Merge pull request #5 from laravel/develop

Develop

artisan

@@ -4,7 +4,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  3.2.8
+ * @version  3.2.9
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */

laravel/auth/drivers/driver.php

@@ -127,6 +127,8 @@ abstract class Driver {
 		$this->cookie($this->recaller(), null, -2000);
 
 		Session::forget($this->token());
+
+    $this->token = null;
 	}
 
 	/**

laravel/cookie.php

@@ -44,9 +44,14 @@ class Cookie {
 	 */
 	public static function get($name, $default = null)
 	{
-		if (isset(static::$jar[$name])) return static::$jar[$name]['value'];
+		if (isset(static::$jar[$name])) return static::parse(static::$jar[$name]['value']);
 
-		return array_get(Request::foundation()->cookies->all(), $name, $default);
+		if ( ! is_null($value = Request::foundation()->cookies->get($name)))
+		{
+			return static::parse($value);
+		}
+
+		return value($default);
 	}
 
 	/**
@@ -75,6 +80,8 @@ class Cookie {
 			$expiration = time() + ($expiration * 60);
 		}
 
+		$value = static::hash($value).'+'.$value;
+
 		// If the secure option is set to true, yet the request is not over HTTPS
 		// we'll throw an exception to let the developer know that they are
 		// attempting to send a secure cookie over the insecure HTTP.
@@ -120,4 +127,46 @@ class Cookie {
 		return static::put($name, null, -2000, $path, $domain, $secure);
 	}
 
+	/**
+	 * Hash the given cookie value.
+	 *
+	 * @param  string  $value
+	 * @return string
+	 */
+	public static function hash($value)
+	{
+		return hash_hmac('sha1', $value, Config::get('application.key'));
+	}
+
+	/**
+	 * Parse a hash fingerprinted cookie value.
+	 *
+	 * @param  string  $value
+	 * @return string
+	 */
+	protected static function parse($value)
+	{
+		$segments = explode('+', $value);
+
+		// First we will make sure the cookie actually has enough segments to even
+		// be valid as being set by the application. If it does not we will go
+		// ahead and throw exceptions now since there the cookie is invalid.
+		if ( ! (count($segments) >= 2))
+		{
+			return null;
+		}
+
+		$value = implode('+', array_slice($segments, 1));
+
+		// Now we will check if the SHA-1 hash present in the first segment matches
+		// the ShA-1 hash of the rest of the cookie value, since the hash should
+		// have been set when the cookie was first created by the application.
+		if ($segments[0] == static::hash($value))
+		{
+			return $value;
+		}
+
+		return null;
+	}
+
 }

laravel/database/eloquent/model.php

@@ -528,7 +528,7 @@ abstract class Model {
 
 		foreach ($this->attributes as $key => $value)
 		{
-			if ( ! isset($this->original[$key]) or $value !== $this->original[$key])
+			if ( ! array_key_exists($key, $this->original) or $value != $this->original[$key])
 			{
 				$dirty[$key] = $value;
 			}
@@ -544,7 +544,7 @@ abstract class Model {
 	 */
 	public function get_key()
 	{
-		return $this->get_attribute(static::$key);
+		return array_get($this->original, static::$key);
 	}
 
 	/**
@@ -721,7 +721,7 @@ abstract class Model {
 		{
 			if (array_key_exists($key, $this->$source)) return true;
 		}
-		
+
 		if (method_exists($this, $key)) return true;
 	}
 

laravel/documentation/auth/usage.md

@@ -50,9 +50,9 @@ To determine if the user of your application is logged in, call the **check** me
 	     return "You're logged in!";
 	}
 
-Use the **login** method to login a user without checking their credentials, such as after a user first registers to use your application. Just pass your user object or the user's ID:
+Use the **login** method to login a user without checking their credentials, such as after a user first registers to use your application. Just pass the user's ID:
 
-	Auth::login($user);
+	Auth::login($user->id);
 
 	Auth::login(15);
 

laravel/documentation/changes.md

@@ -2,6 +2,8 @@
 
 ## Contents
 
+- [Laravel 3.2.9](#3.2.9)
+- [Upgrading From 3.2.8](#upgrade-3.2.9)
 - [Laravel 3.2.8](#3.2.8)
 - [Upgrading From 3.2.7](#upgrade-3.2.8)
 - [Laravel 3.2.7](#3.2.7)
@@ -41,10 +43,22 @@
 - [Laravel 3.1](#3.1)
 - [Upgrading From 3.0](#upgrade-3.1)
 
+<a name="3.2.9"></a>
+## Laravel 3.2.9
+
+- Always log exceptions even when there are "logger" event listeners.
+- Fix nasty view exception messages.
+
+<a name="upgrade-3.2.9"></a>
+### Upgrading From 3.2.8
+
+- Replace the **laravel** folder.
+
 <a name="3.2.8"></a>
 ## Laravel 3.2.8
 
 - Fix double slash bug in URLs when using languages and no "index.php".
+- Fix possible security issue in Auth "remember me" cookies.
 
