adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix incorrect CSRF token fields when using postLink()

Browse source 
Creating a postLink after creating a GET form would result in the
incorrect fields being generated.

Fixes #2308
This commit is contained in:
mark_story 2013-11-11 21:56:17 -05:00
parent 1f5d1eee98
commit a07608cbb9
2 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
lib/Cake/Test/Case/View/Helper/FormHelperTest.php
View file

@ -7172,6 +7172,35 @@ class FormHelperTest extends CakeTestCase {
));
}
/**
* test creating postLinks after a GET form.
*
* @return void
*/
public function testPostLinkAfterGetForm() {
$this->Form->request->params['_Token']['key'] = 'testkey';
$this->Form->create('User', array('type' => 'get'));
$this->Form->end();
$result = $this->Form->postLink('Delete', '/posts/delete/1');
$this->assertTags($result, array(
'form' => array(
'method' => 'post', 'action' => '/posts/delete/1',
'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;'
),
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][key]', 'value' => 'testkey', 'id' => 'preg:/Token\d+/')),
'div' => array('style' => 'display:none;'),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => 'preg:/[\w\d%]+/', 'id' => 'preg:/TokenFields\d+/')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/')),
'/div',
'/form',
'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'),
'Delete',
'/a'
));
}
/**
* Test that postLink adds _Token fields.
*

1
lib/Cake/View/Helper/FormHelper.php
View file

@ -523,6 +523,7 @@ class FormHelper extends AppHelper {
$out .= $this->Html->useTag('formend');
$this->_View->modelScope = false;
$this->requestType = null;
return $out;
}