ndm2
8fe953548c
Fix path traversal check for Windows based systems
...
On Windows based systems, both, backward as well as forward
slashes are supported as path separators, thus checking for `DS`
only, would allow to slip in `../` fragments.
refs #5905 , cad57dcc28
2015-08-19 16:47:53 +02:00
mark_story
58ea40e32c
Don't stop reading when only a '0' has been read.
...
Make tests simpler by using onConsecutiveCalls() instead of trying to
maintain mock method indexes.
Refs #7121
2015-07-27 22:40:27 -04:00
Mark Scherer
a239324a0d
use constant PHP_SAPI
2015-07-26 15:35:03 +02:00
mark_story
ae2ea1ea6c
Merge branch '2.6' into 2.7
2015-06-25 21:50:47 -04:00
Mark Scherer
fc57e43a5b
Adjust tests.
2015-06-21 12:13:09 +02:00
mark_story
97be9b9696
Fix PHPCS errors.
2015-06-15 12:19:20 -04:00
mark_story
947262e754
Fix PHPCS errors.
2015-06-14 21:56:48 -04:00
mark_story
c47196fe08
Merge branch '2.6' into 2.7
2015-06-07 15:45:26 -04:00
mark_story
6d60e6a4db
Backport 7eec48268ebb6a17656df4a059f9e7b43991472f to 2.x
...
Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.
2015-06-07 15:45:16 -04:00
mark_story
d7d8b90986
Merge branch '2.6' into 2.7
2015-05-28 19:34:59 -04:00
Mark Scherer
309aee9fe5
Backport #6431
2015-04-30 15:18:28 +02:00
mark_story
096a2ebb72
Merge branch '2.6' into 2.7
...
Conflicts:
lib/Cake/Test/Case/TestSuite/ControllerTestCaseTest.php
lib/Cake/VERSION.txt
2015-04-20 15:42:54 -04:00
mark_story
f55111bdc1
Allow empty headers to be read.
...
Allow headers with '' and '0' as their values to be read.
Fixes #6299
2015-04-08 16:33:28 -04:00
mark_story
3151c53255
Merge branch '2.6' into 2.7
2015-03-23 22:50:09 -04:00
Richard van den Berg
1d0d20e974
Account for SNI changes in HttpSocketTest
2015-03-23 22:31:08 -04:00
mark_story
0b916cedbb
Merge branch 'master' into 2.7
2015-03-09 21:55:20 -04:00
Mark Story
43f16f38f0
Merge pull request #5905 from davidsteinsland/fix_file_response_dots
...
Fix file response dots
2015-03-09 21:54:02 -04:00
mark_story
b80a8947d7
Check line length to account for fence post.
...
When we have exactly 998 bytes CakeEmail should not emit an error.
Refs #5948
2015-02-24 21:52:34 -05:00
ADmad
2a57d9b65f
Avoid reloading config file and recreating config instance.
2015-02-20 08:48:25 +05:30
David Steinsland
463fa660bc
Updated test
2015-02-19 17:28:32 +01:00
Jan Dorsman
e3b5306521
Fixing issue #5764
2015-02-19 12:19:27 +05:30
David Steinsland
960ddd0eb8
Added DocBlock
2015-02-15 19:34:28 +01:00
David Steinsland
5fd7396e47
Fixed downloading of files with dots
2015-02-15 19:32:33 +01:00
mark_story
1c913d29b6
Merge branch '2.6' into 2.7
2014-11-29 22:00:24 -05:00
mark_story
543f05e3d0
Merge branch 'master' into 2.6
2014-11-29 22:00:00 -05:00
Florian Krämer
43f7fcc735
Adding a few more ways to detect HTTP headers, extensions and the accept header.
2014-11-27 01:00:44 +01:00
mark_story
1e6d22b8cb
Make the version option function as intended.
...
The version option is documented but does not work. While this 'breaks'
behavior, it also fixes what I think is a more important issue.
Refs #5234
2014-11-24 22:38:00 -05:00
Florian Krämer
4ff07b745a
Adding a test for the new json and xml detectors that were added to the CakeRequest class.
