pieceofcake2 / cakephp
The CakePHP 2 framework
Installs: 1 488
Dependents: 23
Suggesters: 0
Security: 0
Stars: 2
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/pieceofcake2/cakephp
Requires
- php: >=8.0
- ext-dom: *
- ext-libxml: *
- ext-simplexml: *
- composer/ca-bundle: ^1.5
- php81_bc/strftime: ^0.7.5
- symfony/polyfill-intl-icu: ^1.29
- symfony/polyfill-mbstring: ^1.29
Requires (Dev)
- cakephp/cakephp-codesniffer: ^5.0
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^9.6
- pieceofcake2/app: ^2.3
- pieceofcake2/phpstan-cakephp2: ^0.2.1
- rector/rector: ^2.1
Suggests
- ext-intl: Required to use IntlDateFormatter instead of strftime, if not Symfony polyfill will be used.
- ext-mbstring: For better performance with multibyte string operations, install the native mbstring extension instead of using the polyfill
- ext-mcrypt: You need to install ext-openssl or ext-mcrypt to use AES-256 encryption
- ext-openssl: You need to install ext-openssl or ext-mcrypt to use AES-256 encryption
Replaces
- cakephp/cakephp: ^2.0
This package is auto-updated.
Last update: 2025-10-09 06:53:31 UTC
README
This is a community-maintained fork of CakePHP 2.x that provides compatibility with PHP 8.0 and newer versions. The original CakePHP 2.x branch reached End of Life in June 2021.
Important
This fork is based on CakePHP 2.10.24. Earlier versions are not supported.
Warning
Do not use CakePHP 2.x for new projects! This fork is only for maintaining existing legacy applications. For new projects, please use CakePHP 5.x which has modern PHP support, better performance, and active development.
CakePHP 2.x Documentation | CHANGELOG | UPGRADE
Requirements & Compatibility
PHP Versions
- PHP 8.0, 8.1, 8.2, 8.3, 8.4, 8.5
Database Support
- MySQL 5.6, 5.7, 8.0+ (with
pdo_mysqlextension) - PostgreSQL 9.4+ (with
pdo_pgsqlextension) - SQLite 3 (with
pdo_sqliteextension) - Microsoft SQL Server 2022+ (with
pdo_sqlsrvextension)
Required PHP Extensions
mbstring- Multi-byte string support (strongly recommended, uses Symfony polyfill as fallback)- Important: The
mb_encode_mimeheader()function is not available in the Symfony polyfill - If
mbstringextension is not loaded, CakePHP will automatically useMultibyte::mimeEncode()as a fallback for email header encoding - However, we strongly recommend installing the
mbstringextension for better compatibility and performance
- Important: The
intl- Internationalization support (optional, uses Symfony polyfill as fallback)openssl- OpenSSL support (optional, required for SSL/TLS connections and encryption)mcrypt- Mcrypt support (optional, deprecated in PHP 7.1+, only for legacy AES encryption)
Testing
- All tests pass with PHPUnit 9.6 across all supported PHP versions and databases
Installation
Important
This fork requires Composer for installation. Manual installation is not supported.
Install via Composer:
{
"require": {
"pieceofcake2/cakephp": "^2.10"
}
}
Then run:
composer update
After installation, copy dispatcher files from the package to your application:
# Copy web dispatcher files cp plugins/Bake/Console/Templates/skel/webroot/index.php app/webroot/index.php cp plugins/Bake/Console/Templates/skel/webroot/test.php app/webroot/test.php # Copy console dispatcher cp plugins/Bake/Console/Templates/skel/Console/cake app/Console/cake chmod +x app/Console/cake
Note
- This package uses Composer's
replacedirective to replacecakephp/cakephp. - This ensures that all plugins and packages that depend on
cakephp/cakephp:^2.xwill continue to work correctly with this fork. - Dispatcher files provide better error messages and simplified autoload handling.
Application Skeleton
The application skeleton has been extracted to a separate package: pieceofcake2/app
Planning to migrate to CakePHP 5.x?
