Commit graph

721 commits

Author SHA1 Message Date
mark_story
1926d40d40 Fix possibility for spoofed files to pass validation.
Use `is_uploaded_file` to prevent crafty requests that contain bogus
files from getting through. A testing stub class was necessary to avoid
making significant changes to the test suite.
2016-03-28 22:10:36 -04:00
mark_story
7df99fff1f Backport Security::randomBytes() to 2.x
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.

I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.

Refs #8282
2016-02-22 00:14:44 -05:00
mark_story
e4b939bba0 Backport fix for Validation::uploadedFile to 2.x
Don't fail validation when the keys are not the expected order.

Refs #8201
2016-02-08 22:37:25 -05:00
mark_story
b5e64bbad5 Merge branch '2.7' into 2.8 2015-12-24 16:20:27 -05:00
mark_story
7d052bdbc1 Backport 5714cf14a9ca4b439b872aaf3ad6e5bfddda46ad to 2.x
Fix file:// paths being mishandled on windows.

While I don't think its feasible to fix all the cases reported in #7275
as certain paths have different meaning in windows, we can fix file://
not working.

Refs #7275
2015-12-24 16:19:57 -05:00
mark_story
37fe25909f Merge branch '2.7' into 2.8 2015-12-20 21:59:43 -05:00
Yasushi Ichikawa
5b098af240 remove extract function in the Validation::comparison 2015-11-29 22:42:55 +09:00
mark_story
48450e71fa Merge branch '2.7' into 2.8 2015-11-11 22:53:45 -05:00
Jose Lorenzo Rodriguez
18544c5aaa Fix validation allowing arrays.
Accepting arrays can cause a number of adverse effects. While this may
be a breaking change the alternatives are worse.
2015-11-04 21:35:05 -05:00
mark_story
bc977544c5 Use a more stable timezone.
Regina does not observe DST meaning this test won't fail twice a year.
2015-10-26 22:28:00 -04:00
vanquang9387
0cdfed0aee Add more test on UploadedFileSize validation 2015-10-20 09:00:32 +07:00
vanquang9387
af8c992655 2.x uploadedFile validation (backported from #4524) 2015-10-19 15:15:28 +07:00
mark_story
a6a699b4b9 Merge branch '2.7' into 2.8 2015-09-28 21:17:45 -04:00
mark_story
13f147940f Correct inflection of virus.
Instead of viri, it should be viruses.

Refs #7466
2015-09-28 21:04:23 -04:00
mark_story
8a57d78dba Merge branch '2.7' into 2.8 2015-09-27 11:12:55 -04:00
Marc Würth
1ede742d92 Various improvements to the CakePHP test files
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
mark_story
9b910dff31 Merge branch '2.8-hash-sort-ignore-case' into 2.8
Refs #7217
2015-08-25 21:46:08 -04:00
mark_story
a9ef1f8aea Simplify branching and add default options.
Use fewer conditionals by merging defaults and avoid exceptions
by setting defaults as well.

Refs #7217
2015-08-25 21:39:02 -04:00
Jose Lorenzo Rodriguez
3c7f022fa8 Merge branch '2.7-tz-abbr' of https://github.com/rchavik/cakephp into rchavik-2.7-tz-abbr 2015-08-21 10:56:48 +02:00
Rachman Chavik
e6acacac03 CakeTime::listTimezones(): Add option to Display timezone abbreviations
Useful for countries that do not have many of its cities, even major ones,
listed. For eg: Indonesia, only have 4 cities listed.

For backward compatibility, abbreviations will not be shown.