 <a name="upgrade-3.2.8"></a>
 ### Upgrading From 3.2.7

laravel/documentation/controllers.md

@@ -17,7 +17,7 @@
 
 Controllers are classes that are responsible for accepting user input and managing interactions between models, libraries, and views. Typically, they will ask a model for data, and then return a view that presents that data to the user.
 
-The usage of controllers is the most common method of implementing application logic in modern web-development. However, Laravel also empowers developers to implement their application logic within routing declarations. This is explored in detail in the [routing document](/docs/routing). New users are encourage to start with controllers. There is nothing that route-based application logic can do that controllers can't.
+The usage of controllers is the most common method of implementing application logic in modern web-development. However, Laravel also empowers developers to implement their application logic within routing declarations. This is explored in detail in the [routing document](/docs/routing). New users are encouraged to start with controllers. There is nothing that route-based application logic can do that controllers can't.
 
 Controller classes should be stored in **application/controllers** and should extend the Base\_Controller class. A Home\_Controller class is included with Laravel.
 

laravel/documentation/routing.md

@@ -295,6 +295,8 @@ The **Controller::detect** method simply returns an array of all of the controll
 
 If you wish to automatically detect the controllers in a bundle, just pass the bundle name to the method. If no bundle is specified, the application folder's controller directory will be searched.
 
+> **Note:** It is important to note that this method gives you no control over the order in which controllers are loaded. Controller::detect() should only be used to Route controllers in very small sites. "Manually" routing controllers gives you much more control, is more self-documenting, and is certainly advised.
+
 #### Register all controllers for the "admin" bundle:
 
 	Route::controller(Controller::detect('admin'));

laravel/error.php

@@ -15,6 +15,18 @@ class Error {
 
 		ob_get_level() and ob_end_clean();
 
+		$message = $exception->getMessage();
+
+		// For Laravel view errors we want to show a prettier error:
+		$file = $exception->getFile();
+
+		if (str_contains($exception->getFile(), 'eval()') and str_contains($exception->getFile(), 'laravel/view.php'))
+		{
+			$message = 'Error rendering view: ['.View::$last['name'].']'.PHP_EOL.PHP_EOL.$message;
+
+			$file = View::$last['path'];
+		}
+
 		// If detailed errors are enabled, we'll just format the exception into
 		// a simple error message and display it on the screen. We don't use a
 		// View in case the problem is in the View class.
@@ -22,9 +34,9 @@ class Error {
 		{
 			echo "<html><h2>Unhandled Exception</h2>
 				  <h3>Message:</h3>
-				  <pre>".$exception->getMessage()."</pre>
+				  <pre>".$message."</pre>
 				  <h3>Location:</h3>
-				  <pre>".$exception->getFile()." on line ".$exception->getLine()."</pre>";
+				  <pre>".$file." on line ".$exception->getLine()."</pre>";
 
 			if ($trace)
 			{

laravel/laravel.php

@@ -137,7 +137,7 @@ $languages[] = Config::get('application.language');
 
 foreach ($languages as $language)
 {
-	if (starts_with($uri, $language))
+	if (preg_match("#^{$language}(?:$|/)#i", $uri))
 	{
 		Config::set('application.language', $language);
 

laravel/log.php

@@ -49,15 +49,9 @@ class Log {
 			Event::fire('laravel.log', array($type, $message));
 		}
 
-		// If there aren't listeners on the log event, we'll just write to the
-		// log files using the default conventions, writing one log file per
-		// day so the files don't get too crowded.
-		else
-		{
-			$message = static::format($type, $message);
+		$message = static::format($type, $message);
 
-			File::append(path('storage').'logs/'.date('Y-m-d').'.log', $message);
-		}
+		File::append(path('storage').'logs/'.date('Y-m-d').'.log', $message);
 	}
 
 	/**

laravel/str.php

@@ -9,17 +9,22 @@ class Str {
 	 */
 	public static $pluralizer;
 
