From 97a29371e43462a63b2b0f76261aa9dc9aa4baf0 Mon Sep 17 00:00:00 2001 From: ADmad Date: Tue, 19 Oct 2021 22:42:43 +0530 Subject: [PATCH 01/12] Add bash completion script. --- bin/bash_completion.sh | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 bin/bash_completion.sh diff --git a/bin/bash_completion.sh b/bin/bash_completion.sh new file mode 100644 index 0000000000..a3d3feba94 --- /dev/null +++ b/bin/bash_completion.sh @@ -0,0 +1,47 @@ +# +# Bash completion file for CakePHP console. +# Copy this file to a file named `cake` under `/etc/bash_completion.d/`. +# For more info check https://book.cakephp.org/4/en/console-commands/completion.html#how-to-enable-bash-autocompletion-for-the-cakephp-console +# + +_cake() +{ + local cur prev opts cake + COMPREPLY=() + cake="${COMP_WORDS[0]}" + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + + if [[ "$cur" == -* ]] ; then + if [[ ${COMP_CWORD} = 1 ]] ; then + opts=$(${cake} completion options) + elif [[ ${COMP_CWORD} = 2 ]] ; then + opts=$(${cake} completion options "${COMP_WORDS[1]}") + else + opts=$(${cake} completion options "${COMP_WORDS[1]}" "${COMP_WORDS[2]}") + fi + + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + fi + + if [[ ${COMP_CWORD} = 1 ]] ; then + opts=$(${cake} completion commands) + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + fi + + if [[ ${COMP_CWORD} = 2 ]] ; then + opts=$(${cake} completion subcommands $prev) + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + if [[ $COMPREPLY = "" ]] ; then + _filedir + return 0 + fi + return 0 + fi + + return 0 +} + +complete -F _cake cake bin/cake From 9ed3ba38c8479e080322035c781fa7673d6dbc6d Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sat, 5 Feb 2022 15:39:44 -0500 Subject: [PATCH 02/12] Update application skeleton to use new traps Use the new error and exception traps in new applications. --- config/bootstrap.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/config/bootstrap.php b/config/bootstrap.php index 927c291902..d16a7501a0 100644 --- a/config/bootstrap.php +++ b/config/bootstrap.php @@ -37,8 +37,8 @@ use Cake\Database\TypeFactory; use Cake\Database\Type\StringType; use Cake\Datasource\ConnectionManager; -use Cake\Error\ConsoleErrorHandler; -use Cake\Error\ErrorHandler; +use Cake\Error\ErrorTrap; +use Cake\Error\ExceptionTrap; use Cake\Http\ServerRequest; use Cake\Log\Log; use Cake\Mailer\Mailer; @@ -122,17 +122,13 @@ /* * Register application error and exception handlers. */ -$isCli = PHP_SAPI === 'cli'; -if ($isCli) { - (new ConsoleErrorHandler(Configure::read('Error')))->register(); -} else { - (new ErrorHandler(Configure::read('Error')))->register(); -} +(new ErrorTrap(Configure::read('Error')))->register(); +(new ExceptionTrap(Configure::read('Error')))->register(); /* * Include the CLI bootstrap overrides. */ -if ($isCli) { +if (PHP_SAPI === 'cli') { require CONFIG . 'bootstrap_cli.php'; } From 64f81a2620bd59dbd0cab4b31c296b203023c10d Mon Sep 17 00:00:00 2001 From: Corey Taylor Date: Sat, 5 Feb 2022 16:00:35 -0600 Subject: [PATCH 03/12] Update php requirement to 7.4+ --- .github/workflows/ci.yml | 6 +++--- composer.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15eb582d76..414fa1d7bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - php-version: ['7.2', '7.4', '8.0', '8.1'] + php-version: ['7.4', '8.0', '8.1'] name: PHP ${{ matrix.php-version }} steps: @@ -55,7 +55,7 @@ jobs: - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: '7.2' + php-version: '7.4' extensions: mbstring, intl coverage: none @@ -75,7 +75,7 @@ jobs: - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: '7.2' + php-version: '7.4' extensions: mbstring, intl coverage: none diff --git a/composer.json b/composer.json index 23059f4852..ee68106395 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,7 @@ "type": "project", "license": "MIT", "require": { - "php": ">=7.2", + "php": ">=7.4", "cakephp/cakephp": "^4.3", "cakephp/migrations": "^3.2", "cakephp/plugin-installer": "^1.3", From e57567bf611376b8342a2e45e38b198c882bce3a Mon Sep 17 00:00:00 2001 From: Mark Story Date: Fri, 18 Mar 2022 22:41:52 -0400 Subject: [PATCH 04/12] Update constraint so composer install works again. