Fix incorrect pattern in SecurityComponent.

The test pattern was not catching multi digit numbers.

Refs #6456

src/Controller/Component/SecurityComponent.php

@@ -306,7 +306,7 @@ class SecurityComponent extends Component
         $multi = [];
 
         foreach ($fieldList as $i => $key) {
-            if (preg_match('/(\.\d){1,10}$/', $key)) {
+            if (preg_match('/(\.\d+){1,10}$/', $key)) {
                 $multi[$i] = preg_replace('/(\.\d+){1,10}$/', '', $key);
                 unset($fieldList[$i]);
             } else {

tests/TestCase/Controller/Component/SecurityComponentTest.php

@@ -500,6 +500,12 @@ class SecurityComponentTest extends TestCase
             '_Token' => compact('fields', 'unlocked')
         ];
         $this->assertTrue($this->Controller->Security->validatePost($this->Controller));
+
+        $this->Controller->request->data = [
+            'Model' => ['multi_field' => [12 => '1',  20 => '3']],
+            '_Token' => compact('fields', 'unlocked')
+        ];
+        $this->assertTrue($this->Controller->Security->validatePost($this->Controller));
     }
 
     /**