Merge branch 'master' into 2.4

Conflicts:
	lib/Cake/VERSION.txt

lib/Cake/Console/Command/CommandListShell.php

@@ -49,7 +49,7 @@ class CommandListShell extends AppShell {
 			$this->out(" -core: " . rtrim(CORE_PATH, DS));
 			$this->out("");
 			$this->out(__d('cake_console', "<info>Changing Paths:</info>"), 2);
-			$this->out(__d('cake_console', "Your working path should be the same as your application path to change your path use the '-app' param."));
+			$this->out(__d('cake_console', "Your working path should be the same as your application path. To change your path use the '-app' param."));
 			$this->out(__d('cake_console', "Example: -app relative/path/to/myapp or -app /absolute/path/to/myapp"), 2);
 
 			$this->out(__d('cake_console', "<info>Available Shells:</info>"), 2);

lib/Cake/Error/exceptions.php

@@ -63,7 +63,7 @@ class CakeBaseException extends RuntimeException {
  *
  * @package       Cake.Error
  */
-if (!class_exists('HttpException')) {
+if (!class_exists('HttpException', false)) {
 	class HttpException extends CakeBaseException {
 	}
 }

lib/Cake/Network/CakeRequest.php

@@ -292,7 +292,7 @@ class CakeRequest implements ArrayAccess {
 			if ($base === DS || $base === '.') {
 				$base = '';
 			}
-
+			$base = implode('/', array_map('rawurlencode', explode('/', $base)));
 			$this->webroot = $base . '/';
 			return $this->base = $base;
 		}

lib/Cake/Test/Case/Network/CakeRequestTest.php

@@ -1135,6 +1135,15 @@ class CakeRequestTest extends CakeTestCase {
 		Configure::write('App.baseUrl', false);
 
 		$_SERVER['DOCUMENT_ROOT'] = '/cake/repo/branches';
+		$_SERVER['PHP_SELF'] = '/urlencode me/app/webroot/index.php';
+		$_SERVER['PATH_INFO'] = '/posts/view/1';
+
+		$request = new CakeRequest();
+		$this->assertEquals('/urlencode%20me', $request->base);
+		$this->assertEquals('/urlencode%20me/', $request->webroot);
+		$this->assertEquals('posts/view/1', $request->url);
+
+		$_SERVER['DOCUMENT_ROOT'] = '/cake/repo/branches';
 		$_SERVER['PHP_SELF'] = '/1.2.x.x/app/webroot/index.php';
 		$_SERVER['PATH_INFO'] = '/posts/view/1';
 

lib/Cake/Test/Case/Utility/XmlTest.php

@@ -725,6 +725,16 @@ XML;
 			)
 		);
 		$this->assertEquals($expected, Xml::toArray($obj));
+
+		$xml = '<tag type="myType">0</tag>';
+		$obj = Xml::build($xml);
+		$expected = array(
+			'tag' => array(
+				'@type' => 'myType',
+				'@' => 0
+			)
+		);
+		$this->assertEquals($expected, Xml::toArray($obj));
 	}
 
 /**

lib/Cake/Test/Case/View/HelperTest.php

@@ -605,6 +605,10 @@ class HelperTest extends CakeTestCase {
 
 		Configure::write('Asset.timestamp', true);
 		Configure::write('debug', 0);
+
+		$result = $this->Helper->assetTimestamp('/%3Cb%3E/cake.generic.css');
+		$this->assertEquals('/%3Cb%3E/cake.generic.css', $result);
+
 		$result = $this->Helper->assetTimestamp(CSS_URL . 'cake.generic.css');
 		$this->assertEquals(CSS_URL . 'cake.generic.css', $result);
 

lib/Cake/Utility/Hash.php

@@ -170,7 +170,7 @@ class Hash {
  */
 	protected static function _matches(array $data, $selector) {
 		preg_match_all(
-			'/(\[ (?<attr>[^=><!]+?) (\s* (?<op>[><!]?[=]|[><]) \s* (?<val>(?:\/.*?\/ | [^\]]+)) )? \])/x',
+			'/(\[ (?P<attr>[^=><!]+?) (\s* (?P<op>[><!]?[=]|[><]) \s* (?P<val>(?:\/.*?\/ | [^\]]+)) )? \])/x',
 			$selector,
 			$conditions,
 			PREG_SET_ORDER

lib/Cake/Utility/Xml.php

@@ -365,7 +365,7 @@ class Xml {
 		$asString = trim((string)$xml);
 		if (empty($data)) {
 			$data = $asString;
-		} elseif (!empty($asString)) {
+		} elseif (strlen($asString) > 0) {
 			$data['@'] = $asString;
 		}
 

