adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing issues created in [8205] where allowedActions check was done incorrectly. Fixes #6482

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8208 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
mark_story 2009-07-01 03:56:16 +00:00
parent fb6b2aecde
commit ff5d9ed6e0
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
cake/libs/controller/components/auth.php
View file

@ -264,6 +264,7 @@ class AuthComponent extends Object {
function startup(&$controller) {
$methods = array_flip($controller->methods);
$controllerAction = strtolower($controller->params['action']);
$lowerAllowedActions = array_map('strtolower', $this->allowedActions);
$isErrorOrTests = (
strtolower($controller->name) == 'cakeerror' ||
@ -297,7 +298,7 @@ class AuthComponent extends Object {
$isAllowed = (
$this->allowedActions == array('*') ||
isset($methods[$controllerAction])
in_array($controllerAction, $lowerAllowedActions)
);
if ($loginAction != $url && $isAllowed) {

4
cake/tests/cases/libs/controller/components/auth.test.php
View file

@ -753,6 +753,10 @@ class AuthTest extends CakeTestCase {
$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
$result = $this->Controller->Auth->startup($this->Controller);
$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
$this->Controller->Auth->allowedActions = array('delete', 'add');
$result = $this->Controller->Auth->startup($this->Controller);
$this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
}
/**
* testLoginRedirect method