From 6f660812ca601a6018487dea7a31aef082d2e0f0 Mon Sep 17 00:00:00 2001
From: nate <nate@cakephp.org>
Date: Fri, 22 Aug 2008 16:05:34 +0000
Subject: [PATCH] Adding FormHelper security token patch from renan.saddam,
 fixes #5061, adding test to disprove #2729 (FormHelper::input() and float
 fields)

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7486 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/view/helpers/form.php               | 10 +++-
 .../cases/libs/view/helpers/form.test.php     | 56 +++++++++++++++----
 2 files changed, 51 insertions(+), 15 deletions(-)

diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php
index fc3c0124b..9bc678032 100644
--- a/cake/libs/view/helpers/form.php
+++ b/cake/libs/view/helpers/form.php
@@ -839,7 +839,7 @@ class FormHelper extends AppHelper {
  *
  * @param  string  	$fieldName 		Name of a field, like this "Modelname.fieldname"
  * @param  array	$options		Radio button options array.
- * @param  array	$attributes		Array of HTML attributes. 
+ * @param  array	$attributes		Array of HTML attributes.
  *		'separator' - define the string in between the radio buttons
  *		'legend' - control whether or not the widget set has a fieldset & legend
  *		'checked' - indicate a value that is checked
@@ -972,6 +972,10 @@ class FormHelper extends AppHelper {
 
 		if (!in_array($fieldName, array('_method'))) {
 			$this->__secure($key, $value);
+
+			if (!in_array($model, array('_Token', '__Token')) && $value === '0') {
+				$this->__secure($model);
+			}
 		}
 		return $this->output(sprintf($this->Html->tags['hidden'], $options['name'], $this->_parseAttributes($options, array('name', 'class'), '', ' ')));
 	}
@@ -1078,9 +1082,9 @@ class FormHelper extends AppHelper {
  * @param mixed $selected The option selected by default.  If null, the default value
  *						  from POST data will be used when available.
  * @param array $attributes	 The HTML attributes of the select element.
- *		'showParents' - If included in the array and set to true, an additional option element 
+ *		'showParents' - If included in the array and set to true, an additional option element
  *						will be added for the parent of each option group.
- *		'multiple' - show a multiple select box.  If set to 'checkbox' multiple checkboxes will be created instead.							
+ *		'multiple' - show a multiple select box.  If set to 'checkbox' multiple checkboxes will be created instead.
  *
  * @param mixed $showEmpty If true, the empty select option is shown.  If a string,
  *						   that string is displayed as the empty element.
diff --git a/cake/tests/cases/libs/view/helpers/form.test.php b/cake/tests/cases/libs/view/helpers/form.test.php
index 75e1daa16..4cb380b71 100644
--- a/cake/tests/cases/libs/view/helpers/form.test.php
+++ b/cake/tests/cases/libs/view/helpers/form.test.php
@@ -82,6 +82,22 @@ class Contact extends CakeTestModel {
  * @access public
  */
 	var $name = 'Contact';
+/**
+ * Default schema
+ *
+ * @var array
+ * @access public
+ */
+	var $_schema = array(
+		'id' => array('type' => 'integer', 'null' => '', 'default' => '', 'length' => '8'),
+		'name' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
+		'email' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
+		'phone' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
+		'password' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
+		'published' => array('type' => 'date', 'null' => true, 'default' => null, 'length' => null),
+		'created' => array('type' => 'date', 'null' => '1', 'default' => '', 'length' => ''),
+		'updated' => array('type' => 'datetime', 'null' => '1', 'default' => '', 'length' => null)
+	);
 /**
  * validate property
  *
@@ -102,18 +118,8 @@ class Contact extends CakeTestModel {
  * @access public
  * @return void
  */
-	function schema() {
-		$this->_schema = array(
-			'id' => array('type' => 'integer', 'null' => '', 'default' => '', 'length' => '8'),
-			'name' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
-			'email' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
-			'phone' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
-			'password' => array('type' => 'string', 'null' => '', 'default' => '', 'length' => '255'),
-			'published' => array('type' => 'date', 'null' => true, 'default' => null, 'length' => null),
-			'created' => array('type' => 'date', 'null' => '1', 'default' => '', 'length' => ''),
-			'updated' => array('type' => 'datetime', 'null' => '1', 'default' => '', 'length' => null)
-		);
-		return $this->_schema;
+	function setSchema($schema) {
+		$this->_schema = $schema;
 	}
 /**
  * hasAndBelongsToMany property
@@ -616,6 +622,32 @@ class FormHelperTest extends CakeTestCase {
 		);
 		$this->assertTags($result, $expected);
 	}
+/**
+ * Tests correct generation of text fields for double and float fields
+ *
+ * @access public
+ * @return void
+ */
+	function testTextFieldGenerationForFloats() {
+		$model = ClassRegistry::getObject('Contact');
+		$model->setSchema(array('foo' => array(
+			'type' => 'float',
+			'null' => false,
+			'default' => null,
+			'length' => null
+		)));
+
+		$this->Form->create('Contact');
+		$result = $this->Form->input('foo');
+		$expected = array(
+			'div' => array('class' => 'input text'),
+			'label' => array('for' => 'ContactFoo'),
+			'Foo',
+			'/label',
+			array('input' => array('type' => 'text', 'name' => 'data[Contact][foo]', 'value' => '', 'id' => 'ContactFoo')),
+			'/div'
+		);
+	}
 /**
  * testFormSecurityMultipleFields method
  *