Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixing issues created in [8205] where allowedActions check was done i…

…ncorrectly. Fixes #6482

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8208 3807eeeb-6ff5-0310-8944-8be069107fe0
  • Loading branch information...
commit ff5d9ed6e0f80a44b24143cddd1b6c2733c1ab3f 1 parent fb6b2ae
Mark Story markstory authored
3  cake/libs/controller/components/auth.php
View
@@ -264,6 +264,7 @@ function initialize(&$controller) {
function startup(&$controller) {
$methods = array_flip($controller->methods);
$controllerAction = strtolower($controller->params['action']);
+ $lowerAllowedActions = array_map('strtolower', $this->allowedActions);
$isErrorOrTests = (
strtolower($controller->name) == 'cakeerror' ||
@@ -297,7 +298,7 @@ function startup(&$controller) {
$isAllowed = (
$this->allowedActions == array('*') ||
- isset($methods[$controllerAction])
+ in_array($controllerAction, $lowerAllowedActions)
);
if ($loginAction != $url && $isAllowed) {
4 cake/tests/cases/libs/controller/components/auth.test.php
View
@@ -753,6 +753,10 @@ function testAllowedActionsWithCamelCaseMethods() {
$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
$result = $this->Controller->Auth->startup($this->Controller);
$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+
+ $this->Controller->Auth->allowedActions = array('delete', 'add');
+ $result = $this->Controller->Auth->startup($this->Controller);
+ $this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
}
/**
* testLoginRedirect method
Please sign in to comment.
Something went wrong with that request. Please try again.