From 318c2b495264e8c28ff8eb4ec10ef18126d0e514 Mon Sep 17 00:00:00 2001 From: nate Date: Wed, 29 Oct 2008 06:55:42 +0000 Subject: [PATCH] Correcting SecurityComponent form hash generation when handling arrays, fixes #5588. Fixing code formatting in FormHelper test. git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7794 3807eeeb-6ff5-0310-8944-8be069107fe0 --- cake/libs/controller/components/security.php | 2 +- .../controller/components/security.test.php | 8 +++ .../cases/libs/view/helpers/form.test.php | 62 +++++++++++++------ 3 files changed, 52 insertions(+), 20 deletions(-) diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php index d27bab9d0..6bd4c236d 100644 --- a/cake/libs/controller/components/security.php +++ b/cake/libs/controller/components/security.php @@ -578,7 +578,7 @@ class SecurityComponent extends Object { foreach ($fieldList as $i => $key) { if (preg_match('/\.\d+$/', $key)) { - $multi[] = preg_replace('/\.\d+$/', '', $key); + $multi[$i] = preg_replace('/\.\d+$/', '', $key); unset($fieldList[$i]); } } diff --git a/cake/tests/cases/libs/controller/components/security.test.php b/cake/tests/cases/libs/controller/components/security.test.php index c571cd21f..dc4d9e58f 100644 --- a/cake/tests/cases/libs/controller/components/security.test.php +++ b/cake/tests/cases/libs/controller/components/security.test.php @@ -584,6 +584,14 @@ DIGEST; ); $result = $this->Controller->Security->validatePost($this->Controller); $this->assertTrue($result); + + $fields = '19464422eafe977ee729c59222af07f983010c5f%3An%3A0%3A%7B%7D'; + $this->Controller->data = array( + 'User.password' => 'bar', 'User.name' => 'foo', 'User.is_valid' => '1', + 'Tag' => array('Tag' => array(1)), '_Token' => compact('key', 'fields'), + ); + $result = $this->Controller->Security->validatePost($this->Controller); + $this->assertTrue($result); } /** * testValidatePostCheckbox method diff --git a/cake/tests/cases/libs/view/helpers/form.test.php b/cake/tests/cases/libs/view/helpers/form.test.php index 68a4e790b..8133f02fd 100644 --- a/cake/tests/cases/libs/view/helpers/form.test.php +++ b/cake/tests/cases/libs/view/helpers/form.test.php @@ -714,7 +714,7 @@ class FormHelperTest extends CakeTestCase { array('input' => array( 'type' => 'text', 'name' => 'data[Contact][foo]', 'value' => '', 'id' => 'ContactFoo' - )), + )), '/div' ); } @@ -1050,18 +1050,16 @@ class FormHelperTest extends CakeTestCase { function testFormSecuredMultipleSelect() { $this->Form->params['_Token']['key'] = 'testKey'; $this->assertEqual($this->Form->fields, array()); + $options = array('1' => 'one', '2' => 'two'); - $this->Form->select('Model.select', array('1' => 'one', '2' => 'two')); + $this->Form->select('Model.select', $options); $expected = array('Model.select'); $this->assertEqual($this->Form->fields, $expected); $this->Form->fields = array(); - $this->Form->select( - 'Model.select', array('1' => 'one', '2' => 'two'), null, array('multiple' => true) - ); + $this->Form->select('Model.select', $options, null, array('multiple' => true)); $this->assertEqual($this->Form->fields, $expected); } - /** * testPasswordValidation method * @@ -1078,7 +1076,10 @@ class FormHelperTest extends CakeTestCase { 'label' => array('for' => 'ContactPassword'), 'Password', '/label', - 'input' => array('type' => 'password', 'name' => 'data[Contact][password]', 'value' => '', 'id' => 'ContactPassword', 'class' => 'form-error'), + 'input' => array( + 'type' => 'password', 'name' => 'data[Contact][password]', + 'value' => '', 'id' => 'ContactPassword', 'class' => 'form-error' + ), array('div' => array('class' => 'error-message')), 'Please provide a password', '/div', @@ -1098,14 +1099,19 @@ class FormHelperTest extends CakeTestCase { $this->UserForm =& ClassRegistry::getObject('UserForm'); $this->UserForm->OpenidUrl =& ClassRegistry::getObject('OpenidUrl'); - $data = array('UserForm' => array('name' => 'user'), 'OpenidUrl' => array('url' => 'http://www.cakephp.org')); + $data = array( + 'UserForm' => array('name' => 'user'), + 'OpenidUrl' => array('url' => 'http://www.cakephp.org') + ); $this->assertTrue($this->UserForm->OpenidUrl->create($data)); $this->assertFalse($this->UserForm->OpenidUrl->validates()); $result = $this->Form->create('UserForm', array('type' => 'post', 'action' => 'login')); $expected = array( - 'form' => array('method' => 'post', 'action' => '/user_forms/login/', 'id' => 'UserFormLoginForm'), + 'form' => array( + 'method' => 'post', 'action' => '/user_forms/login/', 'id' => 'UserFormLoginForm' + ), 'fieldset' => array('style' => 'display:none;'), 'input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST'), '/fieldset' @@ -1115,11 +1121,12 @@ class FormHelperTest extends CakeTestCase { $expected = array('OpenidUrl' => array('openid_not_registered' => 1)); $this->assertEqual($this->Form->validationErrors, $expected); - $result = $this->Form->error('OpenidUrl.openid_not_registered', 'Error, not registered', array('wrap' => false)); + $result = $this->Form->error( + 'OpenidUrl.openid_not_registered', 'Error, not registered', array('wrap' => false) + ); $this->assertEqual($result, 'Error, not registered'); - unset($this->UserForm->OpenidUrl); - unset($this->UserForm); + unset($this->UserForm->OpenidUrl, $this->UserForm); } /** * testFormValidationAssociatedFirstLevel method @@ -1133,7 +1140,10 @@ class FormHelperTest extends CakeTestCase { $this->ValidateUser =& ClassRegistry::getObject('ValidateUser'); $this->ValidateUser->ValidateProfile =& ClassRegistry::getObject('ValidateProfile'); - $data = array('ValidateUser' => array('name' => 'mariano'), 'ValidateProfile' => array('full_name' => 'Mariano Iglesias')); + $data = array( + 'ValidateUser' => array('name' => 'mariano'), + 'ValidateProfile' => array('full_name' => 'Mariano Iglesias') + ); $this->assertTrue($this->ValidateUser->create($data)); $this->assertFalse($this->ValidateUser->validates()); @@ -1210,14 +1220,19 @@ class FormHelperTest extends CakeTestCase { * @return void */ function testFormValidationMultiRecord() { - $this->Form->validationErrors['Contact'] = array(2 => array('name' => 'This field cannot be left blank')); + $this->Form->validationErrors['Contact'] = array(2 => array( + 'name' => 'This field cannot be left blank' + )); $result = $this->Form->input('Contact.2.name'); $expected = array( 'div' => array('class'), 'label' => array('for'), 'preg:/[^<]+/', '/label', - 'input' => array('type' => 'text', 'name', 'value' => '', 'id', 'class' => 'form-error', 'maxlength' => 255), + 'input' => array( + 'type' => 'text', 'name', 'value' => '', 'id', + 'class' => 'form-error', 'maxlength' => 255 + ), array('div' => array('class' => 'error-message')), 'This field cannot be left blank', '/div', @@ -1225,7 +1240,9 @@ class FormHelperTest extends CakeTestCase { ); $this->assertTags($result, $expected); - $this->Form->validationErrors['UserForm'] = array('OpenidUrl' => array('url' => 'You must provide a URL')); + $this->Form->validationErrors['UserForm'] = array( + 'OpenidUrl' => array('url' => 'You must provide a URL' + )); $this->Form->create('UserForm'); $result = $this->Form->input('OpenidUrl.url'); $expected = array( @@ -1233,7 +1250,9 @@ class FormHelperTest extends CakeTestCase { 'label' => array('for'), 'preg:/[^<]+/', '/label', - 'input' => array('type' => 'text', 'name', 'value' => '', 'id', 'class' => 'form-error'), + 'input' => array( + 'type' => 'text', 'name', 'value' => '', 'id', 'class' => 'form-error' + ), array('div' => array('class' => 'error-message')), 'You must provide a URL', '/div', @@ -1260,7 +1279,9 @@ class FormHelperTest extends CakeTestCase { 'label' => array('for'), 'preg:/[^<]+/', '/label', - 'input' => array('type' => 'text', 'name', 'value' => '', 'id', 'class' => 'form-error'), + 'input' => array( + 'type' => 'text', 'name', 'value' => '', 'id', 'class' => 'form-error' + ), array('div' => array('class' => 'error-message')), 'This field cannot be empty', '/div', @@ -1299,7 +1320,10 @@ class FormHelperTest extends CakeTestCase { 'label' => array('for'), 'preg:/[^<]+/', '/label', - 'input' => array('type' => 'text', 'name' => 'preg:/[^<]+/', 'value' => '', 'id' => 'preg:/[^<]+/', 'class' => 'form-error'), + 'input' => array( + 'type' => 'text', 'name' => 'preg:/[^<]+/', 'value' => '', + 'id' => 'preg:/[^<]+/', 'class' => 'form-error' + ), array('div' => array('class' => 'error-message')), 'You must have a last name', '/div',