-	/**
-	 * Get the default string encoding for the application.
-	 *
-	 * This method is simply a short-cut to Config::get('application.encoding').
-	 *
-	 * @return string
-	 */
-	public static function encoding()
-	{
-		return Config::get('application.encoding');
-	}
+    /**
+     * Cache application encoding locally to save expensive calls to Config::get().
+     *
+     * @var string
+     */
+    public static $encoding = null;
+
+    /**
+     * Get the appliction.encoding without needing to request it from Config::get() each time.
+     *
+     * @return string
+     */
+    protected static function encoding()
+    {
+        return static::$encoding ?: static::$encoding = Config::get('application.encoding');
+    }
 
 	/**
 	 * Get the length of a string.

laravel/tests/application/models/model.php

+<?php
+
+class Model extends Laravel\Database\Eloquent\Model {
+
+	public function set_setter($setter)
+	{
+		$this->set_attribute('setter', 'setter: '.$setter);
+	}
+
+	public function get_getter()
+	{
+		return 'getter: '.$this->get_attribute('getter');
+	}
+
+}
\ No newline at end of file

laravel/tests/cases/auth.test.php

@@ -269,7 +269,7 @@ class AuthTest extends PHPUnit_Framework_TestCase {
 
 		$this->assertTrue(isset(Cookie::$jar['laravel_auth_drivers_fluent_remember']));
 
-		$cookie = Cookie::$jar['laravel_auth_drivers_fluent_remember']['value'];
+		$cookie = Cookie::get('laravel_auth_drivers_fluent_remember');
 		$cookie = explode('|', Crypter::decrypt($cookie));
 		$this->assertEquals(1, $cookie[0]);
 		$this->assertEquals('foo', Cookie::$jar['laravel_auth_drivers_fluent_remember']['path']);
@@ -294,9 +294,6 @@ class AuthTest extends PHPUnit_Framework_TestCase {
 
 		Auth::logout();
 
-		// A workaround since Cookie will is only stored in memory, until Response class is called.
-		Auth::driver()->token = null;
-
 		$this->assertNull(Auth::user());
 
 		$this->assertFalse(isset(Session::$instance->session['data']['laravel_auth_drivers_fluent_login']));

laravel/tests/cases/cookie.test.php

@@ -67,7 +67,7 @@ class CookieTest extends \PHPUnit_Framework_TestCase {
 	 */
 	public function testHasMethodIndicatesIfCookieInSet()
 	{
-		Cookie::$jar['foo'] = array('value' => 'bar');
+		Cookie::$jar['foo'] = array('value' => Cookie::hash('bar').'+bar');
 		$this->assertTrue(Cookie::has('foo'));
 		$this->assertFalse(Cookie::has('bar'));
 
@@ -82,7 +82,7 @@ class CookieTest extends \PHPUnit_Framework_TestCase {
 	 */
 	public function testGetMethodCanReturnValueOfCookies()
 	{
-		Cookie::$jar['foo'] = array('value' => 'bar');
+		Cookie::$jar['foo'] = array('value' => Cookie::hash('bar').'+bar');
 		$this->assertEquals('bar', Cookie::get('foo'));
 
 		Cookie::put('bar', 'baz');
@@ -97,7 +97,7 @@ class CookieTest extends \PHPUnit_Framework_TestCase {
 	public function testForeverShouldUseATonOfMinutes()
 	{
 		Cookie::forever('foo', 'bar');
-		$this->assertEquals('bar', Cookie::$jar['foo']['value']);
+		$this->assertEquals(Cookie::hash('bar').'+bar', Cookie::$jar['foo']['value']);
 
 		// Shouldn't be able to test this cause while we indicate -2000 seconds 
 		// cookie expiration store timestamp.

