PHPackages                             pieceofcake2/cakephp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. pieceofcake2/cakephp

ActiveLibrary[Framework](/categories/framework)

pieceofcake2/cakephp
====================

The CakePHP 2 framework

v2.12.0(8mo ago)64.0k↑140.4%1[1 issues](https://github.com/pieceofcake2/cakephp/issues)20MITPHPPHP &gt;=8.0CI passing

Since Sep 18Pushed 7mo ago1 watchersCompare

[ Source](https://github.com/pieceofcake2/cakephp)[ Packagist](https://packagist.org/packages/pieceofcake2/cakephp)[ RSS](/packages/pieceofcake2-cakephp/feed)WikiDiscussions 2.x Synced yesterday

READMEChangelog (8)Dependencies (10)Versions (11)Used By (20)

CakePHP 2.x - Community Maintained Fork
=======================================

[](#cakephp-2x---community-maintained-fork)

[![GitHub License](https://camo.githubusercontent.com/523fb2e74824e4a818234de9974c76dfeeae4e4d526ca4c0365f660ba5048781/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f70696563656f6663616b65322f63616b657068703f6c6162656c3d4c6963656e7365)](LICENSE)[![Packagist Version](https://camo.githubusercontent.com/625435e1be2afc2a74110b1d3679785dceb921aa436e4183f2ad0ddd9d22d60a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f70696563656f6663616b65322f63616b657068703f6c6162656c3d5061636b6167697374)](https://packagist.org/packages/pieceofcake2/cakephp)[![PHP](https://camo.githubusercontent.com/6fe9c78925a03e77cd23972438be2b5e682f9bde79e1087ad339534790eb9469/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646570656e64656e63792d762f70696563656f6663616b65322f63616b657068702f7068703f6c6f676f3d706870266c6f676f436f6c6f723d253233464646464646266c6162656c3d504850266c6162656c436f6c6f723d25323337373742423426636f6c6f723d253233464646464646)](https://packagist.org/packages/pieceofcake2/cakephp)[![CI](https://camo.githubusercontent.com/997f010ddc06bd6b8948e5847e6a287576ae7d6a91f1a7904c995e8cd88b24a1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f70696563656f6663616b65322f63616b657068702f43492e796d6c3f6c6162656c3d4349)](https://github.com/pieceofcake2/cakephp/actions/workflows/CI.yml)[![Codecov](https://camo.githubusercontent.com/dc4f9dc090c533217fbcdec1c9948c478081a94cc506e9ff270457815da0816b/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f67682f70696563656f6663616b65322f63616b657068703f6c6162656c3d436f766572616765)](https://codecov.io/gh/pieceofcake2/cakephp)

This is a community-maintained fork of CakePHP 2.x that provides compatibility with PHP 8.0 and newer versions. The original CakePHP 2.x branch [reached End of Life in June 2021](https://bakery.cakephp.org/2021/10/02/cakephp_2_eol.html).

Important

This fork is based on CakePHP 2.10.24. Earlier versions are not supported.

Warning

**Do not use CakePHP 2.x for new projects!** This fork is only for maintaining existing legacy applications. For new projects, please use [CakePHP 5.x](https://cakephp.org/) which has modern PHP support, better performance, and active development.

[CakePHP 2.x Documentation](https://book.cakephp.org/2/en/) | [CHANGELOG](CHANGELOG.md) | [UPGRADE](UPGRADE.md)

Requirements &amp; Compatibility
--------------------------------

[](#requirements--compatibility)

### PHP Versions

[](#php-versions)

- PHP 8.0, 8.1, 8.2, 8.3, 8.4, 8.5

### Database Support

[](#database-support)

- MySQL 5.6, 5.7, 8.0+ (with `pdo_mysql` extension)
- PostgreSQL 9.4+ (with `pdo_pgsql` extension)
- SQLite 3 (with `pdo_sqlite` extension)
- Microsoft SQL Server 2022+ (with `pdo_sqlsrv` extension)

### Required PHP Extensions

[](#required-php-extensions)

