Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix datetime fields not being secured.

Ensure all the various datetime fields are added to Form->fields so they
are not blackholed later.

Fixes #3573
mark_story 12 years ago
parent
e5b73bdab4
commit
64e63371b4
2 changed files with 53 additions and 1 deletions
Split View Show Diff Stats
  1. 25 1
      src/View/Helper/FormHelper.php
  2. 28 0
      tests/TestCase/View/Helper/FormHelperTest.php

+ 25 - 1
src/View/Helper/FormHelper.php
View File 

@@ -345,7 +345,6 @@ class FormHelper extends Helper {
 
 		if (!empty($append)) {
 
 			$append = $templater->format('hiddenblock', ['content' => $append]);
 
 		}
 
-
 
 		$this->_lastAction = $action;
 
 		if (strpos($action, '://')) {
 
 			$query = parse_url($action, PHP_URL_QUERY);
 
@@ -1955,9 +1954,21 @@ class FormHelper extends Helper {
 
 			'timeFormat' => 24,
 
 			'second' => false,
 
 		];
 
+		$secure = true;
 
+		if (isset($options['secure'])) {
 
+			$secure = $options['secure'];
 
+		}
 
+		$options['secure'] = static::SECURE_SKIP;
 
+
 
 		$options = $this->_initInputField($fieldName, $options);
 
 		$options = $this->_datetimeOptions($options);
 
 
+		foreach ($this->_datetimeParts as $type) {
 
+			if ($options[$type] !== false) {
 
+				$this->_secure($secure, $fieldName . '.' . $type);
 
+			}
 
+		}
 
+
 
 		return $this->widget('datetime', $options);
 
 	}
 
 
@@ -2080,9 +2091,22 @@ class FormHelper extends Helper {
 
 		];
 
 		$options['hour'] = $options['minute'] = false;
 
 		$options['meridian'] = $options['second'] = false;
 
+
 
+		$secure = true;
 
+		if (isset($options['secure'])) {
 
+			$secure = $options['secure'];
 
+		}
 
+		$options['secure'] = static::SECURE_SKIP;
 
+
 
 		$options = $this->_initInputField($fieldName, $options);
 
 		$options = $this->_datetimeOptions($options);
 
 
+		foreach ($this->_datetimeParts as $type) {
 
+			if ($options[$type] !== false) {
 
+				$this->_secure($secure, $fieldName . '.' . $type);
 
+			}
 
+		}
 
+
 
 		return $this->widget('datetime', $options);
 
 	}

+ 28 - 0
tests/TestCase/View/Helper/FormHelperTest.php
View File 

@@ -4234,6 +4234,34 @@ class FormHelperTest extends TestCase {
 
 	}
 
 
 /**
 
+ * Test that datetime fields are added to protected fields list.
 
+ *
 
+ * @return void
 
+ */
 
+	public function testDateTimeSecured() {
 
+		$this->Form->request->params['_Token'] = ['unlockedFields' => []];
 
+		$this->Form->dateTime('Contact.date');
 
+		$expected = [
 
+			'Contact.date.year',
 
+			'Contact.date.month',
 
+			'Contact.date.day',
 
+			'Contact.date.hour',
 
+			'Contact.date.minute',
 
+			'Contact.date.meridian',
 
+		];
 
+		$this->assertEquals($expected, $this->Form->fields);
 
+
 
+		$this->Form->fields = [];
 
+		$this->Form->date('Contact.published');
 
+		$expected = [
 
+			'Contact.published.year',
 
+			'Contact.published.month',
 
+			'Contact.published.day',
 
+		];
 
+		$this->assertEquals($expected, $this->Form->fields);
 
+	}
 
+
 
+/**
 
  * Test empty defaulting to true for datetime.
 
  *
 
  * @return void