function startup(&$controller) {
$isErrorOrTests = (
strtolower($controller->name) == 'cakeerror' ||
(strtolower($controller->name) == 'tests' &&
Configure::read() > 0)
||
!in_array($controller->params['action'],
$controller->methods)
);
if ($isErrorOrTests) {
return true;
}
What the hell???
This is from the Auth component. It skips auth startup if the action
is not a method in the controller.
Appears this is fixed in the latest version.
On Aug 20, 9:48 am, Mathew <[email protected]> wrote:
> Hi,
>
> I have a major security problem with CakePHP. For some reason the Auth
> component is not redirecting the browser to the login page for admin
> pages when the page is rendered with scaffolding. Other admin pages
> for controller actions are being redirected.
>
> I am using CakePHP version 1.2.1.8004.
>
> All my controllers allow access to admin routed pages, but I never
> called Auth->allow(..) for those admin actions. Other custom admin
> actions such as admin_myaction() are redirected to the login page.
>
> Please help... I don't know where to look to fix this.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
