フロント認証を設定していない場合でもフロントのURLとしてパスワードリセット画面にアクセスできてしまう問題を改善 fix baserpro…

…ject#1379
ryuring · Mar 27, 2020 · 101010a · 101010a
1 parent 68f3d42
commit 101010a
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/lib/Baser/Controller/Component/BcReplacePrefixComponent.php b/lib/Baser/Controller/Component/BcReplacePrefixComponent.php
@@ -107,6 +107,18 @@ public function startup(Controller $Controller) {
 			$requestedPrefix = $Controller->request->params['prefix'];
 		}
 
+		$prefix = [];
+		foreach(Configure::read('BcAuthPrefix') as $authPrefix) {
+			if(isset($authPrefix['alias'])) {
+				$prefix[] = $authPrefix['alias'];
+			} else {
+				$prefix[] = '';
+			}
+		}
+		if(!in_array($requestedPrefix, $prefix)) {
+			return;
+		}
+
 		$pureAction = preg_replace('/^' . $requestedPrefix . '_/', '', $Controller->action);
 
 		if (!in_array($pureAction, $this->allowedPureActions)) {