Fixed bug in AuthComponent that allowed uppercase actions to pass checks

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8011 3807eeeb-6ff5-0310-8944-8be069107fe0
cakephp · Jan 26, 2009 · 27065d7 · 27065d7
1 parent 1895f1c
commit 27065d7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
@@ -265,7 +265,7 @@ function startup(&$controller) {
 		$isErrorOrTests = (
 			strtolower($controller->name) == 'cakeerror' ||
 			(strtolower($controller->name) == 'tests' && Configure::read() > 0) ||
-			!in_array($controller->params['action'], $controller->methods)
+			!in_array(strtolower($controller->params['action']), $controller->methods)
 		);
 		if ($isErrorOrTests) {
 			return true;

diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php
@@ -651,6 +651,9 @@ function testAllowDenyAll() {
 
 		$this->Controller->params['action'] = 'add';
 		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->params['action'] = 'Add';
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
 	}
 /**
  * testLoginRedirect method