Removing secure() from FormHelper::submit(). Removes creation of multiple _Token inputs when multiple submit buttons are created. Fixes #5490.

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7677 3807eeeb-6ff5-0310-8944-8be069107fe0
2024-11-15 03:18:26 +00:00 · 2008-09-29 01:58:27 +00:00 · 2008-09-29 01:58:27 +00:00 · bf3e254987
commit bf3e254987
parent d98137b272
2 changed files with 46 additions and 8 deletions
--- a/cake/libs/view/helpers/form.php
+++ b/cake/libs/view/helpers/form.php
@ -278,7 +278,8 @@ class FormHelper extends AppHelper {
 				}
 			}
 			$out .= $this->submit($submit, $submitOptions);
-		} elseif (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
+		} 
+		if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
 			$out .= $this->secure($this->fields);
 			$this->fields = array();
 		}
@ -1047,12 +1048,7 @@ class FormHelper extends AppHelper {
 		if (!$caption) {
 			$caption = __('Submit', true);
 		}
-		$secured = null;
-
-		if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
-			$secured = $this->secure($this->fields);
-			$this->fields = array();
-		}
+		$out = null;
 		$div = true;

 		if (isset($options['div'])) {
@ -1070,7 +1066,6 @@ class FormHelper extends AppHelper {
 		} elseif (is_array($div)) {
 			$divOptions = array_merge(array('class' => 'submit', 'tag' => 'div'), $div);
 		}
-		$out = $secured;

 		if (strpos($caption, '://') !== false) {
 			$out .= $this->output(sprintf(
--- a/cake/tests/cases/libs/view/helpers/form.test.php
+++ b/cake/tests/cases/libs/view/helpers/form.test.php
@ -715,6 +715,49 @@ class FormHelperTest extends CakeTestCase {
 		);
 		$this->assertTags($result, $expected);
 	}
+
+/**
+ * testFormSecurityMultipleSubmitButtons
+ *
+ * test form submit generation and ensure that _Token is only created on end()
+ *
+ * @return void
+ **/
+	function testFormSecurityMultipleSubmitButtons() {
+		$key = 'testKey';
+		$this->Form->params['_Token']['key'] = $key;
+
+		$this->Form->create('Addresses');
+		$this->Form->input('Address.title');
+		$this->Form->input('Address.first_name');
+		
+		$result = $this->Form->submit('Save', array('name' => 'save'));
+		$expected = array(
+			'div' => array('class' => 'submit'),
+			'input' => array('type' => 'submit', 'name' => 'save', 'value' => 'Save'),
+			'/div',
+		);
+		$this->assertTags($result, $expected);
+		$result = $this->Form->submit('Cancel', array('name' => 'cancel'));
+		$expected = array(
+			'div' => array('class' => 'submit'),
+			'input' => array('type' => 'submit', 'name' => 'cancel', 'value' => 'Cancel'),
+			'/div',
+		);
+		$this->assertTags($result, $expected);
+		$result = $this->Form->end(null);
+		
+		$expected = array(
+			'fieldset' => array('style' => 'display:none;'),
+			'input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][fields]',
+				'value' => 'preg:/.+/', 'id' => 'preg:/TokenFields\d+/'
+			),
+			'/fieldset'
+		);
+		$this->assertTags($result, $expected);
+	}
+
 /**
 * testFormSecurityMultipleInputFields method
 *