Merge branch '4.x' into 4.next

markstory · markstory · commit 5f96c167b573 · 2022-06-06T22:25:55.000-04:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+- package-ecosystem: composer
+  directory: "/"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,6 +10,9 @@ on:
     branches:
       - '*'
 
+permissions:
+  contents: read
+
 jobs:
   testsuite:
     runs-on: ubuntu-18.04
@@ -20,7 +23,7 @@ jobs:
     name: PHP ${{ matrix.php-version }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
@@ -50,7 +53,7 @@ jobs:
     runs-on: ubuntu-18.04
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
@@ -70,7 +73,7 @@ jobs:
     runs-on: ubuntu-18.04
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -4,13 +4,19 @@ on:
   schedule:
   - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   stale:
 
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     
     steps:
-    - uses: actions/stale@v1
+    - uses: actions/stale@v5
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. Remove the `stale` label or comment or this will be closed in 15 days'
@@ -19,5 +25,5 @@ jobs:
         stale-pr-label: 'stale'
         days-before-stale: 120
         days-before-close: 15
-        exempt-issue-label: 'pinned'
-        exempt-pr-label: 'pinned'
+        exempt-issue-labels: 'pinned'
+        exempt-pr-labels: 'pinned'
diff --git a/config/bootstrap.php b/config/bootstrap.php
@@ -34,8 +34,8 @@
 use Cake\Cache\Cache;
 use Cake\Core\Configure;
 use Cake\Core\Configure\Engine\PhpConfig;
-use Cake\Database\TypeFactory;
 use Cake\Database\Type\StringType;
+use Cake\Database\TypeFactory;
 use Cake\Datasource\ConnectionManager;
 use Cake\Error\ErrorTrap;
 use Cake\Error\ExceptionTrap;
diff --git a/config/requirements.php b/config/requirements.php
@@ -35,7 +35,10 @@
  * You can remove this if you are confident you have proper version of intl.
  */
 if (version_compare(INTL_ICU_VERSION, '50.1', '<')) {
-    trigger_error('ICU >= 50.1 is needed to use CakePHP. Please update the `libicu` package of your system.' . PHP_EOL, E_USER_ERROR);
+    trigger_error(
+        'ICU >= 50.1 is needed to use CakePHP. Please update the `libicu` package of your system.' . PHP_EOL,
+        E_USER_ERROR
+    );
 }
 
 /*
diff --git a/src/Application.php b/src/Application.php
@@ -98,7 +98,7 @@ public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
             ->add(new BodyParserMiddleware())
 
             // Cross Site Request Forgery (CSRF) Protection Middleware
-            // https://book.cakephp.org/4/en/controllers/middleware.html#cross-site-request-forgery-csrf-middleware
+            // https://book.cakephp.org/4/en/security/csrf.html#cross-site-request-forgery-csrf-middleware
             ->add(new CsrfProtectionMiddleware([
                 'httponly' => true,
             ]));
diff --git a/templates/Pages/home.php b/templates/Pages/home.php
@@ -47,15 +47,14 @@
     );
 endif;
 
-$cakeDescription = 'CakePHP: the rapid development PHP framework';
 ?>
 <!DOCTYPE html>
 <html>
 <head>
     <?= $this->Html->charset() ?>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>
-        <?= $cakeDescription ?>:
+        CakePHP: the rapid development PHP framework:
         <?= $this->fetch('title') ?>
     </title>
     <?= $this->Html->meta('icon') ?>
@@ -75,7 +74,7 @@
                 <img alt="CakePHP" src="https://cakephp.org/v2/img/logos/CakePHP_Logo.svg" width="350" />
             </a>
             <h1>
-                Welcome to CakePHP <?= Configure::version() ?> Strawberry (🍓)
+                Welcome to CakePHP <?= h(Configure::version()) ?> Strawberry (🍓)
             </h1>
         </div>
     </header>
@@ -147,7 +146,7 @@
 
                         <?php $settings = Cache::getConfig('_cake_core_'); ?>
                         <?php if (!empty($settings)) : ?>
-                            <li class="bullet success">The <em><?= $settings['className'] ?>Engine</em> is being used for core caching. To change the config edit config/app.php</li>
+                            <li class="bullet success">The <em><?= h($settings['className']) ?></em> is being used for core caching. To change the config edit config/app.php</li>
                         <?php else : ?>
                             <li class="bullet problem">Your cache is NOT working. Please check the settings in config/app.php</li>
                         <?php endif; ?>
@@ -165,7 +164,7 @@
                         <?php if ($result['connected']) : ?>
                             <li class="bullet success">CakePHP is able to connect to the database.</li>
                         <?php else : ?>
-                            <li class="bullet problem">CakePHP is NOT able to connect to the database.<br /><?= $result['error'] ?></li>
+                            <li class="bullet problem">CakePHP is NOT able to connect to the database.<br /><?= h($result['error']) ?></li>
                         <?php endif; ?>
                         </ul>
                     </div>
diff --git a/tests/TestCase/ApplicationTest.php b/tests/TestCase/ApplicationTest.php
@@ -17,6 +17,7 @@
 namespace App\Test\TestCase;
 
