mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-19 02:56:15 +00:00
mark_story
parent
1df8de683d
commit
3014d3fb84
2 changed files with 20 additions and 3 deletions
|
|
@ -203,17 +203,17 @@ class SecurityComponent extends Component {
|
|||
$this->_authRequired($controller);
|
||||
|
||||
$isPost = ($this->request->is('post') || $this->request->is('put'));
|
||||
$isRequestAction = (
|
||||
$isNotRequestAction = (
|
||||
!isset($controller->request->params['requested']) ||
|
||||
$controller->request->params['requested'] != 1
|
||||
);
|
||||
|
||||
if ($isPost && $isRequestAction && $this->validatePost) {
|
||||
if ($isPost && $isNotRequestAction && $this->validatePost) {
|
||||
if ($this->_validatePost($controller) === false) {
|
||||
return $this->blackHole($controller, 'auth');
|
||||
}
|
||||
}
|
||||
if ($isPost && $this->csrfCheck) {
|
||||
if ($isPost && $isNotRequestAction && $this->csrfCheck) {
|
||||
if ($this->_validateCsrf($controller) === false) {
|
||||
return $this->blackHole($controller, 'csrf');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1036,6 +1036,23 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
|
||||
}
|
||||
|
||||
/**
|
||||
* test that csrf checks are skipped for request action.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testCsrfSkipRequestAction() {
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
|
||||
$this->Security->validatePost = false;
|
||||
$this->Security->csrfCheck = true;
|
||||
$this->Security->csrfExpires = '+10 minutes';
|
||||
$this->Controller->request->params['requested'] = 1;
|
||||
$this->Security->startup($this->Controller);
|
||||
|
||||
$this->assertFalse($this->Controller->failed, 'fail() was called.');
|
||||
}
|
||||
|
||||
/**
|
||||
* test setting
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue