mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-29 20:59:23 +02:00
BUGFIX: Ticket #6069 Checking of URLSegment can end in an infinite loop (when saving Page in CMS)
This commit is contained in:
parent
04e5ff09ca
commit
856991d644
@ -244,18 +244,18 @@ class RequestHandler extends ViewableData {
|
|||||||
|
|
||||||
$action = strtolower($action);
|
$action = strtolower($action);
|
||||||
$actions = $this->allowedActions();
|
$actions = $this->allowedActions();
|
||||||
|
|
||||||
// Check if the action is defined in the allowed actions as either a
|
// Check if the action is defined in the allowed actions as either a
|
||||||
// key or value. Note that if the action is numeric, then keys are not
|
// key or value. Note that if the action is numeric, then keys are not
|
||||||
// searched for actions to prevent actual array keys being recognised
|
// searched for actions to prevent actual array keys being recognised
|
||||||
// as actions.
|
// as actions.
|
||||||
if(is_array($actions)) {
|
if(is_array($actions)) {
|
||||||
$isKey = !is_numeric($action) && array_key_exists($action, $actions);
|
$isKey = !is_numeric($action) && array_key_exists($action, $actions);
|
||||||
$isValue = in_array($action, $actions);
|
$isValue = in_array($action, $actions, true);
|
||||||
|
$isWildcard = (in_array('*', $actions) && $this->checkAccessAction($action));
|
||||||
if($isKey || $isValue) return true;
|
if($isKey || $isValue || $isWildcard) return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!is_array($actions) || !$this->config()->get('allowed_actions', Config::UNINHERITED | Config::EXCLUDE_EXTRA_SOURCES)) {
|
if(!is_array($actions) || !$this->config()->get('allowed_actions', Config::UNINHERITED | Config::EXCLUDE_EXTRA_SOURCES)) {
|
||||||
if($action != 'init' && $action != 'run' && method_exists($this, $action)) return true;
|
if($action != 'init' && $action != 'run' && method_exists($this, $action)) return true;
|
||||||
}
|
}
|
||||||
|
@ -57,7 +57,7 @@ class ControllerTest extends FunctionalTest {
|
|||||||
);
|
);
|
||||||
|
|
||||||
$response = $this->get("ControllerTest_FullSecuredController/adminonly");
|
$response = $this->get("ControllerTest_FullSecuredController/adminonly");
|
||||||
$this->assertEquals(403, $response->getStatusCode(),
|
$this->assertEquals(404, $response->getStatusCode(),
|
||||||
"Actions can be globally disallowed by using asterisk (*) instead of a method name"
|
"Actions can be globally disallowed by using asterisk (*) instead of a method name"
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -73,6 +73,12 @@ class ControllerTest extends FunctionalTest {
|
|||||||
$response->getStatusCode(),
|
$response->getStatusCode(),
|
||||||
"Permission codes are respected when set in \$allowed_actions"
|
"Permission codes are respected when set in \$allowed_actions"
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$response = $this->get("ControllerTest_FullSecuredController/adminonly");
|
||||||
|
$this->assertEquals(200, $response->getStatusCode(),
|
||||||
|
"Actions can be globally disallowed by using asterisk (*) instead of a method name"
|
||||||
|
);
|
||||||
|
$this->session()->inst_set('loggedInAs', null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user