#6062: The Controller using AuthComponent can access to actions of scaffold
without loginned.
---------------------------+------------------------------------------------
Reporter: k-kishida | Type: Bug
Status: new | Priority: Medium
Milestone: 1.2.x.x | Component: Auth
Version: 1.2 Final | Severity: Major
Keywords: | Php_version: n/a
Cake_version: 1.2.1.8004 |
---------------------------+------------------------------------------------
AuthComponent::startup has checking of "ErrorOrTest".[[BR]]
From version 1.2.1, the followings check was added :[[BR]]
[[BR]]
{{{
!in_array($controller->params['action'], $controller->methods)
}}}
But, '$controller->methods' does not match actions of scaffold.[[BR]]
So, Actions of scaffold becomes the same as error or test.[[BR]]
[[BR]]
My simple idea is followings:[[BR]]
{{{
!in_array($controller->params['action'], $controller->methods) &&
$controller->scaffold === false
}}}
Is Scaffold outside the design of AuthComponent?[[BR]]
--
Ticket URL: <https://trac.cakephp.org/ticket/6062>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
