adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'postlink-token' into 2.x

Browse source 
Fix inline postLink() calls corrupting the containing form's tampering
token.

Refs #8387
This commit is contained in:
mark_story 2016-04-01 23:08:41 -04:00
commit 1333cc4b3e
2 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
lib/Cake/Test/Case/View/Helper/FormHelperTest.php
View file

@ -8117,6 +8117,34 @@ class FormHelperTest extends CakeTestCase {
)); ));
} }
/**
* Test that postLink doesn't modify the fields in the containing form.
*
* postLink() calls inside open forms should not modify the field list
* for the form.
*
* @return void
*/
public function testPostLinkSecurityHashInline() {
$hash = Security::hash(
'/posts/delete/1' .
serialize(array()) .
'' .
Configure::read('Security.salt')
);
$hash .= '%3A';
$this->Form->request->params['_Token']['key'] = 'test';
$this->Form->create('Post', ['url' => ['action' => 'add']]);
$this->Form->input('title');
$this->Form->postLink('Delete', '/posts/delete/1', ['inline' => false]);
$result = $this->View->fetch('postLink');
$this->assertEquals(array('Post.title'), $this->Form->fields);
$this->assertContains($hash, $result, 'Should contain the correct hash.');
$this->assertAttributeEquals('/posts/add', '_lastAction', $this->Form, 'lastAction was should be restored.');
}
/** /**
* Test using postLink with N dimensional data. * Test using postLink with N dimensional data.
* *

7
lib/Cake/View/Helper/FormHelper.php
View file

@ -611,11 +611,13 @@ class FormHelper extends AppHelper {
$tokenFields = array_merge($secureAttributes, array( $tokenFields = array_merge($secureAttributes, array(
'value' => urlencode($fields . ':' . $locked), 'value' => urlencode($fields . ':' . $locked),
'id' => 'TokenFields' . mt_rand(), 'id' => 'TokenFields' . mt_rand(),
'secure' => static::SECURE_SKIP,
)); ));
$out = $this->hidden('_Token.fields', $tokenFields); $out = $this->hidden('_Token.fields', $tokenFields);
$tokenUnlocked = array_merge($secureAttributes, array( $tokenUnlocked = array_merge($secureAttributes, array(
'value' => urlencode($unlocked), 'value' => urlencode($unlocked),
'id' => 'TokenUnlocked' . mt_rand(), 'id' => 'TokenUnlocked' . mt_rand(),
'secure' => static::SECURE_SKIP,
)); ));
$out .= $this->hidden('_Token.unlocked', $tokenUnlocked); $out .= $this->hidden('_Token.unlocked', $tokenUnlocked);
return $this->Html->useTag('hiddenblock', $out); return $this->Html->useTag('hiddenblock', $out);
@ -1868,6 +1870,7 @@ class FormHelper extends AppHelper {
unset($options['target']); unset($options['target']);
} }
$previousLastAction = $this->_lastAction;
$this->_lastAction($url); $this->_lastAction($url);
$out = $this->Html->useTag('form', $formUrl, $formOptions); $out = $this->Html->useTag('form', $formUrl, $formOptions);
@ -1880,7 +1883,7 @@ class FormHelper extends AppHelper {
if (isset($options['data']) && is_array($options['data'])) { if (isset($options['data']) && is_array($options['data'])) {
foreach (Hash::flatten($options['data']) as $key => $value) { foreach (Hash::flatten($options['data']) as $key => $value) {
$fields[$key] = $value; $fields[$key] = $value;
$out .= $this->hidden($key, array('value' => $value, 'id' => false)); $out .= $this->hidden($key, array('value' => $value, 'id' => false, 'secure' => static::SECURE_SKIP));
} }
unset($options['data']); unset($options['data']);
} }
@ -1890,6 +1893,8 @@ class FormHelper extends AppHelper {
if ($options['block']) { if ($options['block']) {
$this->_View->append($options['block'], $out); $this->_View->append($options['block'], $out);
$out = ''; $out = '';
// Reset security-relevant fields for outer form
$this->_lastAction = $previousLastAction;
} }
unset($options['block']); unset($options['block']);