tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Don't lowercase permission codes contained in $allowed_actions in RequestHandler->checkAccessAction(). Permission checks are case sensitive.

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86085 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-09-10 07:02:54 +00:00
parent e9df16ba5a
commit 3f751a2cb8
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/control/RequestHandler.php
View File

@ -193,9 +193,11 @@ class RequestHandler extends ViewableData {
} }
if($allowedActions) { if($allowedActions) {
// convert all keys and values to lowercase for easier comparison (only if not set as boolean) // Convert all keys and values to lowercase for easier comparison.
// Exclude values set as booleans, or permission codes (permission checks are case sensitive)
foreach($allowedActions as $key => $value) { foreach($allowedActions as $key => $value) {
$newAllowedActions[strtolower($key)] = (is_bool($value)) ? $value : strtolower($value); if(is_numeric($key) || is_bool($value)) $value = strtolower($value);
$newAllowedActions[strtolower($key)] = $value;
} }
$allowedActions = $newAllowedActions; $allowedActions = $newAllowedActions;