Commit graph

153 commits

Author SHA1 Message Date
chinpei215
9f65402d2c Fix CakeRequest::referer(true) returning scheme-relative URLs
Backport of #11503 (and #8795)
2017-12-04 21:18:27 +09:00
Marc Würth
da8414e13b Use HTTPS for the opensource.org MIT license URL 2017-06-11 00:23:22 +02:00
Marc Würth
10b89b51a9 Use HTTPS for the cakefoundation.org URL 2017-06-11 00:10:59 +02:00
Marc Würth
17314baa15 Use HTTPS for the cakephp.org URL 2017-06-10 23:40:28 +02:00
mark_story
304117d228 Fix query string parsing on requestAction()
This also fixes a long standing oddity around string URLs that include
a query string where the query string data would be duplicated.

Refs #9962
2017-01-04 22:34:19 -05:00
mark_story
bc73e928b6 Restore header() behavior inadvertantely removed.
In eaa2bbbcae I changed the behavior to
now use the TitleCased name as I didn't understand the intended behavior
or how apache was working in the reporter's specific case.

Refs #9229
2016-08-11 21:54:24 -04:00
Marc Würth
f2638b3e38 Remove superfluous "Class" from doc blocks 2016-08-10 12:22:09 +02:00
mark_story
20a2af8c16 Fix casing issues with Authorization header.
We need to check the upper case versions of headers in $_SERVER.
Also fix lint issues.
2016-08-09 22:06:49 -04:00
Sebastien Barre
345375b6b6 add test 2016-08-07 23:08:55 -04:00
mark_story
48af49ddde Don't trust CLIENT_IP
The client_ip header can easily be forged. In 'safe' modes we should
only trust the remote_addr which comes from the sapi. Remove support for
http_clientaddress as I can't seem to find where this ever came from in
PHP on the http specs.
2016-03-10 22:04:13 -05:00
mark_story
3ad68db5eb Tweak fix from #8359
This fixes a regression introduced in that change that we didn't
previously have tests for. The issue fixed in #8359 was related to
PHP7.0, whereas PHP5 didn't have an issue. Now both versions will work
the same.
2016-03-02 12:30:48 -05:00
Chris Hallgren
bf22e84d65 CS fixes 2016-02-15 20:44:27 -06:00
Chris Hallgren
849abab6a4 Fixing test case 2016-02-15 19:34:05 -06:00
Chris Hallgren
0c183b9b8e Read content type in a more compatible way.
Not all webservers set CONTENT_TYPE. The built-in PHP webserver for
example sets HTTP_CONTENT_TYPE instead. Add a public method to the
request object to smooth over this difference.

Refs #6051, #8267
2016-02-15 19:31:24 -06:00
Marc Würth
b5655d63ff Remove lighthouse references 2016-02-10 12:27:34 +01:00
José Lorenzo Rodríguez
835fc9ce01 More CS fixes 2016-01-19 13:52:16 -04:30
José Lorenzo Rodríguez
2962b387d7 Fixed CS error 2016-01-19 11:17:06 -04:30
Jose Lorenzo Rodriguez
bd53ef01a6 Better method overriding emulation for GET 2016-01-18 20:34:32 -04:30
Marc Würth
1ede742d92 Various improvements to the CakePHP test files
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
mark_story
947262e754 Fix PHPCS errors. 2015-06-14 21:56:48 -04:00
mark_story
c47196fe08 Merge branch '2.6' into 2.7 2015-06-07 15:45:26 -04:00
mark_story
6d60e6a4db Backport 7eec48268ebb6a17656df4a059f9e7b43991472f to 2.x
Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.
2015-06-07 15:45:16 -04:00
mark_story
096a2ebb72 Merge branch '2.6' into 2.7
Conflicts:
	lib/Cake/Test/Case/TestSuite/ControllerTestCaseTest.php
	lib/Cake/VERSION.txt
2015-04-20 15:42:54 -04:00
mark_story
f55111bdc1 Allow empty headers to be read.
Allow headers with '' and '0' as their values to be read.

