Commit graph

567 commits

Author SHA1 Message Date
mark_story
07c2047984 Merge branch '2.7' of github.com:cakephp/cakephp into 2.7 2015-08-06 21:43:40 -04:00
mark_story
056f24a774 Forbid direct prefix access with mixed casing.
Changing the casing up should not allow prefix method access.
2015-08-05 23:05:30 -04:00
mark_story
9f20330d17 Fix fatal error on null subject.
Refs #7176
2015-08-05 22:20:39 -04:00
Mark Scherer
52e79987a2 Replacing self with static due to PHP5.3+. Following #7040. 2015-07-21 10:22:53 +02:00
mark_story
9b313f86e4 Add tests for #7034
These tests ensure that redirect() is never called which ensures the
Location header is never set. Ajax requests when no loginElement is
defined should get an empty response with a 403 status code.
2015-07-16 23:00:20 -04:00
Chris Kim
94fbc6e5f2 Don't map text/plain to csv. Backport from 3.0. Refs #1696
Jquery sets accepts header similar to "text/plain, */*; q=0.01" by
default for xhr requests. Due to this RequestHandler used to set
extension to csv thereby causing View class to look for views under
non-existent csv folders.
2015-07-07 15:19:45 -04:00
Highstrike
a9d77d26f0 fix failing tests
fixing...
2015-06-25 13:40:50 +03:00
Highstrike
58983f717a 2.7.0-RC Auth doesn't use the new Flash component
Changed 'Flash.' to 'Message.' and also provided backwards compatibility
in FlashHelper->render
2015-06-24 14:06:35 +03:00
Mark Scherer
4f3602ad5f Adjust bake, docblocks and tests for notBlank. 2015-05-17 22:27:16 +02:00
mark_story
0b916cedbb Merge branch 'master' into 2.7 2015-03-09 21:55:20 -04:00
mark_story
02c9dda9a7 Make maxLimit and limit settings independent.
Having maxLimit infer what it should be based on limit was not a very
transparent default behavior. The documentation states that maxLimit
will default to 100, but the code would default it to 'limit' if set.
This created confusing behavior when only one setting was defined.

Refs #5973
2015-02-27 22:35:52 -05:00
mark_story
63769ae4a6 Merge branch 'master' into 2.7
Conflicts:
	lib/Cake/VERSION.txt
2015-02-26 12:50:35 -05:00
mark_story
c92cfb413f Allow numeric sorts in PaginatorComponent.
When paginating data, we should not ignore numerically indexed order
conditions. Instead they should be handled similar to Model::find().

This creates a slightly different behavior when model's have default
sorting applied as more default sort options forms will be honoured.

Refs #5964
2015-02-25 21:38:56 -05:00
Mark Story
9f1f158cc0 Merge pull request #5855 from tanuck/2.7-custom-flash-message
Backport of 3.x flash messages #5823
2015-02-14 22:07:30 -05:00
mark_story
3dfa22b021 Fix order of hasOne assocation.
This should fix non-deterministic failures.
2015-02-10 22:46:53 -05:00
James Tancock
e173c29d33 Fix for phpcs 2015-02-04 15:31:50 +00:00
James Tancock
b8b6b67abd Tests for ported Flash component & helper 2015-02-04 15:05:40 +00:00
mark_story
396d501d1e Fix / being handled incorrect by referer()
Backport changes in #4987 to 2.x. This solves issues with duplicate base
directories when redirecting back to '/'

