"Fixes #4394, SecurityComponent::!__validatePost fails on hasMany multi-record form.

"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6618 3807eeeb-6ff5-0310-8944-8be069107fe0

cake/libs/controller/components/security.php

@@ -564,11 +564,17 @@ class SecurityComponent extends Object {
 					unset($controller->data[$key]);
 					continue;
 				}
+				$keys = array_keys($value);
 
 				if (isset($field[$key])) {
-					$field[$key] = array_merge($field[$key], array_keys($value));
+					$field[$key] = array_merge($field[$key], $keys);
+				} elseif (is_numeric($keys[0])) {
+					foreach ($value as $fields) {
+						$merge[] = array_keys($fields);
+					}
+					$field[$key] = $merge;
 				} else {
-					$field[$key] = array_keys($value);
+					$field[$key] = $keys;
 				}
 			}
 

cake/tests/cases/libs/controller/components/security.test.php

@@ -161,6 +161,34 @@ class SecurityComponentTest extends CakeTestCase {
 		$this->assertTrue($result);
 	}
 
+	function testValidateHasManyModel() {
+	  $this->Controller->Security->startup($this->Controller);
+		$key = $this->Controller->params['_Token']['key'];
+
+		$data['Model'][0]['username'] = '';
+		$data['Model'][0]['password'] = '';
+		$data['Model'][1]['username'] = '';
+		$data['Model'][1]['password'] = '';
+		$data['__Token']['key'] = $key;
+
+		$fields = array(
+		  'Model' => array(
+		    0 => array('username', 'password'),
+		    1 => array('username', 'password'),
+		  ),
+		  '__Token' => array('key' => $key)
+		);
+
+		$fields = $this->__sortFields($fields);
+
+		$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
+		$data['__Token']['fields'] = $fields;
+
+		$this->Controller->data = $data;
+		$result = $this->Controller->Security->__validatePost($this->Controller);
+		$this->assertTrue($result);
+  }
+
 	function __sortFields($fields) {
 		foreach ($fields as $key => $value) {
 			if(strpos($key, '_') !== 0) {