From a4fee5c91ca45205fc786f3f248db8ace35dfd5e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 21 Mar 2018 13:09:55 -0400 Subject: [PATCH] further merges from cakephp 2.10.8 --- web/api/app/Config/Schema/db_acl.php | 44 +++++++++--- web/api/app/Config/Schema/db_acl.sql | 17 ++++- web/api/app/Config/Schema/i18n.php | 33 +++++++-- web/api/app/Config/Schema/i18n.sql | 4 +- web/api/app/Config/Schema/sessions.sql | 4 +- web/api/app/Config/acl.ini.php | 12 ++-- web/api/app/Config/acl.php | 84 ++++++++++++---------- web/api/app/Config/bootstrap.php.in | 10 +-- web/api/app/Config/core.php.default | 2 +- web/api/app/Config/database.php.default | 10 +-- web/api/app/Config/email.php.default | 8 +-- web/api/app/Config/routes.php | 10 +-- web/api/app/Console/Command/AppShell.php | 10 +-- web/api/app/Console/cake | 10 +-- web/api/app/Console/cake.bat | 10 +-- web/api/app/Console/cake.php | 31 +++++--- web/api/app/Controller/PagesController.php | 21 +++--- web/api/app/Plugin/Crud | 2 +- web/api/app/View/Layouts/js/default.ctp | 2 +- 19 files changed, 202 insertions(+), 122 deletions(-) diff --git a/web/api/app/Config/Schema/db_acl.php b/web/api/app/Config/Schema/db_acl.php index 91d93e084..7dfc7f7ef 100644 --- a/web/api/app/Config/Schema/db_acl.php +++ b/web/api/app/Config/Schema/db_acl.php @@ -4,32 +4,42 @@ * * Use it to configure database for ACL * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Config.Schema * @since CakePHP(tm) v 0.2.9 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ -/* - * +/** * Using the Schema command line utility * cake schema run create DbAcl - * */ class DbAclSchema extends CakeSchema { +/** + * Before event. + * + * @param array $event The event data. + * @return bool Success + */ public function before($event = array()) { return true; } +/** + * After event. + * + * @param array $event The event data. + * @return void + */ public function after($event = array()) { } @@ -44,7 +54,11 @@ class DbAclSchema extends CakeSchema { 'alias' => array('type' => 'string', 'null' => true), 'lft' => array('type' => 'integer', 'null' => true, 'default' => null, 'length' => 10), 'rght' => array('type' => 'integer', 'null' => true, 'default' => null, 'length' => 10), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)) + 'indexes' => array( + 'PRIMARY' => array('column' => 'id', 'unique' => 1), + 'idx_acos_lft_rght' => array('column' => array('lft', 'rght'), 'unique' => 0), + 'idx_acos_alias' => array('column' => 'alias', 'unique' => 0) + ) ); /** @@ -58,7 +72,11 @@ class DbAclSchema extends CakeSchema { 'alias' => array('type' => 'string', 'null' => true), 'lft' => array('type' => 'integer', 'null' => true, 'default' => null, 'length' => 10), 'rght' => array('type' => 'integer', 'null' => true, 'default' => null, 'length' => 10), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)) + 'indexes' => array( + 'PRIMARY' => array('column' => 'id', 'unique' => 1), + 'idx_aros_lft_rght' => array('column' => array('lft', 'rght'), 'unique' => 0), + 'idx_aros_alias' => array('column' => 'alias', 'unique' => 0) + ) ); /** @@ -73,7 +91,11 @@ class DbAclSchema extends CakeSchema { '_read' => array('type' => 'string', 'null' => false, 'default' => '0', 'length' => 2), '_update' => array('type' => 'string', 'null' => false, 'default' => '0', 'length' => 2), '_delete' => array('type' => 'string', 'null' => false, 'default' => '0', 'length' => 2), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'ARO_ACO_KEY' => array('column' => array('aro_id', 'aco_id'), 'unique' => 1)) + 'indexes' => array( + 'PRIMARY' => array('column' => 'id', 'unique' => 1), + 'ARO_ACO_KEY' => array('column' => array('aro_id', 'aco_id'), 'unique' => 1), + 'idx_aco_id' => array('column' => 'aco_id', 'unique' => 0) + ) ); } diff --git a/web/api/app/Config/Schema/db_acl.sql b/web/api/app/Config/Schema/db_acl.sql index 274780e26..cbb0ccece 100644 --- a/web/api/app/Config/Schema/db_acl.sql +++ b/web/api/app/Config/Schema/db_acl.sql @@ -1,11 +1,11 @@ # $Id$ # -# Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) +# Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) # # Licensed under The MIT License # For full copyright and license information, please see the LICENSE.txt # Redistributions of files must retain the above copyright notice. -# MIT License (http://www.opensource.org/licenses/mit-license.php) +# MIT