Permalink
Browse files

if blackHoleCallback is set, requests _must_ get blackholed

  • Loading branch information...
rchavik committed Jul 3, 2012
1 parent 86a74e3 commit 22373868bb0e58d7a40da6c8b4c346b1d0830f12
@@ -590,7 +590,7 @@ protected function _callback(Controller $controller, $method, $params = array())
if (is_callable(array($controller, $method))) {
return call_user_func_array(array(&$controller, $method), empty($params) ? null : $params);
} else {
return null;
throw new BadRequestException(__d('cake_dev', 'The request has been black-holed'));
}
}
@@ -107,6 +107,20 @@ public function header($status) {
}
class BrokenCallbackController extends Controller {
public $name = 'UncallableCallback';
public $components = array('Session', 'TestSecurity');
public function index() {
}
protected function _fail() {
}
}
/**
* SecurityComponentTest class
*
@@ -161,6 +175,25 @@ public function tearDown() {
unset($this->Controller);
}
/**
* Test that requests are still blackholed when controller has incorrect
* visibility keyword in the blackhole callback
*
* @expectedException BadRequestException
*/
public function testBlackholeWithBrokenCallback() {
$request = new CakeRequest('posts/index', false);
$request->addParams(array(
'controller' => 'posts', 'action' => 'index')
);
$this->Controller = new BrokenCallbackController($request);
$this->Controller->Components->init($this->Controller);
$this->Controller->Security = $this->Controller->TestSecurity;
$this->Controller->Security->blackHoleCallback = '_fail';
$this->Controller->Security->startup($this->Controller);
$this->Controller->Security->blackHole($this->Controller, 'csrf');
}
/**
* test that initialize can set properties.
*

0 comments on commit 2237386

Please sign in to comment.