mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: RequestHandler needs some tricks to make sure it knows when allowed_actions hasnt been provided on a class when it has been provided on an extension, now that statics from extensions isnt a feature specific hack
This commit is contained in:
parent
bc3f5ac329
commit
5ff095e561
@ -253,7 +253,7 @@ class RequestHandler extends ViewableData {
|
|||||||
if($isKey || $isValue) return true;
|
if($isKey || $isValue) return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!is_array($actions) || !$this->uninherited('allowed_actions')) {
|
if(!is_array($actions) || !$this->config()->get('allowed_actions', Config::UNINHERITED | Config::EXCLUDE_EXTRA_SOURCES)) {
|
||||||
if($action != 'init' && $action != 'run' && method_exists($this, $action)) return true;
|
if($action != 'init' && $action != 'run' && method_exists($this, $action)) return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -286,7 +286,7 @@ class RequestHandler extends ViewableData {
|
|||||||
return Permission::check($test);
|
return Permission::check($test);
|
||||||
}
|
}
|
||||||
|
|
||||||
} elseif((($key = array_search($actionOrAll, $allowedActions)) !== false) && is_numeric($key)) {
|
} elseif((($key = array_search($actionOrAll, $allowedActions, true)) !== false) && is_numeric($key)) {
|
||||||
// Case 4: Allow numeric array notation (search for array value as action instead of key)
|
// Case 4: Allow numeric array notation (search for array value as action instead of key)
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -297,7 +297,7 @@ class RequestHandler extends ViewableData {
|
|||||||
// it should be allowed.
|
// it should be allowed.
|
||||||
if($action == 'index' || empty($action)) return true;
|
if($action == 'index' || empty($action)) return true;
|
||||||
|
|
||||||
if($allowedActions === null || !$this->uninherited('allowed_actions')) {
|
if($allowedActions === null || !$this->config()->get('allowed_actions', Config::UNINHERITED | Config::EXCLUDE_EXTRA_SOURCES)) {
|
||||||
// If no allowed_actions are provided, then we should only let through actions that aren't handled by magic methods
|
// If no allowed_actions are provided, then we should only let through actions that aren't handled by magic methods
|
||||||
// we test this by calling the unmagic method_exists.
|
// we test this by calling the unmagic method_exists.
|
||||||
if(method_exists($this, $action)) {
|
if(method_exists($this, $action)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user