License (https://opensource.org/licenses/mit-license.php) CREATE TABLE acos ( id INTEGER(10) UNSIGNED NOT NULL AUTO_INCREMENT, @@ -38,4 +38,15 @@ CREATE TABLE aros ( lft INTEGER(10) DEFAULT NULL, rght INTEGER(10) DEFAULT NULL, PRIMARY KEY (id) -); \ No newline at end of file +); + +/* this indexes will improve acl perfomance */ +CREATE INDEX idx_acos_lft_rght ON `acos` (`lft`, `rght`); + +CREATE INDEX idx_acos_alias ON `acos` (`alias`); + +CREATE INDEX idx_aros_lft_rght ON `aros` (`lft`, `rght`); + +CREATE INDEX idx_aros_alias ON `aros` (`alias`); + +CREATE INDEX idx_aco_id ON `aros_acos` (`aco_id`); diff --git a/web/api/app/Config/Schema/i18n.php b/web/api/app/Config/Schema/i18n.php index febb2dbd5..63dc0db9f 100644 --- a/web/api/app/Config/Schema/i18n.php +++ b/web/api/app/Config/Schema/i18n.php @@ -4,22 +4,21 @@ * * Use it to configure database for i18n * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Config.Schema * @since CakePHP(tm) v 0.2.9 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ /** - * * Using the Schema command line utility * * Use it to configure database for i18n @@ -28,15 +27,37 @@ */ class I18nSchema extends CakeSchema { +/** + * The name property + * + * @var string + */ public $name = 'i18n'; +/** + * Before callback. + * + * @param array $event Schema object properties + * @return bool Should process continue + */ public function before($event = array()) { return true; } +/** + * After callback. + * + * @param array $event Schema object properties + * @return void + */ public function after($event = array()) { } +/** + * The i18n table definition + * + * @var array + */ public $i18n = array( 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 10, 'key' => 'primary'), 'locale' => array('type' => 'string', 'null' => false, 'length' => 6, 'key' => 'index'), diff --git a/web/api/app/Config/Schema/i18n.sql b/web/api/app/Config/Schema/i18n.sql index 66a42bd19..a1a4e6893 100644 --- a/web/api/app/Config/Schema/i18n.sql +++ b/web/api/app/Config/Schema/i18n.sql @@ -1,11 +1,11 @@ # $Id$ # -# Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) +# Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) # # Licensed under The MIT License # For full copyright and license information, please see the LICENSE.txt # Redistributions of files must retain the above copyright notice. -# MIT License (http://www.opensource.org/licenses/mit-license.php) +# MIT License (https://opensource.org/licenses/mit-license.php) CREATE TABLE i18n ( id int(10) NOT NULL auto_increment, diff --git a/web/api/app/Config/Schema/sessions.sql b/web/api/app/Config/Schema/sessions.sql index 76845bdc8..e19755622 100644 --- a/web/api/app/Config/Schema/sessions.sql +++ b/web/api/app/Config/Schema/sessions.sql @@ -1,13 +1,13 @@ # $Id$ # -# Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) +# Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) # 1785 E. Sahara Avenue, Suite 490-204 # Las Vegas, Nevada 89104 # # Licensed under The MIT License # For full copyright and license information, please see the LICENSE.txt # Redistributions of files must retain the above copyright notice. -# MIT License (http://www.opensource.org/licenses/mit-license.php) +# MIT License (https://opensource.org/licenses/mit-license.php) CREATE TABLE cake_sessions ( id varchar(255) NOT NULL default '', diff --git a/web/api/app/Config/acl.ini.php b/web/api/app/Config/acl.ini.php index 9a4672132..5c890f50a 100644 --- a/web/api/app/Config/acl.ini.php +++ b/web/api/app/Config/acl.ini.php @@ -2,20 +2,20 @@ ;/** ; * ACL Configuration ; * -; * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) -; * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) +; * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) +; * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) ; * ; * Licensed under The MIT License ; * Redistributions of files must retain the above copyright notice. ; * -; * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) -; * @link http://cakephp.org CakePHP(tm) Project +; * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) +; * @link https://cakephp.org CakePHP(tm) Project ; * @package app.Config ; * @since CakePHP(tm) v 0.10.0.1076 -; * @license http://www.opensource.org/licenses/mit-license.php MIT License +; * @license https://opensource.org/licenses/mit-license.php MIT License ; */ -; acl.ini.php - Cake