laravel/tests/cases/eloquent.test.php

+<?php
+
+class EloquentTest extends PHPUnit_Framework_TestCase {
+
+	/**
+	 * Test the Model constructor.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributesAreSetByConstructor()
+	{
+		$array = array('name' => 'Taylor', 'age' => 25, 'setter' => 'foo');
+
+		$model = new Model($array);
+
+		$this->assertEquals('Taylor', $model->name);
+		$this->assertEquals(25, $model->age);
+		$this->assertEquals('setter: foo', $model->setter);
+	}
+
+	/**
+	 * Test the Model::fill method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributesAreSetByFillMethod()
+	{
+		$array = array('name' => 'Taylor', 'age' => 25, 'setter' => 'foo');
+
+		$model = new Model();
+		$model->fill($array);
+
+		$this->assertEquals('Taylor', $model->name);
+		$this->assertEquals(25, $model->age);
+		$this->assertEquals('setter: foo', $model->setter);
+	}
+
+	/**
+	 * Test the Model::fill_raw method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributesAreSetByFillRawMethod()
+	{
+		$array = array('name' => 'Taylor', 'age' => 25, 'setter' => 'foo');
+
+		$model = new Model();
+		$model->fill_raw($array);
+
+		$this->assertEquals($array, $model->attributes);
+	}
+
+	/**
+	 * Test the Model::fill method with accessible.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributesAreSetByFillMethodWithAccessible()
+	{
+		Model::$accessible = array('name', 'age');
+
+		$array = array('name' => 'Taylor', 'age' => 25, 'foo' => 'bar');
+
+		$model = new Model();
+		$model->fill($array);
+
+		$this->assertEquals('Taylor', $model->name);
+		$this->assertEquals(25, $model->age);
+		$this->assertNull($model->foo);
+
+		Model::$accessible = null;
+	}
+
+	/**
+	 * Test the Model::fill method with empty accessible array.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributesAreSetByFillMethodWithEmptyAccessible()
+	{
+		Model::$accessible = array();
+
+		$array = array('name' => 'Taylor', 'age' => 25, 'foo' => 'bar');
+
+		$model = new Model();
+		$model->fill($array);
+
+		$this->assertEquals(array(), $model->attributes);
+		$this->assertNull($model->name);
+		$this->assertNull($model->age);
+		$this->assertNull($model->foo);
+
+		Model::$accessible = null;
+	}
+
+	/**
+	 * Test the Model::fill_raw method with accessible.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributesAreSetByFillRawMethodWithAccessible()
+	{
+		Model::$accessible = array('name', 'age');
+
+		$array = array('name' => 'taylor', 'age' => 25, 'setter' => 'foo');
+
+		$model = new Model();
+		$model->fill_raw($array);
+
+		$this->assertEquals($array, $model->attributes);
+
+		Model::$accessible = null;
+	}
+
+	/**
+	 * Test the Model::__set method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributeMagicSetterMethodChangesAttribute()
+	{
+		Model::$accessible = array('setter');
+
+		$array = array('setter' => 'foo', 'getter' => 'bar');
+
+		$model = new Model($array);
+		$model->setter = 'bar';
+		$model->getter = 'foo';
+
+		$this->assertEquals('setter: bar', $model->get_attribute('setter'));
+		$this->assertEquals('foo', $model->get_attribute('getter'));
+
+		Model::$accessible = null;
+	}
+
+	/**
+	 * Test the Model::__get method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributeMagicGetterMethodReturnsAttribute()
+	{
+		$array = array('setter' => 'foo', 'getter' => 'bar');
+
+		$model = new Model($array);
+
+		$this->assertEquals('setter: foo', $model->setter);
+		$this->assertEquals('getter: bar', $model->getter);
+	}
+
+	/**
+	 * Test the Model::set_* method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributeSetterMethodChangesAttribute()
+	{
+		Model::$accessible = array('setter');
+
+		$array = array('setter' => 'foo', 'getter' => 'bar');
+
+		$model = new Model($array);
+		$model->set_setter('bar');
+		$model->set_getter('foo');
+
+		$this->assertEquals('setter: bar', $model->get_attribute('setter'));
+		$this->assertEquals('foo', $model->get_attribute('getter'));
+
+		Model::$accessible = null;
+	}
+
+	/**
+	 * Test the Model::get_* method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributeGetterMethodReturnsAttribute()
+	{
+		$array = array('setter' => 'foo', 'getter' => 'bar');
+
+		$model = new Model($array);
+
+		$this->assertEquals('setter: foo', $model->get_setter());
+		$this->assertEquals('getter: bar', $model->get_getter());
+	}
+
+	/**
+	 * Test determination of dirty/changed attributes.
+	 *
+	 * @group laravel
+	 */
+	public function testDeterminationOfChangedAttributes()
+	{
+		$array = array('name' => 'Taylor', 'age' => 25, 'foo' => null);
+
+		$model = new Model($array, true);
+		$model->name = 'Otwell';
+		$model->new = null;
+
+		$this->assertTrue($model->changed('name'));
+		$this->assertFalse($model->changed('age'));
+		$this->assertFalse($model->changed('foo'));
+		$this->assertFalse($model->changed('new'));
+		$this->assertTrue($model->dirty());
+		$this->assertEquals(array('name' => 'Otwell', 'new' => null), $model->get_dirty());
+
+		$model->sync();
+
+		$this->assertFalse($model->changed('name'));
+		$this->assertFalse($model->changed('age'));
+		$this->assertFalse($model->changed('foo'));
+		$this->assertFalse($model->changed('new'));
+		$this->assertFalse($model->dirty());
+		$this->assertEquals(array(), $model->get_dirty());
+	}
+
+	/**
+	 * Test the Model::purge method.
+	 *
+	 * @group laravel
+	 */
+	public function testAttributePurge()
+	{
+		$array = array('name' => 'Taylor', 'age' => 25);
+
+		$model = new Model($array);
+		$model->name = 'Otwell';
+		$model->age = 26;
+
+		$model->purge('name');
+
+		$this->assertFalse($model->changed('name'));
+		$this->assertNull($model->name);
+		$this->assertTrue($model->changed('age'));
+		$this->assertEquals(26, $model->age);
+		$this->assertEquals(array('age' => 26), $model->get_dirty());
+	}
+
+	/**
+	 * Test the Model::table method.
+	 *
+	 * @group laravel
+	 */
+	public function testTableMethodReturnsCorrectName()
+	{
+		$model = new Model();
+		$this->assertEquals('models', $model->table());
+
+		Model::$table = 'table';
+		$this->assertEquals('table', $model->table());
+
+		Model::$table = null;
+		$this->assertEquals('models', $model->table());
+	}
+
+	/**
+	 * Test the Model::to_array method.
+	 *
+	 * @group laravel
+	 */
+	public function testConvertingToArray()
+	{
+		Model::$hidden = array('password', 'hidden');
+
+		$array = array('name' => 'Taylor', 'age' => 25, 'password' => 'laravel', 'null' => null);
+
+		$model = new Model($array);
+
+		$first = new Model(array('first' => 'foo', 'password' => 'hidden'));
+		$second = new Model(array('second' => 'bar', 'password' => 'hidden'));
+		$third = new Model(array('third' => 'baz', 'password' => 'hidden'));
+
+		$model->relationships['one'] = new Model(array('foo' => 'bar', 'password' => 'hidden'));
+		$model->relationships['many'] = array($first, $second, $third);
+		$model->relationships['hidden'] = new Model(array('should' => 'visible'));
+		$model->relationships['null'] = null;
+
+		$this->assertEquals(array(
+			'name' => 'Taylor', 'age' => 25, 'null' => null,
+			'one' => array('foo' => 'bar'),
+			'many' => array(
+				array('first' => 'foo'),
+				array('second' => 'bar'),
+				array('third' => 'baz'),
+			),
+			'hidden' => array('should' => 'visible'),
+			'null' => null,
+		), $model->to_array());
+
+	}
+
+}
\ No newline at end of file

