BUGFIX: ensure that pages can only be requested from staging and live (from r110759)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112845 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-10-19 01:32:39 +00:00
parent 9107cf950b
commit 995f1f4157
3 changed files with 44 additions and 5 deletions

View File

@ -626,15 +626,18 @@ class Versioned extends DataObjectDecorator {
*/
static function choose_site_stage() {
if(isset($_GET['stage'])) {
$_GET['stage'] = ucfirst(strtolower($_GET['stage']));
Session::set('readingMode', 'Stage.' . $_GET['stage']);
$stage = ucfirst(strtolower($_GET['stage']));
if(!in_array($stage, array('Stage', 'Live'))) $stage = 'Live';
Session::set('readingMode', 'Stage.' . $stage);
}
if(isset($_GET['archiveDate'])) {
Session::set('readingMode', 'Archive.' . $_GET['archiveDate']);
}
if(Session::get('readingMode')) {
Versioned::set_reading_mode(Session::get('readingMode'));
if($mode = Session::get('readingMode')) {
Versioned::set_reading_mode($mode);
} else {
Versioned::reading_stage("Live");
}

View File

@ -34,6 +34,39 @@ class SiteTreePermissionsTest extends FunctionalTest {
$this->autoFollowRedirection = false;
}
function testAccessingStageWithBlankStage() {
$this->useDraftSite(false);
$this->autoFollowRedirection = false;
$page = $this->objFromFixture('Page', 'draftOnlyPage');
if($member = Member::currentUser()) {
$member->logOut();
}
$response = $this->get($page->URLSegment . '?stage=Live');
$this->assertEquals($response->getStatusCode(), '404');
$response = $this->get($page->URLSegment . '?stage=');
$this->assertEquals($response->getStatusCode(), '404');
// should be prompted for a login
$response = $this->get($page->URLSegment . '?stage=Stage');
$this->assertEquals($response->getStatusCode(), '302');
$this->logInWithPermission('ADMIN');
$response = $this->get($page->URLSegment . '?stage=Live');
$this->assertEquals($response->getStatusCode(), '404');
$response = $this->get($page->URLSegment . '?stage=Stage');
$this->assertEquals($response->getStatusCode(), '200');
$response = $this->get($page->URLSegment . '?stage=');
$this->assertEquals($response->getStatusCode(), '404');
}
function testPermissionCheckingWorksOnDeletedPages() {
// Set up fixture - a published page deleted from draft
$this->logInWithPermission("ADMIN");

View File

@ -83,3 +83,6 @@ Page:
CanEditType: OnlyTheseUsers
EditorGroups: =>Group.subadmingroup
URLSegment: deleteTestChildPage
draftOnlyPage:
CanViewType: Anyone
URLSegment: draft-only