[Jifty-commit] r6600 - in jifty/trunk: lib/Jifty
Jifty commits
jifty-commit at lists.jifty.org
Tue Mar 17 10:56:56 EDT 2009
Author: alexmv
Date: Tue Mar 17 10:56:54 2009
New Revision: 6600
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Web.pm
Log:
r43239 at kohr-ah: chmrr | 2009-03-17 10:05:17 -0400
Cleanup "action denied" warnings a bit
Modified: jifty/trunk/lib/Jifty/Web.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web.pm (original)
+++ jifty/trunk/lib/Jifty/Web.pm Tue Mar 17 10:56:54 2009
@@ -354,11 +354,10 @@
next if $request_action->has_run;
unless ( $self->request->just_validating ) {
unless ( Jifty->api->is_allowed( $request_action->class ) ) {
- $self->log->warn( "Attempt to call denied action '"
+ $self->log->warn( Carp::longmess("Attempt to call denied action '"
. $request_action->class
- . "'" );
- Carp::cluck;
- $self->log->error("NOTICE! A cross-site scripting security fix has been installed so that actions are now by default DENIED during GET requests. You must specifically whitelist safe actions using this in your dispatcher: before '*' => run { Jifty->api->allow('SafeAction') }; - We apologize for the inconvenience.");
+ . "'" ));
+ $self->log->error("NOTICE! A cross-site scripting security fix has been installed so that actions are now by default DENIED during GET requests. You must specifically whitelist safe actions using this in your dispatcher: before '*' => run { Jifty->api->allow('SafeAction') }; - We apologize for the inconvenience.") if $self->request->request_method eq "GET";
push @denied_actions, $request_action;
next;
}
More information about the Jifty-commit
mailing list