2014-11-22 17:30:53 +01:00
Florian Krämer
24c4cab4f3
phpcs fix in Cake/Test/Case/Network/CakeRequestTest.php
2014-11-20 22:50:12 +01:00
Florian Krämer
728764c543
Adding a test for the refactored CakeRequest code.
2014-11-20 21:14:17 +01:00
Mark Story
5dab175aa9
Merge pull request #5196 from cakephp/issue-5140
...
Gracefully handle invalid chunks in HttpSocket
2014-11-18 21:58:41 -05:00
ndm2
bae556e73f
Prevent zero only lines from being emptied
2014-11-18 17:26:31 +01:00
mark_story
8cbf975943
Gracefully handle invalid chunks in HttpSocket
...
When invalid chunks are detected we should assume the server is
incorrect and handle the remaining content as a single large chunk.
Refs #5140
2014-11-17 22:23:46 -05:00
euromark
8e18e5a1c7
Correct argument order for assert.
2014-11-11 01:51:46 +01:00
mark_story
3095187952
Merge branch 'master' into 2.6
...
Conflicts:
lib/Cake/VERSION.txt
2014-11-10 19:38:31 -05:00
ndm2
f0b6657113
Make unsetting the email pattern work as expected.
...
When set to `null`, only `filter_var()` should be used. This is a
partial backport of #5111
2014-11-09 16:33:57 +01:00
mark_story
0e4fb9d648
Merge branch 'master' into 2.6
2014-11-07 15:13:46 -05:00
mark_story
6aaac6b7e2
Fix HttpSocket mishandling encoded URIs
...
The HTTP specs seem to indicate that the Location header should contain
an 'absoluteURI' which includes encoded data. In order to avoid
a regression with the issue fixed in b9ee4fc9f1
we'll continue to replace `%2F` and no longer decode the entire URI.
Fixes #5076
2014-11-05 22:18:48 -05:00
Marek Władysz
65cb186652
Use assertNotSame() instead of assertTrue($result !== false)
2014-10-26 14:19:19 +01:00
Marek Władysz
090e85a5a4
Make CakeResponse::file() accept ranges even when download option is false.
2014-10-25 19:49:56 +02:00
mark_story
af43bc1706
Merge branch 'master' into 2.6
2014-09-25 22:39:51 -04:00
euromark
9c8ab826bf
Correct a few more misleading assert orders.
2014-09-24 14:34:24 +02:00
euromark
fce16189d5
Fix tests
2014-09-24 14:25:18 +02:00
mark_story
cf45d3fab8
Merge branch 'master' into 2.6
2014-09-22 20:46:28 -04:00
euromark
4d1a65ede2
Add intl email test.
2014-09-16 10:14:00 +02:00
mark_story
7c316bbc56
Merge branch 'master' into 2.6
...
Conflicts:
lib/Cake/basics.php
2014-08-30 21:28:11 -04:00
Jeremy Harris
8f420d74fa
HttpSocket: not overwriting auth header if it is set in request configuration
2014-08-21 11:24:10 -05:00
mark_story
9c3089796f
Merge branch 'master' into 2.6
...
Conflicts:
lib/Cake/Model/Model.php
2014-08-08 23:28:06 -04:00
euromark
9ef7b5713a
CS fixes.
2014-08-04 13:53:52 +02:00
ADmad
9e21d048ce
Merge branch 'master' into 2.6
...
Conflicts:
lib/Cake/VERSION.txt
2014-07-27 12:29:39 +05:30
Mark Story
adf739b893
Merge pull request #4011 from ndm2/stmp-auth-reponse-evaluation-fix
...
Make SMTP auth reply code checks work properly.
2014-07-24 08:42:22 -04:00
Rachman Chavik
aad89444d1
Fix: Blackholed request when POSTing to a URL with space
...
Eg:
Actual Posted URL:
/admin/settings/settings/prefix/Access%20Control
$_GET value:
/admin/settings/settings/prefix/Access_Control
Since $unsetUrl differs, the $_GET value will get copied in to
CakeRequest::$query, causing CakeRequest::here() to return:
/admin/settings/settings/prefix/Access%20Control?%2Fadmin%2Fsettings%2Fsettings%2Fprefix%2FAccess_Control=
This confuses SecurityComponent in the following line:
f23d811ff5/lib/Cake/Controller/Component/SecurityComponent.php (L514)
2014-07-24 16:25:03 +07:00
mark_story
0d14bf7cc8
Update doc blocks.
