From df8ec176267ce06ff6ac04e646f3f6be052c8df9 Mon Sep 17 00:00:00 2001
From: Tigran Gabrielyan <tigrangab@gmail.com>
Date: Wed, 1 Aug 2012 21:28:24 -0700
Subject: [PATCH] Added `disabledActions` feature to SecurityComponent

---
 .../Controller/Component/SecurityComponent.php    | 15 ++++++++++-----
 .../Component/SecurityComponentTest.php           | 14 ++++++++++++++
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/lib/Cake/Controller/Component/SecurityComponent.php b/lib/Cake/Controller/Component/SecurityComponent.php
index 907b43a8f..bc5212900 100644
--- a/lib/Cake/Controller/Component/SecurityComponent.php
+++ b/lib/Cake/Controller/Component/SecurityComponent.php
@@ -178,6 +178,13 @@ class SecurityComponent extends Component {
  */
 	public $csrfLimit = 100;
 
+/**
+ * List of actions to disable security checks
+ *
+ * @var array
+*/
+	public $disabledActions = array();
+
 /**
  * Other components used by the Security component
  *
@@ -218,13 +225,11 @@ class SecurityComponent extends Component {
 			$controller->request->params['requested'] != 1
 		);
 
-		if ($isPost && $isNotRequestAction && $this->validatePost) {
-			if ($this->_validatePost($controller) === false) {
+		if (!in_array($this->_action, (array)$this->disabledActions) && $isPost && $isNotRequestAction) {
+			if ($this->validatePost && $this->_validatePost($controller) === false) {
 				return $this->blackHole($controller, 'auth');
 			}
-		}
-		if ($isPost && $isNotRequestAction && $this->csrfCheck) {
-			if ($this->_validateCsrf($controller) === false) {
+			if ($this->csrfCheck && $this->_validateCsrf($controller) === false) {
 				return $this->blackHole($controller, 'csrf');
 			}
 		}
diff --git a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
index 84f78036b..c7c01e525 100644
--- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -1372,4 +1372,18 @@ class SecurityComponentTest extends CakeTestCase {
 		$this->assertTrue(isset($result['4']));
 		$this->assertTrue(isset($result['5']));
 	}
+
+/**
+ * Test disabled actions
+ *
+ * @return void
+ */
+	public function testDisabledActions() {
+		$_SERVER['REQUEST_METHOD'] = 'POST';
+		$this->Controller->request->data = array('data');
+		$this->Controller->Security->disabledActions = 'index';
+		$this->Controller->Security->blackHoleCallback = null;
+		$result = $this->Controller->Security->startup($this->Controller);
+		$this->assertNull($result);
+	}
 }