By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.
Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
This fixes the regression caused in 2096d3f632. When catching exception
thrown by PaginatorComponent::paginate() in controller, developer again
has access to paging info in request object.
Closes#2402
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
Instead of treating multi-key and single key writes differently, they
should be treated consistently to allow simpler and more consistent interactions
with the stored data. This also results in fewer cookies being sent
across the wire which is an added benefit.
Fixes#2182
In some server environments notably the CLI server, _SERVER['CONTENT_TYPE'] is not available.
In these cases, fall back to the HTTP_CONTENT_TYPE header.
Refs #GH-1661
When writing multiple cookies in a single request with the default
expiry time, cookies after the first should continue to have the default
expiry time used.
Fixes#3965
If a sort field whitelist is used we should trust its data and also
trust that the developer wanted what they asked for. This solves issues
where it was impossible to sort on synthetic columns added in custom
find types.
Fixes#3919
Make URL's not include the base path when storing them in the session.
This makes future redirection simpler. When URL's are an array use
Router::url() on them.
Fixes#3916
Revert most of the changes done to fix#3897 originally and try
a different strategy of solving the base path issues and not breaking
apps running in a subdirectory.
Fixes#3916
Whitespace and wording.
Optionally we could include a version number until when this class will work. I assumed this will be 3.0...
http://www.phpdoc.org/docs/latest/for-users/phpdoc/tags/deprecated.html
I treid that but after I let apigen generate the doc and I saw it did nothing special about it ;-/