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ee68106395..5729bfe5de 100644 --- a/composer.json +++ b/composer.json @@ -6,7 +6,7 @@ "license": "MIT", "require": { "php": ">=7.4", - "cakephp/cakephp": "^4.3", + "cakephp/cakephp": "dev-4.next as 4.4.0", "cakephp/migrations": "^3.2", "cakephp/plugin-installer": "^1.3", "mobiledetect/mobiledetectlib": "^2.8" From 86f220943ee74d9528a28cbd90a0419cfd57083f Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sun, 10 Apr 2022 14:11:31 -0400 Subject: [PATCH 05/12] Allow exception rendering to auto-detect based on environment. Add additional documentation for new options in 4.4 --- config/app.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/app.php b/config/app.php index f9f7b46beb..f3549a3b51 100644 --- a/config/app.php +++ b/config/app.php @@ -166,8 +166,9 @@ * - `log` - boolean - Whether or not you want exceptions logged. * - `exceptionRenderer` - string - The class responsible for rendering * uncaught exceptions. If you choose a custom class you should place - * the file for that class in src/Error. This class needs to implement a - * render method. + * the file for that class in src/Error. This class needs to implement a `render()` method. + * `errorRenderer` - string - The class responsible for rendering PHP errors. This class needs + * to implement the `Cake\Error\ErrorRendererInterface`. * - `skipLog` - array - List of exceptions to skip for logging. Exceptions that * extend one of the listed exceptions will also be skipped for logging. * E.g.: @@ -181,7 +182,6 @@ */ 'Error' => [ 'errorLevel' => E_ALL, - 'exceptionRenderer' => ExceptionRenderer::class, 'skipLog' => [], 'log' => true, 'trace' => true, From 45ef002a5383962431b3a8819a9436d2b94bf40a Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sun, 10 Apr 2022 14:41:57 -0400 Subject: [PATCH 06/12] Improve wording of doc block --- config/app.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/config/app.php b/config/app.php index f3549a3b51..e689e77013 100644 --- a/config/app.php +++ b/config/app.php @@ -164,17 +164,21 @@ * - `trace` - boolean - Whether or not backtraces should be included in * logged errors/exceptions. * - `log` - boolean - Whether or not you want exceptions logged. - * - `exceptionRenderer` - string - The class responsible for rendering - * uncaught exceptions. If you choose a custom class you should place - * the file for that class in src/Error. This class needs to implement a `render()` method. - * `errorRenderer` - string - The class responsible for rendering PHP errors. This class needs + * - `exceptionRenderer` - string - The class responsible for rendering uncaught exceptions. + * The chosen class will be used for for both CLI and web environments. If you want different + * classes used in CLI and web environments you'll need to write that conditional logic as well. + * The conventional location for custom renderers is in `src/Error`. Your exception renderer needs to + * implement the `render()` method and return either a string or Http\Response. + * `errorRenderer` - string - The class responsible for rendering PHP errors. The selected + * class will be used for both web and CLI contexts. If you want different classes for each environment + * you'll need to write that conditional logic as well. Error renderers need to * to implement the `Cake\Error\ErrorRendererInterface`. * - `skipLog` - array - List of exceptions to skip for logging. Exceptions that * extend one of the listed exceptions will also be skipped for logging. * E.g.: * `'skipLog' => ['Cake\Http\Exception\NotFoundException', 'Cake\Http\Exception\UnauthorizedException']` - * - `extraFatalErrorMemory` - int - The number of megabytes to increase - * the memory limit by when a fatal error is encountered. This allows + * - `extraFatalErrorMemory` - int - The number of megabytes to increase the memory limit by + * when a fatal error is encountered. This allows * breathing room to complete logging or error handling. * - `ignoredDeprecationPaths` - array - A list of glob compatible file paths