From 27d83eedfe4b3a3e6bb93a3336f0c3d82ea2255a Mon Sep 17 00:00:00 2001
From: Ceeram <c33ram@gmail.com>
Date: Sat, 25 Aug 2012 01:39:19 +0200
Subject: [PATCH] use new onlyAllow() method in baked code, to ensure 405
 responses have required Allow header included

---
 .../Templates/default/actions/controller_actions.ctp | 12 +++++++-----
 .../Case/Console/Command/Task/ControllerTaskTest.php |  6 ++++--
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/lib/Cake/Console/Templates/default/actions/controller_actions.ctp b/lib/Cake/Console/Templates/default/actions/controller_actions.ctp
index e34c382d577..f30696796b8 100644
--- a/lib/Cake/Console/Templates/default/actions/controller_actions.ctp
+++ b/lib/Cake/Console/Templates/default/actions/controller_actions.ctp
@@ -47,10 +47,12 @@
 /**
  * <?php echo $admin ?>add method
  *
+ * @throws MethodNotAllowedException
  * @return void
  */
 	public function <?php echo $admin ?>add() {
-		if ($this->request->is('post')) {
+		if ($this->request->data) {
+			$this->request->onlyAllow('post');
 			$this-><?php echo $currentModelName; ?>->create();
 			if ($this-><?php echo $currentModelName; ?>->save($this->request->data)) {
 <?php if ($wannaUseSession): ?>
@@ -86,6 +88,7 @@
 /**
  * <?php echo $admin ?>edit method
  *
+ * @throws MethodNotAllowedException
  * @throws NotFoundException
  * @param string $id
  * @return void
@@ -95,7 +98,8 @@
 		if (!$this-><?php echo $currentModelName; ?>->exists()) {
 			throw new NotFoundException(__('Invalid <?php echo strtolower($singularHumanName); ?>'));
 		}
-		if ($this->request->is('post') || $this->request->is('put')) {
+		if ($this->request->data) {
+			$this->request->onlyAllow('post', 'put');
 			if ($this-><?php echo $currentModelName; ?>->save($this->request->data)) {
 <?php if ($wannaUseSession): ?>
 				$this->Session->setFlash(__('The <?php echo strtolower($singularHumanName); ?> has been saved'));
@@ -137,9 +141,7 @@
  * @return void
  */
 	public function <?php echo $admin; ?>delete($id = null) {
-		if (!$this->request->is('post')) {
-			throw new MethodNotAllowedException();
-		}
+		$this->request->onlyAllow('post', 'delete');
 		$this-><?php echo $currentModelName; ?>->id = $id;
 		if (!$this-><?php echo $currentModelName; ?>->exists()) {
 			throw new NotFoundException(__('Invalid <?php echo strtolower($singularHumanName); ?>'));
diff --git a/lib/Cake/Test/Case/Console/Command/Task/ControllerTaskTest.php b/lib/Cake/Test/Case/Console/Command/Task/ControllerTaskTest.php
index a17d2bb9de0..dd64f625207 100644
--- a/lib/Cake/Test/Case/Console/Command/Task/ControllerTaskTest.php
+++ b/lib/Cake/Test/Case/Console/Command/Task/ControllerTaskTest.php
@@ -353,7 +353,8 @@ public function testBakeActionsUsingSessions() {
 		$this->assertContains("\$this->set('bakeArticle', \$this->BakeArticle->read(null, \$id)", $result);
 
 		$this->assertContains('function add()', $result);
-		$this->assertContains("if (\$this->request->is('post'))", $result);
+		$this->assertContains("if (\$this->request->data)", $result);
+		$this->assertContains("\$this->request->onlyAllow('post')", $result);
 		$this->assertContains('if ($this->BakeArticle->save($this->request->data))', $result);
 		$this->assertContains("\$this->Session->setFlash(__('The bake article has been saved'));", $result);
 
@@ -392,7 +393,8 @@ public function testBakeActionsWithNoSessions() {
 		$this->assertContains("\$this->set('bakeArticle', \$this->BakeArticle->read(null, \$id)", $result);
 
 		$this->assertContains('function add()', $result);
-		$this->assertContains("if (\$this->request->is('post'))", $result);
+		$this->assertContains("if (\$this->request->data)", $result);
+		$this->assertContains("\$this->request->onlyAllow('post')", $result);
 		$this->assertContains('if ($this->BakeArticle->save($this->request->data))', $result);
 
 		$this->assertContains("\$this->flash(__('The bake article has been saved.'), array('action' => 'index'))", $result);