4b3e Merge branch 'postlink-token' into 2.x
Fix inline postLink() calls corrupting the containing form's tampering
token.

Refs #8387
2016-04-01 23:08:41 -04:00
mark_story
745f3a33e6 Fix boolean values in select widgets.
Boolean `false` should be treated like `0` when comparing option values.

Refs #8468
2016-03-15 22:59:03 -04:00
Markus Bauer
95558d0bba Data passed through FormHelper::postLink is excluded from CSRF creation of an outer form. Subsequent fix for #8387. 2016-03-02 03:02:43 +01:00
Markus Bauer
7df96b3912 Creating correct CSRF tokens when using FormHelper::postLink within another form. Fixes #8387 2016-03-02 02:51:06 +01:00
mark_story
3b5a71df37 Merge branch '2.7' into 2.8 2016-01-28 21:51:59 -05:00
Edgaras Janušauskas
fde1d08b43 Fix PHPDoc @return by replacing $this to self 2016-01-28 23:10:42 +02:00
ADmad
a890d76990 Merge pull request #8107 from ndm2/2.7-fix-post-link-description
2.7 - Fix `FormHelper::postLink()` description.
2016-01-26 18:38:29 +05:30
ndm2
4e58d595ae Fix FormHelper::postLink() description.
Update description with a short explanation that considers the
`inline` and `block` options.
2016-01-26 10:59:03 +01:00
Mark Scherer
8423c004b9 Invert condition to avoid else. 2016-01-07 10:51:34 +01:00
Mark Scherer
b1f1003ebe Allow 3.x backport of url=>false in 2.x 2016-01-07 10:48:20 +01:00
Mark S
daca52e37c Use is_array() check 2016-01-06 18:05:01 +01:00
Mark Scherer
cd59ab9c40 Fix tests 2016-01-04 15:08:31 +01:00
Mark Scherer
a2ce6c8c1f Deprecate action in Form::create() 2016-01-04 14:22:40 +01:00
mark_story
7c2ec5b451 Merge branch '2.7' into 2.8 2015-12-27 10:51:41 -05:00
mark_story
72b98f58a8 Backport paginator changes for string integers.
Backport the intent of #7845 into 2.x. The implementation differs a bit
from 3.x but paginator helper internals are pretty different in both
branches.

Refs #7092
2015-12-26 22:52:57 -05:00
mark_story
48450e71fa Merge branch '2.7' into 2.8 2015-11-11 22:53:45 -05:00
Marc Würth
58316b3a58 Specify type hint
Plus fix two typos.
2015-10-27 16:47:48 +01:00
Mark Scherer
8287981855 Make sure direction values are lowercased to be consistent. 2015-10-26 23:20:30 +01:00
mark_story
7bf6768066 Merge pull request #7516 into 2.7
PaginatorHelper::meta() skips url parameters (passed and named) which
results in urls not respecting defined routes.  It means
PaginatorHelper::meta() does not generate same urls as
PaginatorHelper::prev() & PaginatorHelper::next().

Refs #7516
2015-10-10 22:31:15 -04:00
Marc Würth
ed410dd12c Do not mix void with other return types
Inspired by #7527
2015-10-10 15:49:00 +02:00
Mohsen
f57cdb7568 PaginatorHelper::meta() skips url parameters and disrespects defined routes
PaginatorHelper::meta() skips url parameters (passed and named) which results in urls not respecting defined routes.
It means PaginatorHelper::meta() does not generate same url as PaginatorHelper::prev() & PaginatorHelper::next().
2015-10-07 15:07:37 +03:30