malhuda/CodeIgniter4
1
0
Fork 0
mirror of https://github.com/codeigniter4/CodeIgniter4.git synced 2025-02-20 11:44:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1850 from MGatner/secure-routable-controller-methods

Browse Source 
Secure routable controller methods
This commit is contained in:
Lonnie Ezell 2019-03-25 22:26:44 -05:00 committed by GitHub
commit b5c3f1839b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
system/Config/Routes.php
View File

@ -57,3 +57,9 @@ $routes->cli('migrations', '\CodeIgniter\Commands\MigrationsCommand::index');
// CLI Catchall - uses a _remap to call Commands
$routes->cli('ci(:any)', '\CodeIgniter\CLI\CommandRunner::index/$1');
// Prevent access to initController method
$routes->add('(:any)/initController', function()
{
throw \CodeIgniter\Exceptions\PageNotFoundException::forPageNotFound();
});

6
system/Controller.php
View File

@ -138,7 +138,7 @@ class Controller
*
* @throws \CodeIgniter\HTTP\Exceptions\HTTPException
*/
public function forceHTTPS(int $duration = 31536000)
protected function forceHTTPS(int $duration = 31536000)
{
force_https($duration, $this->request, $this->response);
}
@ -151,7 +151,7 @@ class Controller
*
* @param integer $time
*/
public function cachePage(int $time)
protected function cachePage(int $time)
{
CodeIgniter::cache($time);
}
@ -185,7 +185,7 @@ class Controller
*
* @return boolean
*/
public function validate($rules, array $messages = []): bool
protected function validate($rules, array $messages = []): bool
{
$this->validator = Services::validation();

6
tests/system/ControllerTest.php
View File

@ -87,7 +87,8 @@ class ControllerTest extends \CIUnitTestCase
$this->controller = new Controller();
$this->controller->initController($this->request, $this->response, $this->logger);
$this->assertNull($this->controller->cachePage(10));
$method = $this->getPrivateMethodInvoker($this->controller, 'cachePage');
$this->assertNull($method(10));
}
public function testValidate()
@ -97,7 +98,8 @@ class ControllerTest extends \CIUnitTestCase
$this->controller->initController($this->request, $this->response, $this->logger);
// and that we can attempt validation, with no rules
$this->assertFalse($this->controller->validate([]));
$method = $this->getPrivateMethodInvoker($this->controller, 'validate');
$this->assertFalse($method([]));
}
//--------------------------------------------------------------------