- `mbstring` - Multi-byte string support (**strongly recommended**, uses Symfony polyfill as fallback)
    - **Important**: The `mb_encode_mimeheader()` function is **not available** in the Symfony polyfill
    - If `mbstring` extension is not loaded, CakePHP will automatically use `Multibyte::mimeEncode()` as a fallback for email header encoding
    - However, **we strongly recommend installing the `mbstring` extension** for better compatibility and performance
- `intl` - Internationalization support (optional, uses Symfony polyfill as fallback)
- `openssl` - OpenSSL support (optional, required for SSL/TLS connections and encryption)
- `mcrypt` - Mcrypt support (optional, deprecated in PHP 7.1+, only for legacy AES encryption)

### Testing

[](#testing)

- All tests pass with PHPUnit 9.6 across all supported PHP versions and databases

Installation
------------

[](#installation)

Important

This fork requires Composer for installation. Manual installation is not supported.

Install via Composer:

```
{
    "require": {
        "pieceofcake2/cakephp": "^2.10"
    }
}
```

Then run:

```
composer update
```

After installation, copy dispatcher files from the package to your application:

```
# Copy web dispatcher files
cp plugins/Bake/Console/Templates/skel/webroot/index.php app/webroot/index.php
cp plugins/Bake/Console/Templates/skel/webroot/test.php app/webroot/test.php

# Copy console dispatcher
cp plugins/Bake/Console/Templates/skel/Console/cake app/Console/cake
chmod +x app/Console/cake
```

Note

- This package uses Composer's `replace` directive to replace `cakephp/cakephp`.
- This ensures that all plugins and packages that depend on `cakephp/cakephp:^2.x` will continue to work correctly with this fork.
- Dispatcher files provide better error messages and simplified autoload handling.

### Application Skeleton

[](#application-skeleton)

The application skeleton has been extracted to a separate package: [`pieceofcake2/app`](https://github.com/pieceofcake2/app)

#### Planning to migrate to CakePHP 5.x?

[](#planning-to-migrate-to-cakephp-5x)

If you're planning to upgrade to CakePHP 5.x in the future, you can **prepare now** by adopting the modern directory structure while still on CakePHP 2.x:

**Traditional migration approach (harder):**

```
CakePHP 2.x → CakePHP 5.x
(change everything at once: code + folder structure + APIs)

```

**New gradual migration approach (easier):**

```
Step 1: CakePHP 2.x with traditional structure (non-namespaced)
        ↓ (modernize folder structure only)
Step 2: CakePHP 2.x with CakePHP 5.x-style structure (non-namespaced) ← You can stop here
        ↓ (adopt namespaces only)
Step 3: CakePHP 2.x with CakePHP 5.x-style structure (namespaced) ← Or here
        ↓ (upgrade framework only)
Step 4: CakePHP 5.x with CakePHP 5.x-style structure (namespaced)

```

**Benefits:**

- ✅ **Smaller, manageable changes**: Separate folder restructuring, namespace adoption, and framework upgrade
- ✅ **Test incrementally**: Verify each step works before moving to the next
- ✅ **Reduced risk**: You can stop at Step 2 (modern structure) or Step 3 (with namespaces) indefinitely
- ✅ **Team-friendly**: Easier for teams to understand and review smaller changes
- ✅ **Namespace preparation**: Adopt CakePHP 5.x-compatible namespaces while still on 2.x

See [`pieceofcake2/app`](https://github.com/pieceofcake2/app) for the modern directory structure compatible with both CakePHP 2.x and 5.x.

Security
--------

[](#security)

### SSL/TLS Certificate Validation

[](#ssltls-certificate-validation)

This fork uses [`composer/ca-bundle`](https://github.com/composer/ca-bundle) for SSL/TLS certificate validation ([PR #15](https://github.com/pieceofcake2/cakephp/pull/15)):

- **System CA certificates**: Uses OpenSSL's default certificate bundle when available (`openssl.cafile` or `openssl.capath`)
- **Fallback bundle**: Falls back to Mozilla's CA certificate bundle maintained by composer/ca-bundle
- **Automatic updates**: CA certificates are kept up-to-date through Composer ecosystem
- **No manual maintenance**: Removed the outdated static `lib/Cake/Config/cacert.pem` file (last updated in 2016)

This approach ensures that HTTPS connections made by `CakeSocket` (e.g., for external API calls) properly validate SSL/TLS certificates using current, trusted root certificates.