If you're planning to upgrade to CakePHP 5.x in the future, you can prepare now by adopting the modern directory structure while still on CakePHP 2.x:
Traditional migration approach (harder):
CakePHP 2.x → CakePHP 5.x
(change everything at once: code + folder structure + APIs)
New gradual migration approach (easier):
Step 1: CakePHP 2.x with traditional structure
↓ (modernize folder structure only)
Step 2: CakePHP 2.x with CakePHP 5.x-style structure ← You can stop here
↓ (upgrade code only)
Step 3: CakePHP 5.x with CakePHP 5.x-style structure
Benefits:
- ✅ Smaller, manageable changes: Separate folder restructuring from code changes
- ✅ Test incrementally: Verify each step works before moving to the next
- ✅ Reduced risk: You can stay on Step 2 indefinitely if needed
- ✅ Team-friendly: Easier for teams to understand and review smaller changes
See pieceofcake2/app for the modern directory structure compatible with both CakePHP 2.x and 5.x.
Security
SSL/TLS Certificate Validation
This fork uses composer/ca-bundle for SSL/TLS certificate validation (PR #15):
- System CA certificates: Uses OpenSSL's default certificate bundle when available (
openssl.cafileoropenssl.capath) - Fallback bundle: Falls back to Mozilla's CA certificate bundle maintained by composer/ca-bundle
- Automatic updates: CA certificates are kept up-to-date through Composer ecosystem
- No manual maintenance: Removed the outdated static
lib/Cake/Config/cacert.pemfile (last updated in 2016)
This approach ensures that HTTPS connections made by CakeSocket (e.g., for external API calls) properly validate SSL/TLS certificates using current, trusted root certificates.
Known Vulnerabilities in Original CakePHP 2.10.24
The following security vulnerabilities have been reported in the original CakePHP 2.10.24:
| CVE | Description | Status in this Fork |
|---|---|---|
| CVE-2015-8379 | CSRF protection bypass via _method parameter | ✅ Fixed in c0fb45e, tests in PR #6 |
| CVE-2020-15400 | CSRF token fixation (exploitable with XSS) | ✅ Fixed in PR #5 |
Note
- CVE-2015-8379: The fix has been fully applied with comprehensive test coverage for
_methodparameter handling and custom HTTP methods. - CVE-2020-15400: Fixed by implementing HMAC-signed CSRF tokens that are cryptographically bound to the application. Tokens are now signed with the application's Security.salt, preventing token fixation attacks while maintaining backward compatibility with existing tokens.
Migration Guide
For detailed information about prerequisites, migration steps, and breaking changes, see UPGRADE.md.
Running Tests
Using Docker (Recommended)
# Copy test database configuration cp tests/Config/database.php app/Config/database.php # Start services docker-compose up -d # Install dependencies docker-compose exec web composer install # Run tests with specific database DB=mysql docker-compose exec web ./vendor/bin/phpunit DB=mysql80 docker-compose exec web ./vendor/bin/phpunit DB=pgsql docker-compose exec web ./vendor/bin/phpunit DB=sqlite docker-compose exec web ./vendor/bin/phpunit DB=sqlsrv docker-compose exec web ./vendor/bin/phpunit
Local Installation
# Install dependencies composer install # Set up database configuration cp app/Config/database.php.default app/Config/database.php # Edit database.php with your database credentials # Run tests ./vendor/bin/phpunit
Contributing
We welcome contributions! Please:
- Fork the repository
- Create a feature branch
- Ensure all tests pass
- Submit a pull request
Reporting Issues
If you find any PHP 8.x compatibility issues, please:
- Create an issue with a clear description
- Include PHP version and error messages
- Provide minimal code to reproduce the issue (if possible)
Project Goals
This fork aims to:
- ✅ Maintain PHP 8.x compatibility
- ✅ Fix critical bugs and security issues
- ✅ Keep tests passing on all supported platforms
- ✅ Support gradual migration path to CakePHP 5.x
- ❌ Add new features (focus is on compatibility and migration only)
License
This project maintains the original MIT License from CakePHP. See LICENSE for details.
Acknowledgments
- Original CakePHP 2.x framework by cakephp/cakephp
- Initial PHP 8 compatibility work by kamilwylegala/cakephp2-php8
- All contributors who help maintain this fork