Skip to content
Permalink
Browse files

Get request/response from the controller.

Don't use deprecated properties and instead access the controller
properties.
  • Loading branch information...
markstory committed Nov 15, 2016
1 parent 8b07eba commit 8e7b79b9a27d80209f7d4bf24fe32be4e1e936ec
Showing with 13 additions and 19 deletions.
  1. +13 −19 src/Controller/Component/SecurityComponent.php
@@ -84,13 +84,6 @@ class SecurityComponent extends Component
*/
protected $_action = null;
/**
* Request object
*
* @var \Cake\Http\ServerRequest
*/
public $request;
/**
* The Session object
*
@@ -107,9 +100,9 @@ class SecurityComponent extends Component
public function startup(Event $event)
{
$controller = $event->subject();
$this->session = $this->request->session();
$this->_action = $this->request->param('action');
$hasData = (bool)$this->request->data();
$this->session = $controller->request->session();
$this->_action = $controller->request->param('action');
$hasData = (bool)$controller->request->data();
try {
$this->_secureRequired($controller);
$this->_authRequired($controller);
@@ -264,38 +257,39 @@ protected function _secureRequired(Controller $controller)
*/
protected function _authRequired(Controller $controller)
{
$request = $controller->request;
if (is_array($this->_config['requireAuth']) &&
!empty($this->_config['requireAuth']) &&
$this->request->data()
$request->data()
) {
$requireAuth = $this->_config['requireAuth'];
if (in_array($this->request->param('action'), $requireAuth) || $requireAuth == ['*']) {
if (!isset($this->request->data['_Token'])) {
if (in_array($request->param('action'), $requireAuth) || $requireAuth == ['*']) {
if (!isset($request->data['_Token'])) {
throw new AuthSecurityException('\'_Token\' was not found in request data.');
}
if ($this->session->check('_Token')) {
$tData = $this->session->read('_Token');
if (!empty($tData['allowedControllers']) &&
!in_array($this->request->param('controller'), $tData['allowedControllers'])) {
!in_array($request->param('controller'), $tData['allowedControllers'])) {
throw new AuthSecurityException(
sprintf(
'Controller \'%s\' was not found in allowed controllers: \'%s\'.',
$this->request->param('controller'),
$request->param('controller'),
implode(', ', (array)$tData['allowedControllers'])
)
);
}
if (!empty($tData['allowedActions']) &&
!in_array($this->request->param('action'), $tData['allowedActions'])
!in_array($request->param('action'), $tData['allowedActions'])
) {
throw new AuthSecurityException(
sprintf(
'Action \'%s::%s\' was not found in allowed actions: \'%s\'.',
$this->request->param('controller'),
$this->request->param('action'),
$request->param('controller'),
$request->param('action'),
implode(', ', (array)$tData['allowedActions'])
)
);
@@ -346,7 +340,7 @@ protected function _validatePost(Controller $controller)
*/
protected function _validToken(Controller $controller)
{
$check = $controller->request->data;
$check = $controller->request->getData();
$message = '\'%s\' was not found in request data.';
if (!isset($check['_Token'])) {

0 comments on commit 8e7b79b

Please sign in to comment.
You can’t perform that action at this time.