...
There were a few trailing comments in #3706 that have now been
addressed.
2014-07-20 22:00:07 -04:00
Mark Story
7ef7ce2dbb
Merge pull request #3706 from MelvinRoss/httpsocketheader
...
Add support for specifying protocol in Cakesocket/HttpSocket. Add HEAD function to HttpSocket
2014-07-20 21:58:37 -04:00
mark_story
0dfce1abf3
Add .
to the list of allowed characters.
...
This was missed when the email validation rules were relaxed in
dc34d80f6f
.
Fixes #4027
2014-07-19 19:57:33 -04:00
ndm2
f03bf8067c
Add some more exception message checks
2014-07-18 14:56:10 +02:00
ndm2
bf7d01ac66
Make SMTP auth reply code checks work properly.
2014-07-18 14:53:22 +02:00
Melvin Ross
09a7020119
Fix spacing to conform to coding standards
2014-07-14 14:54:26 -05:00
Melvin Ross
0eaf650d9f
Test for new HEAD function inside HttpSocket
2014-07-14 14:34:27 -05:00
mark_story
3a70d9c033
Merge branch 'master' into 2.6
2014-07-09 10:17:05 -04:00
ADmad
1eccec02e4
Merge pull request #3872 from CostaC/response-sharable-fix
...
Fix for CakeResponse::sharable() header to include private caches
2014-07-04 10:32:51 +05:30
Costa Caruso
4f559f5cc9
Fixed failing test for CakeResponse::sharable + spacing
2014-07-03 15:03:48 -04:00
mark_story
2bcd817367
Merge branch 'master' into 2.6
2014-07-03 11:13:06 -04:00
euromark
974ca851c2
Correct doc blocks according to cs guidelines.
...
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b1610c145e
Merge branch 'master' into 2.6
2014-07-02 23:39:16 -04:00
mark_story
adcf9ab723
Fix failing test.
...
CakeEmail now has a default validation pattern.
Refs #3742
2014-06-30 13:29:39 -04:00
mark_story
dc34d80f6f
Relax email validation rules even more.
...
While filter_var() allows a number of email addresses that
Validation::email() does not, it misses out of email address that
contain IDN host names, and unicode mailboxes. Both of these are
generally deliverable, and should be permitted. filter_var() also fails
on local mailboxes like `root@localhost` which is useful in the context
of cron jobs.
Fixes #3742
2014-06-30 10:42:37 -04:00
Derek Perkins
b1a3ab9e64
Added unit test for CakeRequest::setInput
...
Don't use mocks as the tests weren't really testing anything when mocks
were involved.
Refs #3764
2014-06-29 22:55:38 -04:00
Melvin Ross
ad4dbdcee5
Fix HttpSocket test to actually reset protocols for correct test. Modify HttpSocket so that Https with non-passed in protocol doesn't set it to tcp and fail test.
2014-06-12 09:37:03 -05:00
Melvin Ross
86923e3593
Modify CakeSocket and HttpSocket so that the "protocol" parameter can be used to specify which protocol to use for creating sockets. These are protcols in the php "[a-z]://" wrapper sense. I also modified the test for these two files respectively to accomodate these new changes.
...
Unrelated to this bug, I added a "head" function inside of HttpSocket to go along with the GET/POST/PUT/DELETE/PATCH combination that's already present. Came in handy for me for deciding if I wanted to hit a resource with HttpSocket or not.
2014-06-11 19:04:58 -05:00
mark_story
92eeef8ae0
Merge branch 'master' into 2.6
2014-06-02 22:57:25 -04:00
Stefan Dickmann
91907b5c6c
correct docblock
...
invalid certificate domain
2014-06-01 13:23:47 +02:00
mark_story
15f63e9c81
Removing peer verification failure test.
...
Since we are not running a domain with an invalid certificate relying on
someone else to do that is quite unreliable.
2014-05-31 21:51:03 -04:00
Mark Story
136f026f77
Merge pull request #3548 from dogmatic69/patch-3
...
