openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit d13d7939f50cc4088e1642b65794def354ec86ea
parent f6515d3ead26eeee276ce7d3376c6e0680b1b4fc
Author: Jan Dankert <devnull@localhost>
Date:   Sat, 19 Nov 2011 13:50:21 +0100

Subaction-Konfiguration ignorieren: Prüfen, ob Methode im Controller vorhanden ist - falls nicht, einen HTTP-Fehler 404 erzeugen.

Diffstat:
dispatcher.php | 10++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dispatcher.php b/dispatcher.php @@ -210,7 +210,7 @@ $do->subActionName = $subaction; $do->init(); -if ( !isset($do->actionConfig[$subaction]) ) +if ( !isset($do->actionConfig[$subaction]) && false ) { Logger::warn( "Action $action has no configured method named $subaction"); Http::serverError("Action '$action' has no accessable method '$subaction'."); @@ -218,7 +218,7 @@ if ( !isset($do->actionConfig[$subaction]) ) } -$subactionConfig = $do->actionConfig[$subaction]; +$subactionConfig = @$do->actionConfig[$subaction]; // Eine Subaktion ohne "guest=true" verlangt einen angemeldeten Benutzer. @@ -273,6 +273,12 @@ else Logger::debug("Executing $actionClassName::$subactionMethodName"); +if ( ! method_exists($do,$subactionMethodName) ) +{ + Http::sendStatus(404,"Method not found","Method '".$subactionMethodName."' does not exist in this context" ); + +} + $do->$subactionMethodName(); if ( isset($do->actionConfig[$do->subActionName]['direct']) )