adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cakephp2-php8/lib/Cake/Controller/Component
History
mark_story f23d811ff5 Use the form action URL in generated form hashes. 
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
..
Acl Updated documentation 2014-04-11 15:10:56 -04:00
Auth Removed arbitrary restriction on crud operations. Added some comments to explain parameters to mapActions() better. 2014-03-28 13:35:08 +11:00
AclComponent.php Updated documentation 2014-04-11 15:10:56 -04:00
AuthComponent.php Fix ApiGen errors 2014-02-07 18:29:54 -02:00
CookieComponent.php Removed "PHP 5" from file header DocBlocks 2013-11-13 22:58:39 +01:00
EmailComponent.php Removed "PHP 5" from file header DocBlocks 2013-11-13 22:58:39 +01:00
PaginatorComponent.php Moved exception throwing to after paging info it set for request. 2013-11-30 19:00:08 +05:30
RequestHandlerComponent.php One liner. Dont call function parseAccept() twice in RequestHandlerComponent. 2014-02-21 00:54:10 +11:00
SecurityComponent.php Use the form action URL in generated form hashes. 2014-04-25 22:05:58 -04:00
SessionComponent.php Removed "PHP 5" from file header DocBlocks 2013-11-13 22:58:39 +01:00