I use controller plugin for authentication and noticed that if an exception is thrown inside, the action is still executed (throwExceptions = false, my plugin works by redirecting user to a login page if they are not authenticated). The exception does trigger errorAction() in error controller so the user gets an error page as expected, but because the requested action is still executed (as I discovered by accident) he could POST some data and change application state bypassing the authentication and acl. I tried putting all plugin logic into try-catch block and then modifying the request object to go directly to error controller but I had mixed results, it only seems to work with dispatchLoopStartup and is there a way to pass thrown exception to error controller from another plugin? I wonder if I'm doing something wrong, did anyone had similar problems and can provide some insight? How do you handle exceptions in something like an auth/acl plugin?
Thanks -- View this message in context: http://www.nabble.com/Handling-exceptions-inside-front-controller-plugins-tp23480288p23480288.html Sent from the Zend Framework mailing list archive at Nabble.com.
