adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix disabled + SecurityComponent

Browse source 
Disabled inputs should be omitted from the secured fields.
This will enable forms to submit successfully as long as those
inputs stay excluded from the form submission.

Fixes #2333
This commit is contained in:
mark_story 2011-12-07 22:30:40 -05:00
parent 123a1a21ba
commit 64eb38a953
2 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
lib/Cake/Test/Case/View/Helper/FormHelperTest.php
View file

@ -1365,6 +1365,34 @@ class FormHelperTest extends CakeTestCase {
$this->assertEquals($this->Form->fields, $expected);
}
/**
* test that forms with disabled inputs + secured forms leave off the inputs from the form
* hashing.
*
* @return void
*/
public function testFormSecuredAndDisabled() {
$this->Form->request['_Token'] = array('key' => 'testKey');
$this->Form->checkbox('Model.checkbox', array('disabled' => true));
$this->Form->text('Model.text', array('disabled' => true));
$this->Form->password('Model.text', array('disabled' => true));
$this->Form->textarea('Model.textarea', array('disabled' => true));
$this->Form->select('Model.select', array(1, 2), array('disabled' => true));
$this->Form->radio('Model.radio', array(1, 2), array('disabled' => array(1, 2)));
$this->Form->year('Model.year', null, null, array('disabled' => true));
$this->Form->month('Model.month', array('disabled' => true));
$this->Form->day('Model.day', array('disabled' => true));
$this->Form->hour('Model.hour', false, array('disabled' => true));
$this->Form->minute('Model.minute', array('disabled' => true));
$this->Form->meridian('Model.meridian', array('disabled' => true));
$expected = array(
'Model.radio' => ''
);
$this->assertEquals($expected, $this->Form->fields);
}
/**
* testDisableSecurityUsingForm method
*

8
lib/Cake/View/Helper/FormHelper.php
View file

@ -1778,7 +1778,7 @@ class FormHelper extends AppHelper {
}
if (!empty($tag) || isset($template)) {
if (!isset($secure) || $secure == true) {
if ((!isset($secure) || $secure == true) && empty($attributes['disabled'])) {
$this->_secure(true);
}
$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => '', 'value' => '')));
@ -2492,7 +2492,9 @@ class FormHelper extends AppHelper {
*
* ### Options
*
* - `secure` - boolean whether or not the field should be added to the security fields.
* - `secure` - boolean whether or not the field should be added to the security fields.
* Disabling the field using the `disabled` option, will also omit the field from being
* part of the hashed key.
*
* @param string $field Name of the field to initialize options for.
* @param array $options Array of options to append options into.
@ -2507,7 +2509,7 @@ class FormHelper extends AppHelper {
}
$result = parent::_initInputField($field, $options);
if ($secure === self::SECURE_SKIP) {
if (!empty($result['disabled']) || $secure === self::SECURE_SKIP) {
return $result;
}