Re: [CakePHP : The Rapid Development Framework for PHP] #6142: Auth checking camel case action

Fri, 10 Apr 2009 06:23:07 -0700 

#6142: Auth checking camel case action
---------------------------+------------------------------------------------
    Reporter:  tinh        |         Owner:           
        Type:  Bug         |        Status:  reopened 
    Priority:  Medium      |     Milestone:  1.2.x.x  
   Component:  Auth        |       Version:  1.2 Final
    Severity:  Normal      |    Resolution:           
    Keywords:              |   Php_version:  PHP 5    
Cake_version:  1.2.1.8004  |  
---------------------------+------------------------------------------------
Changes (by stefan.izota):

  * status:  closed => reopened
  * resolution:  fixed =>

Comment:

 Still not fixed in 1.2.2.8120 as changeset
 [https://trac.cakephp.org/changeset/8011 8011] states. The changeset only
 checks if the action name is a method in the controller.

 The authorization is performed a little below (check line 298 in auth.php
 component).

 Replacing

 {{{
 in_array($controller->params['action'], $this->allowedActions)
 }}}

 with

 {{{
 in_array(strtolower($controller->params['action']), $this->allowedActions)
 }}}
 does the trick.

 The test case provided in [https://trac.cakephp.org/changeset/8065 8065]
 only checks if the user is not authorized. Another test is needed to check
 the result if the user is authorized.

-- 
Ticket URL: <https://trac.cakephp.org/ticket/6142#comment:2>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to 
tickets-cakephp+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to