Re: [CakePHP : The Rapid Development Framework for PHP] #6336: XSS Vulner (index.php/anystuff here)
#6336: XSS Vulner (index.php/anystuff here)
-+--
Reporter: bakyt.niyazov | Owner:
Type: Security Exploit |Status: closed
Priority: Critical | Milestone: 1.2.x.x
Component: General | Version: 1.2 Final
Severity: Critical |Resolution: fixed
Keywords:| Php_version: n/a
Cake_version:|
-+--
Comment (by jcorrea):
With the lastes version of cake (1.2.3),
http://www.example.com/index.php/SUTFF HERE show me a broken 404 page.
If at the template used by the 404 page I add an echo $html-url('/'), it
shows
/STUFF HERE
With he quickfix posted before it shows the 404 page with no problems.
--
Ticket URL: https://trac.cakephp.org/ticket/6336#comment:7
CakePHP : The Rapid Development Framework for PHP https://trac.cakephp.org/
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
tickets cakephp group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to
tickets-cakephp+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~--~~~~--~~--~--~---
Re: [CakePHP : The Rapid Development Framework for PHP] #6322: Unable to change action params from beforeFilter()
#6322: Unable to change action params from beforeFilter() ---+ Reporter: reuben.helms| Owner: Type: Bug |Status: reopened Priority: Medium | Milestone: 1.2.x.x Component: Routing/Dispatcher | Version: 1.2 Final Severity: Normal |Resolution: Keywords: dispatcher | Php_version: PHP 5 Cake_version: 1.2.2.8120 | ---+ Changes (by reuben.helms): * status: closed = reopened * resolution: needmoreinfo = Comment: Whilst changing $this-params in the beforeFilter will change the values on the controller, those changes never make it to the intended action. Yes, I am trying to change the value of a passed argument. An example would be, the user calls /some_posts/something_else/param:value/param2:value2, as is done in the test. In the beforeFilter(), I do a calculation, and change on param, and change it to value3. I would expect the value for param to be 'value3' when the action is called, but because _invoke() takes a copy of the params as the second argument, instead of a reference, the original action is called with the original parameters. My real world example is that the user called /contents/view/article- title. In the beforeFilter(), I do a lookup on article-title, and convert it to an id of an actual content item, and would want to change the params to reflect the id value, rather than the string article-title. Whilst the tests would suggest that the pass value in params is getting changed to the array 'changed', actual inspection of the pass value before and after the beforeFilter() call, and even inside the change() action will reveal that the pass value in $this-params is not getting changed where it counts. -- Ticket URL: https://trac.cakephp.org/ticket/6322#comment:4 CakePHP : The Rapid Development Framework for PHP https://trac.cakephp.org/ Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Our primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups tickets cakephp group. To post to this group, send email to tickets-cakephp@googlegroups.com To unsubscribe from this group, send email to tickets-cakephp+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/tickets-cakephp?hl=en -~--~~~~--~~--~--~---
[CakePHP : The Rapid Development Framework for PHP] #6340: Added 'before' and 'after' options to form-submit()
#6340: Added 'before' and 'after' options to form-submit() +--- Reporter: tutec| Type: Enhancement Status: new | Priority: Medium Milestone: 1.2.x.x | Component: Helpers Version: 1.2 Final| Severity: Normal Keywords: form, submit, after, before | Php_version: n/a Cake_version: 1.2.3.8166 | +--- I was trying to use $form-submit() with 'after' option, but, as there is no after nor before options for submit(), I added them to the form helper. -- Ticket URL: https://trac.cakephp.org/ticket/6340 CakePHP : The Rapid Development Framework for PHP https://trac.cakephp.org/ Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Our primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups tickets cakephp group. To post to this group, send email to tickets-cakephp@googlegroups.com To unsubscribe from this group, send email to tickets-cakephp+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/tickets-cakephp?hl=en -~--~~~~--~~--~--~---
[CakePHP : The Rapid Development Framework for PHP] #6341: $this-here returns bolean on routes.php
#6341: $this-here returns bolean on routes.php --+- Reporter: kchanto| Type: Bug Status: new| Priority: Medium Milestone: 1.2.x.x| Component: Controller Version: 1.2 Final | Severity: Normal Keywords: | Php_version: PHP 5 Cake_version: | --+- $this-here returns bolean on routes.php instead of the path Returns correct path on view Works fine on /* SVN FILE: $Id: dispatcher.php 7961 2008-12-25 23:21:36Z gwoo $ */ Problem File /* SVN FILE: $Id: dispatcher.php 8166 2009-05-04 21:17:19Z gwoo $ */ /* SVN FILE: $Id: dispatcher.php 8120 2009-03-19 20:25:10Z gwoo $ */ -- Ticket URL: https://trac.cakephp.org/ticket/6341 CakePHP : The Rapid Development Framework for PHP https://trac.cakephp.org/ Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Our primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups tickets cakephp group. To post to this group, send email to tickets-cakephp@googlegroups.com To unsubscribe from this group, send email to tickets-cakephp+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/tickets-cakephp?hl=en -~--~~~~--~~--~--~---
