mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-19 02:56:15 +00:00
Fixed secure form hash for special url.
No htmlspecialchars encode and without fragment identifer.
This commit is contained in:
parent
270e8774e4
commit
67f256297d
2 changed files with 41 additions and 8 deletions
|
@ -1417,6 +1417,30 @@ class FormHelperTest extends CakeTestCase {
|
|||
$this->assertNotContains($expected, $result, 'URL is different');
|
||||
}
|
||||
|
||||
/**
|
||||
* URL, HTML and identifier - and "URL + its hash" or "URLs + their hashes".
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testSecuredFormUrlHasHtmlEntityAndFragmentIdentifier() {
|
||||
$this->Form->request['_Token'] = array('key' => 'testKey');
|
||||
|
||||
$expected = 'a0c54487c45e8eea45beb318c35fc01e6f87de29%3A';
|
||||
$this->Form->create('Address', array(
|
||||
'url' => array('controller' => 'articles', 'action' => 'view', 1, '?' => array('page' => 1, 'limit' => 10), '#' => 'result')
|
||||
));
|
||||
$result = $this->Form->secure();
|
||||
$this->assertContains($expected, $result);
|
||||
|
||||
$this->Form->create('Address', array('url' => 'http://localhost/articles/view/1?page=1&limit=10#result'));
|
||||
$result = $this->Form->secure();
|
||||
$this->assertContains($expected, $result, 'Full URL should only use path and query.');
|
||||
|
||||
$this->Form->create('Address', array('url' => '/articles/view/1?page=1&limit=10#result'));
|
||||
$result = $this->Form->secure();
|
||||
$this->assertContains($expected, $result, 'URL path + query should work.');
|
||||
}
|
||||
|
||||
/**
|
||||
* testDisableSecurityUsingForm method
|
||||
*
|
||||
|
|
|
@ -436,6 +436,7 @@ class FormHelper extends AppHelper {
|
|||
$this->requestType = strtolower($options['type']);
|
||||
|
||||
$action = $this->url($options['action']);
|
||||
$this->_lastAction($options['action']);
|
||||
unset($options['type'], $options['action']);
|
||||
|
||||
if (!$options['default']) {
|
||||
|
@ -467,13 +468,6 @@ class FormHelper extends AppHelper {
|
|||
$this->_introspectModel($model, 'fields');
|
||||
}
|
||||
|
||||
$this->_lastAction = $action;
|
||||
if (strpos($action, '://')) {
|
||||
$query = parse_url($action, PHP_URL_QUERY);
|
||||
$query = $query ? '?' . $query : '';
|
||||
$this->_lastAction = parse_url($action, PHP_URL_PATH) . $query;
|
||||
}
|
||||
|
||||
return $this->Html->useTag('form', $action, $htmlAttributes) . $append;
|
||||
}
|
||||
|
||||
|
@ -1828,7 +1822,7 @@ class FormHelper extends AppHelper {
|
|||
unset($options['target']);
|
||||
}
|
||||
|
||||
$this->_lastAction = $formUrl;
|
||||
$this->_lastAction($url);
|
||||
|
||||
$out = $this->Html->useTag('form', $formUrl, $formOptions);
|
||||
$out .= $this->Html->useTag('hidden', '_method', array(
|
||||
|
@ -3007,6 +3001,21 @@ class FormHelper extends AppHelper {
|
|||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the last creaated form action.
|
||||
*
|
||||
* @var mixed
|
||||
* @return void
|
||||
*/
|
||||
protected function _lastAction($url) {
|
||||
$action = Router::url($url, true);
|
||||
if (strpos($action, '://')) {
|
||||
$query = parse_url($action, PHP_URL_QUERY);
|
||||
$query = $query ? '?' . $query : '';
|
||||
$this->_lastAction = parse_url($action, PHP_URL_PATH) . $query;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set/Get inputDefaults for form elements
|
||||
*
|
||||
|
|
Loading…
Add table
Reference in a new issue