mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: ensure that pages can only be requested from staging and live (from r110759)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112845 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
9107cf950b
commit
995f1f4157
@ -626,15 +626,18 @@ class Versioned extends DataObjectDecorator {
|
||||
*/
|
||||
static function choose_site_stage() {
|
||||
if(isset($_GET['stage'])) {
|
||||
$_GET['stage'] = ucfirst(strtolower($_GET['stage']));
|
||||
Session::set('readingMode', 'Stage.' . $_GET['stage']);
|
||||
$stage = ucfirst(strtolower($_GET['stage']));
|
||||
|
||||
if(!in_array($stage, array('Stage', 'Live'))) $stage = 'Live';
|
||||
|
||||
Session::set('readingMode', 'Stage.' . $stage);
|
||||
}
|
||||
if(isset($_GET['archiveDate'])) {
|
||||
Session::set('readingMode', 'Archive.' . $_GET['archiveDate']);
|
||||
}
|
||||
|
||||
if(Session::get('readingMode')) {
|
||||
Versioned::set_reading_mode(Session::get('readingMode'));
|
||||
if($mode = Session::get('readingMode')) {
|
||||
Versioned::set_reading_mode($mode);
|
||||
} else {
|
||||
Versioned::reading_stage("Live");
|
||||
}
|
||||
|
@ -34,6 +34,39 @@ class SiteTreePermissionsTest extends FunctionalTest {
|
||||
$this->autoFollowRedirection = false;
|
||||
}
|
||||
|
||||
|
||||
function testAccessingStageWithBlankStage() {
|
||||
$this->useDraftSite(false);
|
||||
$this->autoFollowRedirection = false;
|
||||
|
||||
$page = $this->objFromFixture('Page', 'draftOnlyPage');
|
||||
|
||||
if($member = Member::currentUser()) {
|
||||
$member->logOut();
|
||||
}
|
||||
|
||||
$response = $this->get($page->URLSegment . '?stage=Live');
|
||||
$this->assertEquals($response->getStatusCode(), '404');
|
||||
|
||||
$response = $this->get($page->URLSegment . '?stage=');
|
||||
$this->assertEquals($response->getStatusCode(), '404');
|
||||
|
||||
// should be prompted for a login
|
||||
$response = $this->get($page->URLSegment . '?stage=Stage');
|
||||
$this->assertEquals($response->getStatusCode(), '302');
|
||||
|
||||
$this->logInWithPermission('ADMIN');
|
||||
|
||||
$response = $this->get($page->URLSegment . '?stage=Live');
|
||||
$this->assertEquals($response->getStatusCode(), '404');
|
||||
|
||||
$response = $this->get($page->URLSegment . '?stage=Stage');
|
||||
$this->assertEquals($response->getStatusCode(), '200');
|
||||
|
||||
$response = $this->get($page->URLSegment . '?stage=');
|
||||
$this->assertEquals($response->getStatusCode(), '404');
|
||||
}
|
||||
|
||||
function testPermissionCheckingWorksOnDeletedPages() {
|
||||
// Set up fixture - a published page deleted from draft
|
||||
$this->logInWithPermission("ADMIN");
|
||||
|
@ -83,3 +83,6 @@ Page:
|
||||
CanEditType: OnlyTheseUsers
|
||||
EditorGroups: =>Group.subadmingroup
|
||||
URLSegment: deleteTestChildPage
|
||||
draftOnlyPage:
|
||||
CanViewType: Anyone
|
||||
URLSegment: draft-only
|
Loading…
Reference in New Issue
Block a user