laravel/tests/cases/session.test.php

@@ -372,7 +372,7 @@ class SessionTest extends PHPUnit_Framework_TestCase {
 
 		$cookie = Cookie::$jar[Config::get('session.cookie')];
 
-		$this->assertEquals('foo', $cookie['value']);
+		$this->assertEquals(Cookie::hash('foo').'+foo', $cookie['value']);
 		// Shouldn't be able to test this cause session.lifetime store number of minutes 
 		// while cookie expiration store timestamp when it going to expired.
 		// $this->assertEquals(Config::get('session.lifetime'), $cookie['expiration']);

laravel/view.php

@@ -44,6 +44,13 @@ class View implements ArrayAccess {
 	 */
 	public static $cache = array();
 
+	/**
+	 * THe last view to be rendered.
+	 *
+	 * @var string
+	 */
+	public static $last;
+
 	/**
 	 * The Laravel view loader event name.
 	 *
@@ -367,7 +374,17 @@ class View implements ArrayAccess {
 			ob_get_clean(); throw $e;
 		}
 
-		return ob_get_clean();
+		$content = ob_get_clean();
+
+		// The view filter event gives us a last chance to modify the
+		// evaluated contents of the view and return them. This lets
+		// us do something like run the contents through Jade, etc.
+		if (Event::listeners('view.filter'))
+		{
+			return Event::first('view.filter', array($content, $this->path));
+		}
+
+		return $content;
 	}
 
 	/**
@@ -377,6 +394,8 @@ class View implements ArrayAccess {
 	 */
 	protected function load()
 	{
+		static::$last = array('name' => $this->view, 'path' => $this->path);
+
 		if (isset(static::$cache[$this->path]))
 		{
 			return static::$cache[$this->path];

public/index.php

@@ -3,7 +3,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  3.2.8
+ * @version  3.2.9
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */

readme.md

@@ -27,7 +27,7 @@ enjoy, not something that is painful. Enjoy the fresh air.
 
 Route::get('/', function()
 {
-	return "Hello World!":
+	return "Hello World!";
 });
 ```
 
@@ -64,4 +64,4 @@ git commit -s -m "this commit will be signed off automatically!"
 
 ## License
 
-Laravel is open-sourced software licensed under the MIT License.
+Laravel is open-sourced software licensed under the MIT License.
\ No newline at end of file