Skip to content
Permalink
Browse files

Move read operations to use un-deprecated APIs in components.

Moving the writes is a bit harder to do in a totally backwards
compatible way. Because all of the components retain references to the
request, changing the request via immuatble interfaces allows various
components to lose access to the 'current' request.
  • Loading branch information...
markstory committed Oct 1, 2016
1 parent 4101795 commit 1377aa88c30f25a81d6d4a052dee97d12aae64e1
@@ -93,7 +93,7 @@ public function startup(Event $event)
if ($request->is('get') && $cookieData === null) {
$this->_setCookie($request, $response);
}
if ($request->is(['put', 'post', 'delete', 'patch']) || !empty($request->data)) {
if ($request->is(['put', 'post', 'delete', 'patch']) || !empty($request->data())) {
$this->_validateToken($request);
unset($request->data[$this->_config['field']]);
}
@@ -223,10 +223,10 @@ public function paginate($object, array $settings = [])
'scope' => $options['scope'],
];
if (!isset($request['paging'])) {
$request['paging'] = [];
if (!$request->param('paging')) {
$request->params['paging'] = [];
}
$request['paging'] = [$alias => $paging] + (array)$request['paging'];
$request->params['paging'] = [$alias => $paging] + (array)$request->param('paging');
if ($requestedPage > $page) {
throw new NotFoundException();
@@ -276,9 +276,9 @@ public function mergeOptions($alias, $settings)
$defaults = $this->getDefaults($alias, $settings);
$request = $this->_registry->getController()->request;
$scope = Hash::get($settings, 'scope', null);
$query = $request->query;
$query = $request->getQueryParams();
if ($scope) {
$query = Hash::get($request->query, $scope, []);
$query = Hash::get($request->getQueryParams(), $scope, []);
}
$request = array_intersect_key($query, array_flip($this->_config['whitelist']));
@@ -196,16 +196,16 @@ public function startup(Event $event)
$controller = $event->subject();
$request = $controller->request;
if (isset($request->params['_ext'])) {
$this->ext = $request->params['_ext'];
if ($request->param('_ext')) {
$this->ext = $request->param('_ext');
}
if (empty($this->ext) || in_array($this->ext, ['html', 'htm'])) {
$this->_setExtension($request, $this->response);
}
$request->params['isAjax'] = $request->is('ajax');
if (empty($this->ext) && $request->params['isAjax']) {
if (empty($this->ext) && $request->is('ajax')) {
$this->ext = 'ajax';
}
@@ -640,7 +640,7 @@ public function respondAs($type, array $options = [])
if (!$type) {
return false;
}
if (empty($this->request->params['requested'])) {
if (!$this->request->param('requested')) {
$response->type($cType);
}
if (!empty($options['charset'])) {
@@ -108,16 +108,13 @@ public function startup(Event $event)
{
$controller = $event->subject();
$this->session = $this->request->session();
$this->_action = $this->request->params['action'];
$hasData = !empty($this->request->data);
$this->_action = $this->request->param('action');
$hasData = !empty($this->request->data());
try {
$this->_secureRequired($controller);
$this->_authRequired($controller);
$isNotRequestAction = (
!isset($controller->request->params['requested']) ||
$controller->request->params['requested'] != 1
);
$isNotRequestAction = !$controller->request->param('requested');
if ($this->_action === $this->_config['blackHoleCallback']) {
throw new AuthSecurityException(sprintf('Action %s is defined as the blackhole callback.', $this->_action));
@@ -134,7 +131,7 @@ public function startup(Event $event)
}
$this->generateToken($controller->request);
if ($hasData && is_array($controller->request->data)) {
if ($hasData && is_array($controller->request->data())) {
unset($controller->request->data['_Token']);
}
}
@@ -269,36 +266,36 @@ protected function _authRequired(Controller $controller)
{
if (is_array($this->_config['requireAuth']) &&
!empty($this->_config['requireAuth']) &&
!empty($this->request->data)
!empty($this->request->data())
) {
$requireAuth = $this->_config['requireAuth'];
if (in_array($this->request->params['action'], $requireAuth) || $requireAuth == ['*']) {
if (!isset($controller->request->data['_Token'])) {
if (in_array($this->request->param('action'), $requireAuth) || $requireAuth == ['*']) {
if (!isset($this->request->data['_Token'])) {
throw new AuthSecurityException('\'_Token\' was not found in request data.');
}
if ($this->session->check('_Token')) {
$tData = $this->session->read('_Token');
if (!empty($tData['allowedControllers']) &&
!in_array($this->request->params['controller'], $tData['allowedControllers'])) {
!in_array($this->request->param('controller'), $tData['allowedControllers'])) {
throw new AuthSecurityException(
sprintf(
'Controller \'%s\' was not found in allowed controllers: \'%s\'.',
$this->request->params['controller'],
$this->request->param('controller'),
implode(', ', (array)$tData['allowedControllers'])
)
);
}
if (!empty($tData['allowedActions']) &&
!in_array($this->request->params['action'], $tData['allowedActions'])
!in_array($this->request->param('action'), $tData['allowedActions'])
) {
throw new AuthSecurityException(
sprintf(
'Action \'%s::%s\' was not found in allowed actions: \'%s\'.',
$this->request->params['controller'],
$this->request->params['action'],
$this->request->param('controller'),
$this->request->param('action'),
implode(', ', (array)$tData['allowedActions'])
)
);
@@ -321,7 +318,7 @@ protected function _authRequired(Controller $controller)
*/
protected function _validatePost(Controller $controller)
{
if (empty($controller->request->data)) {
if (empty($controller->request->data())) {
return true;
}
$token = $this->_validToken($controller);
@@ -384,8 +381,8 @@ protected function _validToken(Controller $controller)
*/
protected function _hashParts(Controller $controller)
{
$fieldList = $this->_fieldsList($controller->request->data);
$unlocked = $this->_sortedUnlocked($controller->request->data);
$fieldList = $this->_fieldsList($controller->request->data());
$unlocked = $this->_sortedUnlocked($controller->request->data());
return [
$controller->request->here(),
@@ -570,7 +567,7 @@ protected function _debugCheckFields($dataFields, $expectedFields = [], $intKeyM
*/
public function generateToken(Request $request)
{
if (isset($request->params['requested']) && $request->params['requested'] === 1) {
if ($request->is('requested')) {
if ($this->session->check('_Token')) {
$request->params['_Token'] = $this->session->read('_Token');
}

0 comments on commit 1377aa8

Please sign in to comment.
You can’t perform that action at this time.