[Jifty-commit] r6725 - jifty/trunk/lib/Jifty
Jifty commits
jifty-commit at lists.jifty.org
Thu Apr 2 16:05:12 EDT 2009
Author: alexmv
Date: Thu Apr 2 16:05:10 2009
New Revision: 6725
Modified:
jifty/trunk/lib/Jifty/Web.pm
Log:
Instead of a useless Carp trace, show the deny/allow trace when we hit a denied action
Modified: jifty/trunk/lib/Jifty/Web.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web.pm (original)
+++ jifty/trunk/lib/Jifty/Web.pm Thu Apr 2 16:05:10 2009
@@ -355,9 +355,10 @@
next if $request_action->has_run;
unless ( $self->request->just_validating ) {
unless ( Jifty->api->is_allowed( $request_action->class ) ) {
- $self->log->warn( Carp::longmess("Attempt to call denied action '"
+ $self->log->warn( "Attempt to call denied action '"
. $request_action->class
- . "'" ));
+ . "'" );
+ $self->log->warn( Jifty->api->explain($request_action->class ) );
$self->log->error("NOTICE! A cross-site scripting security fix has been installed so that actions are now by default DENIED during GET requests. You must specifically whitelist safe actions using this in your dispatcher: before '*' => run { Jifty->api->allow('SafeAction') }; - We apologize for the inconvenience.") if $self->request->request_method eq "GET";
push @denied_actions, $request_action;
next;
More information about the Jifty-commit
mailing list