Note: You might need to update timezonedb for PHP 5.3

Closes #7271
2015-08-21 10:54:33 +07:00
Adrian Gunawan
2eafcc0f72 Use array() instead of the short notation [] 2015-08-14 14:55:44 +10:00
Adrian Gunawan
bf6574c3b2 Use array() instead of the short notation [] 2015-08-14 14:26:01 +10:00
Adrian Gunawan
b89d8d5efa Use array() instead of the short notation [] 2015-08-14 14:15:00 +10:00
Adrian Gunawan
f23e6589d0 Overload $type parameter instead of adding another parameter for case insensitive sort 2015-08-13 11:16:32 +10:00
Adrian Gunawan
a217556c13 Ability for Hash::sort to sort case-insensitively 2015-08-12 14:35:11 +10:00
Marc Würth
f3e590acfb Annotate test coverage 2015-08-11 16:36:09 +02:00
mark_story
b7c9ac913d Backport fixes for comparison() and range() to 2.x
These fixes were released as a security update for 3.x, they also belong
in 2.x
2015-08-06 21:36:39 -04:00
José Lorenzo Rodríguez
355eb1859c Merge pull request #7106 from cakephp/issue-7098
Consistently remove plugin names in object collections.
2015-07-28 15:58:41 +02:00
Mark Scherer
a239324a0d use constant PHP_SAPI 2015-07-26 15:35:03 +02:00
Mark Story
de4b44a37b Merge pull request #7077 from dereuromark/2.7-static
Replacing self with static due to PHP5.3+. Following #7040.
2015-07-23 22:27:37 -04:00
mark_story
418dcfd7f8 Consistently remove plugin names in object collections.
We were sometimes removing plugin prefixes (set, and some subclass
methods). But many other methods were missing the pluginSplit() feature.
This change makes all of the methods in ObjectCollection strip plugin
prefixes, which increases consistency across the framework.

Refs #7098
2015-07-23 21:46:21 -04:00
mark_story
e4b2428735 Fix PHPCS errors. 2015-07-21 16:28:17 -04:00
Mark Scherer
52e79987a2 Replacing self with static due to PHP5.3+. Following #7040. 2015-07-21 10:22:53 +02:00
mark_story
bd23fdeebf Simplify code and reduce test redundancy.
We don't need the additional parameter, and some of the tests weren't
covering unique scenarios.

Refs #7040
2015-07-20 22:16:50 -04:00
Chris Valliere
7b2d7ad748 Test Case for Hash::maxDimensions
Added test case for Hash::maxDimensions using the example array in pull request #7040.
2015-07-20 22:07:58 -04:00
Mark Scherer
2eea245491 Backport utf fix for CakeText::tokenize(). 2015-07-13 08:23:05 +02:00
mark_story
47378427e3 Merge branch '2.6' into 2.7 2015-07-11 21:25:26 -04:00
Marc Würth
4a131bdcbf Capitalize Windows, the OS 2015-07-09 15:54:03 +02:00
mark_story
59a18e7709 Merge branch '2.6' into 2.7 2015-07-07 22:05:56 -04:00
mark_story
4102961cb5 Add tests for #6879
I wasn't able to reproduce the issue the reporter had, but we have more
robust tests now.
2015-07-06 22:43:52 -04:00
mark_story
26b3713bd6 Merge branch '2.7' of github.com:cakephp/cakephp into 2.7 2015-06-20 10:03:24 -04:00
mark_story
664ba53c89 Merge branch '2.6' into 2.7 2015-06-20 10:03:14 -04:00
Mark Story
65b64e0348 Merge pull request #6816 from cakephp/2.6-fix-validation-multiple
Fix Validation::multiple() regarding 0 value.
2015-06-15 12:20:13 -04:00
mark_story
97be9b9696 Fix PHPCS errors. 2015-06-15 12:19:20 -04:00
Mark Scherer
86c358f3f9 Fix Validation::multiple() regarding 0 value. 2015-06-15 16:35:27 +02:00
Mark Story
32fe09835b Merge pull request #6809 from ravage84/2.7-code-coverage
Explicit definition of the code coverage
2015-06-15 10:13:12 -04:00
mark_story
947262e754 Fix PHPCS errors. 2015-06-14 21:56:48 -04:00
Marc Würth
f3099fefdf Define code coverage explicitly 2015-06-15 00:56:09 +02:00
mark_story
c47196fe08 Merge branch '2.6' into 2.7 2015-06-07 15:45:26 -04:00
mark_story
0e6fcc02b8 Add/correct some tests for humanize.
The arguments for assertEquals() were backwards. While there are many
more flipped assertions I will change the others separately.
2015-06-05 10:31:29 -04:00
mark_story
239c83938f Fix regression in camelize().
The input should not be lowercased before camelizing, as this can cause
inputs that were previously camelized to create incorrect results.

Refs #6735
2015-06-05 10:20:51 -04:00
mark_story
df0f2295c3 Fix issue with overlapping irregular inflections.
When irregular inflections overlap we should choose the longest match,
not the shortest.

Refs #6659
2015-06-02 23:09:29 -04:00
mark_story
d7d8b90986 Merge branch '2.6' into 2.7 2015-05-28 19:34:59 -04:00
mark_story
65691836be Fix syntax errors in PHP <5.4 2015-05-28 17:39:52 -04:00
mark_story
995d8d22c6 Disable reading XML files and URLs when handling user data.
Allowing users to load arbitrary files/URLs with Xml is not desirable
when handing user input.
2015-05-27 09:45:53 -04:00
nojimage
c6e4208bda refs #6635 Inflector::underscore, humanize support multibyte string inputs 2015-05-26 13:29:05 +09:00
Marc Würth
508b9d1443 Rename test methods after notBlank change
Was a left-over from #6579
2015-05-19 15:13:28 +02:00
Mark Scherer
866242643f Deprecate notEmpty in favor of notBlank. 2015-05-17 22:13:04 +02:00
ndm2
323e8d8d76 Add underscore support for multi word irregulars.
Underscore separated words were not catched by the irregular regex,
tests however didn't fail as the default rules matched the tested words
too. The added test should ensure that this won't happen again.

Fixes the gap left by the previous #6538 fix.
2015-05-12 14:33:15 +02:00
mark_story
d4740c9c09 Fix incorrect handling of irregular values.
When inflecting irregular values, both plural and singular forms were
generated incorrectly.

Fixes #6538
2015-05-11 21:35:08 -04:00
mark_story
032c01d18c Add other key types to {*} test. 2015-05-01 22:41:41 -04:00
mark_story
5e9d4893a8 Add the {*} matcher to Hash::extract()
This matcher will match anything and is useful when you just want to
traverse through data and you're not too picky.

I've also refactored the conditions to use a case as it is slightly more
readable and uses fewer lines of code.

Refs #6447
2015-05-01 22:03:40 -04:00
mark_story
096a2ebb72 Merge branch '2.6' into 2.7
Conflicts:
	lib/Cake/Test/Case/TestSuite/ControllerTestCaseTest.php
	lib/Cake/VERSION.txt
2015-04-20 15:42:54 -04:00
mark_story
a6aefdd4d3 Fix null path in Hash::get() causing exceptions.
This was a regression introduced in 2.6.x

Refs #6297
2015-04-09 07:50:29 -04:00
Mark van Driel
4a7344ae80 Keep only test for null value as path 2015-04-09 07:49:35 -04:00
Mark van Driel
900fd3e7e5 Test to demonstrate issue with non-string paths in Hash::get 2015-04-09 07:47:25 -04:00
José Lorenzo Rodríguez
405e725767 Merge pull request #6238 from cakephp/issue-6224
Fix maxDimensions() for empty/1 dimensional arrays.
2015-04-01 09:26:50 +02:00
Justin Yost
f32d1c1362 Updates Inflector For Irregular Case Sieves
Sieves incorrectly singualrized as sief.
Adds sieve, sieves as an irregular case and test cases to
match for the Inflector class.
Closes Issue #6240 in CakePHP 2.6 Branch

Signed-off-by: Justin Yost <justin.yost@yostivanich.com>
2015-03-31 22:21:05 -07:00
mark_story
69971505a2 Fix maxDimensions() for empty/1 dimensional arrays.
maxDimensions() should not emit warnings or mis-calculate an array's
dimensions.

Fixes #6224
2015-03-31 22:21:15 -04:00
mark_story
0b916cedbb Merge branch 'master' into 2.7 2015-03-09 21:55:20 -04:00
Mark van Driel
ed5da19d10 Fixed return type of toQuarter in CakeTime and TimeHelper 2015-03-02 12:08:11 +01:00
mark_story
3078a1eb52 Merge branch 'master' into 2.7
Conflicts:
	lib/Cake/VERSION.txt
2015-01-16 22:22:26 -05:00
mark_story
d39c744c28 Fix PHPCS error. 2015-01-12 21:37:34 -05:00
mark_story
7b20884d43 Fix failing tests. 2015-01-12 21:36:28 -05:00
mark_story
ac9a212d44 Merge branch 'master' into 2.7
Conflicts:
	lib/Cake/Utility/String.php
2015-01-11 15:25:18 -05:00
mark_story
cd58fa0b61 Backport changes from #5635 to 2.x
In case the path passed to the File class doesn't exists, this will
cause File::$path to be set to a partial path, that is the filename
of the passed path with a slash prepended, ex with