Fixes #4812
2015-01-15 21:26:34 -05:00
Sebastien Barre
20e2882bf6 Remove duplicate class declaration 2014-11-23 21:49:29 -05:00
Sebastien Barre
5ac47487f9 Merge branch 'ticket-5041' of github.com:sebastienbarre/cakephp into ticket-5041
Conflicts:
	lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
2014-11-22 13:38:11 -05:00
Sebastien Barre
a2e7896038 Fix uses, style 2014-11-22 13:31:39 -05:00
Sebastien Barre
7da48669c8 Have BaseAuthenticate implement CakeEventListener instead 2014-11-22 13:31:38 -05:00
Sebastien Barre
50e5b5e8fe Move App::uses() again 2014-11-22 13:31:38 -05:00
Sebastien Barre
d7b353dcf9 Move App::uses(), rename helper class to avoid conflict 2014-11-22 13:31:38 -05:00
Sebastien Barre
43413f029e Ticket 5041: have Auth::login() send Auth.afterIdentify event 2014-11-22 13:31:38 -05:00
Sebastien Barre
4bada05028 Fix doc/style 2014-11-05 18:37:20 -05:00
Sebastien Barre
ee73c1732b Have BaseAuthenticate implement CakeEventListener instead 2014-11-05 18:03:26 -05:00
Sebastien Barre
f78e6c0621 Move App::uses() again 2014-11-05 13:46:45 -05:00
Sebastien Barre
4c59ab6eca Move App::uses(), rename helper class to avoid conflict 2014-11-05 13:36:29 -05:00
Sebastien Barre
0cdb93b265 Ticket 5041: have Auth::login() send Auth.afterIdentify event 2014-11-05 12:34:25 -05:00
Sebastien Barre
544ddac08c Fix indentation 2014-10-31 16:38:09 -04:00
Sebastien Barre
60917974bf Add test for userFields and related models 2014-10-31 16:35:55 -04:00
Sebastien Barre
f6c71024c5 Add test for the 'contain' setting, which was missing (unrelated to feature) 2014-10-31 16:04:09 -04:00
Sebastien Barre
2f62ee2cde ticket #5017 add userFields setting to BaseAuthenticate 2014-10-31 15:00:19 -04:00
mark_story
b98d2a3365 Merge branch 'master' into 2.6 2014-10-24 22:05:46 -04:00
mark_story
cdc67116c5 Handle query string arguments in digest auth data.
Handle &, ? in digest auth data uri.

Refs #4908
2014-10-17 23:12:41 -04:00
Ceeram
fcffe3961f Revert "add test to prove requesthandler works correct with Angular wonky accept headers"
This reverts commit 8507ef83f1.

Incorrect header was used for this test, Cake cannot safely determine correct header.
To get CakePHP to respond with json, you can modify the angular common headers.
2014-10-02 22:12:35 +02:00
Ceeram
8507ef83f1 add test to prove requesthandler works correct with Angular wonky accept headers 2014-10-02 16:07:10 +02:00
Jeremy Harris
66b2173566 Made AuthComponent::mapActions() act as a getter refs #3331 2014-08-29 08:23:41 -05:00
chinpei215
f3e1a18740 Fix a fatal error occurs in combination with a scaffold error. 2014-07-31 05:49:23 +09:00
mark_story
f9785042bc Fix indentation.
Refs #4108
2014-07-29 21:53:55 -04:00
Steve Tauber
e6f6ded334 Adding unit test for HTTP DELETE and RequestHandlerComponent::requestedWith 2014-07-29 16:34:11 +02:00
David Steinsland
6e777a54a3 Mocking _sendHeader instead of send() 2014-07-22 15:05:06 +02:00
David Steinsland
d98abc58d1 Added test case for CakeResponse::send() and ajaxLogin 2014-07-22 14:45:18 +02:00
Schlaefer
1e961a8aac increases time window in CSRF token expiry tests to 2 seconds
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60 Whitelist more URL-y characters in digest parsing.
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.

Refs #3779
2014-06-23 14:39:35 -04:00
mark_story
975e4c3af0 Allow username of 0 in basic authentication.
Refs #3624
2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47 Add tests for #3624
The username of '0' should be accepted by FormAuthenticate.

Refs #3624
2014-06-02 21:58:50 -04:00
mark_story
66e733f8b1 Fix test I forgot to fix in b8fa7ce134 2014-05-13 22:12:39 -04:00
mark_story
a34d5f733d Fix PaginatorComponent tests.
Because count() queries don't happen in many cases now, the lastQueries
index needs to shift up by one because a query isn't happening anymore.

