#6463: Protected controller methods are reachable direclty from URLs
--------------------------+-------------------------------------------------
Reporter: bato | Type: Bug
Status: new | Priority: Critical
Milestone: 1.2.x.x | Component: Controller
Version: 1.2 Final | Severity: Critical
Keywords: | Php_version: PHP 5
Cake_version: |
--------------------------+-------------------------------------------------
'''Protected controller methods are reachable direclty from URLs'''.
This is an unexpected behavior.
I expect to use protected methods only within other methods
of controller class itself, or in derived classes.
Here a simple code to test it:
{{{
class MyTestController extends AppController {
public $uses=array();
public function publicTest() {
echo "Public method called";
exit;
}
protected function protectedTest() {
echo "Protected method called";
exit;
}
}
}}}
I can reach {{{publicTest}}} by url
http://www.example.com/my_test/publicTest
and I can reach {{{protectedTest}}} by url
http://www.example.com/my_test/protectedTest
but it shouldn't work.
----
'''POSSIBLE PATCH'''[[BR]]
Maybe it should be enough to define {{{dispatchMethod}}} in
{{{Dispacher}}} class
instead of in {{{Object}}} class like this:
In the {{{_invoke}}} method of Dispatcher:
{{{
$output = $this->dispatchMethod($controller, $params['action'],
$params['pass']);
}}}
and define {{{dispatchMethod}}} in {{{Dispacther}}} class:
{{{
function dispatchMethod(&$controller, $method, $params = array()) {
switch (count($params)) {
case 0:
return $controller->{$method}();
case 1:
return $cotroller->{$method}($params[0]);
case 2:
return $controller->{$method}($params[0],
$params[1]);
case 3:
return $controller->{$method}($params[0],
$params[1], $param[2]);
case 4:
return $controller->{$method}($params[0],
$params[1], $params[2], $params[3]);
case 5:
return $controller->{$method}($params[0],
$params[1], $params[2],
$params[3], $params[4]);
default:
return
call_user_func_array(array(&$controller, $method), $params);
break;
}
}
}}}
--
Ticket URL: <https://trac.cakephp.org/ticket/6463>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to
tickets-cakephp+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