lib/Cake/View/Elements/exception_stack_trace.ctp

@@ -55,10 +55,10 @@ App::uses('Debugger', 'Utility');
 			'<a href="#" onclick="traceToggle(event, \'trace-args-%s\')">%s(%s)</a> ',
 			$i,
 			$called,
-			implode(', ', $args)
+			h(implode(', ', $args))
 		);
 		$arguments = sprintf('<div id="trace-args-%s" class="cake-code-dump" style="display: none;"><pre>', $i);
-		$arguments .= implode("\n", $params);
+		$arguments .= h(implode("\n", $params));
 		$arguments .= '</pre></div>';
 	endif;
 	echo $excerpt;

lib/Cake/View/Errors/missing_action.ctp

@@ -17,20 +17,20 @@
  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
 ?>
-<h2><?php echo __d('cake_dev', 'Missing Method in %s', $controller); ?></h2> <p class="error">
+<h2><?php echo __d('cake_dev', 'Missing Method in %s', h($controller)); ?></h2> <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'The action %1$s is not defined in controller %2$s', '<em>' . $action . '</em>', '<em>' . $controller . '</em>'); ?>
+	<?php echo __d('cake_dev', 'The action %1$s is not defined in controller %2$s', '<em>' . h($action) . '</em>', '<em>' . h($controller) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Create %1$s%2$s in file: %3$s.', '<em>' . $controller . '::</em>', '<em>' . $action . '()</em>', APP_DIR . DS . 'Controller' . DS . $controller . '.php'); ?>
+	<?php echo __d('cake_dev', 'Create %1$s%2$s in file: %3$s.', '<em>' . h($controller) . '::</em>', '<em>' . h($action) . '()</em>', APP_DIR . DS . 'Controller' . DS . h($controller) . '.php'); ?>
 </p>
 <pre>
 &lt;?php
-class <?php echo $controller; ?> extends AppController {
+class <?php echo h($controller); ?> extends AppController {
 
 <strong>
-	public function <?php echo $action; ?>() {
+	public function <?php echo h($action); ?>() {
 
 	}
 </strong>

lib/Cake/View/Errors/missing_behavior.ctp

@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
 <h2><?php echo __d('cake_dev', 'Missing Behavior'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Model' . DS . 'Behavior' . DS . $class . '.php'); ?>
+	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Model' . DS . 'Behavior' . DS . h($class) . '.php'); ?>
 </p>
 <pre>
 &lt;?php
-class <?php echo $class; ?> extends ModelBehavior {
+class <?php echo h($class); ?> extends ModelBehavior {
 
 }
 </pre>

lib/Cake/View/Errors/missing_component.ctp

@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
 <h2><?php echo __d('cake_dev', 'Missing Component'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . $class . '.php'); ?>
+	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . h($class) . '.php'); ?>
 </p>
 <pre>
 &lt;?php
-class <?php echo $class; ?> extends Component {
+class <?php echo h($class); ?> extends Component {
 
 }
 </pre>

lib/Cake/View/Errors/missing_connection.ctp

@@ -20,18 +20,18 @@
 <h2><?php echo __d('cake_dev', 'Missing Database Connection'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'A Database connection using "%s" was missing or unable to connect. ', $class); ?>
+	<?php echo __d('cake_dev', 'A Database connection using "%s" was missing or unable to connect. ', h($class)); ?>
 	<br />
 	<?php
 	if (isset($message)):
-		echo __d('cake_dev', 'The database server returned this error: %s', $message);
+		echo __d('cake_dev', 'The database server returned this error: %s', h($message));
 	endif;
 	?>
 </p>
 <?php if (!$enabled) : ?>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', '%s driver is NOT enabled', $class); ?>
+	<?php echo __d('cake_dev', '%s driver is NOT enabled', h($class)); ?>
 </p>
 <?php endif; ?>
 <p class="notice">

lib/Cake/View/Errors/missing_controller.ctp

@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
 <h2><?php echo __d('cake_dev', 'Missing Controller'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . $class . '.php'); ?>
+	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . h($class) . '.php'); ?>
 </p>
 <pre>
 &lt;?php
-class <?php echo $class . ' extends ' . $plugin; ?>AppController {
+class <?php echo h($class . ' extends ' . $plugin); ?>AppController {
 
 }
 </pre>

lib/Cake/View/Errors/missing_datasource.ctp

@@ -21,7 +21,7 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
 <h2><?php echo __d('cake_dev', 'Missing Datasource'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Datasource class %s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+	<?php echo __d('cake_dev', 'Datasource class %s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
 	<?php if (isset($message)):  ?>
 		<?php echo h($message); ?>
 	<?php endif; ?>

lib/Cake/View/Errors/missing_datasource_config.ctp

@@ -20,7 +20,7 @@
 <h2><?php echo __d('cake_dev', 'Missing Datasource Configuration'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'The datasource configuration %1$s was not found in database.php.', '<em>' . $config . '</em>'); ?>
+	<?php echo __d('cake_dev', 'The datasource configuration %1$s was not found in database.php.', '<em>' . h($config) . '</em>'); ?>
 </p>
 <p class="notice">
 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

lib/Cake/View/Errors/missing_helper.ctp

@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
 <h2><?php echo __d('cake_dev', 'Missing Helper'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+	<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'View' . DS . 'Helper' . DS . $class . '.php'); ?>
+	<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'View' . DS . 'Helper' . DS . h($class) . '.php'); ?>
 </p>
 <pre>
 &lt;?php
-class <?php echo $class; ?> extends AppHelper {
+class <?php echo h($class); ?> extends AppHelper {
 
