Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cakephp/cakephp
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3d7c826
Choose a base ref
...
head repository: cakephp/cakephp
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 84197de
Choose a head ref
  • 10 commits
  • 15 files changed
  • 2 contributors

Commits on Nov 2, 2015

  1. Fix plugin view names being able to escape the plugin root directory. 

    Remove the ability to specify completely arbitrary view files. This is
possibly a breaking change. However, I feel the risks out weigh the
benefits in this situation. Now absolute paths must be located *within*
a configured view path.
    @markstory
    markstory committed Nov 2, 2015
    Configuration menu
    Copy the full SHA
    0d3541c View commit details
    Browse the repository at this point in the history

Commits on Nov 6, 2015

  1. Update version number to 3.0.15

    @markstory
    markstory committed Nov 6, 2015
    Configuration menu
    Copy the full SHA
    aab06c6 View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2016

  1. Fixed issue where query string could override some parts of the url 

    when using the paginator helper
    @lorenzo
    lorenzo committed Feb 21, 2016
    Configuration menu
    Copy the full SHA
    52f8866 View commit details
    Browse the repository at this point in the history

  2. Update version number to 3.0.16

    @lorenzo
    lorenzo committed Feb 21, 2016
    Configuration menu
    Copy the full SHA
    4ad76fa View commit details
    Browse the repository at this point in the history

Commits on Mar 14, 2016

  1. Don't trust Client-IP header unless behind a proxy 

    REMOTE_ADDR is a far safer place to get an client's IP over the header
which is easily spoofed. If someone is trusting the proxy we'll prefer
x-forwarded-for and fallback to client-ip should that not exist.

Remove support for http_clientaddress as I can't find any record of it
existing in either the php docs or http specs.
    @markstory
    markstory committed Mar 14, 2016
    Configuration menu
    Copy the full SHA
    cadffa9 View commit details
    Browse the repository at this point in the history

  2. Update version number to 3.0.17

    @markstory
    markstory committed Mar 14, 2016
    Configuration menu
    Copy the full SHA
    fcd26c5 View commit details
    Browse the repository at this point in the history

Commits on Mar 29, 2016

  1. Fix possibility for spoofed files to pass validation. 

    Use `is_uploaded_file` to prevent crafty requests that contain bogus
files from getting through.
    @markstory
    markstory committed Mar 29, 2016
    Configuration menu
    Copy the full SHA
    40b27c3 View commit details
    Browse the repository at this point in the history

  2. Update version number to 3.0.18

    @markstory
    markstory committed Mar 29, 2016
    Configuration menu
    Copy the full SHA
    76166d0 View commit details
    Browse the repository at this point in the history

Commits on Nov 26, 2016

  1. Fix markup in HtmlHelper doc block. 

    This will help the API generate correctly.
    @markstory
    markstory committed Nov 26, 2016
    Configuration menu
    Copy the full SHA
    a58f5e3 View commit details
    Browse the repository at this point in the history

  2. Update version number.

    @markstory
    markstory committed Nov 26, 2016
    Configuration menu
    Copy the full SHA
    84197de View commit details
    Browse the repository at this point in the history
Loading