mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-19 02:56:15 +00:00
Added FormHelper::create() to use in place of deprecated
HtmlHelper::formTag(). Fixed SecurityComponent so the _Token can be wrote to sessions git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3357 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
parent
3c8148924e
commit
d0d1ce73cd
2 changed files with 28 additions and 6 deletions
|
@ -93,8 +93,8 @@ class SecurityComponent extends Object {
|
|||
$token = $controller->params['data']['_Token']['key'];
|
||||
|
||||
if ($this->Session->check('_Token')) {
|
||||
$tData = $this->Session->read('_Token');
|
||||
if (!(intval($tData['expires']) > strtotime('now')) || $tData['key'] !== $token) {
|
||||
$tData = unserialize($this->Session->read('_Token'));
|
||||
if ($tData['expires'] < time() || $tData['key'] !== $token) {
|
||||
if (!$this->blackHole($controller, 'auth')) {
|
||||
return null;
|
||||
}
|
||||
|
@ -143,7 +143,7 @@ class SecurityComponent extends Object {
|
|||
|
||||
// Add auth key for new form posts
|
||||
$authKey = Security::generateAuthKey();
|
||||
$expires = strtotime('+'.Security::inactiveMins().' minutes');
|
||||
$expires = strtotime('+'.Security::inactiveMins().' seconds');
|
||||
$token = array(
|
||||
'key' => $authKey,
|
||||
'expires' => $expires,
|
||||
|
@ -155,7 +155,7 @@ class SecurityComponent extends Object {
|
|||
$controller->params['data'] = array();
|
||||
}
|
||||
$controller->params['_Token'] = $token;
|
||||
$this->Session->write('_Token', $token);
|
||||
$this->Session->write('_Token', serialize($token));
|
||||
}
|
||||
/**
|
||||
* Black-hole an invalid request with a 404 error or custom callback
|
||||
|
|
|
@ -56,6 +56,28 @@
|
|||
class FormHelper extends Helper {
|
||||
|
||||
var $helpers = array('Html');
|
||||
|
||||
/**
|
||||
* Returns an HTML FORM element.
|
||||
*
|
||||
* @param string $target URL for the FORM's ACTION attribute.
|
||||
* @param string $type FORM type (POST/GET).
|
||||
* @param array $htmlAttributes
|
||||
* @return string An formatted opening FORM tag.
|
||||
* @deprecated This is very WYSIWYG unfriendly, use HtmlHelper::url() to get contents of "action" attribute. Version 0.9.2.
|
||||
*/
|
||||
function create($target = null, $type = 'post', $htmlAttributes = null) {
|
||||
$htmlAttributes['action'] = $this->Html->url($target);
|
||||
$htmlAttributes['method'] = low($type) == 'get' ? 'get' : 'post';
|
||||
$type == 'file' ? $htmlAttributes['enctype'] = 'multipart/form-data' : null;
|
||||
$token = '';
|
||||
|
||||
if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
|
||||
$token = $this->Html->hidden('_Token/key', array('value' => $this->params['_Token']['key']), true);
|
||||
}
|
||||
|
||||
return sprintf($this->tags['form'], $this->Html->parseHtmlOptions($htmlAttributes, null, '')) . $token;
|
||||
}
|
||||
/**
|
||||
* Returns a formatted error message for given FORM field, NULL if no errors.
|
||||
*
|
||||
|
|
Loading…
Add table
Reference in a new issue