From ecfd70052d27ff9dc9bc46fe4ffa87e6ceb708d4 Mon Sep 17 00:00:00 2001
From: phpnut <phpnut@cakephp.org>
Date: Mon, 17 Mar 2008 02:28:04 +0000
Subject: [PATCH] "Fixes #4353, SecurityComponent's requireLogin not working if
 URL spelled different than defined action name 	Was not able to
 reproduce this on local system running php 5, more then likely this is a php
 4 issue and not php 5 like ticket suggests. "

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6588 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/controller/components/security.php | 23 ++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php
index 86ab565f3..f50ecf5db 100644
--- a/cake/libs/controller/components/security.php
+++ b/cake/libs/controller/components/security.php
@@ -123,6 +123,12 @@ class SecurityComponent extends Object {
  * @access public
  */
 	var $components = array('RequestHandler', 'Session');
+/**
+ * Holds the current action of the controller
+ *
+ * @var string
+ */
+	var $__action = null;
 /**
  * Component startup. All security checking happens here.
  *
@@ -130,6 +136,7 @@ class SecurityComponent extends Object {
  * @access public
  */
 	function startup(&$controller) {
+		$this->__action = strtolower($controller->action);
 		$this->__postRequired($controller);
 		$this->__secureRequired($controller);
 		$this->__authRequired($controller);
@@ -333,7 +340,9 @@ class SecurityComponent extends Object {
  */
 	function __postRequired(&$controller) {
 		if (is_array($this->requirePost) && !empty($this->requirePost)) {
-			if (in_array($controller->action, $this->requirePost) || $this->requirePost == array('*')) {
+			$requirePost = array_map('strtolower', $this->requirePost);
+
+			if (in_array($this->__action, $requirePost) || $this->requirePost == array('*')) {
 				if (!$this->RequestHandler->isPost()) {
 					if (!$this->blackHole($controller, 'post')) {
 						return null;
@@ -352,7 +361,9 @@ class SecurityComponent extends Object {
  */
 	function __secureRequired(&$controller) {
 		if (is_array($this->requireSecure) && !empty($this->requireSecure)) {
-			if (in_array($controller->action, $this->requireSecure) || $this->requireSecure == array('*')) {
+			$requireSecure = array_map('strtolower', $this->requireSecure);
+
+			if (in_array($this->__action, $requireSecure) || $this->requireSecure == array('*')) {
 				if (!$this->RequestHandler->isSSL()) {
 					if (!$this->blackHole($controller, 'secure')) {
 						return null;
@@ -371,7 +382,9 @@ class SecurityComponent extends Object {
  */
 	function __authRequired(&$controller) {
 		if (is_array($this->requireAuth) && !empty($this->requireAuth) && !empty($controller->data)) {
-			if (in_array($controller->action, $this->requireAuth) || $this->requireAuth == array('*')) {
+			$requireAuth = array_map('strtolower', $this->requireAuth);
+
+			if (in_array($this->__action, $requireAuth) || $this->requireAuth == array('*')) {
 				if (!isset($controller->data['__Token'] )) {
 					if (!$this->blackHole($controller, 'auth')) {
 						return null;
@@ -405,7 +418,9 @@ class SecurityComponent extends Object {
  */
 	function __loginRequired(&$controller) {
 		if (is_array($this->requireLogin) && !empty($this->requireLogin)) {
-			if (in_array($controller->action, $this->requireLogin) || $this->requireLogin == array('*')) {
+			$requireLogin = array_map('strtolower', $this->requireLogin);
+
+			if (in_array($this->__action, $requireLogin) || $this->requireLogin == array('*')) {
 				$login = $this->loginCredentials($this->loginOptions['type']);
 
 				if ($login == null) {