    $file = new File('/non/existent/file');

calling $file->pwd() will return/set /file, possibly causing that
file in the root to be accessed.
2015-01-11 15:20:34 -05:00
euromark
389f745d16 Stop goofy formatting when newlines are present already. 2015-01-06 13:13:33 +01:00
euromark
63093e1d30 More String CakeText replacements and a BC class. 2015-01-05 00:55:23 +01:00
euromark
274b78e44c Rename test case. 2015-01-05 00:54:36 +01:00
mark_story
4d6611b328 Merge branch 'master' into 2.6
Conflicts:
	lib/Cake/VERSION.txt
2014-12-17 21:38:32 -05:00
mark_story
ac6d5cc70f Fix incorrect pluralization of Human.
Human should become humans, unlike other words ending in man.

Fixes #5370
2014-12-09 21:51:42 -05:00
euromark
e1c128bb99 Consolidate with conditions sniff. 2014-12-09 03:17:35 +01:00
mark_story
ad2d6edda9 Merge branch 'master' into 2.6 2014-12-06 21:28:59 -05:00
Guy Warner
fb61d9393b Add @trigger doc blocks of methods triggering CakeEvent 2014-11-30 14:45:40 -07:00
mark_story
579b16d90b Merge branch 'master' into 2.6 2014-10-30 21:20:53 -04:00
mark_story
d228d83b1e Relative paths should be created relative to pwd.
If create() is called with a relative directory and the path does not
exist, it should be created inside of the folder->pwd() and not inside
the process' cwd.

Refs #4990
2014-10-27 21:32:28 -04:00
Schlaefer
fd2dd58360 code formatting, fixes PHPCS errors 2014-10-01 11:25:24 +02:00
Schlaefer
b96eb1fb46 cleans up CakeTime::timeAgoInWords and adds option for custom futures string 2014-10-01 10:35:41 +02:00
mark_story
af43bc1706 Merge branch 'master' into 2.6 2014-09-25 22:39:51 -04:00
Yves
b70cb132fd Fix Hash::remove() removing data even if the path is not matched 2014-09-23 22:00:49 +02:00
mark_story
249dc5650b Merge branch 'relative-sprintf' into 2.6
Refs #4550
2014-09-22 20:56:33 -04:00
mstra001
d6abfcaf90 Update tests for strfime() in timeAgoInWords()
Add test asserts for testTimeAgoInWordsWithFormat with strftime format
2014-09-22 20:50:37 -04:00
ADmad
3fb252ad2f Merge branch 'master' into 2.6 2014-09-13 00:37:16 +05:30
Yves
90ad813b40 Fix Hash not returning correct value with special paths
When doing a Hash::insert() with a part of the path starting with a '0', Hash::get() returned null even if the same path was used.
2014-09-10 22:47:25 +02:00
euromark
e77f96d8b7 Use (int) cast instead of intval() function for performance reasons and to unify it. 2014-09-10 15:52:57 +02:00
mark_story
86bc7f1861 Add tests for #4521 and reformat code.
Add a regression test for #4521 as the original author didn't have one.
Reformat a long line since I was nearby already.

Closes #4521
2014-09-09 21:33:17 -04:00
mark_story
7c316bbc56 Merge branch 'master' into 2.6
Conflicts:
	lib/Cake/basics.php
2014-08-30 21:28:11 -04:00
mark_story
c26b381469 Make words ending in data uninflected.
Since both metadata and word ending in metadata have caused issues in
the past, uninflecting them seems like the best option. This will also
cover cases like ProfileData not being inflected to ProfileDatum which
seems like an improvement to me.

Fixes #4419
2014-08-30 20:27:37 -04:00
mark_story
4a805af5c6 Merge branch 'master' into 2.6 2014-08-23 09:20:19 +02:00
mark_story
0400a63004 Forward port fixes for #4294 from 1.3 to 2.x
CakeTime was broken in the same way as TimeHelper was in 1.x. Getting
1969 on invalid input can be very confusing and un-helpful.

Refs #4294
2014-08-20 00:25:01 +02:00