From a28158d614cb469dac41e03c9f95bffd0b60cdbc Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Sat, 26 Apr 2014 10:22:14 -0400
Subject: [PATCH] Add additional test for
 f23d811ff59c50ef278e98bb75f4ec1e7e54a5b3

I neglected to put a negative test to ensure validatePost fails when the
URL differs.
---
 .../Component/SecurityComponentTest.php       | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
index 055a8bc8e..b470fba63 100644
--- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -1067,7 +1067,7 @@ class SecurityComponentTest extends CakeTestCase {
  *
  * @return void
  */
-	public function testRadio() {
+	public function testValidatePostRadio() {
 		$this->Controller->Security->startup($this->Controller);
 		$key = $this->Controller->request->params['_Token']['key'];
 		$fields = '3be63770e7953c6d2119f5377a9303372040f66f%3An%3A0%3A%7B%7D';
@@ -1101,6 +1101,38 @@ class SecurityComponentTest extends CakeTestCase {
 		$this->assertTrue($result);
 	}
 
+/**
+ * test validatePost uses here() as a hash input.
+ *
+ * @return void
+ */
+	public function testValidatePostUrlAsHashInput() {
+		$this->Controller->Security->startup($this->Controller);
+
+		$key = $this->Controller->request->params['_Token']['key'];
+		$fields = '5415d31b4483c1e09ddb58d2a91ba9650b12aa83%3A';
+		$unlocked = '';
+
+		$this->Controller->request->data = array(
+			'Model' => array('username' => '', 'password' => ''),
+			'_Token' => compact('key', 'fields', 'unlocked')
+		);
+		$this->assertTrue($this->Controller->Security->validatePost($this->Controller));
+
+		$request = $this->getMock('CakeRequest', array('here'), array('articles/edit/1', false));
+		$request->expects($this->at(0))
+			->method('here')
+			->will($this->returnValue('/posts/index?page=1'));
+		$request->expects($this->at(1))
+			->method('here')
+			->will($this->returnValue('/posts/edit/1'));
+
+		$this->Controller->Security->request = $request;
+		$this->assertFalse($this->Controller->Security->validatePost($this->Controller));
+		$this->assertFalse($this->Controller->Security->validatePost($this->Controller));
+	}
+
+
 /**
  * test that a requestAction's controller will have the _Token appended to
  * the params.