mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-10-22 11:05:55 +02:00
Fix subsites to use correct permissions
See http://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability Conflicts: tests/SiteTreeSubsitesTest.php
This commit is contained in:
parent
c18a0a266f
commit
bfc70f9b06
@ -8,6 +8,10 @@ class SiteTreeSubsitesTest extends BaseSubsiteTest {
|
|||||||
'SiteTreeSubsitesTest_ClassA',
|
'SiteTreeSubsitesTest_ClassA',
|
||||||
'SiteTreeSubsitesTest_ClassB'
|
'SiteTreeSubsitesTest_ClassB'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
protected $illegalExtensions = array(
|
||||||
|
'SiteTree' => array('Translatable')
|
||||||
|
);
|
||||||
|
|
||||||
function testPagesInDifferentSubsitesCanShareURLSegment() {
|
function testPagesInDifferentSubsitesCanShareURLSegment() {
|
||||||
$subsiteMain = $this->objFromFixture('Subsite', 'main');
|
$subsiteMain = $this->objFromFixture('Subsite', 'main');
|
||||||
@ -178,16 +182,18 @@ class SiteTreeSubsitesTest extends BaseSubsiteTest {
|
|||||||
$s1->write();
|
$s1->write();
|
||||||
|
|
||||||
Subsite::changeSubsite($s1);
|
Subsite::changeSubsite($s1);
|
||||||
$classes = $cmsmain->PageTypes()->column('ClassName');
|
$hints = Convert::json2array($cmsmain->SiteTreeHints());
|
||||||
$this->assertNotContains('ErrorPage', $classes);
|
$classes = $hints['Root']['disallowedChildren'];
|
||||||
$this->assertNotContains('SiteTreeSubsitesTest_ClassA', $classes);
|
|
||||||
$this->assertContains('SiteTreeSubsitesTest_ClassB', $classes);
|
|
||||||
|
|
||||||
Subsite::changeSubsite($s2);
|
|
||||||
$classes = $cmsmain->PageTypes()->column("ClassName");
|
|
||||||
$this->assertContains('ErrorPage', $classes);
|
$this->assertContains('ErrorPage', $classes);
|
||||||
$this->assertContains('SiteTreeSubsitesTest_ClassA', $classes);
|
$this->assertContains('SiteTreeSubsitesTest_ClassA', $classes);
|
||||||
$this->assertContains('SiteTreeSubsitesTest_ClassB', $classes);
|
$this->assertNotContains('SiteTreeSubsitesTest_ClassB', $classes);
|
||||||
|
|
||||||
|
Subsite::changeSubsite($s2);
|
||||||
|
$hints = Convert::json2array($cmsmain->SiteTreeHints());
|
||||||
|
$classes = $hints['Root']['disallowedChildren'];
|
||||||
|
$this->assertNotContains('ErrorPage', $classes);
|
||||||
|
$this->assertNotContains('SiteTreeSubsitesTest_ClassA', $classes);
|
||||||
|
$this->assertNotContains('SiteTreeSubsitesTest_ClassB', $classes);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user