Commit graph

522 commits

Author SHA1 Message Date
mark_story
9d94487b23 Fix PHPCS
Refs MATES-9698
2016-11-04 09:31:05 -04:00
mark_story
6a201696dd Fix HttpSocket emitting errors when nameless cookies are encountered.
Refs #9698
2016-11-03 19:07:25 -04:00
mark_story
e8d63725d8 Merge branch '2.x' into 2.next 2016-09-04 23:54:22 -04:00
mark_story
bc73e928b6 Restore header() behavior inadvertantely removed.
In eaa2bbbcae I changed the behavior to
now use the TitleCased name as I didn't understand the intended behavior
or how apache was working in the reporter's specific case.

Refs #9229
2016-08-11 21:54:24 -04:00
Marc Würth
f2638b3e38 Remove superfluous "Class" from doc blocks 2016-08-10 12:22:09 +02:00
mark_story
61b3fbd605 Merge branch '2.x' into 2.next 2016-08-09 22:12:26 -04:00
mark_story
20a2af8c16 Fix casing issues with Authorization header.
We need to check the upper case versions of headers in $_SERVER.
Also fix lint issues.
2016-08-09 22:06:49 -04:00
Sebastien Barre
345375b6b6 add test 2016-08-07 23:08:55 -04:00
Juan I. Benavides
93db51cf10 Avoiding circular object reference in SmptTransport
This fixes a memory leak while sending multiple emails.

Fixes: #9198
2016-08-01 13:09:45 -05:00
mark_story
4e1b601ed8 Don't split strings headers that lack a ':'.
Refs #9106
2016-07-12 22:46:47 -04:00
mark_story
432eb9c432 Merge branch '2.x' into 2.next 2016-06-27 21:47:47 -04:00
mark_story
f28c21c7a7 Stop testing against SSL ciphers that emit warnings.
Testing that SSLv3 still works is causing test failures.
2016-06-27 21:47:37 -04:00
mark_story
12c6fd4e22 Merge branch '2.x' into 2.next 2016-05-02 21:58:41 -04:00
mark_story
af953700b8 Fix short array usage.
Refs FIVESMX-8723
2016-04-29 09:28:05 -04:00
mark_story
cf55767fa0 Backport range parsing resiliancy fixes from 3.x
Refs #8723
2016-04-28 22:27:37 -04:00
mark_story
f451efa511 Attempt to fix tests in 2.x
Relying on tv.eurosport.com having a bad peer name is pretty fragile.
However, we can more easily rely on their cert coming from a CA we no
longer trust.
2016-04-14 15:28:34 -04:00
mscherer
657b1a1029 Fix doc block param types. 2016-04-08 15:02:03 +02:00
mscherer
dda9e83ab6 Refactor Object to CakeObject for future PHP7 comp. 2016-04-08 14:33:26 +02:00
mark_story
48af49ddde Don't trust CLIENT_IP
The client_ip header can easily be forged. In 'safe' modes we should
only trust the remote_addr which comes from the sapi. Remove support for
http_clientaddress as I can't seem to find where this ever came from in
PHP on the http specs.
2016-03-10 22:04:13 -05:00
Mark Story
18b0334890 Merge pull request #8384 from garas/mailtransport-log-subject
Email log missing Subject and To headers when using MailTransport
2016-03-02 21:29:13 -05:00
mark_story
3ad68db5eb Tweak fix from #8359
This fixes a regression introduced in that change that we didn't
previously have tests for. The issue fixed in #8359 was related to
PHP7.0, whereas PHP5 didn't have an issue. Now both versions will work
the same.
2016-03-02 12:30:48 -05:00
Edgaras Janušauskas
2386a86adc Include Subject and To in email log when using MailTransport 2016-03-01 22:21:14 +02:00
mark_story
1a170e1eec Fix parsing empty header values.
Replace the complex and somewhat unfixable regexp based parser for
a parser that handles each line individually. Normalize multi-line
headers to replace multiple spaces with a single one. Section 4.2 of the
HTTP1.1 standard states

> Any LWS that occurs between field-content MAY be replaced with
> a single SP before interpreting the field value or forwarding the
> message downstream.