Fixes #6299
2015-04-08 16:33:28 -04:00
Florian Krämer
43f7fcc735 Adding a few more ways to detect HTTP headers, extensions and the accept header. 2014-11-27 01:00:44 +01:00
Florian Krämer
4ff07b745a Adding a test for the new json and xml detectors that were added to the CakeRequest class. 2014-11-22 17:30:53 +01:00
Florian Krämer
24c4cab4f3 phpcs fix in Cake/Test/Case/Network/CakeRequestTest.php 2014-11-20 22:50:12 +01:00
Florian Krämer
728764c543 Adding a test for the refactored CakeRequest code. 2014-11-20 21:14:17 +01:00
ADmad
9e21d048ce Merge branch 'master' into 2.6
Conflicts:
	lib/Cake/VERSION.txt
2014-07-27 12:29:39 +05:30
Rachman Chavik
aad89444d1 Fix: Blackholed request when POSTing to a URL with space
Eg:

Actual Posted URL:
    /admin/settings/settings/prefix/Access%20Control
$_GET value:
    /admin/settings/settings/prefix/Access_Control

Since $unsetUrl differs, the $_GET value will get copied in to
CakeRequest::$query, causing CakeRequest::here() to return:

    /admin/settings/settings/prefix/Access%20Control?%2Fadmin%2Fsettings%2Fsettings%2Fprefix%2FAccess_Control=

This confuses SecurityComponent in the following line:

    f23d811ff5/lib/Cake/Controller/Component/SecurityComponent.php (L514)
2014-07-24 16:25:03 +07:00
mark_story
2bcd817367 Merge branch 'master' into 2.6 2014-07-03 11:13:06 -04:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
Derek Perkins
b1a3ab9e64 Added unit test for CakeRequest::setInput
Don't use mocks as the tests weren't really testing anything when mocks
were involved.

Refs #3764
2014-06-29 22:55:38 -04:00
dogmatic69
59fe581912 adding doc block for tests related to CakeRequest::param() 2014-05-28 22:28:44 +01:00
dogmatic69
bcdc530391 adding support to write values to param like can be done with data(), method returns $this as does ->data() when writing 2014-05-25 00:52:30 +01:00
dogmatic69
9dca564519 make the default return false so it matches previous use, improve tests for new method 2014-05-25 00:46:40 +01:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
ADmad
bea30e62cb Renamed CakeRequest::onlyAllow() to CakeRequest::allowMethod().
Existing name is unintuitive and it's not easily apparent what
the method does. Closes #2803
2014-02-10 17:38:55 +05:30
ADmad
c093804b35 Merge branch 'master' into 2.5 2014-01-26 17:39:50 +05:30
Ber Clausen
5b4121f643 Update tests. 2014-01-21 16:56:37 -03:00
mark_story
99e4dbd827 Merge branch 'master' into 2.5 2013-12-23 11:58:07 -05:00
mark_story
70530135d6 Don't use FORWARDED_HOST when getting referer values.
HTTP_X_FORWARDED_HOST is supposed to be used by proxies to indicate the
original HTTP_HOST value. It has nothing to do with referer values.

Since the HTTP_X_FORWARDED_HOST is intended to replace the HOST header
in proxied setups, add a trustProxy parameter to host() and default it
to false. This maintains existing behavior and allows people to access
the proxied value.

Fixes #2537
2013-12-23 11:32:14 -05:00
ADmad
dda6080579 Merge branch 'master' into 2.5 2013-11-19 00:27:12 +05:30
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
Jose Lorenzo Rodriguez
df549898ad Merge remote-tracking branch 'origin/2.5' into k-halaburda-master 2013-10-12 01:05:02 +02:00
Bryan Crowe
c1dd0e4393 Changed url to URL where appropriate 2013-10-07 23:17:58 -04:00
mark_story
60b0893c79 Merge branch 'master' into 2.5 2013-10-06 23:49:32 -03:00
Renan Gonçalves
4f3b3737a5 Fixing CS errors. 2013-10-03 14:09:24 +02:00
mark_story
530731ec5d More gracefully handle invalid data in Accept headers.
Some browsers have invalid accept headers, we should ignore the invalid
extension data as assuming it will be a qualifier can result in
incorrect results.

Fixes #4105
2013-10-02 11:29:04 -04:00