tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
409be9a840
silverstripe-framework/tests/control
History
Ingo Schommer fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction() 
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
..
files API CHANGE: Do not rely on a specific OS mime type detection, use PHP finfo 2012-05-11 11:34:07 +12:00
CMSProfileControllerTest.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
CMSProfileControllerTest.yml BUG CMSProfileController::Member_ProfileForm() respecting canEdit() permissions on Member 2012-09-07 11:24:47 +12:00
ControllerTest.php API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
ControllerTest.yml API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure 2011-03-31 09:56:21 +13:00
DirectorTest.php API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
HTTPRequestTest.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
HTTPResponseTest.php Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-27 10:27:22 +01:00
HTTPTest.php FIX: Don't rewrite urls to be absolute, if they are a URI with a protocol. 2013-05-20 11:59:04 +12:00
NullHTTPRequestTest.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
PjaxResponseNegotiatorTest.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
RequestHandlingTest.php API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
SessionTest.php Fixes #1892 - Stop session hijacking with UA check 2013-05-25 19:29:08 +12:00