that deprecations * should be ignored in. Use this to ignore deprecations for plugins or parts of From 9d637a5df074a3611c94806c4fc6bf6bad958ae5 Mon Sep 17 00:00:00 2001 From: saeideng Date: Wed, 13 Apr 2022 12:35:01 +0430 Subject: [PATCH 07/12] remove unused use statement --- config/app.php | 1 - 1 file changed, 1 deletion(-) diff --git a/config/app.php b/config/app.php index e689e77013..53e25371f6 100644 --- a/config/app.php +++ b/config/app.php @@ -3,7 +3,6 @@ use Cake\Cache\Engine\FileEngine; use Cake\Database\Connection; use Cake\Database\Driver\Mysql; -use Cake\Error\ExceptionRenderer; use Cake\Log\Engine\FileLog; use Cake\Mailer\Transport\MailTransport; From 5e8a0c8e5b6df46996fa31bf6ba488327b9edccb Mon Sep 17 00:00:00 2001 From: naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 10 May 2022 03:02:16 +0000 Subject: [PATCH 08/12] chore: Set permissions for GitHub actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/ci.yml | 3 +++ .github/workflows/stale.yml | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0e5ca10a70..ff83d993e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,6 +10,9 @@ on: branches: - '*' +permissions: + contents: read + jobs: testsuite: runs-on: ubuntu-18.04 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 855578c375..ebd280469c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,9 +4,15 @@ on: schedule: - cron: "0 0 * * *" +permissions: + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: From 6313d62736fbf8b81440bf4015d549e2059e723d Mon Sep 17 00:00:00 2001 From: Alex Mayer Date: Mon, 6 Jun 2022 20:34:43 -0400 Subject: [PATCH 09/12] Update CSRF Book Link --- src/Application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Application.php b/src/Application.php index b891509634..848283a5f9 100644 --- a/src/Application.php +++ b/src/Application.php @@ -98,7 +98,7 @@ public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue ->add(new BodyParserMiddleware()) // Cross Site Request Forgery (CSRF) Protection Middleware - // https://book.cakephp.org/4/en/controllers/middleware.html#cross-site-request-forgery-csrf-middleware + // https://book.cakephp.org/4/en/security/csrf.html#cross-site-request-forgery-csrf-middleware ->add(new CsrfProtectionMiddleware([ 'httponly' => true, ])); From 16bf64de9160dcaf56ad01b4f3edad14771d62b9 Mon Sep 17 00:00:00 2001 From: Mark Story Date: Mon, 6 Jun 2022 22:41:41 -0400 Subject: [PATCH 10/12] Bump version for 4.4.* --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 5729bfe5de..278c9d2f28 100644 --- a/composer.json +++ b/composer.json @@ -6,7 +6,7 @@ "license": "MIT", "require": { "php": ">=7.4", - "cakephp/cakephp": "dev-4.next as 4.4.0", + "cakephp/cakephp": "^4.4.*", "cakephp/migrations": "^3.2", "cakephp/plugin-installer": "^1.3", "mobiledetect/mobiledetectlib": "^2.8" From 1c440d36e31efd86d754fab855ee36d58b6bca69 Mon Sep 17 00:00:00 2001 From: Mark Story Date: Mon, 6 Jun 2022 22:48:47 -0400 Subject: [PATCH 11/12] Fix mistake in composer.json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 278c9d2f28..2ad920a210 100644 --- a/composer.json +++ b/composer.json @@ -6,7 +6,7 @@ "license": "MIT", "require": { "php": ">=7.4", - "cakephp/cakephp": "^4.4.*", + "cakephp/cakephp": "4.4.*", "cakephp/migrations": "^3.2", "cakephp/plugin-installer": "^1.3", "mobiledetect/mobiledetectlib": "^2.8" From 32f6599a7093324823a35dbfa0b95d905547a14a Mon Sep 17 00:00:00 2001 From: mohammadreza salehi Date: Tue, 19 Jul 2022 10:43:57 +0430 Subject: [PATCH 12/12] update min php version --- templates/Pages/home.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Pages/home.php b/templates/Pages/home.php index e976a0b3c5..920fbfd75a 100644 --- a/templates/Pages/home.php +++ b/templates/Pages/home.php @@ -102,10 +102,10 @@

Environment

    - =')) : ?> -
  • Your version of PHP is 7.2.0 or higher (detected ).
    • + =')) : ?> +
  • Your version of PHP is 7.4.0 or higher (detected ).
    • -
  • Your version of PHP is too low. You need PHP 7.2.0 or higher to use CakePHP (detected ).
    • +
  • Your version of PHP is too low. You need PHP 7.4.0 or higher to use CakePHP (detected ).