Commit graph

206 commits

Author SHA1 Message Date
mark_story
fc4846d676 Move overflow limits to only take effect after expiration. 2011-12-06 12:23:15 -05:00
mark_story
9296f770d5 Adding SecurityComponent::$csrfLimit
This property allows you to control the number of tokens
that will be kept active.  Its possible to make really large
CSRF collection sizes.  Capping the number of tokens allows developers
to better control session sizes.
2011-12-03 20:13:17 -05:00
mark_story
e421b3bc8f Adding SecurityComponent::generateToken()
This method allows end developers to add the csrf tokens
manually, if they aren't added automatically.

Tokens are cheap to generate, simplifying the logic
makes things a bit easier to understand.
2011-12-03 20:13:03 -05:00
mark_story
6d269ce25d Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Config/config.php
	lib/Cake/Console/Command/Task/ModelTask.php
	lib/Cake/Console/Command/TestsuiteShell.php
	lib/Cake/Model/CakeSchema.php
	lib/Cake/Model/Datasource/Database/Sqlite.php
	lib/Cake/Test/Case/Model/ModelTestBase.php
	lib/Cake/Test/Case/Routing/DispatcherTest.php
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2011-12-03 13:45:28 -05:00
Kyle Robinson Young
8197f87dbc Spelling and grammar fixes 2011-12-01 21:58:09 -08:00
Kyle Robinson Young
5876744709 Adhering to coding standards 2011-11-30 07:44:11 -08:00
Jose Lorenzo Rodriguez
f6534d2962 Fixing issue where changing the case for an action in the url would allow the action in the AuthComponent making it accessible to not-logged in users 2011-11-28 00:52:47 -04:30
mark_story
04463c4ee5 Fix errors found in review. 2011-11-27 23:51:49 -05:00
mark_story
cfbc43671e Starting content type specific error pages.
- Adding RequestHandler to the error controller.  This allows reuse
  of all of Cake's internals.
- Adding a simple JsonView class to do serialized JSON views.
- Adding serialize hooks, and wiring things together.
2011-11-27 23:51:47 -05:00
Kyle Robinson Young
bc0e0b5c05 Add @link to CookieComponent docblocks 2011-11-22 22:32:13 -08:00
mark_story
21cd3f00ac Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Test/Case/BasicsTest.php
2011-11-19 20:40:07 -05:00
ADmad
90b007ef75 Implemented priority based triggering of callbacks for objects in collection 2011-11-17 12:36:54 +05:30
mark_story
92aea9de88 Update comment. 2011-11-16 23:17:48 -05:00
mark_story
fa0ec44dfd Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Test/Case/Console/Command/CommandListShellTest.php
	lib/Cake/Test/Case/Error/ExceptionRendererTest.php
	lib/Cake/Test/Case/Utility/DebuggerTest.php
	lib/Cake/Test/Case/View/Helper/TextHelperTest.php
2011-11-16 21:31:16 -05:00
Ceeram
e5c8a446d6 Add sorting on joined model virtual field, fixes #2250 2011-11-17 00:18:12 +01:00
mark_story
542e5c91de Merge branch '2.1' of github.com:cakephp/cakephp into 2.1 2011-11-15 23:11:07 -05:00
mark_story
fb7d931bef Merge branch '2.0' into 2.1
Conflicts:
	lib/Cake/Config/config.php
	lib/Cake/VERSION.txt
2011-11-15 23:10:34 -05:00
Daniel Pakuschewski
841c0c2295 Dropped support for wildcard in AuthComponent::allow()
Conflicts:

	lib/Cake/Controller/Component/AuthComponent.php
2011-11-15 23:01:04 -05:00
Ceeram
2bb4ed01be Removing _Token from request data.
It is not used outside the component and could possibly affect Model::save().
Fixes #2256

Signed-off-by: mark_story <mark@mark-story.com>
2011-11-15 22:51:04 -05:00
mark_story
6e4493cc14 Fix ambiguous content types in RequestHandler.
Treat xhtml + html as content types that should trigger no
response/extension setting.  They are different but similar in
that they both generally use the same HTML templates.

Fixes #2257
2011-11-15 22:48:54 -05:00
ADmad
f2a58117ca Moving AppModel, AppController, PagesController out of core to app 2011-11-12 22:30:42 +05:30
mark_story
a929951038 Fix issue with Controller::setAction()
Calling setAction did not modify which view file was
rendered.  This was a regression with 1.3

Fixes #2212
2011-11-03 20:13:41 -04:00
mark_story
550076d75e Fix issue in RequestHandlerComponent.
Fixes issues where response and request properties would
not be set as the initialize() callback would have not fired.

