Fixing Router::reverse() serializing all of _Token.

Removing CSRF tokens from the parameters SecurityComponent exports.
Updating tests for both Router and SecurityComponent.
Fixes #1697

lib/Cake/Controller/Component/SecurityComponent.php

@@ -495,8 +495,11 @@ class SecurityComponent extends Component {
 		if ($this->csrfCheck && ($this->csrfUseOnce || empty($tokenData['csrfTokens'])) ) {
 			$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
 		}
-		$controller->request->params['_Token'] = $token;
 		$this->Session->write('_Token', $token);
+		$controller->request->params['_Token'] = array(
+			'key' => $token['key'],
+			'disabledFields' => $token['disabledFields']
+		);
 		return true;
 	}
 

lib/Cake/Routing/Router.php

@@ -1029,7 +1029,8 @@ class Router {
 
 		unset(
 			$params['pass'], $params['named'], $params['paging'], $params['models'], $params['url'], $url['url'],
-			$params['autoRender'], $params['bare'], $params['requested'], $params['return']
+			$params['autoRender'], $params['bare'], $params['requested'], $params['return'],
+			$params['_Token']
 		);
 		$params = array_merge($params, $pass, $named);
 		if (!empty($url)) {

lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php

@@ -996,6 +996,7 @@ class SecurityComponentTest extends CakeTestCase {
 		$token = $this->Security->Session->read('_Token');
 		$this->assertEquals(count($token['csrfTokens']), 1, 'Missing the csrf token.');
 		$this->assertEquals(strtotime('+10 minutes'), current($token['csrfTokens']), 'Token expiry does not match');
+		$this->assertEquals(array('key', 'disabledFields'), array_keys($this->Controller->request->params['_Token']), 'Keys don not match');
 	}
 
 /**

lib/Cake/Test/Case/Routing/RouterTest.php

@@ -2285,7 +2285,8 @@ class RouterTest extends CakeTestCase {
 			'autoRender' => 1,
 			'bare' => 1,
 			'return' => 1,
-			'requested' => 1
+			'requested' => 1,
+			'_Token' => array('key' => 'sekret')
 		);
 		$result = Router::reverse($params);
 		$this->assertEqual($result, '/posts/view/1');