Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #14187 from cakephp/issue-14178

Fix FileWidget with FormProtection and PSR7 file objects.
Mark Story 6 years ago
parent
4a39b72914 4c0d0e171e
commit
408a744859
3 changed files with 27 additions and 5 deletions
Split View Show Diff Stats
  1. 7 0
      src/View/Widget/FileWidget.php
  2. 1 5
      tests/TestCase/View/Helper/FormHelperTest.php
  3. 19 0
      tests/TestCase/View/Widget/FileWidgetTest.php

+ 7 - 0
src/View/Widget/FileWidget.php
View File 

@@ -16,6 +16,7 @@ declare(strict_types=1);
 
  */
 
 namespace Cake\View\Widget;
 
 
+use Cake\Core\Configure;
 
 use Cake\View\Form\ContextInterface;
 
 
 /**
 
@@ -74,6 +75,12 @@ class FileWidget extends BasicWidget
 
      */
 
     public function secureFields(array $data): array
 
     {
 
+        // PSR7 UploadedFileInterface objects are used.
 
+        if (Configure::read('App.uploadedFilesAsObjects', true)) {
 
+            return [$data['name']];
 
+        }
 
+
 
+        // Backwards compatibility for array files.
 
         $fields = [];
 
         foreach (['name', 'type', 'tmp_name', 'error', 'size'] as $suffix) {
 
             $fields[] = $data['name'] . '[' . $suffix . ']';

+ 1 - 5
tests/TestCase/View/Helper/FormHelperTest.php
View File 

@@ -2258,11 +2258,7 @@ class FormHelperTest extends TestCase
 
         $this->Form->create();
 
 
         $this->Form->file('Attachment.file');
 
-        $expected = [
 
-            'Attachment.file.name', 'Attachment.file.type',
 
-            'Attachment.file.tmp_name', 'Attachment.file.error',
 
-            'Attachment.file.size',
 
-        ];
 
+        $expected = ['Attachment.file'];
 
         $result = $this->Form->getFormProtector()->__debugInfo()['fields'];
 
         $this->assertEquals($expected, $result);
 
     }

+ 19 - 0
tests/TestCase/View/Widget/FileWidgetTest.php
View File 

@@ -16,6 +16,7 @@ declare(strict_types=1);
 
  */
 
 namespace Cake\Test\TestCase\View\Widget;
 
 
+use Cake\Core\Configure;
 
 use Cake\Http\ServerRequest;
 
 use Cake\TestSuite\TestCase;
 
 use Cake\View\Form\NullContext;
 
@@ -99,4 +100,22 @@ class FileWidgetTest extends TestCase
 
         ];
 
         $this->assertHtml($expected, $result);
 
     }
 
+
 
+    /**
 
+     * Test secureFields
 
+     *
 
+     * @return void
 
+     */
 
+    public function testSecureFields()
 
+    {
 
+        $input = new FileWidget($this->templates);
 
+        $data = ['name' => 'image', 'required' => true, 'val' => 'nope'];
 
+        $this->assertEquals(['image'], $input->secureFields($data));
 
+
 
+        Configure::write('App.uploadedFilesAsObjects', false);
 
+        $this->assertEquals(
 
+            ['image[name]', 'image[type]', 'image[tmp_name]', 'image[error]', 'image[size]'],
 
+            $input->secureFields($data)
 
+        );
 
+    }
 
 }