adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-18 18:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

"Adding fix to Auth::identity(); for errors thrown on invalid input.

Browse source 
Added tests for invalid input.
Debug is turned off in this area of code because of the CakePHP errors handling, messages could cause long delays and exception noticed when debug > 0."

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6593 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2008-03-20 07:17:37 +00:00
parent 0ca3915668
commit 47eb421091
2 changed files with 38 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cake/libs/controller/components/auth.php
View file

@ -293,8 +293,8 @@ class AuthComponent extends Object {
} }
$data = array( $data = array(
$this->userModel . '.' . $this->fields['username'] => '= ' . $controller->data[$this->userModel][$this->fields['username']], $this->userModel . '.' . $this->fields['username'] => $controller->data[$this->userModel][$this->fields['username']],
$this->userModel . '.' . $this->fields['password'] => '= ' . $controller->data[$this->userModel][$this->fields['password']] $this->userModel . '.' . $this->fields['password'] => $controller->data[$this->userModel][$this->fields['password']]
); );
if ($this->login($data)) { if ($this->login($data)) {
@ -722,8 +722,12 @@ class AuthComponent extends Object {
} elseif (is_array($user) && isset($user[$this->userModel])) { } elseif (is_array($user) && isset($user[$this->userModel])) {
$user = $user[$this->userModel]; $user = $user[$this->userModel];
} }
$debug = false;
if ($debug = Configure::read('debug')) {
Configure::write('debug', 0);
}
if (is_array($user) && (isset($user[$this->fields['username']]) || isset($user[$this->userModel . '.' . $this->fields['username']]))) { if (is_array($user) && (isset($user[$this->fields['username']]) || isset($user[$this->userModel . '.' . $this->fields['username']]))) {
if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']]) && !empty($user[$this->fields['password']])) { if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']]) && !empty($user[$this->fields['password']])) {
if (trim($user[$this->fields['username']]) == '=' || trim($user[$this->fields['password']]) == '=') { if (trim($user[$this->fields['username']]) == '=' || trim($user[$this->fields['password']]) == '=') {
return false; return false;
@ -756,6 +760,9 @@ class AuthComponent extends Object {
return null; return null;
} }
} }
if ($debug) {
Configure::write('debug', $debug);
}
if (isset($data) && !empty($data)) { if (isset($data) && !empty($data)) {
if (!empty($data[$this->userModel][$this->fields['password']])) { if (!empty($data[$this->userModel][$this->fields['password']])) {
unset($data[$this->userModel][$this->fields['password']]); unset($data[$this->userModel][$this->fields['password']]);

28
cake/tests/cases/libs/controller/components/auth.test.php
View file

@ -161,6 +161,34 @@ class AuthTest extends CakeTestCase {
$user = $this->Controller->Auth->user(); $user = $this->Controller->Auth->user();
$this->assertEqual($user, array('AuthUser'=>array('id'=>1, 'username'=>'mariano', 'created'=> '2007-03-17 01:16:23', 'updated'=> date('Y-m-d H:i:s')))); $this->assertEqual($user, array('AuthUser'=>array('id'=>1, 'username'=>'mariano', 'created'=> '2007-03-17 01:16:23', 'updated'=> date('Y-m-d H:i:s'))));
$this->Controller->Session->del('Auth'); $this->Controller->Session->del('Auth');
$this->Controller->data['AuthUser']['username'] = 'blah';
$this->Controller->data['AuthUser']['password'] = '';
$this->Controller->Auth->startup($this->Controller);
$user = $this->Controller->Auth->user();
$this->assertFalse($user);
$this->Controller->Session->del('Auth');
$this->Controller->data['AuthUser']['username'] = 'now() or 1=1 --';
$this->Controller->data['AuthUser']['password'] = '';
$this->Controller->Auth->startup($this->Controller);
$user = $this->Controller->Auth->user();
$this->assertFalse($user);
$this->Controller->Session->del('Auth');
$this->Controller->data['AuthUser']['username'] = 'now() or 1=1 # something';
$this->Controller->data['AuthUser']['password'] = '';
$this->Controller->Auth->startup($this->Controller);
$user = $this->Controller->Auth->user();
$this->assertFalse($user);
$this->Controller->Session->del('Auth');
} }
function testAuthorizeFalse() { function testAuthorizeFalse() {