From 39632c4689842b3e3bb0715c0e9be757149c257d Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Tue, 15 Sep 2009 23:01:26 -0700
Subject: Also check for rss feeds in controller auth check

---
 modules/gallery/tests/Controller_Auth_Test.php | 8 ++++++--
 modules/gallery/tests/controller_auth_data.txt | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php
index cd4abe07..caf6d8f2 100644
--- a/modules/gallery/tests/Controller_Auth_Test.php
+++ b/modules/gallery/tests/Controller_Auth_Test.php
@@ -25,7 +25,9 @@ class Controller_Auth_Test extends Unit_Test_Case {
 
   public function find_missing_auth_test() {
     $found = array();
-    foreach (glob("*/*/controllers/*.php") as $controller) {
+    $controllers = glob("*/*/controllers/*.php");
+    $feeds = glob("*/*/helpers/*_rss.php");
+    foreach (array_merge($controllers, $feeds) as $controller) {
       if (preg_match("{modules/(gallery_)?unit_test/}", $controller)) {
         continue;
       }
@@ -92,7 +94,9 @@ class Controller_Auth_Test extends Unit_Test_Case {
               }
             } while ($token_number < count($tokens));
 
-            if (!$is_static &&
+            $is_rss_feed = $name == "feed" && strpos(basename($controller), "_rss.php");
+
+            if ((!$is_static || $is_rss_feed) &&
                 (!$is_private ||
                  ($is_rest_controller && in_array($name, self::$rest_methods)))) {
               $function = self::_function($name, $line, $is_admin_controller);
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index fcb977e4..fdf00c5e 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -1,5 +1,6 @@
 modules/comment/controllers/admin_comments.php               queue                DIRTY_CSRF
 modules/comment/controllers/comments.php                     _index               DIRTY_CSRF
+modules/comment/helpers/comment_rss.php                      feed                 DIRTY_AUTH
 modules/digibug/controllers/digibug.php                      print_proxy          DIRTY_CSRF|DIRTY_AUTH
 modules/digibug/controllers/digibug.php                      close_window         DIRTY_AUTH
 modules/gallery/controllers/admin.php                        __call               DIRTY_AUTH
-- 
cgit v1.2.3