mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-31 09:06:17 +00:00
Fix disabled + SecurityComponent
Disabled inputs should be omitted from the secured fields. This will enable forms to submit successfully as long as those inputs stay excluded from the form submission. Fixes #2333
This commit is contained in:
mark_story
parent
123a1a21ba
commit
64eb38a953
2 changed files with 33 additions and 3 deletions
|
|
@ -1365,6 +1365,34 @@ class FormHelperTest extends CakeTestCase {
|
|||
$this->assertEquals($this->Form->fields, $expected);
|
||||
}
|
||||
|
||||
/**
|
||||
* test that forms with disabled inputs + secured forms leave off the inputs from the form
|
||||
* hashing.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testFormSecuredAndDisabled() {
|
||||
$this->Form->request['_Token'] = array('key' => 'testKey');
|
||||
|
||||
$this->Form->checkbox('Model.checkbox', array('disabled' => true));
|
||||
$this->Form->text('Model.text', array('disabled' => true));
|
||||
$this->Form->password('Model.text', array('disabled' => true));
|
||||
$this->Form->textarea('Model.textarea', array('disabled' => true));
|
||||
$this->Form->select('Model.select', array(1, 2), array('disabled' => true));
|
||||
$this->Form->radio('Model.radio', array(1, 2), array('disabled' => array(1, 2)));
|
||||
$this->Form->year('Model.year', null, null, array('disabled' => true));
|
||||
$this->Form->month('Model.month', array('disabled' => true));
|
||||
$this->Form->day('Model.day', array('disabled' => true));
|
||||
$this->Form->hour('Model.hour', false, array('disabled' => true));
|
||||
$this->Form->minute('Model.minute', array('disabled' => true));
|
||||
$this->Form->meridian('Model.meridian', array('disabled' => true));
|
||||
|
||||
$expected = array(
|
||||
'Model.radio' => ''
|
||||
);
|
||||
$this->assertEquals($expected, $this->Form->fields);
|
||||
}
|
||||
|
||||
/**
|
||||
* testDisableSecurityUsingForm method
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1778,7 +1778,7 @@ class FormHelper extends AppHelper {
|
|||
}
|
||||
|
||||
if (!empty($tag) || isset($template)) {
|
||||
if (!isset($secure) || $secure == true) {
|
||||
if ((!isset($secure) || $secure == true) && empty($attributes['disabled'])) {
|
||||
$this->_secure(true);
|
||||
}
|
||||
$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => '', 'value' => '')));
|
||||
|
|
@ -2493,6 +2493,8 @@ class FormHelper extends AppHelper {
|
|||
* ### Options
|
||||
*
|
||||
* - `secure` - boolean whether or not the field should be added to the security fields.
|
||||
* Disabling the field using the `disabled` option, will also omit the field from being
|
||||
* part of the hashed key.
|
||||
*
|
||||
* @param string $field Name of the field to initialize options for.
|
||||
* @param array $options Array of options to append options into.
|
||||
|
|
@ -2507,7 +2509,7 @@ class FormHelper extends AppHelper {
|
|||
}
|
||||
|
||||
$result = parent::_initInputField($field, $options);
|
||||
if ($secure === self::SECURE_SKIP) {
|
||||
if (!empty($result['disabled']) || $secure === self::SECURE_SKIP) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue