Skip to content
Permalink
Browse files

Added `disabledActions` feature to SecurityComponent

  • Loading branch information...
tigrang committed Aug 2, 2012
1 parent 568c60d commit df8ec176267ce06ff6ac04e646f3f6be052c8df9
@@ -178,6 +178,13 @@ class SecurityComponent extends Component {
*/
public $csrfLimit = 100;
/**
* List of actions to disable security checks
*
* @var array
*/
public $disabledActions = array();
/**
* Other components used by the Security component
*
@@ -218,13 +225,11 @@ public function startup(Controller $controller) {
$controller->request->params['requested'] != 1
);
if ($isPost && $isNotRequestAction && $this->validatePost) {
if ($this->_validatePost($controller) === false) {
if (!in_array($this->_action, (array)$this->disabledActions) && $isPost && $isNotRequestAction) {
if ($this->validatePost && $this->_validatePost($controller) === false) {
return $this->blackHole($controller, 'auth');
}
}
if ($isPost && $isNotRequestAction && $this->csrfCheck) {
if ($this->_validateCsrf($controller) === false) {
if ($this->csrfCheck && $this->_validateCsrf($controller) === false) {
return $this->blackHole($controller, 'csrf');
}
}
@@ -1372,4 +1372,18 @@ public function testCsrfLimit() {
$this->assertTrue(isset($result['4']));
$this->assertTrue(isset($result['5']));
}
/**
* Test disabled actions
*
* @return void
*/
public function testDisabledActions() {
$_SERVER['REQUEST_METHOD'] = 'POST';
$this->Controller->request->data = array('data');
$this->Controller->Security->disabledActions = 'index';
$this->Controller->Security->blackHoleCallback = null;
$result = $this->Controller->Security->startup($this->Controller);
$this->assertNull($result);
}
}

0 comments on commit df8ec17

Please sign in to comment.
You can’t perform that action at this time.