This makes me somewhat confident that we can safely normalize
multi-line HTTP header values.

Refs #8330
2016-02-24 22:25:58 -05:00
Chris Hallgren
bf22e84d65 CS fixes 2016-02-15 20:44:27 -06:00
Chris Hallgren
849abab6a4 Fixing test case 2016-02-15 19:34:05 -06:00
Chris Hallgren
0c183b9b8e Read content type in a more compatible way.
Not all webservers set CONTENT_TYPE. The built-in PHP webserver for
example sets HTTP_CONTENT_TYPE instead. Add a public method to the
request object to smooth over this difference.

Refs #6051, #8267
2016-02-15 19:31:24 -06:00
Marc Würth
b5655d63ff Remove lighthouse references 2016-02-10 12:27:34 +01:00
José Lorenzo Rodríguez
835fc9ce01 More CS fixes 2016-01-19 13:52:16 -04:30
José Lorenzo Rodríguez
2962b387d7 Fixed CS error 2016-01-19 11:17:06 -04:30
Jose Lorenzo Rodriguez
bd53ef01a6 Better method overriding emulation for GET 2016-01-18 20:34:32 -04:30
Richard van den Berg
2d178b7e10 PHPCS fixes 2015-12-15 19:58:11 +01:00
Richard van den Berg
e47b26aa6b Do not redefine TestHttpSocket 2015-12-15 16:58:12 +01:00
Richard van den Berg
077f157adf Test case for proxy authentication when request is HTTPS 2015-12-12 11:13:41 +01:00
Qing Wu
48dd778bd0 Fixed issue #7579 on the 2.7 branch 2015-12-02 10:24:16 +11:00
mark_story
3a4facbf8d Remove allowSelfSigned() method.
This method is no longer needed as the low level socket understands the
`ssl_*` options now.

Refs #7496
2015-10-12 21:58:55 -04:00
mark_story
cc3531d288 Move SSL context options into CakeSocket.
Having all the options consolidated in one places enables all the SSL
context options to be used in the SmtpTransport instead of just allowing
self_signed as proposed in #7496
2015-10-12 21:56:20 -04:00
Ian den Hartog
5dfb780970 Change names 2015-10-06 10:10:34 +02:00
Ian den Hartog
bb7e7850ae Add test for Self-signed certificates 2015-10-02 16:17:26 +02:00
Ian den Hartog
e2c303b2b9 Add support for Self Signed certificates with smtp 2015-10-01 23:02:43 +02:00
Marc Würth
1ede742d92 Various improvements to the CakePHP test files
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
Mark Scherer
97b6f8674c Fix CS 2015-09-21 13:45:18 +02:00
ndm2
8fe953548c Fix path traversal check for Windows based systems
On Windows based systems, both, backward as well as forward
slashes are supported as path separators, thus checking for `DS`
only, would allow to slip in `../` fragments.

refs #5905, cad57dcc28
2015-08-19 16:47:53 +02:00
mark_story
58ea40e32c Don't stop reading when only a '0' has been read.
Make tests simpler by using onConsecutiveCalls() instead of trying to
maintain mock method indexes.

Refs #7121
2015-07-27 22:40:27 -04:00
Mark Scherer
a239324a0d use constant PHP_SAPI 2015-07-26 15:35:03 +02:00
mark_story
ae2ea1ea6c Merge branch '2.6' into 2.7 2015-06-25 21:50:47 -04:00
Mark Scherer
fc57e43a5b Adjust tests. 2015-06-21 12:13:09 +02:00
mark_story
97be9b9696 Fix PHPCS errors. 2015-06-15 12:19:20 -04:00
mark_story
947262e754 Fix PHPCS errors. 2015-06-14 21:56:48 -04:00
mark_story
c47196fe08 Merge branch '2.6' into 2.7 2015-06-07 15:45:26 -04:00
mark_story
6d60e6a4db Backport 7eec48268ebb6a17656df4a059f9e7b43991472f to 2.x
Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.
2015-06-07 15:45:16 -04:00