adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 19:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
17263 commits 7 branches 0 tags 44 MiB
Commit graph

628 commits

Author SHA1 Message Date
mark_story
cdc67116c5 Handle query string arguments in digest auth data. 
Handle &, ? in digest auth data uri.

Refs #4908
 2014-10-17 23:12:41 -04:00
Bryan Crowe
e16bef1868 Fix missing 'r' from your 2014-10-08 15:06:30 -04:00
Mischa ter Smitten
a69e9bc63b Cs fixes 2014-09-18 10:50:35 +02:00
Joseph Sutton
faaba42aa7 Fixed type-casting for AuthComponent::login() 2014-09-14 11:15:08 -05:00
Joseph Sutton
87a58eeaea AuthComponent::login() returning deprecated method 
Changed $this->loggedIn() to $this->user(), as per the PHPDOC for loggedIn() at line 817
 2014-09-14 00:28:30 -05:00
euromark
04ef39217f Take care of more int casts. 2014-09-10 16:29:23 +02:00
euromark
e77f96d8b7 Use (int) cast instead of intval() function for performance reasons and to unify it. 2014-09-10 15:52:57 +02:00
Marc Würth
67ba9cb406 Update all @deprecated annotations 
to adhere to the @deprecated <version> <description> format, where version and description are mandatory.
 2014-09-02 17:03:22 +02:00
euromark
5f5218f3b2 Fix cookie reading. 2014-08-06 22:53:54 +02:00
Steve Tauber
0af698c591 Updating RequestHandlerComponent to accept body of HTTP Delete requests 2014-07-29 16:08:33 +02:00
David Steinsland
b61972871a Fixed sending of headers when ajaxLogin is set 2014-07-22 13:21:42 +02:00
mark_story
b3dfad614a Correct pattern matching. 
Instead of 10 digits, it should limit at 10 groups.

Refs 1988e89e73
 2014-07-06 09:42:20 -04:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
mark_story
1988e89e73 Add an upper bound to the POST data SecurityComponent will consider. 
'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
 2014-07-03 22:02:00 -04:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines. 
Remove superfluous empty lines.
 2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60 Whitelist more URL-y characters in digest parsing. 
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.

Refs #3779
 2014-06-23 14:39:35 -04:00
euromark
a927f5d954 remove wrong App::uses() call 2014-06-17 05:10:19 +02:00
Bryan Crowe
1db10b4dd1 Basic grammar update to BasicAuthenticate docblock 2014-06-16 21:48:35 -04:00
ADmad
4ee7cf6564 Remove lies from API docblock for BasicAuthenticate class. 
Add info on how to configure for cookieless/stateless operation without redirection.
 2014-06-08 14:05:08 +05:30
mark_story
07b43403fb Fix doc errors in Component/Acl. 2014-06-06 13:57:15 -04:00
mark_story
7058921275 Fix doc comment errors in Acl classes. 2014-06-05 00:15:45 -04:00
mark_story
975e4c3af0 Allow username of 0 in basic authentication. 
Refs #3624
 2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47 Add tests for #3624 
The username of '0' should be accepted by FormAuthenticate.

Refs #3624
 2014-06-02 21:58:50 -04:00
KeinBaum
88b3629f4f #3623: Allow username "0" with FormAuthenticate 2014-06-02 19:11:02 +02:00
ADmad
3d9b2b80cb More API docblock fixes. 2014-06-01 03:06:05 +05:30
mark_story
b2207c1ca8 Reverse conditions to make the cheapest condition first. 
We don't need to do a count() if the page is not 1.

Refs #3333
 2014-05-12 22:09:27 -04:00
Toby Cox
823f01601d enhancement to paginator 
As pointed out, we need to make sure that we are also on the first page
to make this conditional clause valid
 2014-05-12 21:49:08 -04:00
Toby Cox
296ea215b1 Enhancement to paginator 
No point in finding the count (via model) if the returned result count
is less than our limit. We then know that the count is the count of our
results
 2014-05-12 21:49:07 -04:00
mark_story
89cd114e6f Merge branch 'master' into 2.5 2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d Merge pull request #3448 from dereuromark/master-controller 
Controller::referer() and local URL
 2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1 Allowing same Authenticate object to be setup with different settings. 2014-05-06 22:10:41 +02:00
ADmad
d466e00644 Merge branch 'master' into 2.5 
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
	lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
	lib/Cake/Utility/Folder.php
	lib/Cake/VERSION.txt
 2014-05-04 14:35:36 +05:30
euromark
7a287a6942 More coding standard corrections. 2014-04-29 14:19:33 +02:00
euromark
43d359b1d7 Make referer() behave as expected. 2014-04-28 17:23:26 +02:00
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes. 
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
 2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d Updated documentation 
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
 2014-04-11 15:10:56 -04:00
euromark
a7744e6ff4 a few more corrections 2014-04-08 01:49:33 +02:00
euromark
0ece694a75 microptimize options and default merge and other string key array merges 2014-04-08 01:25:14 +02:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5 
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
 2014-04-06 21:50:41 +02:00
euromark
823909603a correct deprecation notices 2014-04-04 19:18:02 +02:00
mark_story
f9b45f1b60 Merge branch 'master' into 2.5 2014-03-30 21:24:55 -04:00
sam-at-github
5ceb4abe1a Removed arbitrary restriction on crud operations. Added some comments to explain parameters to mapActions() better. 2014-03-28 13:35:08 +11:00
mark_story
381b3fc9c3 Merge branch 'master' into 2.5 2014-03-25 21:30:56 -04:00
mark_story
de9a5a5845 Add deprecated flag to methods that are removed in 3.0. 
A few methods in Controller were not marked as deprecated, but already
removed in 3.0. Shore up that difference.

Refs #3105
 2014-03-23 20:40:17 -04:00
ADmad
abacf0d14b Remove setting of Controller::$ext by RequestHandler. 
Closes #3022
 2014-03-16 20:09:08 +05:30
Mark
3ca338fe26 Merge pull request #2781 from davidsteinsland/2.5 
Fixed HTTP Status code when ajaxLogin is set
 2014-03-06 12:37:51 +01:00
mark_story
0f584c0e8b Merge branch 'master' into 2.5 2014-02-24 21:19:17 -05:00
Sam
62cb733988 One liner. Dont call function parseAccept() twice in RequestHandlerComponent. 2014-02-21 00:54:10 +11:00