Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Prevent most actions from being run on non-existent pages (allow only…

… login/logout/register/recover_pass, and 'edit' to create the non-existent page). Fixes issue #36 and issue #80.
  • Loading branch information...
commit e687be32508b676b0ab81e3c8fb34f10284aec0d 1 parent 6224a3b
@dandv dandv authored
View
18 Changes
@@ -1,15 +1,21 @@
+ Bug fixes:
+ - Prevent actions from being run on non-existent pages (e.g. '/bogus.export').
+ '.edit' is allowed, to create the page. Fixes issues #36 and #80. (dandv)
+
+
1.04 2011-02-12 10:24
Improvements:
- Don't save a page when there is no change even if we push the save button.
This prevents the revision number from being incremented.
- Added gist formatter (bayashi)
- Fixes:
- - Amazon requires a secret key now to access it's API.
+ Bug fixes:
+ - Amazon requires a secret key now to access its API.
Make the Amazon formatter aware of that.
- - Google calendar formatter was setting precomple_off = 1 always
+ - Google calendar formatter was always setting precompile_off = 1
(even when it wasn't a calendar page).
+
1.03 2011-01-12 11:36
New features:
- Google Calendar formatter (jcockhren)
@@ -35,9 +41,10 @@
a butt-load and then some. Thanks to <sauber> and <Khisanth>.
Migration:
- - Moved to using KinoSearch1 instead of KinoSearch. The former has
- replaced the latter.
+ - Moved to using KinoSearch1 instead of KinoSearch. The former has
+ replaced the latter.
+
1.01 2010-05-26 10:04:20
New features:
- Google search formatter (bayashi)
@@ -53,6 +60,7 @@
- All Methods/subs now documented
- POD Coverage test on by default
+
1.00 2010-05-09 00:04:20
New Features:
View
3  lib/MojoMojo/Controller/Page.pm
@@ -452,6 +452,7 @@ sub export : Global {
=head2 suggest (.suggest)
"Page not found" page, suggesting alternatives, and allowing creation of the page.
+Root::auto detaches here for actions on nonexistent pages (e.g. c<bogus.export>).
=cut
@@ -459,6 +460,8 @@ sub suggest : Global {
my ( $self, $c ) = @_;
$c->stash->{template} = 'page/suggest.tt';
$c->res->status(404);
+ # force the Catalyst flow to jump straight to the most specific 'end' action, which is Root::end
+ return 0; # otherwise, when Root::auto detaches here, we'd call the original action (e.g. 'export') too
}
=head2 search_inline (.search/inline)
View
10 lib/MojoMojo/Controller/Root.pm
@@ -102,12 +102,20 @@ sub end : Private {
=head2 auto
Runs for all requests, checks if user is in need of validation, and
-intercepts the request if so.
+intercepts the request if so. Also, if the requested page doesn't exist,
+prevents any other actions from running, and detaches straight to
+L<MojoMojo::Controller::Page/suggest>.
=cut
sub auto : Private {
my ( $self, $c ) = @_;
+
+ # Prevent most actions from running on non-existent pages. This fixes issues #36 and #80.
+ my $proto_pages = $c->stash->{proto_pages};
+ $c->detach('MojoMojo::Controller::Page', 'suggest')
+ if ($proto_pages && @$proto_pages && $c->action->name !~ /^(edit|login|logout|register|recover_pass)$/);
+
if ( $c->pref('enforce_login') ) {
# allow a few actions
if ( grep $c->action->name eq $_, qw/login logout recover_pass register/ ) {
Please sign in to comment.
Something went wrong with that request. Please try again.