Skip to content
This repository
Browse code

Added `disabledActions` feature to SecurityComponent

  • Loading branch information...
commit df8ec176267ce06ff6ac04e646f3f6be052c8df9 1 parent 568c60d
Tigran Gabrielyan authored August 01, 2012
15  lib/Cake/Controller/Component/SecurityComponent.php
@@ -179,6 +179,13 @@ class SecurityComponent extends Component {
179 179
 	public $csrfLimit = 100;
180 180
 
181 181
 /**
  182
+ * List of actions to disable security checks
  183
+ *
  184
+ * @var array
  185
+*/
  186
+	public $disabledActions = array();
  187
+
  188
+/**
182 189
  * Other components used by the Security component
183 190
  *
184 191
  * @var array
@@ -218,13 +225,11 @@ public function startup(Controller $controller) {
218 225
 			$controller->request->params['requested'] != 1
219 226
 		);
220 227
 
221  
-		if ($isPost && $isNotRequestAction && $this->validatePost) {
222  
-			if ($this->_validatePost($controller) === false) {
  228
+		if (!in_array($this->_action, (array)$this->disabledActions) && $isPost && $isNotRequestAction) {
  229
+			if ($this->validatePost && $this->_validatePost($controller) === false) {
223 230
 				return $this->blackHole($controller, 'auth');
224 231
 			}
225  
-		}
226  
-		if ($isPost && $isNotRequestAction && $this->csrfCheck) {
227  
-			if ($this->_validateCsrf($controller) === false) {
  232
+			if ($this->csrfCheck && $this->_validateCsrf($controller) === false) {
228 233
 				return $this->blackHole($controller, 'csrf');
229 234
 			}
230 235
 		}
14  lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -1372,4 +1372,18 @@ public function testCsrfLimit() {
1372 1372
 		$this->assertTrue(isset($result['4']));
1373 1373
 		$this->assertTrue(isset($result['5']));
1374 1374
 	}
  1375
+
  1376
+/**
  1377
+ * Test disabled actions
  1378
+ *
  1379
+ * @return void
  1380
+ */
  1381
+	public function testDisabledActions() {
  1382
+		$_SERVER['REQUEST_METHOD'] = 'POST';
  1383
+		$this->Controller->request->data = array('data');
  1384
+		$this->Controller->Security->disabledActions = 'index';
  1385
+		$this->Controller->Security->blackHoleCallback = null;
  1386
+		$result = $this->Controller->Security->startup($this->Controller);
  1387
+		$this->assertNull($result);
  1388
+	}
1375 1389
 }

0 notes on commit df8ec17

Please sign in to comment.
Something went wrong with that request. Please try again.