From 9f57b7830b5ebc418744046b643fb69eeb3940d0 Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Tue, 19 Feb 2008 00:06:24 +0000 Subject: [PATCH] Changed DataObject to be a subclass of ViewableData instead of Controller, so that it can't be hacked by visiting Page/write. git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@49760 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- core/control/Controller.php | 48 +++++++++++++++++++++++++++++++++++- core/model/DataObject.php | 2 +- core/model/DatabaseAdmin.php | 8 ++++++ 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/core/control/Controller.php b/core/control/Controller.php index b6ee4789d..2f1ea73f4 100644 --- a/core/control/Controller.php +++ b/core/control/Controller.php @@ -17,6 +17,19 @@ */ class Controller extends ViewableData { + /** + * Define a list of actions that are allowed to be called on this controller. + * The variable should be an array of action names. This sample s + * + * array( + * 'someaction', // someaction can be accessed by anyone, any time + * 'otheraction' => true, // So can otheraction + * 'restrictedaction' => 'ADMIN', // restrictedaction can only be people with ADMIN privilege + * 'complexaction' '->canComplexAction' // complexaction can only be accessed if $this->canComplexAction() returns true + * ); + */ + static $allowed_actions = null; + protected $urlParams; protected $requestParams; @@ -98,7 +111,13 @@ class Controller extends ViewableData { $this->response = new HTTPResponse(); $this->requestParams = $requestParams; - $this->action = isset($this->urlParams['Action']) ? str_replace("-","_",$this->urlParams['Action']) : "index"; + $this->action = isset($this->urlParams['Action']) ? strtolower(str_replace("-","_",$this->urlParams['Action'])) : ""; + if(!$this->action) $this->action = 'index'; + + // Check security on the controller + if(!$this->checkAccessAction($this->action)) { + user_error("Disallowed action: '$this->action' on controller '$this->class'", E_USER_ERROR); + } // Init $this->baseInitCalled = false; @@ -508,6 +527,33 @@ class Controller extends ViewableData { ); } + /** + * Check thAT + */ + function checkAccessAction($action) { + $access = $this->stat('allowed_actions'); + + if($access === null) { + user_error("Deprecated: please define accessAction() on your Controllers for security purposes", E_USER_NOTICE); + return true; + } + + if($action == 'index') return true; + + if(isset($access[$action])) { + $test = $access[$action]; + if($test === true) return true; + if(substr($test,0,2) == '->') { + $funcName = substr($test,2); + return $this->$funcName(); + } + if(Permission::check($test)) return true; + } else if((($key = array_search($action, $access)) !== false) && is_numeric($key)) { + return true; + } + return false; + } + } ?> diff --git a/core/model/DataObject.php b/core/model/DataObject.php index e7099b349..565d389f8 100644 --- a/core/model/DataObject.php +++ b/core/model/DataObject.php @@ -10,7 +10,7 @@ * @package sapphire * @subpackage model */ -class DataObject extends Controller implements DataObjectInterface { +class DataObject extends ViewableData implements DataObjectInterface { /** * Data stored in this objects database record. An array indexed * by fieldname. diff --git a/core/model/DatabaseAdmin.php b/core/model/DatabaseAdmin.php index f43f86d50..9aa8e7ebd 100644 --- a/core/model/DatabaseAdmin.php +++ b/core/model/DatabaseAdmin.php @@ -25,6 +25,14 @@ require_once("core/model/DB.php"); */ class DatabaseAdmin extends Controller { + /// SECURITY /// + static $allowed_actions = array( + 'build', + 'cleanup', + 'testinstall', + 'import' + ); + /** * Get the data classes, grouped by their root class *