mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-18 18:46:17 +00:00
Merge branch 'postlink-token' into 2.x
Fix inline postLink() calls corrupting the containing form's tampering token. Refs #8387
This commit is contained in:
mark_story
commit
1333cc4b3e
2 changed files with 34 additions and 1 deletions
|
|
@ -8117,6 +8117,34 @@ class FormHelperTest extends CakeTestCase {
|
|||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that postLink doesn't modify the fields in the containing form.
|
||||
*
|
||||
* postLink() calls inside open forms should not modify the field list
|
||||
* for the form.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testPostLinkSecurityHashInline() {
|
||||
$hash = Security::hash(
|
||||
'/posts/delete/1' .
|
||||
serialize(array()) .
|
||||
'' .
|
||||
Configure::read('Security.salt')
|
||||
);
|
||||
$hash .= '%3A';
|
||||
$this->Form->request->params['_Token']['key'] = 'test';
|
||||
|
||||
$this->Form->create('Post', ['url' => ['action' => 'add']]);
|
||||
$this->Form->input('title');
|
||||
$this->Form->postLink('Delete', '/posts/delete/1', ['inline' => false]);
|
||||
$result = $this->View->fetch('postLink');
|
||||
|
||||
$this->assertEquals(array('Post.title'), $this->Form->fields);
|
||||
$this->assertContains($hash, $result, 'Should contain the correct hash.');
|
||||
$this->assertAttributeEquals('/posts/add', '_lastAction', $this->Form, 'lastAction was should be restored.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Test using postLink with N dimensional data.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -611,11 +611,13 @@ class FormHelper extends AppHelper {
|
|||
$tokenFields = array_merge($secureAttributes, array(
|
||||
'value' => urlencode($fields . ':' . $locked),
|
||||
'id' => 'TokenFields' . mt_rand(),
|
||||
'secure' => static::SECURE_SKIP,
|
||||
));
|
||||
$out = $this->hidden('_Token.fields', $tokenFields);
|
||||
$tokenUnlocked = array_merge($secureAttributes, array(
|
||||
'value' => urlencode($unlocked),
|
||||
'id' => 'TokenUnlocked' . mt_rand(),
|
||||
'secure' => static::SECURE_SKIP,
|
||||
));
|
||||
$out .= $this->hidden('_Token.unlocked', $tokenUnlocked);
|
||||
return $this->Html->useTag('hiddenblock', $out);
|
||||
|
|
@ -1868,6 +1870,7 @@ class FormHelper extends AppHelper {
|
|||
unset($options['target']);
|
||||
}
|
||||
|
||||
$previousLastAction = $this->_lastAction;
|
||||
$this->_lastAction($url);
|
||||
|
||||
$out = $this->Html->useTag('form', $formUrl, $formOptions);
|
||||
|
|
@ -1880,7 +1883,7 @@ class FormHelper extends AppHelper {
|
|||
if (isset($options['data']) && is_array($options['data'])) {
|
||||
foreach (Hash::flatten($options['data']) as $key => $value) {
|
||||
$fields[$key] = $value;
|
||||
$out .= $this->hidden($key, array('value' => $value, 'id' => false));
|
||||
$out .= $this->hidden($key, array('value' => $value, 'id' => false, 'secure' => static::SECURE_SKIP));
|
||||
}
|
||||
unset($options['data']);
|
||||
}
|
||||
|
|
@ -1890,6 +1893,8 @@ class FormHelper extends AppHelper {
|
|||
if ($options['block']) {
|
||||
$this->_View->append($options['block'], $out);
|
||||
$out = '';
|
||||
// Reset security-relevant fields for outer form
|
||||
$this->_lastAction = $previousLastAction;
|
||||
}
|
||||
unset($options['block']);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue