Changed DataObject to be a subclass of ViewableData instead of Controller, so that it can't be hacked by visiting Page/write.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@49760 467b73ca-7a2a-4603-9d3b-597d59a354a9

core/control/Controller.php

@@ -17,6 +17,19 @@
  */
 class Controller extends ViewableData {
 	
+	/**
+	 * Define a list of actions that are allowed to be called on this controller.
+	 * The variable should be an array of action names. This sample s
+	 *
+	 * array(
+	 *		'someaction', // someaction can be accessed by anyone, any time
+	 *		'otheraction' => true, // So can otheraction
+	 *		'restrictedaction' => 'ADMIN', // restrictedaction can only be people with ADMIN privilege
+	 *		'complexaction' '->canComplexAction' // complexaction can only be accessed if $this->canComplexAction() returns true
+	 *	);
+	 */
+	static $allowed_actions = null;
+	
 	protected $urlParams;
 	
 	protected $requestParams;
@@ -98,7 +111,13 @@ class Controller extends ViewableData {
 		$this->response = new HTTPResponse();
 		$this->requestParams = $requestParams;
 
-		$this->action = isset($this->urlParams['Action']) ? str_replace("-","_",$this->urlParams['Action']) : "index";
+		$this->action = isset($this->urlParams['Action']) ? strtolower(str_replace("-","_",$this->urlParams['Action'])) : "";
+		if(!$this->action) $this->action = 'index';
+		
+		// Check security on the controller
+		if(!$this->checkAccessAction($this->action)) {
+			user_error("Disallowed action: '$this->action' on controller '$this->class'", E_USER_ERROR);
+		}
 
 		// Init
 		$this->baseInitCalled = false;
@@ -508,6 +527,33 @@ class Controller extends ViewableData {
 		);
 	}
 	
+	/**
+	 * Check thAT
+	 */
+	function checkAccessAction($action) {
+		$access = $this->stat('allowed_actions');
+
+		if($access === null) {
+			user_error("Deprecated: please define accessAction() on your Controllers for security purposes", E_USER_NOTICE);
+			return true;
+		}
+		
+		if($action == 'index') return true;
+		
+		if(isset($access[$action])) {
+			$test = $access[$action];
+			if($test === true) return true;
+			if(substr($test,0,2) == '->') {
+				$funcName = substr($test,2);
+				return $this->$funcName();
+			}
+			if(Permission::check($test)) return true;
+		} else if((($key = array_search($action, $access)) !== false) && is_numeric($key)) {
+			return true;
+		}
+		return false;
+	} 
+	
 }
 
 ?>

core/model/DataObject.php

@@ -10,7 +10,7 @@
  * @package sapphire
  * @subpackage model
  */
-class DataObject extends Controller implements DataObjectInterface {
+class DataObject extends ViewableData implements DataObjectInterface {
 	/**
 	 * Data stored in this objects database record. An array indexed
 	 * by fieldname.

core/model/DatabaseAdmin.php

@@ -25,6 +25,14 @@ require_once("core/model/DB.php");
  */
 class DatabaseAdmin extends Controller {
 
+	/// SECURITY ///
+	static $allowed_actions = array(
+		'build',
+		'cleanup',
+		'testinstall',
+		'import'
+	);
+
 	/**
 	 * Get the data classes, grouped by their root class
 	 *