Skip to content
Permalink
Browse files

Disallow direct controller names

Controller names with the default routing should not allow direct
plugin, or fully qualified namespace names.
  • Loading branch information...
markstory committed Aug 11, 2015
1 parent b86dcd6 commit 67d1c9890ed8e80b6cfaf9b1e2d88d1a59673dda
Showing with 51 additions and 1 deletion.
  1. +3 −0 src/Routing/Filter/ControllerFactoryFilter.php
  2. +48 −1 tests/TestCase/Routing/DispatcherTest.php
@@ -73,6 +73,9 @@ protected function _getController($request, $response)
);
$namespace .= '/' . implode('/', $prefixes);
}
if (strpos($controller, '\\') !== false || strpos($controller, '.') !== false) {
return false;
}
$className = false;
if ($pluginPath . $controller) {
$className = App::classname($pluginPath . $controller, $namespace, 'Controller');
@@ -23,7 +23,6 @@
use Cake\Network\Session;
use Cake\Routing\Dispatcher;
use Cake\Routing\Filter\ControllerFactoryFilter;
use Cake\Routing\Router;
use Cake\TestSuite\TestCase;
use Cake\Utility\Inflector;
@@ -409,6 +408,54 @@ public function testPrefixDispatchPlugin()
);
}
/**
* test forbidden controller names.
*
* @expectedException \Cake\Routing\Exception\MissingControllerException
* @expectedExceptionMessage Controller class TestPlugin.Tests could not be found.
* @return void
*/
public function testDispatchBadPluginName()
{
Plugin::load('TestPlugin');
$request = new Request([
'url' => 'TestPlugin.Tests/index',
'params' => [
'plugin' => '',
'controller' => 'TestPlugin.Tests',
'action' => 'index',
'pass' => [],
'return' => 1
]
]);
$response = $this->getMock('Cake\Network\Response');
$this->dispatcher->dispatch($request, $response);
}
/**
* test forbidden controller names.
*
* @expectedException \Cake\Routing\Exception\MissingControllerException
* @expectedExceptionMessage Controller class TestApp\Controller\PostsController could not be found.
* @return void
*/
public function testDispatchBadName()
{
$request = new Request([
'url' => 'TestApp%5CController%5CPostsController/index',
'params' => [
'plugin' => '',
'controller' => 'TestApp\Controller\PostsController',
'action' => 'index',
'pass' => [],
'return' => 1
]
]);
$response = $this->getMock('Cake\Network\Response');
$this->dispatcher->dispatch($request, $response);
}
/**
* Test dispatcher filters being called.
*

0 comments on commit 67d1c98

Please sign in to comment.
You can’t perform that action at this time.