Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix security component causing black holes on error pages.

Fixes #2966
  • Loading branch information...
commit fec6c1c6cb022b59a4332c2d1a3238dff6b7af4c 1 parent 645e981
@markstory markstory authored
Showing with 4 additions and 0 deletions.
  1. +4 −0 lib/Cake/Controller/Component/SecurityComponent.php
View
4 lib/Cake/Controller/Component/SecurityComponent.php
@@ -205,6 +205,10 @@ class SecurityComponent extends Component {
* @return void
*/
public function startup(Controller $controller) {
+ if ($controller->name == 'CakeError') {
+ return true;
+ }
+
$this->request = $controller->request;
$this->_action = $this->request->params['action'];
$this->_methodsRequired($controller);

3 comments on commit fec6c1c

@ADmad
Collaborator

I feel this is the wrong place to do this fix. Instead of patching the component itself the Security component should be disabled in CakeErrorController::__construct() before calling the Controller::startupProcess(). If someone is using a custom exception renderer with a custom controller for rendering view this check would be useless anyway.

@markstory
Owner

AuthComponent has the same check in the same place. I agree though it might be a better solution to have the controller disable those components as part of its startup process. I'll make that change, as I felt this was a bit icky at the time.

@ADmad
Collaborator

Yup same change would be required for Auth too.

Please sign in to comment.
Something went wrong with that request. Please try again.