 use App\Application;
+use Cake\Core\Configure;
 use Cake\Error\Middleware\ErrorHandlerMiddleware;
 use Cake\Http\MiddlewareQueue;
 use Cake\Routing\Middleware\AssetMiddleware;
@@ -33,19 +34,35 @@ class ApplicationTest extends TestCase
     use IntegrationTestTrait;
 
     /**
-     * testBootstrap
+     * Test bootstrap in production.
      *
      * @return void
      */
     public function testBootstrap()
     {
+        Configure::write('debug', false);
         $app = new Application(dirname(dirname(__DIR__)) . '/config');
         $app->bootstrap();
         $plugins = $app->getPlugins();
 
-        $this->assertTrue($plugins->has('Bake'), 'plugins has Bake');
-        $this->assertTrue($plugins->has('DebugKit'), 'plugins has DebugKit');
-        $this->assertTrue($plugins->has('Migrations'), 'plugins has Migrations');
+        $this->assertTrue($plugins->has('Bake'), 'plugins has Bake?');
+        $this->assertFalse($plugins->has('DebugKit'), 'plugins has DebugKit?');
+        $this->assertTrue($plugins->has('Migrations'), 'plugins has Migrations?');
+    }
+
+    /**
+     * Test bootstrap add DebugKit plugin in debug mode.
+     *
+     * @return void
+     */
+    public function testBootstrapInDebug()
+    {
+        Configure::write('debug', true);
+        $app = new Application(dirname(dirname(__DIR__)) . '/config');
+        $app->bootstrap();
+        $plugins = $app->getPlugins();
+
+        $this->assertTrue($plugins->has('DebugKit'), 'plugins has DebugKit?');
     }
 
     /**
diff --git a/tests/TestCase/Controller/PagesControllerTest.php b/tests/TestCase/Controller/PagesControllerTest.php
@@ -17,6 +17,7 @@
 namespace App\Test\TestCase\Controller;
 
 use Cake\Core\Configure;
+use Cake\TestSuite\Constraint\Response\StatusCode;
 use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 
@@ -29,26 +30,14 @@ class PagesControllerTest extends TestCase
 {
     use IntegrationTestTrait;
 
-    /**
-     * testMultipleGet method
-     *
-     * @return void
-     */
-    public function testMultipleGet()
-    {
-        $this->get('/');
-        $this->assertResponseOk();
-        $this->get('/');
-        $this->assertResponseOk();
-    }
-
     /**
      * testDisplay method
      *
      * @return void
      */
     public function testDisplay()
     {
+        Configure::write('debug', true);
         $this->get('/pages/home');
         $this->assertResponseOk();
         $this->assertResponseContains('CakePHP');
@@ -120,7 +109,7 @@ public function testCsrfAppliedOk()
         $this->enableCsrfToken();
         $this->post('/pages/home', ['hello' => 'world']);
 
-        $this->assertResponseCode(200);
-        $this->assertResponseContains('CakePHP');
+        $this->assertThat(403, $this->logicalNot(new StatusCode($this->_response)));
+        $this->assertResponseNotContains('CSRF');
     }
 }
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
@@ -29,9 +29,7 @@
 
 require dirname(__DIR__) . '/config/bootstrap.php';
 
-$_SERVER['PHP_SELF'] = '/';
-
-if (empty($_SERVER['HTTP_HOST'])) {
+if (empty($_SERVER['HTTP_HOST']) && !Configure::read('App.fullBaseUrl')) {
     Configure::write('App.fullBaseUrl', 'http://localhost');
 }
 

Original file line number	Diff line number	Diff line change
`@@ -29,9 +29,7 @@`
`29`	`29`
`30`	`30`	`require dirname(__DIR__) . '/config/bootstrap.php';`
`31`	`31`
`32`		`-$_SERVER['PHP_SELF'] = '/';`
`33`		`-`
`34`		`-if (empty($_SERVER['HTTP_HOST'])) {`
	`32`	`+if (empty($_SERVER['HTTP_HOST']) && !Configure::read('App.fullBaseUrl')) {`
`35`	`33`	`Configure::write('App.fullBaseUrl', 'http://localhost');`
`36`	`34`	`}`
`37`	`35`