Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

merging 1.2

  • Loading branch information...
commit 6535e6225c5961781699f6afedba8b438045e083 1 parent 94c01ac
gwoo authored
2  cake/VERSION.txt
View
@@ -6,4 +6,4 @@
// +---------------------------------------------------------------------------------------------------+ //
///////////////////////////////////////////////////////////////////////////////////////////////////////////
-1.2.2.8120
+1.2.3.8166
2  cake/config/config.php
View
@@ -22,5 +22,5 @@
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
*/
-return $config['Cake.version'] = '1.2.2.8120';
+return $config['Cake.version'] = '1.2.3.8166';
?>
3  cake/dispatcher.php
View
@@ -344,7 +344,8 @@ function baseUrl() {
return $this->base = $base;
}
if (!$baseUrl) {
- $base = dirname(env('PHP_SELF'));
+ $replace = array('<', '>', '*', '\'', '"');
+ $base = str_replace($replace, '', dirname(env('PHP_SELF')));
if ($webroot === 'webroot' && $webroot === basename($base)) {
$base = dirname($base);
5 cake/libs/model/model.php
View
@@ -1010,7 +1010,10 @@ function read($fields = null, $id = null) {
}
if ($id !== null && $id !== false) {
- $this->data = $this->find(array($this->alias . '.' . $this->primaryKey => $id), $fields);
+ $this->data = $this->find('first', array(
+ 'conditions' => array($this->alias . '.' . $this->primaryKey => $id),
+ 'fields' => $fields
+ ));
return $this->data;
} else {
return false;
17 cake/tests/cases/dispatcher.test.php
View
@@ -1898,6 +1898,23 @@ function testHttpMethodOverrides() {
unset($_POST['_method']);
}
+
+/**
+ * Tests that invalid characters cannot be injected into the application base path.
+ *
+ * @return void
+ */
+ function testBasePathInjection() {
+ $self = $_SERVER['PHP_SELF'];
+ $_SERVER['PHP_SELF'] = urldecode(
+ "/index.php/%22%3E%3Ch1%20onclick=%22alert('xss');%22%3Eheya%3C/h1%3E"
+ );
+
+ $dispatcher =& new Dispatcher();
+ $result = $dispatcher->baseUrl();
+ $expected = '/index.php/h1 onclick=alert(xss);heya';
+ $this->assertEqual($result, $expected);
+ }
/**
* testEnvironmentDetection method
*
19 cake/tests/cases/libs/router.test.php
View
@@ -658,14 +658,23 @@ function testUrlGeneration() {
Router::reload();
Router::setRequestInfo(array(
- array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit', 'pass' =>
- array(0 => '6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(), 'url' =>
- array('url' => 'admin/shows/show_tickets/edit/6')),
- array('plugin' => NULL, 'controller' => NULL, 'action' => NULL, 'base' => '', 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/')));
+ array(
+ 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit',
+ 'pass' => array('6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(),
+ 'url' => array('url' => 'admin/shows/show_tickets/edit/6')
+ ),
+ array(
+ 'plugin' => null, 'controller' => null, 'action' => null, 'base' => '',
+ 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/'
+ )
+ ));
Router::parse('/');
- $result = Router::url(array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6', 'admin' => true, 'prefix' => 'admin', ));
+ $result = Router::url(array(
+ 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6',
+ 'admin' => true, 'prefix' => 'admin'
+ ));
$expected = '/admin/shows/show_tickets/edit/6';
$this->assertEqual($result, $expected);
}
Please sign in to comment.
Something went wrong with that request. Please try again.