Skip to content

Commit d7ae1c9

Browse files
chinpei215chinpei215
committed
Backport test cases and make sure those pass
1 parent 0d96b9f commit d7ae1c9

File tree

4 files changed

+810
-80
lines changed

4 files changed

+810
-80
lines changed

lib/Cake/Controller/Component/SecurityComponent.php

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -226,8 +226,8 @@ class SecurityComponent extends Component {
226226
*/
227227
public function startup(Controller $controller) {
228228
$this->request = $controller->request;
229-
$this->_action = $this->request->params['action'];
230-
$hasData = !empty($this->request->data);
229+
$this->_action = $controller->request->params['action'];
230+
$hasData = !empty($controller->request->data);
231231
try {
232232
$this->_methodsRequired($controller);
233233
$this->_secureRequired($controller);
@@ -396,7 +396,7 @@ protected function _methodsRequired(Controller $controller) {
396396
if (is_array($this->$property) && !empty($this->$property)) {
397397
$require = $this->$property;
398398
if (in_array($this->_action, $require) || $this->$property === array('*')) {
399-
if (!$this->request->is($method)) {
399+
if (!$controller->request->is($method)) {
400400
throw new SecurityException(
401401
sprintf('The request method must be %s', strtoupper($method))
402402
);
@@ -419,7 +419,7 @@ protected function _secureRequired(Controller $controller) {
419419
$requireSecure = $this->requireSecure;
420420

421421
if (in_array($this->_action, $requireSecure) || $this->requireSecure === array('*')) {
422-
if (!$this->request->is('ssl')) {
422+
if (!$controller->request->is('ssl')) {
423423
throw new SecurityException(
424424
'Request is not SSL and the action is required to be secure'
425425
);
@@ -438,10 +438,10 @@ protected function _secureRequired(Controller $controller) {
438438
* @deprecated 2.8.1 This feature is confusing and not useful.
439439
*/
440440
protected function _authRequired(Controller $controller) {
441-
if (is_array($this->requireAuth) && !empty($this->requireAuth) && !empty($this->request->data)) {
441+
if (is_array($this->requireAuth) && !empty($this->requireAuth) && !empty($controller->request->data)) {
442442
$requireAuth = $this->requireAuth;
443443

444-
if (in_array($this->request->params['action'], $requireAuth) || $this->requireAuth === array('*')) {
444+
if (in_array($controller->request->params['action'], $requireAuth) || $this->requireAuth === array('*')) {
445445
if (!isset($controller->request->data['_Token'])) {
446446
throw new AuthSecurityException('\'_Token\' was not found in request data.');
447447
}
@@ -450,23 +450,23 @@ protected function _authRequired(Controller $controller) {
450450
$tData = $this->Session->read('_Token');
451451

452452
if (!empty($tData['allowedControllers']) &&
453-
!in_array($this->request->params['controller'], $tData['allowedControllers'])) {
453+
!in_array($controller->request->params['controller'], $tData['allowedControllers'])) {
454454
throw new AuthSecurityException(
455455
sprintf(
456456
'Controller \'%s\' was not found in allowed controllers: \'%s\'.',
457-
$this->request->params['controller'],
457+
$controller->request->params['controller'],
458458
implode(', ', (array)$tData['allowedControllers'])
459459
)
460460
);
461461
}
462462
if (!empty($tData['allowedActions']) &&
463-
!in_array($this->request->params['action'], $tData['allowedActions'])
463+
!in_array($controller->request->params['action'], $tData['allowedActions'])
464464
) {
465465
throw new AuthSecurityException(
466466
sprintf(
467467
'Action \'%s::%s\' was not found in allowed actions: \'%s\'.',
468-
$this->request->params['controller'],
469-
$this->request->params['action'],
468+
$controller->request->params['controller'],
469+
$controller->request->params['action'],
470470
implode(', ', (array)$tData['allowedActions'])
471471
)
472472
);
@@ -839,7 +839,7 @@ protected function _callback(Controller $controller, $method, $params = array())
839839
* will be unset
840840
*
841841
* @param array $dataFields Fields array, containing the POST data fields
842-
* @param array $expectedFields Fields array, containing the expected fields we should have in POST
842+
* @param array &$expectedFields Fields array, containing the expected fields we should have in POST
843843
* @param string $intKeyMessage Message string if unexpected found in data fields indexed by int (not protected)
844844
* @param string $stringKeyMessage Message string if tampered found in data fields indexed by string (protected)
845845
* @return array Error messages

0 commit comments

Comments
 (0)