mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Fix issues with double / & leading/trailing /
Authorize classes should remove // and leading trailing / Without this incorrect paths that fail to match nodes can be generated. This also allows settings[actionPath] to be permissive in what it accepts. Fixes #2563
This commit is contained in:
parent
0207a61e9b
commit
6f914174a6
2 changed files with 23 additions and 6 deletions
|
@ -108,11 +108,13 @@ abstract class BaseAuthorize {
|
|||
*/
|
||||
public function action($request, $path = '/:plugin/:controller/:action') {
|
||||
$plugin = empty($request['plugin']) ? null : Inflector::camelize($request['plugin']) . '/';
|
||||
return str_replace(
|
||||
$path = str_replace(
|
||||
array(':controller', ':action', ':plugin/'),
|
||||
array(Inflector::camelize($request['controller']), $request['action'], $plugin),
|
||||
$this->settings['actionPath'] . $path
|
||||
);
|
||||
$path = str_replace('//', '/', $path);
|
||||
return trim($path, '/');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -75,7 +75,7 @@ class ActionsAuthorizeTest extends CakeTestCase {
|
|||
|
||||
$this->Acl->expects($this->once())
|
||||
->method('check')
|
||||
->with($user, '/controllers/Posts/index')
|
||||
->with($user, 'controllers/Posts/index')
|
||||
->will($this->returnValue(false));
|
||||
|
||||
$this->assertFalse($this->auth->authorize($user['User'], $request));
|
||||
|
@ -104,7 +104,7 @@ class ActionsAuthorizeTest extends CakeTestCase {
|
|||
|
||||
$this->Acl->expects($this->once())
|
||||
->method('check')
|
||||
->with($user, '/controllers/Posts/index')
|
||||
->with($user, 'controllers/Posts/index')
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$this->assertTrue($this->auth->authorize($user['User'], $request));
|
||||
|
@ -134,7 +134,7 @@ class ActionsAuthorizeTest extends CakeTestCase {
|
|||
$expected = array('TestPlugin.TestPluginAuthUser' => array('id' => 1, 'user' => 'mariano'));
|
||||
$this->Acl->expects($this->once())
|
||||
->method('check')
|
||||
->with($expected, '/controllers/Posts/index')
|
||||
->with($expected, 'controllers/Posts/index')
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$this->assertTrue($this->auth->authorize($user, $request));
|
||||
|
@ -154,8 +154,23 @@ class ActionsAuthorizeTest extends CakeTestCase {
|
|||
));
|
||||
|
||||
$result = $this->auth->action($request);
|
||||
$this->assertEquals('controllers/Posts/index', $result);
|
||||
}
|
||||
|
||||
$this->assertEquals('/controllers/Posts/index', $result);
|
||||
/**
|
||||
* Make sure that action() doesn't create double slashes anywhere.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testActionNoDoubleSlash() {
|
||||
$this->auth->settings['actionPath'] = '/controllers/';
|
||||
$request = array(
|
||||
'plugin' => null,
|
||||
'controller' => 'posts',
|
||||
'action' => 'index'
|
||||
);
|
||||
$result = $this->auth->action($request);
|
||||
$this->assertEquals('controllers/Posts/index', $result);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -172,6 +187,6 @@ class ActionsAuthorizeTest extends CakeTestCase {
|
|||
));
|
||||
|
||||
$result = $this->auth->action($request);
|
||||
$this->assertEquals('/controllers/DebugKit/Posts/index', $result);
|
||||
$this->assertEquals('controllers/DebugKit/Posts/index', $result);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue