Skip to content
Browse files

use new onlyAllow() method in baked code, to ensure 405 responses hav…

…e required Allow header included
  • Loading branch information...
1 parent 064fef1 commit 167a8e43be82394a953111d7b0f43ff34ce76661 @ceeram ceeram committed
View
12 lib/Cake/Console/Templates/default/actions/controller_actions.ctp
@@ -47,10 +47,12 @@
/**
* <?php echo $admin ?>add method
*
+ * @throws MethodNotAllowedException
* @return void
*/
public function <?php echo $admin ?>add() {
- if ($this->request->is('post')) {
+ if ($this->request->data) {
+ $this->request->onlyAllow('post');
$this-><?php echo $currentModelName; ?>->create();
if ($this-><?php echo $currentModelName; ?>->save($this->request->data)) {
<?php if ($wannaUseSession): ?>
@@ -86,6 +88,7 @@
/**
* <?php echo $admin ?>edit method
*
+ * @throws MethodNotAllowedException
* @throws NotFoundException
* @param string $id
* @return void
@@ -95,7 +98,8 @@
if (!$this-><?php echo $currentModelName; ?>->exists()) {
throw new NotFoundException(__('Invalid <?php echo strtolower($singularHumanName); ?>'));
}
- if ($this->request->is('post') || $this->request->is('put')) {
+ if ($this->request->data) {
+ $this->request->onlyAllow('post', 'put');
if ($this-><?php echo $currentModelName; ?>->save($this->request->data)) {
<?php if ($wannaUseSession): ?>
$this->Session->setFlash(__('The <?php echo strtolower($singularHumanName); ?> has been saved'));
@@ -137,9 +141,7 @@
* @return void
*/
public function <?php echo $admin; ?>delete($id = null) {
- if (!$this->request->is('post')) {
- throw new MethodNotAllowedException();
- }
+ $this->request->onlyAllow('post', 'delete');
$this-><?php echo $currentModelName; ?>->id = $id;
if (!$this-><?php echo $currentModelName; ?>->exists()) {
throw new NotFoundException(__('Invalid <?php echo strtolower($singularHumanName); ?>'));
View
6 lib/Cake/Test/Case/Console/Command/Task/ControllerTaskTest.php
@@ -353,7 +353,8 @@ public function testBakeActionsUsingSessions() {
$this->assertContains("\$this->set('bakeArticle', \$this->BakeArticle->read(null, \$id)", $result);
$this->assertContains('function add()', $result);
- $this->assertContains("if (\$this->request->is('post'))", $result);
+ $this->assertContains("if (\$this->request->data)", $result);
+ $this->assertContains("\$this->request->onlyAllow('post')", $result);
$this->assertContains('if ($this->BakeArticle->save($this->request->data))', $result);
$this->assertContains("\$this->Session->setFlash(__('The bake article has been saved'));", $result);
@@ -392,7 +393,8 @@ public function testBakeActionsWithNoSessions() {
$this->assertContains("\$this->set('bakeArticle', \$this->BakeArticle->read(null, \$id)", $result);
$this->assertContains('function add()', $result);
- $this->assertContains("if (\$this->request->is('post'))", $result);
+ $this->assertContains("if (\$this->request->data)", $result);
+ $this->assertContains("\$this->request->onlyAllow('post')", $result);
$this->assertContains('if ($this->BakeArticle->save($this->request->data))', $result);
$this->assertContains("\$this->flash(__('The bake article has been saved.'), array('action' => 'index'))", $result);

0 comments on commit 167a8e4

Please sign in to comment.
Something went wrong with that request. Please try again.