ACL Configuration +; acl.ini.php - CakePHP ACL Configuration ; --------------------------------------------------------------------- ; Use this file to specify user permissions. ; aco = access control object (something in your application) diff --git a/web/api/app/Config/acl.php b/web/api/app/Config/acl.php index a8d6e380b..cddb9f47e 100644 --- a/web/api/app/Config/acl.php +++ b/web/api/app/Config/acl.php @@ -4,18 +4,18 @@ * * Use it to configure access control of your CakePHP application. * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Config * @since CakePHP(tm) v 2.1 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ /** @@ -34,60 +34,72 @@ * will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be * done via a call to Acl->check() with * - * array('User' => array('username' => 'jeff', 'group_id' => 4, ...)) + * ``` + * array('User' => array('username' => 'jeff', 'group_id' => 4, ...)) + * ``` * * as ARO and * - * '/controllers/invoices/delete' + * ``` + * '/controllers/invoices/delete' + * ``` * * as ACO. * * If the configured map looks like * - * $config['map'] = array( - * 'User' => 'User/username', - * 'Role' => 'User/group_id', - * ); + * ``` + * $config['map'] = array( + * 'User' => 'User/username', + * 'Role' => 'User/group_id', + * ); + * ``` * * then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to * find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to * check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration. * E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like * - * $config['alias'] = array( - * 'Role/4' => 'Role/editor', - * ); + * ``` + * $config['alias'] = array( + * 'Role/4' => 'Role/editor', + * ); + * ``` * * In the roles configuration you can define roles on the lhs and inherited roles on the rhs: * - * $config['roles'] = array( - * 'Role/admin' => null, - * 'Role/accountant' => null, - * 'Role/editor' => null, - * 'Role/manager' => 'Role/editor, Role/accountant', - * 'User/jeff' => 'Role/manager', - * ); + * ``` + * $config['roles'] = array( + * 'Role/admin' => null, + * 'Role/accountant' => null, + * 'Role/editor' => null, + * 'Role/manager' => 'Role/editor, Role/accountant', + * 'User/jeff' => 'Role/manager', + * ); + * ``` * * In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role. * Lets define some rules: * - * $config['rules'] = array( - * 'allow' => array( - * '*' => 'Role/admin', - * 'controllers/users/(dashboard|profile)' => 'Role/default', - * 'controllers/invoices/*' => 'Role/accountant', - * 'controllers/articles/*' => 'Role/editor', - * 'controllers/users/*' => 'Role/manager', - * 'controllers/invoices/delete' => 'Role/manager', - * ), - * 'deny' => array( - * 'controllers/invoices/delete' => 'Role/accountant, User/jeff', - * 'controllers/articles/(delete|publish)' => 'Role/editor', - * ), - * ); + * ``` + * $config['rules'] = array( + * 'allow' => array( + * '*' => 'Role/admin', + * 'controllers/users/(dashboard|profile)' => 'Role/default', + * 'controllers/invoices/*' => 'Role/accountant', + * 'controllers/articles/*' => 'Role/editor', + * 'controllers/users/*' => 'Role/manager', + * 'controllers/invoices/delete' => 'Role/manager', + * ), + * 'deny' => array( + * 'controllers/invoices/delete' => 'Role/accountant, User/jeff', + * 'controllers/articles/(delete|publish)' => 'Role/editor', + * ), + * ); + * ``` * * Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager, - * Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than + * Role/editor, and Role/accountant. However, for jeff, rules for User/jeff are more specific than * rules for Role/manager, rules for Role/manager are more specific than rules for Role/editor and so on. * This is important when allow and deny rules match for a role. E.g. Role/accountant is allowed * controllers/invoices/* but at the same time controllers/invoices/delete is denied. But there is a more diff --git a/web/api/app/Config/bootstrap.php.in b/web/api/app/Config/bootstrap.php.in index 4e2d99c63..fde11eb4d 100644 --- a/web/api/app/Config/bootstrap.php.in +++ b/web/api/app/Config/bootstrap.php.in @@ -8,18 +8,18 @@ * You should also use this file to include any files that provide global functions/constants * that your application uses. * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Config * @since CakePHP(tm) v 0.10.8.2117 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ // Setup a 'default' cache configuration for use in the application. diff --git a/web/api/app/Config/core.php.default b/web/api/app/Config/core.php.default index cffb43c77..39a51690c 100644 --- a/web/api/app/Config/core.php.default +++ b/web/api/app/Config/core.php.default @@ -31,7 +31,7 @@ * In production mode, flash messages redirect after a time interval. * In development mode, you need to click the flash message to continue. */ - Configure::write('debug', 0); + Configure::write('debug', 2); /** * Configure the Error handler used to handle errors for your application. By default diff --git a/web/api/app/Config/database.php.default b/web/api/app/Config/database.php.default index c06953ec7..a62f55321 100644 --- a/web/api/app/Config/database.php.default +++ b/web/api/app/Config/database.php.default @@ -2,18 +2,18 @@ /** * * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Config * @since CakePHP(tm) v 0.2.9 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ /** diff --git a/web/api/app/Config/email.php.default b/web/api/app/Config/email.php.default index cee93c305..6dcfdd8f9 100644 --- a/web/api/app/Config/email.php.default +++ b/web/api/app/Config/email.php.default @@ -2,18 +2,18 @@ /** * * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * @link http://cakephp.org CakePHP(tm) Project * @package app.Config * @since CakePHP(tm) v 2.0.0 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ /** diff --git a/web/api/app/Config/routes.php b/web/api/app/Config/routes.php index 1eaaa9cd4..f58c7b9ba 100644 --- a/web/api/app/Config/routes.php +++ b/web/api/app/Config/routes.php @@ -6,18 +6,18 @@ * Routes are very important mechanism that allows you to freely connect * different URLs to chosen controllers and their actions (functions). * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Config * @since CakePHP(tm) v 0.2.9 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ /** diff --git a/web/api/app/Console/Command/AppShell.php b/web/api/app/Console/Command/AppShell.php index 4ea0f2dd8..030ae49fd 100644 --- a/web/api/app/Console/Command/AppShell.php +++ b/web/api/app/Console/Command/AppShell.php @@ -2,17 +2,17 @@ /** * AppShell file * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @since CakePHP(tm) v 2.0 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ App::uses('Shell', 'Console'); diff --git a/web/api/app/Console/cake b/web/api/app/Console/cake index 67454513d..fee8e35a3 100755 --- a/web/api/app/Console/cake +++ b/web/api/app/Console/cake @@ -3,18 +3,18 @@ # # Bake is a shell script for running CakePHP bake script # -# CakePHP(tm) : Rapid Development Framework (http://cakephp.org) -# Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) +# CakePHP(tm) : Rapid Development Framework (https://cakephp.org) +# Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) # # Licensed under The MIT License # For full copyright and license information, please see the LICENSE.txt # Redistributions of files must retain the above copyright notice. # -# @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) -# @link http://cakephp.org CakePHP(tm) Project +# @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) +# @link https://cakephp.org CakePHP(tm) Project # @package app.Console # @since CakePHP(tm) v 1.2.0.5012 -# @license http://www.opensource.org/licenses/mit-license.php MIT License +# @license https://opensource.org/licenses/mit-license.php MIT License # ################################################################################ diff --git a/web/api/app/Console/cake.bat b/web/api/app/Console/cake.bat index c33bf22f8..fe1b6d4a5 100644 --- a/web/api/app/Console/cake.bat +++ b/web/api/app/Console/cake.bat @@ -2,17 +2,17 @@ :: :: Bake is a shell script for running CakePHP bake script :: -:: CakePHP(tm) : Rapid Development Framework (http://cakephp.org) -:: Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) +:: CakePHP(tm) : Rapid Development Framework (https://cakephp.org) +:: Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) :: :: Licensed under The MIT License :: Redistributions of files must retain the above copyright notice. :: -:: @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) -:: @link http://cakephp.org CakePHP(tm) Project +:: @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) +:: @link https://cakephp.org CakePHP(tm) Project :: @package