tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUG Find Form actions in CompositeFields for access checks

Browse Source 
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
This commit is contained in:
Ingo Schommer 2013-02-18 15:30:36 +01:00
parent 7ec8ebbf9e
commit 14dcc82e76
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
forms/Form.php
View File

@ -289,7 +289,7 @@ class Form extends RequestHandler {
$this->controller->hasMethod($funcName) $this->controller->hasMethod($funcName)
&& !$this->controller->checkAccessAction($funcName) && !$this->controller->checkAccessAction($funcName)
// If a button exists, allow it on the controller // If a button exists, allow it on the controller
&& !$this->actions->fieldByName('action_' . $funcName) && !$this->actions->dataFieldByName('action_' . $funcName)
) { ) {
return $this->httpError( return $this->httpError(
403, 403,