### XML External Entity (XXE) Protection

[](#xml-external-entity-xxe-protection)

This fork has **removed** the `loadEntities` option from `Xml::build()` for enhanced security:

- **External entity loading is now permanently disabled** to prevent XXE (XML External Entity) attacks
- Uses `libxml_set_external_entity_loader(null)` on PHP 8.0+ (deprecated `libxml_disable_entity_loader()` removed)
- No configuration option to re-enable external entities - this is a security hardening measure

**Breaking Change**: If your application previously used `Xml::build($input, ['loadEntities' => true])`, this option is now ignored and external entities will not be loaded. This is intentional for security reasons.

### Known Vulnerabilities in Original CakePHP 2.10.24

[](#known-vulnerabilities-in-original-cakephp-21024)

The following security vulnerabilities have been reported in the original CakePHP 2.10.24:

CVEDescriptionStatus in this Fork[CVE-2015-8379](https://nvd.nist.gov/vuln/detail/CVE-2015-8379)CSRF protection bypass via \_method parameter✅ Fixed in [c0fb45e](https://github.com/pieceofcake2/cakephp/commit/c0fb45e79), tests in [PR #6](https://github.com/pieceofcake2/cakephp/pull/6)[CVE-2020-15400](https://nvd.nist.gov/vuln/detail/CVE-2020-15400)CSRF token fixation (exploitable with XSS)✅ Fixed in [PR #5](https://github.com/pieceofcake2/cakephp/pull/5)Note

- **CVE-2015-8379**: The fix has been fully applied with comprehensive test coverage for `_method` parameter handling and custom HTTP methods.
- **CVE-2020-15400**: Fixed by implementing HMAC-signed CSRF tokens that are cryptographically bound to the application. Tokens are now signed with the application's Security.salt, preventing token fixation attacks while maintaining backward compatibility with existing tokens.

Migration Guide
---------------

[](#migration-guide)

For detailed information about prerequisites, migration steps, and breaking changes, see [UPGRADE.md](UPGRADE.md).

Running Tests
-------------

[](#running-tests)

### Using Docker (Recommended)

[](#using-docker-recommended)

```
# Copy test database configuration
cp ./tests/config/database.php ./vendor/pieceofcake2/app/config/

# Start services
docker-compose up -d

# Install dependencies
docker-compose exec web composer install

# Run tests with specific database
DB=mysql docker-compose exec web ./vendor/bin/phpunit
DB=mysql80 docker-compose exec web ./vendor/bin/phpunit
DB=pgsql docker-compose exec web ./vendor/bin/phpunit
DB=sqlite docker-compose exec web ./vendor/bin/phpunit
DB=sqlsrv docker-compose exec web ./vendor/bin/phpunit
```

### Local Installation

[](#local-installation)

```
# Install dependencies
composer install

# Set up database configuration
cp ./tests/config/database.php ./vendor/pieceofcake2/app/config/
# Edit database.php with your database credentials

# Run tests
./vendor/bin/phpunit
```

Contributing
------------

[](#contributing)

We welcome contributions! Please:

1. Fork the repository
2. Create a feature branch
3. Ensure all tests pass
4. Submit a pull request

### Reporting Issues

[](#reporting-issues)

If you find any PHP 8.x compatibility issues, please:

- Create an issue with a clear description
- Include PHP version and error messages
- Provide minimal code to reproduce the issue (if possible)

Project Goals
-------------

[](#project-goals)

This fork aims to:

- ✅ Maintain PHP 8.x compatibility
- ✅ Fix critical bugs and security issues
- ✅ Keep tests passing on all supported platforms
- ✅ Support gradual migration path to CakePHP 5.x
- ❌ Add new features (focus is on compatibility and migration only)

License
-------

[](#license)

This project maintains the original MIT License from CakePHP. See [LICENSE](LICENSE) for details.

Acknowledgments
---------------

[](#acknowledgments)

- Original CakePHP 2.x framework by [cakephp/cakephp](https://github.com/cakephp/cakephp/tree/2.10.24)
- Initial PHP 8 compatibility work by [kamilwylegala/cakephp2-php8](https://github.com/kamilwylegala/cakephp2-php8)
- All contributors who help maintain this fork

###  Health Score

42

—

FairBetter than 88% of packages

Maintenance57

Moderate activity, may be stable

Popularity28

Limited adoption so far

Community32

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~5 days

Total

11

Last Release

230d ago

PHP version history (2 changes)v2.10.24.1PHP ^8.0

v2.11.0PHP &gt;=8.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/578548?v=4)[TSURU](/maintainers/ttsuru)[@ttsuru](https://github.com/ttsuru)

---

Top Contributors

[![markstory](https://avatars.githubusercontent.com/u/24086?v=4)](https://github.com/markstory "markstory (7440 commits)")[![lorenzo](https://avatars.githubusercontent.com/u/37621?v=4)](https://github.com/lorenzo "lorenzo (1709 commits)")[![phpnut](https://avatars.githubusercontent.com/u/148097?v=4)](https://github.com/phpnut "phpnut (1602 commits)")[![nateabele](https://avatars.githubusercontent.com/u/18288?v=4)](https://github.com/nateabele "nateabele (1055 commits)")[![ADmad](https://avatars.githubusercontent.com/u/142658?v=4)](https://github.com/ADmad "ADmad (571 commits)")[![jrbasso](https://avatars.githubusercontent.com/u/26548?v=4)](https://github.com/jrbasso "jrbasso (486 commits)")[![ceeram](https://avatars.githubusercontent.com/u/111448?v=4)](https://github.com/ceeram "ceeram (336 commits)")[![ttsuru](https://avatars.githubusercontent.com/u/578548?v=4)](https://github.com/ttsuru "ttsuru (301 commits)")[![predominant](https://avatars.githubusercontent.com/u/24568?v=4)](https://github.com/predominant "predominant (274 commits)")[![AD7six](https://avatars.githubusercontent.com/u/33387?v=4)](https://github.com/AD7six "AD7six (253 commits)")[![renan](https://avatars.githubusercontent.com/u/28046?v=4)](https://github.com/renan "renan (239 commits)")[![jperras](https://avatars.githubusercontent.com/u/20675?v=4)](https://github.com/jperras "jperras (153 commits)")[![felixge](https://avatars.githubusercontent.com/u/15000?v=4)](https://github.com/felixge "felixge (149 commits)")[![ravage84](https://avatars.githubusercontent.com/u/625761?v=4)](https://github.com/ravage84 "ravage84 (143 commits)")[![rchavik](https://avatars.githubusercontent.com/u/39490?v=4)](https://github.com/rchavik "rchavik (139 commits)")[![bancer](https://avatars.githubusercontent.com/u/3830106?v=4)](https://github.com/bancer "bancer (133 commits)")[![shama](https://avatars.githubusercontent.com/u/99604?v=4)](https://github.com/shama "shama (98 commits)")[![tenkoma](https://avatars.githubusercontent.com/u/16202?v=4)](https://github.com/tenkoma "tenkoma (87 commits)")[![dogmatic69](https://avatars.githubusercontent.com/u/94674?v=4)](https://github.com/dogmatic69 "dogmatic69 (78 commits)")[![bar](https://avatars.githubusercontent.com/u/88155?v=4)](https://github.com/bar "bar (72 commits)")

---

Tags

frameworkcakephpcakephp2

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Rector

Type Coverage Yes

### Embed Badge

![Health badge](/badges/pieceofcake2-cakephp/health.svg)

```
[![Health](https://phpackages.com/badges/pieceofcake2-cakephp/health.svg)](https://phpackages.com/packages/pieceofcake2-cakephp)
```

###  Alternatives

[symfony/symfony

The Symfony PHP framework

31.4k87.2M2.2k](/packages/symfony-symfony)[matomo/matomo

Matomo is the leading Free/Libre open analytics platform

21.7k38.9k](/packages/matomo-matomo)[symfony/form

Allows to easily create, process and reuse HTML forms

2.8k162.1M3.4k](/packages/symfony-form)[ccxt/ccxt

A cryptocurrency trading API with more than 100 exchanges in JavaScript / TypeScript / Python / C# / PHP / Go

43.2k341.0k1](/packages/ccxt-ccxt)[symfony/framework-bundle

Provides a tight integration between Symfony components and the Symfony full-stack framework

3.6k251.7M11.6k](/packages/symfony-framework-bundle)[cakephp/cakephp

The CakePHP framework

8.9k19.5M1.8k](/packages/cakephp-cakephp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