app.Console :: @since CakePHP(tm) v 2.0 -:: @license http://www.opensource.org/licenses/mit-license.php MIT License +:: @license https://opensource.org/licenses/mit-license.php MIT License :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: diff --git a/web/api/app/Console/cake.php b/web/api/app/Console/cake.php index e6f748e1b..d4a6aeaf0 100644 --- a/web/api/app/Console/cake.php +++ b/web/api/app/Console/cake.php @@ -3,34 +3,45 @@ /** * Command-line code generation utility to automate programmer chores. * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Console * @since CakePHP(tm) v 2.0 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ -$ds = DIRECTORY_SEPARATOR; -$dispatcher = 'Cake' . $ds . 'Console' . $ds . 'ShellDispatcher.php'; +if (!defined('DS')) { + define('DS', DIRECTORY_SEPARATOR); +} + +$dispatcher = 'Cake' . DS . 'Console' . DS . 'ShellDispatcher.php'; if (function_exists('ini_set')) { $root = dirname(dirname(dirname(__FILE__))); + $appDir = basename(dirname(dirname(__FILE__))); + $install = $root . DS . 'lib'; + $composerInstall = $root . DS . $appDir . DS . 'Vendor' . DS . 'cakephp' . DS . 'cakephp' . DS . 'lib'; - // the following line differs from its sibling + // the following lines differ from its sibling // /lib/Cake/Console/Templates/skel/Console/cake.php - ini_set('include_path', $root . $ds . 'lib' . PATH_SEPARATOR . ini_get('include_path')); + if (file_exists($composerInstall . DS . $dispatcher)) { + $install = $composerInstall; + } + + ini_set('include_path', $install . PATH_SEPARATOR . ini_get('include_path')); + unset($root, $appDir, $install, $composerInstall); } if (!include $dispatcher) { trigger_error('Could not locate CakePHP core files.', E_USER_ERROR); } -unset($paths, $path, $dispatcher, $root, $ds); +unset($dispatcher); return ShellDispatcher::run($argv); diff --git a/web/api/app/Controller/PagesController.php b/web/api/app/Controller/PagesController.php index 5073f2e1a..bf1dbefa6 100644 --- a/web/api/app/Controller/PagesController.php +++ b/web/api/app/Controller/PagesController.php @@ -4,18 +4,18 @@ * * This file will render views from views/pages/ * - * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) + * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) + * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://cakephp.org CakePHP(tm) Project + * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) + * @link https://cakephp.org CakePHP(tm) Project * @package app.Controller * @since CakePHP(tm) v 0.2.9 - * @license http://www.opensource.org/licenses/mit-license.php MIT License + * @license https://opensource.org/licenses/mit-license.php MIT License */ App::uses('AppController', 'Controller'); @@ -26,7 +26,7 @@ App::uses('AppController', 'Controller'); * Override this controller by placing a copy in controllers directory of an application * * @package app.Controller - * @link http://book.cakephp.org/2.0/en/controllers/pages-controller.html + * @link https://book.cakephp.org/2.0/en/controllers/pages-controller.html */ class PagesController extends AppController { @@ -40,10 +40,10 @@ class PagesController extends AppController { /** * Displays a view * - * @param mixed What page to display - * @return void + * @return CakeResponse|null + * @throws ForbiddenException When a directory traversal attempt. * @throws NotFoundException When the view file could not be found - * or MissingViewException in debug mode. + * or MissingViewException in debug mode. */ public function display() { $path = func_get_args(); @@ -52,6 +52,9 @@ class PagesController extends AppController { if (!$count) { return $this->redirect('/'); } + if (in_array('..', $path, true) || in_array('.', $path, true)) { + throw new ForbiddenException(); + } $page = $subpage = $title_for_layout = null; if (!empty($path[0])) { diff --git a/web/api/app/Plugin/Crud b/web/api/app/Plugin/Crud index c3976f147..7b2f89fee 160000 --- a/web/api/app/Plugin/Crud +++ b/web/api/app/Plugin/Crud @@ -1 +1 @@ -Subproject commit c3976f1478c681b0bbc132ec3a3e82c3984eeed5 +Subproject commit 7b2f89fee9c37ad64cf01461ae91999eedfbb063 diff --git a/web/api/app/View/Layouts/js/default.ctp b/web/api/app/View/Layouts/js/default.ctp index 7239b5dae..f694538e4 100644 --- a/web/api/app/View/Layouts/js/default.ctp +++ b/web/api/app/View/Layouts/js/default.ctp @@ -1,2 +1,2 @@ - +fetch('script'); ?>