Permalink
Browse files

Fix security component causing black holes on error pages.

Fixes #2966
  • Loading branch information...
markstory committed Jun 18, 2012
1 parent 645e981 commit fec6c1c6cb022b59a4332c2d1a3238dff6b7af4c
Showing with 4 additions and 0 deletions.
  1. +4 −0 lib/Cake/Controller/Component/SecurityComponent.php
@@ -205,6 +205,10 @@ class SecurityComponent extends Component {
* @return void
*/
public function startup(Controller $controller) {
+ if ($controller->name == 'CakeError') {
+ return true;
+ }
+
$this->request = $controller->request;
$this->_action = $this->request->params['action'];
$this->_methodsRequired($controller);

3 comments on commit fec6c1c

Member

ADmad replied Jun 18, 2012

I feel this is the wrong place to do this fix. Instead of patching the component itself the Security component should be disabled in CakeErrorController::__construct() before calling the Controller::startupProcess(). If someone is using a custom exception renderer with a custom controller for rendering view this check would be useless anyway.

Owner

markstory replied Jun 18, 2012

AuthComponent has the same check in the same place. I agree though it might be a better solution to have the controller disable those components as part of its startup process. I'll make that change, as I felt this was a bit icky at the time.

Member

ADmad replied Jun 18, 2012

Yup same change would be required for Auth too.

Please sign in to comment.