Merge branch 'master' into 2.3

Conflicts: lib/Cake/Controller/Component/SecurityComponent.php
2025-01-19 02:56:15 +00:00 · 2012-12-29 11:44:59 -05:00 · 2012-12-29 11:44:59 -05:00 · 4c98e39c1f
commit 4c98e39c1f
parent ec264fc81d 1117ad2f1c
2 changed files with 20 additions and 0 deletions
--- a/lib/Cake/Controller/Component/SecurityComponent.php
+++ b/lib/Cake/Controller/Component/SecurityComponent.php
@ -225,6 +225,10 @@ class SecurityComponent extends Component {
 			$controller->request->params['requested'] != 1
 		);

+		if ($this->_action == $this->blackHoleCallback) {
+			return $this->blackhole($controller, 'auth');
+		}
+
 		if (!in_array($this->_action, (array)$this->unlockedActions) && $isPost && $isNotRequestAction) {
 			if ($this->validatePost && $this->_validatePost($controller) === false) {
 				return $this->blackHole($controller, 'auth');
--- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@ -194,6 +194,22 @@ class SecurityComponentTest extends CakeTestCase {
 		$this->Controller->Security->blackHole($this->Controller, 'csrf');
 	}

+/**
+ * Ensure that directly requesting the blackholeCallback as the controller
+ * action results in an exception.
+ *
+ * @return void
+ */
+	public function testExceptionWhenActionIsBlackholeCallback() {
+		$this->Controller->request->addParams(array(
+			'controller' => 'posts',
+			'action' => 'fail'
+		));
+		$this->assertFalse($this->Controller->failed);
+		$this->Controller->Security->startup($this->Controller);
+		$this->assertTrue($this->Controller->failed, 'Request was blackholed.');
+	}
+
 /**
 * test that initialize can set properties.
 *