From d0d1ce73cd858bcf8975c33dfb1325527cff48e7 Mon Sep 17 00:00:00 2001 From: phpnut Date: Fri, 4 Aug 2006 08:03:39 +0000 Subject: [PATCH] Added FormHelper::create() to use in place of deprecated HtmlHelper::formTag(). Fixed SecurityComponent so the _Token can be wrote to sessions git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3357 3807eeeb-6ff5-0310-8944-8be069107fe0 --- cake/libs/controller/components/security.php | 10 ++++---- cake/libs/view/helpers/form.php | 24 +++++++++++++++++++- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php index ae64db0cc..9d30dccad 100644 --- a/cake/libs/controller/components/security.php +++ b/cake/libs/controller/components/security.php @@ -93,8 +93,8 @@ class SecurityComponent extends Object { $token = $controller->params['data']['_Token']['key']; if ($this->Session->check('_Token')) { - $tData = $this->Session->read('_Token'); - if (!(intval($tData['expires']) > strtotime('now')) || $tData['key'] !== $token) { + $tData = unserialize($this->Session->read('_Token')); + if ($tData['expires'] < time() || $tData['key'] !== $token) { if (!$this->blackHole($controller, 'auth')) { return null; } @@ -143,7 +143,7 @@ class SecurityComponent extends Object { // Add auth key for new form posts $authKey = Security::generateAuthKey(); - $expires = strtotime('+'.Security::inactiveMins().' minutes'); + $expires = strtotime('+'.Security::inactiveMins().' seconds'); $token = array( 'key' => $authKey, 'expires' => $expires, @@ -155,7 +155,7 @@ class SecurityComponent extends Object { $controller->params['data'] = array(); } $controller->params['_Token'] = $token; - $this->Session->write('_Token', $token); + $this->Session->write('_Token', serialize($token)); } /** * Black-hole an invalid request with a 404 error or custom callback @@ -286,7 +286,7 @@ class SecurityComponent extends Object { $this->__setLoginDefaults($options); $data = 'WWW-Authenticate: ' . ucfirst($options['type']); $data .= ' realm="' . $options['realm'] . '"'; - + return $data; } /** diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php index de9f0708c..0c16c3ead 100644 --- a/cake/libs/view/helpers/form.php +++ b/cake/libs/view/helpers/form.php @@ -56,6 +56,28 @@ class FormHelper extends Helper { var $helpers = array('Html'); + +/** + * Returns an HTML FORM element. + * + * @param string $target URL for the FORM's ACTION attribute. + * @param string $type FORM type (POST/GET). + * @param array $htmlAttributes + * @return string An formatted opening FORM tag. + * @deprecated This is very WYSIWYG unfriendly, use HtmlHelper::url() to get contents of "action" attribute. Version 0.9.2. + */ + function create($target = null, $type = 'post', $htmlAttributes = null) { + $htmlAttributes['action'] = $this->Html->url($target); + $htmlAttributes['method'] = low($type) == 'get' ? 'get' : 'post'; + $type == 'file' ? $htmlAttributes['enctype'] = 'multipart/form-data' : null; + $token = ''; + + if (isset($this->params['_Token']) && !empty($this->params['_Token'])) { + $token = $this->Html->hidden('_Token/key', array('value' => $this->params['_Token']['key']), true); + } + + return sprintf($this->tags['form'], $this->Html->parseHtmlOptions($htmlAttributes, null, '')) . $token; + } /** * Returns a formatted error message for given FORM field, NULL if no errors. * @@ -232,7 +254,7 @@ class FormHelper extends Helper { } /** * Returns an array of formatted OPTION/OPTGROUP elements - * + * * @return array */ function selectOptions($elements = array(), $selected = null) {