Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix secure field lists when select elements have custom name attributes.

When a select element had a custom name attribute the secured field name
was incorrect.

Fixes #3753
mark_story 13 years ago
parent
8bd1980dd4
commit
ed435870ae
2 changed files with 45 additions and 9 deletions
Split View Show Diff Stats
  1. 26 1
      lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. 19 8
      lib/Cake/View/Helper/FormHelper.php

+ 26 - 1
lib/Cake/Test/Case/View/Helper/FormHelperTest.php
View File 

@@ -1200,7 +1200,8 @@ class FormHelperTest extends CakeTestCase {
 
 		$this->assertTags($result, $expected);
 
 
 		$result = $this->Form->hidden('UserForm.stuff');
 
-		$expected = array('input' => array(
 
+		$expected = array(
 
+			'input' => array(
 
 				'type' => 'hidden', 'name' => 'data[UserForm][stuff]',
 
 				'id' => 'UserFormStuff'
 
 		));
 
@@ -1257,6 +1258,30 @@ class FormHelperTest extends CakeTestCase {
 
 	}
 
 
 /**
 
+ * Test secured inputs with custom names.
 
+ *
 
+ * @return void
 
+ */
 
+	public function testSecuredInputCustomName() {
 
+		$this->Form->request['_Token'] = array('key' => 'testKey');
 
+		$this->assertEquals(array(), $this->Form->fields);
 
+
 
+		$this->Form->input('text_input', array(
 
+			'name' => 'data[Option][General.default_role]',
 
+		));
 
+		$expected = array('Option.General.default_role');
 
+		$this->assertEquals($expected, $this->Form->fields);
 
+
 
+		$this->Form->input('select_box', array(
 
+			'name' => 'data[Option][General.select_role]',
 
+			'type' => 'select',
 
+			'options' => array(1, 2),
 
+		));
 
+		$expected = array('Option.General.default_role', 'Option.General.select_role');
 
+		$this->assertEquals($expected, $this->Form->fields);
 
+	}
 
+
 
+/**
 
  * Tests that the correct keys are added to the field hash index
 
  *
 
  * @return void

+ 19 - 8
lib/Cake/View/Helper/FormHelper.php
View File 

@@ -9,7 +9,7 @@
 
  *
 
  * @copyright   Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 
  * @link        http://cakephp.org CakePHP(tm) Project
 
- * @package       Cake.View.Helper
 
+ * @package     Cake.View.Helper
 
  * @since       CakePHP(tm) v 0.10.0.1076
 
  * @license     MIT License (http://www.opensource.org/licenses/mit-license.php)
 
  */
 
@@ -2015,7 +2015,7 @@ class FormHelper extends AppHelper {
 
 				empty($attributes['disabled']) &&
 
 				(!empty($attributes['multiple']) || $hasOptions)
 
 			) {
 
-				$this->_secure(true);
 
+				$this->_secure(true, $this->_secureFieldName($attributes));
 
 			}
 
 			$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => null, 'value' => null)));
 
 		}
 
@@ -2828,16 +2828,27 @@ class FormHelper extends AppHelper {
 
 			$result['required'] = true;
 
 		}
 
 
-		$fieldName = null;
 
-		if (!empty($options['name'])) {
 
+		$this->_secure($secure, $this->_secureFieldName($options));
 
+		return $result;
 
+	}
 
+
 
+/**
 
+ * Get the field name for use with _secure().
 
+ *
 
+ * Parses the name attribute to create a dot separated name value for use
 
+ * in secured field hash.
 
+ *
 
+ * @param array $options An array of options possibly containing a name key.
 
+ * @return string|null
 
+ */
 
+	protected function _secureFieldName($options) {
 
+		if (isset($options['name'])) {
 
 			preg_match_all('/\[(.*?)\]/', $options['name'], $matches);
 
 			if (isset($matches[1])) {
 
-				$fieldName = $matches[1];
 
+				return $matches[1];
 
 			}
 
 		}
 
-
 
-		$this->_secure($secure, $fieldName);
 
-		return $result;
 
+		return null;
 
 	}
 
 
 /**