From a07608cbb9463343b3aede21d9a3cbf092020667 Mon Sep 17 00:00:00 2001 From: mark_story Date: Mon, 11 Nov 2013 21:56:17 -0500 Subject: [PATCH] Fix incorrect CSRF token fields when using postLink() Creating a postLink after creating a GET form would result in the incorrect fields being generated. Fixes #2308 --- .../Test/Case/View/Helper/FormHelperTest.php | 29 +++++++++++++++++++ lib/Cake/View/Helper/FormHelper.php | 1 + 2 files changed, 30 insertions(+) diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index 1f3dd51d9..01207c621 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -7172,6 +7172,35 @@ class FormHelperTest extends CakeTestCase { )); } +/** + * test creating postLinks after a GET form. + * + * @return void + */ + public function testPostLinkAfterGetForm() { + $this->Form->request->params['_Token']['key'] = 'testkey'; + $this->Form->create('User', array('type' => 'get')); + $this->Form->end(); + + $result = $this->Form->postLink('Delete', '/posts/delete/1'); + $this->assertTags($result, array( + 'form' => array( + 'method' => 'post', 'action' => '/posts/delete/1', + 'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;' + ), + array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')), + array('input' => array('type' => 'hidden', 'name' => 'data[_Token][key]', 'value' => 'testkey', 'id' => 'preg:/Token\d+/')), + 'div' => array('style' => 'display:none;'), + array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => 'preg:/[\w\d%]+/', 'id' => 'preg:/TokenFields\d+/')), + array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/')), + '/div', + '/form', + 'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'), + 'Delete', + '/a' + )); + } + /** * Test that postLink adds _Token fields. * diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index 894e3cfd0..db4b4cf79 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -523,6 +523,7 @@ class FormHelper extends AppHelper { $out .= $this->Html->useTag('formend'); $this->_View->modelScope = false; + $this->requestType = null; return $out; }