Refs #3333
2014-05-12 22:10:27 -04:00
mark_story
89cd114e6f Merge branch 'master' into 2.5 2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d Merge pull request #3448 from dereuromark/master-controller
Controller::referer() and local URL
2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1 Allowing same Authenticate object to be setup with different settings. 2014-05-06 22:10:41 +02:00
ADmad
d466e00644 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
	lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
	lib/Cake/Utility/Folder.php
	lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
mark_story
1d1a2f859c Fix coding standards error. 2014-04-28 20:56:06 -04:00
euromark
8679c5cd18 Fix test 2014-04-28 17:33:56 +02:00
mark_story
cf96e9f54f Merge branch 'master' into 2.5 2014-04-26 22:04:19 -04:00
mark_story
a28158d614 Add additional test for f23d811ff5
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
ADmad
68572d8046 Cannot use php 5.4+ array syntax for 2.x. 2014-04-26 17:30:31 +05:30
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
ADmad
abacf0d14b Remove setting of Controller::$ext by RequestHandler.
Closes #3022
2014-03-16 20:09:08 +05:30
mark_story
6c3bc48ce0 Merge branch 'master' into 2.5 2014-03-06 17:45:00 -05:00
Mark
3ca338fe26 Merge pull request #2781 from davidsteinsland/2.5
Fixed HTTP Status code when ajaxLogin is set
2014-03-06 12:37:51 +01:00
ndm2
01e1b5ca61 Fix failing tests caused by already existing classes 2014-03-01 20:24:32 +01:00
ndm2
008ad3237c Fix verification of expected invocations #2919 2014-03-01 19:06:17 +01:00
mark_story
2c5d96e916 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
mark_story
827dc77a11 Fix incorrect assertion. 2014-02-11 22:00:24 -05:00
mark_story
a5d50da040 Remove dead and unused code. 2014-02-11 16:38:24 -05:00
David Steinsland
f2b9aa5ca4 Fixed HTTP Status code when ajaxLogin is set 2014-02-05 16:05:02 +01:00
José Lorenzo Rodríguez
e36c954da7 Merge pull request #2693 from ADmad/2.5-session-start
Don't start a session if it's known to be empty.
2014-02-01 04:08:48 -08:00
Rachman Chavik
b83b59a9d7 Log errors instead of calling trigger_error() 2014-01-29 17:51:07 +07:00
ADmad
84932fcc4a Don't start a session if it's known to be empty.
If an app only reads/checks the session there's no need to start a
session to know that the read/checked session value is empty.

Fixes #1981
2014-01-22 01:17:16 +05:30
euromark
97e43e5806 unify to expected 2014-01-09 16:52:21 +01:00
euromark
29e15386b2 Follow the deprecation note of 2.1 migration guide and switch to fetch(title)
correct assert order for test
2014-01-09 16:45:49 +01:00
ADmad
27979286b2 Revert change done in 11f543f1f2.
The change is unneeded now as Security::encrypt() no longer throws exception
for falsey values.
2013-12-15 20:29:41 +05:30
Mark Story
bf96ea36d9 Merge pull request #2482 from zoghal/2.5-cookie-fix2
fix CookieComponent - when write null or empty string
2013-12-14 16:21:58 -08:00
mark_story
c2b8778ce8 Merge branch 'master' into 2.5 2013-12-14 17:45:49 -05:00
Saleh Souzanchi
11f543f1f2 fix CookieComponent - when write null or empty string 2013-12-15 02:15:36 +03:30
José Lorenzo Rodríguez
6358741944 Merge pull request #2449 from cakephp/fix-session-cyclic-error
Fixed error in CakeSession that would call start() in an infinite loop
2013-12-09 02:18:21 -08:00
mark_story
48d2618c62 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Routing/Router.php
2013-12-08 21:25:59 -05:00
Jose Lorenzo Rodriguez
3a2c497206 Fixed failing test 2013-12-08 14:08:57 +01:00
ADmad
738d0e2277 Fixed edge case which allowed login with empty password.
Ensure skipping call to FormAuthenticate::_checkFields() does not allow
logging in with empty password. Closes #2441.
2013-12-07 18:40:08 +05:30
mark_story
8578708e76 Merge branch 'master' into 2.5 2013-12-01 21:37:37 -05:00
ADmad
c72def4840 Moved exception throwing to after paging info it set for request.
This fixes the regression caused in 2096d3f632. When catching exception
thrown by PaginatorComponent::paginate() in controller, developer again
has access to paging info in request object.

Closes #2402
2013-11-30 19:00:08 +05:30
ADmad
dda6080579 Merge branch 'master' into 2.5 2013-11-19 00:27:12 +05:30
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
mark_story
afd182898f Merge branch 'master' into 2.5 2013-11-01 16:54:57 -04:00
Luis Ramos
e33653a8d7 Add test case 2013-10-30 16:06:27 -06:00
ADmad
d9ca148499 Merge branch 'master' into 2.5
Conflicts:
	CONTRIBUTING.md
	lib/Cake/Model/Model.php
	lib/Cake/VERSION.txt
2013-10-30 02:34:09 +05:30
mark_story
07f4779efe Fix cookie component being inconsistent about writes.
Instead of treating multi-key and single key writes differently, they
should be treated consistently to allow simpler and more consistent interactions
with the stored data. This also results in fewer cookies being sent
across the wire which is an added benefit.

