Skip to content
This repository
Browse code

if blackHoleCallback is set, requests _must_ get blackholed

  • Loading branch information...
commit 22373868bb0e58d7a40da6c8b4c346b1d0830f12 1 parent 86a74e3
Rachman Chavik authored July 03, 2012
2  lib/Cake/Controller/Component/SecurityComponent.php
@@ -590,7 +590,7 @@ protected function _callback(Controller $controller, $method, $params = array())
590 590
 		if (is_callable(array($controller, $method))) {
591 591
 			return call_user_func_array(array(&$controller, $method), empty($params) ? null : $params);
592 592
 		} else {
593  
-			return null;
  593
+			throw new BadRequestException(__d('cake_dev', 'The request has been black-holed'));
594 594
 		}
595 595
 	}
596 596
 
33  lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -107,6 +107,20 @@ public function header($status) {
107 107
 
108 108
 }
109 109
 
  110
+class BrokenCallbackController extends Controller {
  111
+
  112
+	public $name = 'UncallableCallback';
  113
+
  114
+	public $components = array('Session', 'TestSecurity');
  115
+
  116
+	public function index() {
  117
+	}
  118
+
  119
+	protected function _fail() {
  120
+	}
  121
+
  122
+}
  123
+
110 124
 /**
111 125
  * SecurityComponentTest class
112 126
  *
@@ -162,6 +176,25 @@ public function tearDown() {
162 176
 	}
163 177
 
164 178
 /**
  179
+ * Test that requests are still blackholed when controller has incorrect
  180
+ * visibility keyword in the blackhole callback
  181
+ *
  182
+ * @expectedException BadRequestException
  183
+ */
  184
+	public function testBlackholeWithBrokenCallback() {
  185
+		$request = new CakeRequest('posts/index', false);
  186
+		$request->addParams(array(
  187
+			'controller' => 'posts', 'action' => 'index')
  188
+		);
  189
+		$this->Controller = new BrokenCallbackController($request);
  190
+		$this->Controller->Components->init($this->Controller);
  191
+		$this->Controller->Security = $this->Controller->TestSecurity;
  192
+		$this->Controller->Security->blackHoleCallback = '_fail';
  193
+		$this->Controller->Security->startup($this->Controller);
  194
+		$this->Controller->Security->blackHole($this->Controller, 'csrf');
  195
+	}
  196
+
  197
+/**
165 198
  * test that initialize can set properties.
166 199
  *
167 200
  * @return void

0 notes on commit 2237386

Please sign in to comment.
Something went wrong with that request. Please try again.