Allow getting params the same way data() works
2014-05-29 21:49:09 -04:00
dogmatic69
59fe581912
adding doc block for tests related to CakeRequest::param()
2014-05-28 22:28:44 +01:00
dogmatic69
bcdc530391
adding support to write values to param like can be done with data(), method returns $this as does ->data() when writing
2014-05-25 00:52:30 +01:00
dogmatic69
9dca564519
make the default return false so it matches previous use, improve tests for new method
2014-05-25 00:46:40 +01:00
mark_story
270e8774e4
Fix incorrect status line parsing in HttpSocketResponse.
...
Allow for multi-word status reasons.
Closes #3545
2014-05-21 21:53:18 -04:00
mark_story
20ef10aca2
Fix inline attachments being broken when only sending an HTML text body.
...
The rel boundary was closed too early causing inline images to be
incorrectly included in the email message.
Refs #3474
2014-05-14 09:42:25 -04:00
mark_story
b8fa7ce134
Fix issues where emails would have multipart/mixed when they should not.
...
When sending multi-part emails with no attachments we shouldn't include
the outer multipart/mixed header as it confuses Outlook and causes it to
show the email as having attachments even though there are none.
A bunch of tests need to be adjusted as the empty multipart/mixed
container has been removed.
Fixes #3474
2014-05-13 22:03:06 -04:00
mark_story
04edb547f3
Merge branch 'master' into 2.5
2014-04-23 22:21:57 -04:00
mark_story
6f68049bf5
Reject file paths containing ..
.
...
Paths containing `..` are generally up to no good. Throw an exception,
as developers can use realpath() if they really need to get relative
paths.
Fixes #3370
2014-04-23 22:20:14 -04:00
ADmad
ead494eec1
Allow setting only default layout without specifying template in email config.
...
Closes #3336
2014-04-22 20:02:36 +05:30
Jose Lorenzo Rodriguez
343d3279b9
Merge branch 'master' into 2.5
...
Conflicts:
lib/Cake/Test/Case/Utility/FileTest.php
lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
mark_story
4ec81542db
Fix email rendering when using 2 different plugins.
...
When an email template and layout are in different plugins the incorrect
plugin would be used for the layout.
Fixes #3062
2014-04-04 21:45:04 -04:00
euromark
0d09a54033
more missing doc block tags added
2014-04-02 03:02:37 +02:00
euromark
44952b06a4
cs
2014-04-02 02:23:43 +02:00
Mark Story
dea6709d89
Merge pull request #3014 from ndm2/smtp-extensibility-response-access
...
SMTP transport - Extensibility and response access
2014-03-23 09:24:21 -04:00
mark_story
afc8587949
Merge branch 'master' into 2.5
2014-03-18 22:12:14 -04:00
Hadrien
d55a167830
Themed CakeEmail should load view helpers with the theme set
2014-03-18 14:22:24 +01:00
mark_story
9888209e9a
Add tests and fix issues with multiple trailing whitespaces.
...
Closes #3016
2014-03-17 13:08:46 -04:00
ndm2
0ae225615c
Match SP as per rfc2821
2014-03-15 11:47:13 +01:00
ndm2
c1824071c9
Expose last SMTP response.
2014-03-13 16:28:54 +01:00
mark_story
6c3bc48ce0
Merge branch 'master' into 2.5
2014-03-06 17:45:00 -05:00
ndm2
1015b38a27
Use convenience methods to create a (case-insensitive) negation matcher
2014-03-02 17:56:35 +01:00
ndm2
008ad3237c
Fix verification of expected invocations #2919
2014-03-01 19:06:17 +01:00
ADmad
bea30e62cb
Renamed CakeRequest::onlyAllow() to CakeRequest::allowMethod().
...
Existing name is unintuitive and it's not easily apparent what
the method does. Closes #2803
2014-02-10 17:38:55 +05:30
Mark Story
6eb5a38f22
Merge pull request #2692 from jrbasso/2.5-cors
...
Added support to cross origin requests
2014-01-29 06:45:11 -08:00
ADmad
c093804b35
Merge branch 'master' into 2.5
2014-01-26 17:39:50 +05:30
Juan Basso
dae756c84a
Added option to allowed headers
2014-01-21 15:31:05 -05:00