Fixes #2182
2013-10-28 23:13:51 -04:00
mark_story
5a394c379a Merge branch 'master' into 2.5 2013-10-14 22:57:50 -04:00
euromark
1cb24ae537 CS fixes using phpcs-fixer auto-correction. 2013-10-12 01:27:00 +02:00
Jose Lorenzo Rodriguez
df549898ad Merge remote-tracking branch 'origin/2.5' into k-halaburda-master 2013-10-12 01:05:02 +02:00
Bryan Crowe
c1dd0e4393 Changed url to URL where appropriate 2013-10-07 23:17:58 -04:00
mark_story
60b0893c79 Merge branch 'master' into 2.5 2013-10-06 23:49:32 -03:00
euromark
eb98770304 Remove leftover of pageTitle. 2013-10-04 00:35:56 +02:00
mark_story
530731ec5d More gracefully handle invalid data in Accept headers.
Some browsers have invalid accept headers, we should ignore the invalid
extension data as assuming it will be a qualifier can result in
incorrect results.

Fixes #4105
2013-10-02 11:29:04 -04:00
mark_story
314ae1c8b4 Merge branch 'master' of github.com:cakephp/cakephp 2013-10-01 15:12:34 -04:00
Simon Males
c998888fe7 Do not assume CONTENT_TYPE is available.
In some server environments notably the CLI server, _SERVER['CONTENT_TYPE'] is not available.
In these cases, fall back to the HTTP_CONTENT_TYPE header.

Refs #GH-1661
2013-10-01 15:10:33 -04:00
Frank de Graaf
ceb78fee9c Merge pull request #1671 from ADmad/bugfix/auth-infinite-redirect
Fixed infinite redirects when authenticated user tried to access login p...
2013-09-27 12:13:36 -07:00
ADmad
4dbf9107a8 Fixed infinite redirects for authenticated users accessing login page. 2013-09-27 22:33:07 +05:30
Bryan Crowe
ab4bc16463 Updated Controller:: doc block and ControllerMergeVarsTest:: 2013-09-25 22:53:23 -04:00
Bryan Crowe
915b51b239 Updated JavaScript casing and JsHelper references in doc blocks 2013-09-25 22:46:38 -04:00
Bryan Crowe
9a1170cd2b Replaced true asserations with instanceOf asserations in test cases 2013-09-24 22:10:36 -04:00
Bryan Crowe
7d7954ce18 Replaced all is_a() calls with instanceof operator 2013-09-24 21:08:06 -04:00
euromark
17bd465cae simplify tests 2013-09-19 00:17:21 +02:00
euromark
382f75dbfc cs corrections, bool to boolean and int to integer. 2013-09-17 14:44:34 +02:00
euromark
a796b26f13 fix renderLayout and update deprecated and outdated code 2013-09-13 00:09:31 +02:00
ADmad
1d0c785725 Fixed setting of order in Paginator options when using model's order. Refs f680c76, #3902 2013-09-10 22:47:31 +05:30
mark_story
53d265cfba Merge branch 'master' into 2.4 2013-08-23 12:56:43 -04:00
euromark
036954b52d remove duplicate newlines according to CS 2013-08-20 20:27:06 +02:00
Jose Lorenzo Rodriguez
9d07fc4330 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/ShellDispatcher.php
	lib/Cake/Utility/CakeNumber.php
	lib/Cake/View/Elements/sql_dump.ctp
2013-08-11 23:31:10 +02:00
mark_story
9efad54e31 Fix missing expiry times on cookies.
When writing multiple cookies in a single request with the default
expiry time, cookies after the first should continue to have the default
expiry time used.