Fixes #2190
Fixes #2189
2011-10-31 22:41:43 -04:00
mark_story
bf43a5ee24 Fix whitespace and add usage to doc block. 2011-10-31 21:56:16 -04:00
José Lorenzo Rodríguez
f51be0a82c Merge pull request #278 from Danielpk/enhancement_auth_deny
Added enhancement to AuthComponent::deny().
2011-10-30 15:38:21 -07:00
Daniel Pakuschewski
09579198a9 Droped support to deny('*'). 2011-10-29 13:54:35 -02:00
Gun.io Whitespace Robot
4742168253 Remove whitespace [Gun.io WhitespaceBot] 2011-10-28 18:25:08 -04:00
Daniel Luiz Pakuschewski
5246e7dd1d Allow AuthComponent to deny all actions with single deny() or deny('*') 2011-10-26 22:07:17 -02:00
ADmad
8473d6a660 Fixed code formatting 2011-10-26 13:00:52 +05:30
mark_story
d62351eb36 Revert the changes done to remove the 'cake' domain
After some discussion, polutting the app POT file
with unchanging Cake strings was incorrect.  Having these
strings in a separate POT file allows reuse of translations across
projects.

Refs #2103
2011-10-23 20:36:31 -04:00
mark_story
e457c14dec Fix issues with stateless authentication.
Cookies and sessions are no longer required for stateful authentication.
AuthComponent::user() also works correctly in these situations as well.

Fixes #2134
2011-10-23 12:54:51 -04:00
Renan Gonçalves
646b8f1aa0 Fixed issue when using multiple extensions in Router::parseExtensions() could result in undefined index notice by RequestHandlerComponent. 2011-10-19 15:36:00 +02:00
Rachman Chavik
2bb93761cc fixing typos 2011-10-19 12:19:28 +07:00
ADmad
fc5a465189 Cleaning up code left over from 1.3. If no black-hole callback is specified Security::blackHole() now throws an exception. Closes #1532 2011-10-19 02:32:38 +05:30
Jason Pirkey
eb5b4fa301 Fixing a phpdoc-type for Controller->Components property 2011-10-18 01:10:10 -04:00
Renan Gonçalves
1cf67b1e55 Little cleanup in exceptions.
- Removed duplicated or non-used exceptions.
- Making the error messages more descriptive and stardard.
2011-10-15 20:08:02 +02:00
Jose Lorenzo Rodriguez
91d0a081fb Fixing more links in doc blocks 2011-10-15 11:38:49 -04:30
Jose Lorenzo Rodriguez
670917070e Changing a bunch of links in doc blocks 2011-10-15 10:43:26 -04:30
mark_story
6bf6d79979 Removing 'cake' domain from core.
This domain was supposed to be replaced by cake_dev.
There are a number of translations that should be App land as well.
Such as those in helpers.

Fixes #2103
2011-10-14 21:01:17 -04:00
mark_story
4090b3e8c6 Fix content-type detection to accomodate jQuery.
Add tests for jQuery content type strings.
Refactor tests, add in missing assertions and missing parent calls.
The new behavior is more lenient and allows for a single requested
content type to switch the view type.

Fixes #2088
2011-10-12 23:21:07 -04:00
Renan Gonçalves
49f4035412 Fixing bug when trying to Paginate ordering by multiple keys. 2011-10-12 14:51:46 +02:00
mark_story
c4eb19ab91 Adding another import for helpers appended by RequestHandlerComponent.
Fixes #2084.
2011-10-11 12:42:45 -04:00
mark_story
055224ef68 Merge remote-tracking branch 'origin/1.3' into merger
Conflicts:
	cake/libs/controller/controller.php
	cake/libs/model/datasources/dbo/dbo_mysqli.php
	cake/tests/cases/libs/controller/controller.test.php
	cake/tests/cases/libs/model/datasources/dbo/dbo_mysql.test.php
	cake/tests/lib/cake_test_suite_dispatcher.php
	lib/Cake/Model/Behavior/TranslateBehavior.php
	lib/Cake/Model/Datasource/DataSource.php
	lib/Cake/Model/Datasource/Database/Mysql.php
2011-10-06 21:06:40 -04:00
mark_story
ff570d9daf Removing unnecessary ReflectionClass instance.
Refs #2048
2011-10-01 20:43:49 -04:00
mark_story
9e080951b1 Adding additional documentation for CrudAuthorize.
Fixes #2034
2011-09-28 23:25:14 -04:00
Majna
681207e327 Fixed doc block comments. 2011-09-28 22:33:46 +02:00
mark_story
a5fe702624 Updating CrudAuthorize to work like ActionsAuthorize.
Updating tests.
Fixes #1749
2011-09-26 20:38:38 -04:00
mark_story
b1dad6e5bd Adding session renewal upon login/logout.
This helps improve session security, as it reduces the opportunity
of replaying a session id successfully.
Fixes #836
2011-09-24 22:35:21 -04:00
José Lorenzo Rodríguez
b1f8d21434 Fixing doc block in core AppController file 2011-09-21 07:52:17 -05:30
mark_story
7cabb4e4d5 Extracting password hashing into as separate method.
This makes is much easier for a subclass to only change how passwords
are hashed.
2011-09-21 07:38:22 -04:00