Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Adding media type filter to help restrict allowed media types for par…

…ticular actions.
  • Loading branch information...
commit 1c63efdc200fa137165ef940a2370345535719e3 1 parent 43d3fe2
Howard Lince III Howard3 authored nateabele committed
Showing with 27 additions and 0 deletions.
  1. +27 −0 action/Controller.php
27 action/Controller.php
View
@@ -61,6 +61,14 @@ class Controller extends \lithium\core\Object {
public $response = null;
/**
+ * Used for restricting media types on a per-action basis. Media types not defined in this list
+ * will have the request terminated.
+ * The list is formatted as `'action' => array('type1', 'type2'), 'action2' => array('html')`
+ * @var array
+ */
+ public $_allowedTypes = array();
+
+ /**
* Lists the rendering control options for responses generated by this controller.
*
* - The `'type'` key is the content type that will be rendered by default, unless another is
@@ -244,6 +252,11 @@ public function render(array $options = array()) {
);
$options += $this->_render + $defaults;
+ if (!$this->_validMediaType()) {
+ $type = $this->_render['type'];
+ throw new DispatchException("Media type `{$type}` not permitted for this request.");
+ }
+
if ($key && $media::type($key)) {
$options['type'] = $key;
$this->set($options[$key]);
@@ -263,6 +276,20 @@ public function render(array $options = array()) {
$media::render($this->response, $data, $options + array('request' => $this->request));
}
+ protected function _validMediaType() {
+ if (!is_object($this->request)) {
+ return true;
+ }
+ $action = $this->request->params['action'];
+ $type = $this->_render['type'];
+ $allowedTypes = &$this->_allowedTypes;
+ $allowedArray = isset($allowedTypes[$action]) ? $allowedTypes[$action] : array('html');
+ if(in_array($type, $allowedArray)) {
+ return true;
+ }
+ return false;
+ }
+
/**
* Creates a redirect response by calling `render()` and providing a `'location'` parameter.
*
Please sign in to comment.
Something went wrong with that request. Please try again.