Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #6203 from ADmad/widgets-2

Widgets with empty name values should not break secured forms.
Mark Story 11 years ago
parent
0e156460ce e3275099a0
commit
5ac9ebb7fa
3 changed files with 30 additions and 6 deletions
Split View Show Diff Stats
  1. 11 3
      src/View/Helper/FormHelper.php
  2. 0 3
      src/View/Widget/SelectBoxWidget.php
  3. 19 0
      tests/TestCase/View/Helper/FormHelperTest.php

+ 11 - 3
src/View/Helper/FormHelper.php
View File 

@@ -617,10 +617,14 @@ class FormHelper extends Helper
 
      * @param string|array $field Reference to field to be secured. Can be dot
 
      *   separated string to indicate nesting or array of fieldname parts.
 
      * @param mixed $value Field value, if value should not be tampered with.
 
-     * @return mixed|null Not used yet
 
+     * @return void
 
      */
 
     protected function _secure($lock, $field, $value = null)
 
     {
 
+        if (empty($field) && $field !== '0') {
 
+            return;
 
+        }
 
+
 
         if (is_string($field)) {
 
             $field = Hash::filter(explode('.', $field));
 
         }
 
@@ -2385,11 +2389,15 @@ class FormHelper extends Helper
 
      * fieldname parts like ['Model', 'field'] is returned.
 
      *
 
      * @param string $name The form inputs name attribute.
 
-     * @return string|array|null Dot separated string like Foo.bar, array of filename
 
-     *   params like ['Model', 'field'] or null if options does not contain name.
 
+     * @return array Array of field name params like ['Model.field'] or
 
+     *   ['Model', 'field'] for array fields or empty array if $name is empty.
 
      */
 
     protected function _secureFieldName($name)
 
     {
 
+        if (empty($name) && $name !== '0') {
 
+            return [];
 
+        }
 
+
 
         if (strpos($name, '[') === false) {
 
             return [$name];
 
         }

+ 0 - 3
src/View/Widget/SelectBoxWidget.php
View File 

@@ -129,9 +129,6 @@ class SelectBoxWidget implements WidgetInterface
 
             'val' => null,
 
         ];
 
 
-        if (empty($data['name'])) {
 
-            throw new \RuntimeException('Cannot make inputs with empty name attributes.');
 
-        }
 
         $options = $this->_renderContent($data);
 
         $name = $data['name'];
 
         unset($data['name'], $data['options'], $data['empty'], $data['val'], $data['escape']);

+ 19 - 0
tests/TestCase/View/Helper/FormHelperTest.php
View File 

@@ -263,6 +263,25 @@ class FormHelperTest extends TestCase
 
     }
 
 
     /**
 
+     * Test that empty string is not added to secure fields list when
 
+     * rendering input widget without name.
 
+     *
 
+     * @return void
 
+     */
 
+    public function testRenderingWidgetWithEmptyName()
 
+    {
 
+        $this->assertEquals([], $this->Form->fields);
 
+
 
+        $result = $this->Form->widget('select', ['secure' => true, 'name' => '']);
 
+        $this->assertEquals('<select name=""></select>', $result);
 
+        $this->assertEquals([], $this->Form->fields);
 
+
 
+        $result = $this->Form->widget('select', ['secure' => true, 'name' => '0']);
 
+        $this->assertEquals('<select name="0"></select>', $result);
 
+        $this->assertEquals(['0'], $this->Form->fields);
 
+    }
 
+
 
+    /**
 
      * Test registering an invalid widget class.
 
      *
 
      * @expectedException \RuntimeException