From ab3b90503f852e66755ea5e4bd687c5e1273880f Mon Sep 17 00:00:00 2001
From: "mariano.iglesias"
 <mariano.iglesias@3807eeeb-6ff5-0310-8944-8be069107fe0>
Date: Thu, 17 Apr 2008 22:51:40 +0000
Subject: [PATCH] Fixing issue in Security component with modeless field names,
 fixes #4454. Thanks vuego for the test and patch!

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6685 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/controller/components/security.php  | 18 ++++++++-----
 cake/libs/view/helpers/form.php               |  8 +++---
 .../controller/components/security.test.php   | 26 ++++++++++++++++---
 3 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php
index 87f073ca7..0ff493751 100644
--- a/cake/libs/controller/components/security.php
+++ b/cake/libs/controller/components/security.php
@@ -579,8 +579,12 @@ class SecurityComponent extends Object {
 					}
 					continue;
 				}
-				$keys = array_keys($value);
-
+				if (is_array($value)) {
+					$keys = array_keys($value);
+				} else {
+					$keys = $value;
+				}
+				
 				if (isset($field[$key])) {
 					$field[$key] = array_merge($field[$key], $keys);
 				} elseif (is_numeric($keys[0])) {
@@ -588,17 +592,19 @@ class SecurityComponent extends Object {
 						$merge[] = array_keys($fields);
 					}
 					$field[$key] = $merge;
-				} else {
+				} else if (is_array($keys)) {
 					$field[$key] = $keys;
+				} else {
+					$field[] = $key;
 				}
 			}
 
 			foreach ($field as $key => $value) {
-				if(strpos($key, '_') !== 0) {
+				if(strpos($key, '_') !== 0 && is_array($field[$key])) {
 					sort($field[$key]);
 				}
 			}
-			ksort($field);
+			ksort($field, SORT_STRING);
 
 			$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
 			if ($form !== $check) {
@@ -676,4 +682,4 @@ class SecurityComponent extends Object {
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php
index 3ff96fe6c..65f626934 100644
--- a/cake/libs/view/helpers/form.php
+++ b/cake/libs/view/helpers/form.php
@@ -278,7 +278,7 @@ class FormHelper extends AppHelper {
 			$append = '<fieldset style="display:none;">';
 
 			foreach ($fields as $key => $value) {
-				if (strpos($key, '_') !== 0) {
+				if (strpos($key, '_') !== 0 && is_array($fields[$key])) {
 					sort($fields[$key]);
 				} else {
 					$model = substr($key, 1);
@@ -287,7 +287,7 @@ class FormHelper extends AppHelper {
 					}
 				}
 			}
-			ksort($fields);
+			ksort($fields, SORT_STRING);
 			$append .= $this->hidden('_Token.fields', array('value' => urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt'))), 'id' => 'TokenFields' . mt_rand()));
 			$append .= '</fieldset>';
 			return $append;
@@ -349,6 +349,8 @@ class FormHelper extends AppHelper {
 		if ((isset($this->fields[$model]) && !in_array($field, $this->fields[$model], true)) || !isset($this->fields[$model])) {
 			if (is_numeric($field)) {
 				$this->fields[$model][$field][] = $fieldSuffix;
+			} else if (is_null($field)) {
+				$this->fields[] = $model;
 			} else {
 				$this->fields[$model][] = $field;
 			}
@@ -1611,4 +1613,4 @@ class FormHelper extends AppHelper {
 		return $this->__options[$name];
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/cake/tests/cases/libs/controller/components/security.test.php b/cake/tests/cases/libs/controller/components/security.test.php
index b25bf1ed9..014f67b04 100644
--- a/cake/tests/cases/libs/controller/components/security.test.php
+++ b/cake/tests/cases/libs/controller/components/security.test.php
@@ -64,6 +64,26 @@ class SecurityComponentTest extends CakeTestCase {
 		$this->assertNotNull($result);
 		$this->assertTrue($this->Controller->Session->check('_Token'));
 	}
+	
+	function testValidatePostNoModel() {
+		$this->Controller->Security->startup($this->Controller);
+		$key = $this->Controller->params['_Token']['key'];
+
+		$data['anything'] = 'some_data';
+		$data['__Token']['key'] = $key;
+
+		$fields = array('anything',
+						'__Token' => array('key' => $key));
+		
+		$fields = $this->__sortFields($fields);
+
+		$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
+		$data['__Token']['fields'] = $fields;
+		$this->Controller->data = $data;
+		$result = $this->Controller->Security->__validatePost($this->Controller);
+		$this->assertTrue($result);
+		$this->assertTrue($this->Controller->data == $data);
+	}
 
 	function testValidatePostSimple() {
 		$this->Controller->Security->startup($this->Controller);
@@ -219,12 +239,12 @@ class SecurityComponentTest extends CakeTestCase {
 
 	function __sortFields($fields) {
 		foreach ($fields as $key => $value) {
-			if(strpos($key, '_') !== 0) {
+			if(strpos($key, '_') !== 0 && is_array($fields[$key])) {
 				sort($fields[$key]);
 			}
 		}
-		ksort($fields);
+		ksort($fields, SORT_STRING);
 		return $fields;
 	}
 }
-?>
\ No newline at end of file
+?>