Commit graph

19513 commits

Author SHA1 Message Date
mark_story
51206d7358 Update version number to 2.10.6 2017-12-18 21:15:48 -05:00
Mark Story
3bf93b7f76
Merge pull request #11526 from cakephp/post-conditions
Make postConditions() less permissive.
2017-12-15 14:36:38 -05:00
mark_story
340059be15 Check model names for bad characters as well. 2017-12-13 00:01:09 -05:00
mark_story
a9618f67f7 Use a permitted list instead of a ban list.
This should be safer as we are more confident on what is coming in.
2017-12-13 00:01:05 -05:00
Mark Sch
bdaff46627
Merge pull request #11534 from tenkoma/patch-2
[2.x] Fix Phpdoc for CakeObject::log()
2017-12-12 12:29:38 +01:00
Koji Tanaka
fba7f1c617
Fix Phpdoc for CakeObject::log() 2017-12-12 20:00:21 +09:00
mark_story
f66dec8a96 Make postConditions() less permissive.
We were notified by `ooooooo_q` that postConditions() is vulnerable to
SQL injection if used without SecurityComponent tampering prevention.

This change attempts to make postConditions() safer by exploding in
unsafe scenarios.
2017-12-10 21:44:47 -05:00
Mark Story
13011f3ecd
Merge pull request #11504 from chinpei215/2.x-fix-non-local-referer
[2.x] Fix CakeRequest::referer(true) returning scheme-relative URLs
2017-12-04 19:22:10 -05:00
chinpei215
6ad30946d8 Fix CS 2017-12-04 23:31:32 +09:00
chinpei215
9f65402d2c Fix CakeRequest::referer(true) returning scheme-relative URLs
Backport of #11503 (and #8795)
2017-12-04 21:18:27 +09:00
Mark Story
7fbeea4fa8
Merge pull request #11479 from cakephp/2.x-depr
Clarify migration path to 3.x
2017-11-29 14:27:05 -05:00
dereuromark
eaf7454628 Clarify migration path to 3.x 2017-11-29 19:57:01 +01:00
Mark Story
abec95d3ea
Merge pull request #11469 from db-bogdan/issue11468
fixes #11468 sending user data on basic auth in API environment
2017-11-28 21:52:59 -05:00
Mark Story
979eaeef5f
Merge pull request #11472 from chinpei215/2.x-order-expression
[2.x] Fix 'order' not working with a single expressions
2017-11-28 14:59:07 -05:00
chinpei215
4ae9f13dfd Fix 'order' not working with a single expressions 2017-11-29 00:17:57 +09:00
db-bogdan
e824346cca extra fix 2017-11-28 11:43:55 +02:00
db-bogdan
94e06dfeb3 add unit test 2017-11-28 11:31:46 +02:00
db-bogdan
5695fef46f fixes #11468 2017-11-27 11:59:34 +02:00
Mark Story
668e7473b9
Merge pull request #11456 from tersmitten/cakephp-2x-3x-sessiontime-inconsistent
Add option to make `_validAgentAndTime` 3.x compatible
2017-11-26 21:54:50 -05:00
Mischa ter Smitten
d7b9e55e98 Fix indent 2017-11-23 14:12:13 +01:00
Mischa ter Smitten
c437efd2a5 Improved documentation 2017-11-23 10:13:42 +01:00
Mischa ter Smitten
05954ff405 Consistency changes 2017-11-23 10:09:25 +01:00
Mischa ter Smitten
4faac8e09a Improved readability 2017-11-23 10:06:14 +01:00
Mischa ter Smitten
bc1678cf2a Add option to make _validAgentAndTime 3.x compatible 2017-11-23 10:02:38 +01:00
Mark Story
6343219d9b
Merge pull request #11450 from bancer/issue-11448-missing-test-headers
Fixed missing header in test.php
2017-11-21 11:08:35 -05:00
Val Bancer
a2cc9843e4
added missing ob_end_flush() call 2017-11-21 15:20:14 +01:00
Val Bancer
9a69363858
Merge pull request #4 from cakephp/2.x
2.x sync
2017-11-21 15:17:07 +01:00
mark_story
10fcd7633d Update version number to 2.10.5 2017-11-20 21:09:55 -05:00
mark_story
f788c90b3c Fix typo 2017-11-05 22:34:47 -05:00
Mark Story
b175270f62
Merge pull request #11404 from ynaderi/2.x
- DigestAuthenticate modification for cakephp 2.X
2017-11-05 22:34:17 -05:00
Yaser Naderi
26a683f36f - DigestAuthenticate modification for cakephp 2.X 2017-11-03 14:53:54 -04:00
Marc Würth
24e4acf9a3
Merge pull request #11397 from cakephp/2.x-allow-php72-failures
Allow the Travis builds on PHP 7.2 to fail
2017-11-02 01:40:40 +01:00
Marc Würth
5524768ea4
Allow the other PHP 7.2 job to fail 2017-11-02 01:18:00 +01:00
Marc Würth
c625269a60
Allow the Travis build on PHP 7.2 to fail 2017-11-02 01:11:58 +01:00
Marc Würth
0cb55916a8
Merge pull request #11347 from josephzidell/patch-1
Test against PHP 7.2
2017-11-01 16:42:53 +01:00
Mark Story
65373736a3 Merge pull request #11371 from Milanzor/2.x
Force email domain lookups to work in fallback case.
2017-10-25 18:34:33 -04:00
Milan van As
7de5ae4438 Force email domain lookups to work in fallback case. 2017-10-25 08:45:57 +02:00
Mark Story
509cd6f7c2 Merge pull request #11353 from saeideng/patch-1
2.x replace tab with space
2017-10-21 19:26:56 -04:00
saeideng
b59b64db29 replace tab with space 2017-10-21 22:44:15 +03:30
Joseph Zidell
46296db373 Test against PHP 7.2
Install `mcrypt` from PECL
2017-10-20 12:43:47 -04:00
mark_story
549c181926 Update version number to 2.10.4 2017-10-18 21:54:49 -04:00
Mark Story
79fd4eb4e7 Merge pull request #11332 from chinpei215/2.x-cookie-component-3
[2.x] Fix CookieComponent::delete() not working for deep children
2017-10-16 21:28:10 -04:00
chinpei215
19bbb7da17 Simplify CookieComponent::read()
Also, this commit fixes an issue of when the second level key is empty.
Previously, read('foo.0') returned incorrect result.
2017-10-16 21:01:19 +09:00
chinpei215
bbea91090d Fix CookieComponent::delete() not working for deep children 2017-10-16 20:55:00 +09:00
mark_story
e85f489c1f Add test for #11284 2017-10-13 21:55:56 -04:00
Mark Story
d3a4ce1216 Merge pull request #11284 from kolorafa/patch-1
msSQL - also handle offset as string
2017-10-13 21:55:21 -04:00
Mark Story
fb44035177 Merge pull request #11299 from tenkoma/2.x-fix-cc-number-jcb-pattern
[2.x]Fix Credit card number pattern(JCB) is wrong
2017-10-08 10:09:19 -04:00
Koji Tanaka
7d2d902b57 [2.x]Fix Credit card number pattern(JCB) is wrong 2017-10-08 16:15:10 +09:00
Mark Story
e889535e41 Merge pull request #11288 from mensler/session-without-cookies-2.x
Check for session.use_trans_sid and session ID in URL when cookies are disabled (2.x)
2017-10-07 12:17:30 -04:00
Clemens Weiß
61eddc6bde Fixed formatting 2017-10-07 11:11:45 +02:00