mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Adding the _x and _y fields to the unlocked fields
for image submits. Fixes #2032
This commit is contained in:
mark_story
parent
6e22f1d0a8
commit
08b974d64b
2 changed files with 61 additions and 7 deletions
|
|
@ -959,6 +959,45 @@ class FormHelperTest extends CakeTestCase {
|
|||
$this->assertTags($result, $expected);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that the correct fields are unlocked for image submits with no names.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testSecuritySubmitImageNoName() {
|
||||
$key = 'testKey';
|
||||
$this->Form->request['_Token'] = array('key' => $key);
|
||||
|
||||
$this->Form->create('User');
|
||||
$result = $this->Form->submit('save.png');
|
||||
$expected = array(
|
||||
'div' => array('class' => 'submit'),
|
||||
'input' => array('type' => 'image', 'src' => 'img/save.png'),
|
||||
'/div'
|
||||
);
|
||||
$this->assertTags($result, $expected);
|
||||
$this->assertEquals(array('x', 'y'), $this->Form->unlockField());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that the correct fields are unlocked for image submits with names.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testSecuritySubmitImageName() {
|
||||
$key = 'testKey';
|
||||
$this->Form->request['_Token'] = array('key' => $key);
|
||||
|
||||
$this->Form->create('User');
|
||||
$result = $this->Form->submit('save.png', array('name' => 'test'));
|
||||
$expected = array(
|
||||
'div' => array('class' => 'submit'),
|
||||
'input' => array('type' => 'image', 'name' => 'test', 'src' => 'img/save.png'),
|
||||
'/div'
|
||||
);
|
||||
$this->assertTags($result, $expected);
|
||||
$this->assertEquals(array('test', 'test_x', 'test_y'), $this->Form->unlockField());
|
||||
}
|
||||
/**
|
||||
* testFormSecurityMultipleInputFields method
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1600,22 +1600,37 @@ class FormHelper extends AppHelper {
|
|||
$after = $options['after'];
|
||||
unset($options['before'], $options['after']);
|
||||
|
||||
if (strpos($caption, '://') !== false) {
|
||||
$isUrl = strpos($caption, '://') !== false;
|
||||
$isImage = preg_match('/\.(jpg|jpe|jpeg|gif|png|ico)$/', $caption);
|
||||
|
||||
if ($isUrl || $isImage) {
|
||||
$unlockFields = array('x', 'y');
|
||||
if (isset($options['name'])) {
|
||||
$unlockFields = array(
|
||||
$options['name'] . '_x', $options['name'] . '_y'
|
||||
);
|
||||
}
|
||||
foreach ($unlockFields as $ignore) {
|
||||
$this->unlockField($ignore);
|
||||
}
|
||||
}
|
||||
|
||||
if ($isUrl) {
|
||||
unset($options['type']);
|
||||
$out .= $before . $this->Html->useTag('submitimage', $caption, $options) . $after;
|
||||
} elseif (preg_match('/\.(jpg|jpe|jpeg|gif|png|ico)$/', $caption)) {
|
||||
$tag = $this->Html->useTag('submitimage', $caption, $options);
|
||||
} elseif ($isImage) {
|
||||
unset($options['type']);
|
||||
if ($caption{0} !== '/') {
|
||||
$url = $this->webroot(IMAGES_URL . $caption);
|
||||
} else {
|
||||
$caption = trim($caption, '/');
|
||||
$url = $this->webroot($caption);
|
||||
$url = $this->webroot(trim($caption, '/'));
|
||||
}
|
||||
$out .= $before . $this->Html->useTag('submitimage', $url, $options) . $after;
|
||||
$tag = $this->Html->useTag('submitimage', $url, $options);
|
||||
} else {
|
||||
$options['value'] = $caption;
|
||||
$out .= $before . $this->Html->useTag('submit', $options) . $after;
|
||||
$tag = $this->Html->useTag('submit', $options);
|
||||
}
|
||||
$out = $before . $tag . $after;
|
||||
|
||||
if (isset($divOptions)) {
|
||||
$tag = $divOptions['tag'];
|
||||
|
|
|
|||
Loading…
Reference in a new issue