adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing issue with file upload inputs not being factored into form security hash, closes #5489

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7678 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
nate 2008-09-29 16:23:39 +00:00
parent bf3e254987
commit badfb42c6a
2 changed files with 30 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cake/libs/view/helpers/form.php
View file

@ -1005,7 +1005,15 @@ class FormHelper extends AppHelper {
* @access public
*/
function file($fieldName, $options = array()) {
$options = array_merge($options, array('secure' => false));
$options = $this->_initInputField($fieldName, $options);
$view =& ClassRegistry::getObject('view');
$field = $view->entity();
foreach (array('name', 'type', 'tmp_name', 'error', 'size') as $suffix) {
$this->__secure(array_merge($field, array($suffix)));
}
$attributes = $this->_parseAttributes($options, array('name'), '', ' ');
return $this->output(sprintf($this->Html->tags['file'], $options['name'], $attributes));
}

27
cake/tests/cases/libs/view/helpers/form.test.php
View file

@ -872,7 +872,7 @@ class FormHelperTest extends CakeTestCase {
$result = $this->Form->fields;
$expected = array(
'Addresses.id' => '123456', 'Addresses.title', 'Addresses.last_name',
'Addresses.id' => '123456', 'Addresses.title', 'Addresses.last_name',
'Addresses.city', 'Addresses.phone'
);
$this->assertEqual($result, $expected);
@ -987,6 +987,23 @@ class FormHelperTest extends CakeTestCase {
);
$this->assertTags($result, $expected);
}
/**
* Tests that the correct keys are added to the field hash index
*
* @access public
* @return void
*/
function testFormSecuredFileInput() {
$this->Form->params['_Token']['key'] = 'testKey';
$this->assertEqual($this->Form->fields, array());
$result = $this->Form->file('Attachment.file');
$expected = array (
'Attachment.file.name', 'Attachment.file.type', 'Attachment.file.tmp_name',
'Attachment.file.error', 'Attachment.file.size'
);
$this->assertEqual($this->Form->fields, $expected);
}
/**
* testPasswordValidation method
*
@ -4480,10 +4497,10 @@ class FormHelperTest extends CakeTestCase {
function testBrokenness() {
/*
* #4 This test has two parents and four children. By default (as of r7117) both
* parents are show but the first parent is missing a child. This is the inconsistency in the
* default behaviour - one parent has all children, the other does not - dependent on the data values.
*/
* #4 This test has two parents and four children. By default (as of r7117) both
* parents are show but the first parent is missing a child. This is the inconsistency in the
* default behaviour - one parent has all children, the other does not - dependent on the data values.
*/
$result = $this->Form->select('Model.field', array(
'Fred' => array(
'freds_son_1' => 'Fred',