Notes:
Notes:
All CakePHP users,
A kind soul informed us that the Not Found error page can be exploited via inserting javascript code in the address bar.
This release provides a fix for this vulnerability. This release also includes some other improvements to the baker
script and prepares for the day when the controller object is not available in the view. Cakebaker mentioned the addition
of the session helper. It is recommended that everyone upgrade and change all references to $this->controller->Session in
the view to the new helper, $session.
While not every bug in trac has been fixed, several others were, so check out the changelog to see what was done.
Happy Baking,
CakePHP development team
Changes:
Revision: [3362]
Adding fix for Ticket #1272
Fixes exploit with XSS and DEBUG === 0
Revision: [3351]
Adding fix for Ticket #1049
Revision: [3350]
Added patch from Ticket #1229
Revision: [3349]
"Added fix for Ticket #1251
CakeSession::renew() is called now after"
Revision: [3347]
made the css look a little prettier and cleaned up bake a bit
Revision: [3344]
Allowing 'value' to override $this->data[Model][field] in HtmlHelper::textarea() (Ticket #1212)
Revision: [3343]
"Added fix for Ticket #1220"
Revision: [3341]
Fixing day/month/year/hour/minute/etc.OptionTag()'s to read tagValue (Ticket #1223)
Revision: [3340]
adding fix for #1252 to 1.1, adding confirm messages for delete in scaffolding
Revision: [3338]
Adding fix for Ticket #1160.
If escapeTitle param is exactly true then htmlspecialchars() will be
used.
If a string is passed as a param then htmlentities() will be used
Revision: [3336]
Adding error handling to ACL CLI script (Ticket #1157)
Revision: [3335]
adding icon link for favicon and adjusting paths for favicon
Revision: [3334]
"Adding correction to CakeSession method calls"
Revision: [3332]
Adding 'double precision' column type to DboPostgres (Ticket #1172)
Revision: [3331]
updating default layouts for session helper
Revision: [3329]
Fixing code formatting of ACL CLI script, and adding fix for Ticket #636
Revision: [3328]
"Adding Session helper one release before View::Controller is removed"
Revision: [3321]
Changing $form->label to $form->labelTag
Revision: [3317]
Adding fix for #1168
Revision: [3316]
Merging fixes from [3315]
Fixing errors when trying to use plugin components.
Added Controller::_initComponents();
Changed helpers and components to allow using plugins helpers or
components.
Syntax:
var $helpers = array('PluginName/HelperName');
var $components= array('PluginName/ComponentName');
Revision: [3314]
Removed the param being passed to Controller::__construct();
Revision: [3312]
Merging fixes into branched code
Revision: [3311]
Adding fix in loadView().
Revision: [3306]
Adding fix for Ticket #1219.
Checking for an object being passed.
Revision: [3277]:
Adding ; after endifs (ticket #1195)
Revision: [3272]
Adding fix for Ticket #1077
Revision: [3270]
Fixed div tag error in autocomplete() (ticket #1154)
Revision: [3264]
Author: phpnut
Date: 7:34:58 PM, Friday, July 14, 2006
Message:
Revision: [3263]
Adding settable/auto-generated DOM id's to select elements for dateTimeOptionTag (thanks SDevore)
Revision: [3262]
Adding fix for hasOne joins with recursive resultsets with alternative aliases (Ticket #1069)
Revision: [3261]
DboSource::reconnect() now composits existing configuration with passed data
Revision: [3260]
Refactoring DboSource, and adding fix for Ticket #1151