Fix subsites to use correct permissions

See http://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability

Conflicts:
	tests/SiteTreeSubsitesTest.php
This commit is contained in:
Damian Mooyman 2015-03-23 14:35:52 +13:00 committed by Ingo Schommer
parent c18a0a266f
commit bfc70f9b06

View File

@ -8,6 +8,10 @@ class SiteTreeSubsitesTest extends BaseSubsiteTest {
'SiteTreeSubsitesTest_ClassA', 'SiteTreeSubsitesTest_ClassA',
'SiteTreeSubsitesTest_ClassB' 'SiteTreeSubsitesTest_ClassB'
); );
protected $illegalExtensions = array(
'SiteTree' => array('Translatable')
);
function testPagesInDifferentSubsitesCanShareURLSegment() { function testPagesInDifferentSubsitesCanShareURLSegment() {
$subsiteMain = $this->objFromFixture('Subsite', 'main'); $subsiteMain = $this->objFromFixture('Subsite', 'main');
@ -178,16 +182,18 @@ class SiteTreeSubsitesTest extends BaseSubsiteTest {
$s1->write(); $s1->write();
Subsite::changeSubsite($s1); Subsite::changeSubsite($s1);
$classes = $cmsmain->PageTypes()->column('ClassName'); $hints = Convert::json2array($cmsmain->SiteTreeHints());
$this->assertNotContains('ErrorPage', $classes); $classes = $hints['Root']['disallowedChildren'];
$this->assertNotContains('SiteTreeSubsitesTest_ClassA', $classes);
$this->assertContains('SiteTreeSubsitesTest_ClassB', $classes);
Subsite::changeSubsite($s2);
$classes = $cmsmain->PageTypes()->column("ClassName");
$this->assertContains('ErrorPage', $classes); $this->assertContains('ErrorPage', $classes);
$this->assertContains('SiteTreeSubsitesTest_ClassA', $classes); $this->assertContains('SiteTreeSubsitesTest_ClassA', $classes);
$this->assertContains('SiteTreeSubsitesTest_ClassB', $classes); $this->assertNotContains('SiteTreeSubsitesTest_ClassB', $classes);
Subsite::changeSubsite($s2);
$hints = Convert::json2array($cmsmain->SiteTreeHints());
$classes = $hints['Root']['disallowedChildren'];
$this->assertNotContains('ErrorPage', $classes);
$this->assertNotContains('SiteTreeSubsitesTest_ClassA', $classes);
$this->assertNotContains('SiteTreeSubsitesTest_ClassB', $classes);
} }
} }