Fixes #3965
2013-08-06 22:01:13 -04:00
ADmad
38b050a711 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Command/ConsoleShell.php
2013-08-04 19:26:55 +05:30
Christian Winther
227f9aaa88 Merge pull request #1440 from Phally/master-postgres-fails
Adds order to the test models to make the results more predictable.
2013-08-01 02:38:33 -07:00
Marc Würth
1cac1846a3 Added missing calls to setUp & tearDown in tests 2013-07-29 01:52:39 +02:00
Phally
933013f808 Test case to prove base urls are stripped.
Refs #3938, #3916.
2013-07-26 19:57:12 +02:00
Phally
6b41eaa950 Merge branch 'master' into 2.4 2013-07-26 19:44:11 +02:00
Phally
f7eab23a5c Strips the base off the generated URL from the AuthComponent.
Fixes #3922.
2013-07-26 15:18:28 +02:00
Phally
db1876d837 Adds order to the test models to make the results more predictable.
Even though there was some code in place to prevent results in random
order from PostgreSQL we were still experiencing this with Jenkins
and Travis.

This commit removes the old code that handled this. From now on this
will be handled differently. Every test model will order by its
primary key. You can disable this by changing the order property
of the model to `null`: `$testModel->order = null`.
2013-07-19 22:31:09 +02:00
mark_story
e03d3df0fe Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/View/HelperTest.php
	lib/Cake/VERSION.txt
2013-07-17 22:40:09 -04:00
mark_story
b873186468 Fix being unable to sort on custom synthetic columns.
If a sort field whitelist is used we should trust its data and also
trust that the developer wanted what they asked for. This solves issues
where it was impossible to sort on synthetic columns added in custom
find types.

Fixes #3919
2013-07-16 10:19:18 -04:00
Majna
1ce9fc537f Pages controller should render 404 on missing view file 2013-07-13 17:41:16 +02:00
ADmad
4ded269549 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php
	lib/Cake/VERSION.txt
2013-07-07 12:22:12 +05:30
euromark
ba02678693 doc block corrections 2013-07-05 16:17:23 +02:00
euromark
e7f380d2b7 doublespace to single space 2013-07-05 14:36:40 +02:00
mark_story
22a198a8ba Merge branch 'master' into 2.4 2013-07-04 21:40:51 -04:00
euromark
a620fbbbb8 fix cs 2013-07-04 13:30:08 +02:00
euromark
f680c763b2 ticket-3902 - paginator and display of order via model default order 2013-07-04 13:07:14 +02:00
Mark Story
94db8fbed6 Merge pull request #1380 from ceeram/2.4-ext
Set extension with multiple accept based on order in parseExtensions.
2013-06-30 19:42:50 -07:00
mark_story
f09693f6e8 Merge branch 'master' into 2.4 2013-06-29 23:26:26 -04:00
mark_story
1d18a4f702 Fix issue where redirectURLs were not generated correctly.
When the first path segment matches the base path an incorrect URL was
generated. Trimming slashes off makes Router normalize the URL correctly
as the leading / implies that the base is already prepended.

Fixes #3897
2013-06-29 23:26:13 -04:00
Ceeram
6a0185d7e6 Set extension with multiple accept based on order in parseExtensions, currently with multiple accepted types, no extension is set at all 2013-06-27 14:34:00 +02:00
Marc Würth
2609016dfe Changed http links to lighthouse, groups.google and github to https
Because they get redirected anyway and we should follow good practices.
Also in many cases similar URLs were already using https
2013-06-25 22:58:30 +02:00
Rachman Chavik
0d486bdab4 AuthComponent: Allow suppressing authError message
When unauthenticated users accesses protected areas, they are greeted
with the default 'You are not allowed to access that location' which is
not desired in some cases.

This patch allows applications to suppress this message by setting
AuthComponent::authError to false bypassing the call to
SessionComponent::setFlash() altogether.

Refs: https://github.com/croogo/croogo/pull/175#discussion_r4714240
2013-06-17 09:33:59 +07:00
ADmad
12da3b1f27 Merge branch 'master' into 2.4 2013-06-16 13:07:44 +05:30
Rik van der Heijden
e7d2892e81 Fixed unit-test locales 2013-06-11 20:18:40 +02:00
mark_story
cd3c54bb9d Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-06-10 22:12:10 -04:00
euromark
6ed85f2d5d doc block 2013-06-10 15:10:32 +02:00
euromark
4518624187 more whitespace coding standard corrections 2013-06-09 17:39:48 +02:00
euromark
a6f065e7a2 coding standards whitespace and single quote 2013-06-09 17:20:08 +02:00
ADmad
636cc8c103 Merge branch 'master' into 2.4 2013-06-09 18:08:32 +05:30
euromark
394bf1054d remove name attribute where not necessary, clean up doc blocks 2013-06-08 04:29:08 +02:00