Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: UnionOfRAD/lithium
...
head fork: UnionOfRAD/lithium
Checking mergeability… Don’t worry, you can still create the pull request.
  • 1 commit
  • 1 file changed
  • 0 commit comments
  • 1 contributor
Showing with 27 additions and 0 deletions.
  1. +27 −0 action/Controller.php
View
27 action/Controller.php
@@ -61,6 +61,14 @@ class Controller extends \lithium\core\Object {
public $response = null;
/**
+ * Used for restricting media types on a per-action basis. Media types not defined in this list
+ * will have the request terminated.
+ * The list is formatted as `'action' => array('type1', 'type2'), 'action2' => array('html')`
+ * @var array
+ */
+ public $_allowedTypes = array();
+
+ /**
* Lists the rendering control options for responses generated by this controller.
*
* - The `'type'` key is the content type that will be rendered by default, unless another is
@@ -244,6 +252,11 @@ public function render(array $options = array()) {
);
$options += $this->_render + $defaults;
+ if (!$this->_validMediaType()) {
+ $type = $this->_render['type'];
+ throw new DispatchException("Media type `{$type}` not permitted for this request.");
+ }
+
if ($key && $media::type($key)) {
$options['type'] = $key;
$this->set($options[$key]);
@@ -263,6 +276,20 @@ public function render(array $options = array()) {
$media::render($this->response, $data, $options + array('request' => $this->request));
}
+ protected function _validMediaType() {
+ if (!is_object($this->request)) {
+ return true;
+ }
+ $action = $this->request->params['action'];
+ $type = $this->_render['type'];
+ $allowedTypes = &$this->_allowedTypes;
+ $allowedArray = isset($allowedTypes[$action]) ? $allowedTypes[$action] : array('html');
+ if(in_array($type, $allowedArray)) {
+ return true;
+ }
+ return false;
+ }
+
/**
* Creates a redirect response by calling `render()` and providing a `'location'` parameter.
*

No commit comments for this range

Something went wrong with that request. Please try again.