adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-18 18:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cakephp2-php8/lib/Cake
History
mark_story f23d811ff5 Use the form action URL in generated form hashes. 
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
..
Cache Update doc blocks to not be lies. 2014-03-27 11:55:54 -04:00
Config Removed "PHP 5" from file header DocBlocks 2013-11-13 22:58:39 +01:00
Configure Removed "PHP 5" from file header DocBlocks 2013-11-13 22:58:39 +01:00
Console Prevent infinite loop caused when argv not set. 2014-04-24 11:48:19 -04:00
Controller Use the form action URL in generated form hashes. 2014-04-25 22:05:58 -04:00
Core Fix ApiGen errors 2014-02-07 18:29:54 -02:00
Error Fix ApiGen errors 2014-02-07 18:29:54 -02:00
Event Merge pull request #2532 from bar/patch-2 2013-12-23 11:21:18 +03:30
I18n Moved Limburgish to correct the order 2014-03-02 14:30:26 +01:00
Log Merge pull request #2319 from ravage84/php-5-removal 2013-11-14 06:41:31 -08:00
Model Clear data and validationErrors *after* calling clearCache(). 2014-04-24 09:19:00 -04:00
Network Reject file paths containing ... 2014-04-23 22:20:14 -04:00
Routing Only sort the keys once per request instead of on each match. 2014-03-10 21:42:26 -04:00
Test Use the form action URL in generated form hashes. 2014-04-25 22:05:58 -04:00
TestSuite more cs 2014-04-02 03:09:42 +02:00
Utility Correct types for Validation::range(). 2014-04-13 06:16:24 -04:00
View Use the form action URL in generated form hashes. 2014-04-25 22:05:58 -04:00
basics.php Change argument type to mixed in docblock, as debug() and pr() accept not just a single type 2014-04-02 23:53:54 +02:00
bootstrap.php Removed "PHP 5" from file header DocBlocks 2013-11-13 22:58:39 +01:00
LICENSE.txt Formatted CSF address 2013-02-08 21:08:15 +09:00
VERSION.txt Update version number to 2.4.7 2014-04-04 22:25:48 -04:00