 }
 </pre>

lib/Cake/View/Errors/missing_layout.ctp

@@ -20,11 +20,11 @@
 <h2><?php echo __d('cake_dev', 'Missing Layout'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'The layout file %s can not be found or does not exist.', '<em>' . $file . '</em>'); ?>
+	<?php echo __d('cake_dev', 'The layout file %s can not be found or does not exist.', '<em>' . h($file) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Confirm you have created the file: %s', '<em>' . $file . '</em>'); ?>
+	<?php echo __d('cake_dev', 'Confirm you have created the file: %s', '<em>' . h($file) . '</em>'); ?>
 </p>
 <p class="notice">
 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

lib/Cake/View/Errors/missing_plugin.ctp

@@ -20,7 +20,7 @@
 <h2><?php echo __d('cake_dev', 'Missing Plugin'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'The application is trying to load a file from the %s plugin', '<em>' . $plugin . '</em>'); ?>
+	<?php echo __d('cake_dev', 'The application is trying to load a file from the %s plugin', '<em>' . h($plugin) . '</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
@@ -28,7 +28,7 @@
 </p>
 <pre>
 &lt;?php
-CakePlugin::load('<?php echo $plugin?>');
+CakePlugin::load('<?php echo h($plugin); ?>');
 
 </pre>
 <p class="notice">

lib/Cake/View/Errors/missing_table.ctp

@@ -20,7 +20,7 @@
 <h2><?php echo __d('cake_dev', 'Missing Database Table'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Table %1$s for model %2$s was not found in datasource %3$s.', '<em>' . $table . '</em>',  '<em>' . $class . '</em>', '<em>' . $ds . '</em>'); ?>
+	<?php echo __d('cake_dev', 'Table %1$s for model %2$s was not found in datasource %3$s.', '<em>' . h($table) . '</em>',  '<em>' . h($class) . '</em>', '<em>' . h($ds) . '</em>'); ?>
 </p>
 <p class="notice">
 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

lib/Cake/View/Errors/missing_view.ctp

@@ -20,11 +20,11 @@
 <h2><?php echo __d('cake_dev', 'Missing View'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'The view for %1$s%2$s was not found.', '<em>' . Inflector::camelize($this->request->controller) . 'Controller::</em>', '<em>' . $this->request->action . '()</em>'); ?>
+	<?php echo __d('cake_dev', 'The view for %1$s%2$s was not found.', '<em>' . h(Inflector::camelize($this->request->controller)) . 'Controller::</em>', '<em>' . h($this->request->action) . '()</em>'); ?>
 </p>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', 'Confirm you have created the file: %s', $file); ?>
+	<?php echo __d('cake_dev', 'Confirm you have created the file: %s', h($file)); ?>
 </p>
 <p class="notice">
 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

lib/Cake/View/Errors/private_action.ctp

@@ -20,7 +20,7 @@
 <h2><?php echo __d('cake_dev', 'Private Method in %s', $controller); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo __d('cake_dev', '%s%s cannot be accessed directly.', '<em>' . $controller . '::</em>', '<em>' . $action . '()</em>'); ?>
+	<?php echo __d('cake_dev', '%s%s cannot be accessed directly.', '<em>' . h($controller) . '::</em>', '<em>' . h($action) . '()</em>'); ?>
 </p>
 <p class="notice">
 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

lib/Cake/View/Helper.php

@@ -341,10 +341,9 @@ class Helper extends Object {
  */
 	protected function _encodeUrl($url) {
 		$path = parse_url($url, PHP_URL_PATH);
-		$encoded = implode('/', array_map(
-			'rawurlencode',
-			explode('/', $path)
-		));
+		$parts = array_map('urldecode', explode('/', $path));
+		$parts = array_map('rawurlencode', $parts);
+		$encoded = implode('/', $parts);
 		return h(str_replace($path, $encoded, $url));
 	}
 
@@ -360,7 +359,11 @@ class Helper extends Object {
 		$stamp = Configure::read('Asset.timestamp');
 		$timestampEnabled = $stamp === 'force' || ($stamp === true && Configure::read('debug') > 0);
 		if ($timestampEnabled && strpos($path, '?') === false) {
-			$filepath = preg_replace('/^' . preg_quote($this->request->webroot, '/') . '/', '', $path);
+			$filepath = preg_replace(
+				'/^' . preg_quote($this->request->webroot, '/') . '/',
+				'',
+				urldecode($path)
+			);
 			$webrootPath = WWW_ROOT . str_replace('/', DS, $filepath);
 			if (file_exists($webrootPath)) {
 				//@codingStandardsIgnoreStart