tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Ticket #6069 Checking of URLSegment can end in an infinite loop (when saving Page in CMS)

Browse Source
This commit is contained in:
carlos barberis 2012-06-14 18:45:12 +12:00 committed by Sam Minnee
parent 04e5ff09ca
commit 856991d644
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
control/RequestHandler.php
View File

@ -251,9 +251,9 @@ class RequestHandler extends ViewableData {
// as actions. // as actions.
if(is_array($actions)) { if(is_array($actions)) {
$isKey = !is_numeric($action) && array_key_exists($action, $actions); $isKey = !is_numeric($action) && array_key_exists($action, $actions);
$isValue = in_array($action, $actions); $isValue = in_array($action, $actions, true);
$isWildcard = (in_array('*', $actions) && $this->checkAccessAction($action));
if($isKey || $isValue) return true; if($isKey || $isValue || $isWildcard) return true;
} }
if(!is_array($actions) || !$this->config()->get('allowed_actions', Config::UNINHERITED | Config::EXCLUDE_EXTRA_SOURCES)) { if(!is_array($actions) || !$this->config()->get('allowed_actions', Config::UNINHERITED | Config::EXCLUDE_EXTRA_SOURCES)) {

8
tests/control/ControllerTest.php
View File

@ -57,7 +57,7 @@ class ControllerTest extends FunctionalTest {
); );
$response = $this->get("ControllerTest_FullSecuredController/adminonly"); $response = $this->get("ControllerTest_FullSecuredController/adminonly");
$this->assertEquals(403, $response->getStatusCode(), $this->assertEquals(404, $response->getStatusCode(),
"Actions can be globally disallowed by using asterisk (*) instead of a method name" "Actions can be globally disallowed by using asterisk (*) instead of a method name"
); );
@ -73,6 +73,12 @@ class ControllerTest extends FunctionalTest {
$response->getStatusCode(), $response->getStatusCode(),
"Permission codes are respected when set in \$allowed_actions" "Permission codes are respected when set in \$allowed_actions"
); );
$response = $this->get("ControllerTest_FullSecuredController/adminonly");
$this->assertEquals(200, $response->getStatusCode(),
"Actions can be globally disallowed by using asterisk (*) instead of a method name"
);
$this->session()->inst_set('loggedInAs', null);
} }
/** /**