adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding hidden field values to hash. This will prevent altering of hidden fields in a form when using the FormHelper and adding the var $components = array('Security'); to a controller or the AppController to use by all child controllers

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4969 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2007-05-01 10:13:01 +00:00
parent 57023720e6
commit d1701327f8
2 changed files with 24 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
cake/libs/controller/components/security.php
View file

@ -156,8 +156,8 @@ class SecurityComponent extends Object {
} }
} }
if(!empty($controller->data) && isset($controller->data['_Token'])) { if(!empty($controller->data) && isset($controller->data['__Token'])) {
$token = $controller->data['_Token']['key']; $token = $controller->data['__Token']['key'];
if($this->Session->check('_Token')) { if($this->Session->check('_Token')) {
$tData = unserialize($this->Session->read('_Token')); $tData = unserialize($this->Session->read('_Token'));
@ -167,13 +167,25 @@ class SecurityComponent extends Object {
} }
} }
if(isset($controller->data['_Token']['fields']) && !empty($controller->data['_Token']['fields'])) { if(isset($controller->data['__Token']['fields']) && !empty($controller->data['__Token']['fields'])) {
$fields = $controller->data['_Token']['fields']; $fields = $controller->data['__Token']['fields'];
$check = $controller->data; $check = $controller->data;
unset($check['_Token']['fields']); unset($check['__Token']['fields']);
foreach($check as $key => $value) { foreach($check as $key => $value) {
$field[$key]= array_keys($value); if($key === '__Token') {
$field[$key] = $value;
continue;
}
$string = substr($key, 0, 1);
if($string === '_') {
$newKey = substr($key, 1);
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
unset($controller->data[$key]);
$field[$key] = $value;
continue;
}
$field[$key] = array_keys($value);
} }
$check = urlencode(Security::hash(serialize($field) . CAKE_SESSION_STRING)); $check = urlencode(Security::hash(serialize($field) . CAKE_SESSION_STRING));
@ -197,7 +209,7 @@ class SecurityComponent extends Object {
return null; return null;
} }
} }
$token = $controller->data['_Token']['key']; $token = $controller->data['__Token']['key'];
if($this->Session->check('_Token')) { if($this->Session->check('_Token')) {
$tData = unserialize($this->Session->read('_Token')); $tData = unserialize($this->Session->read('_Token'));

7
cake/libs/view/helpers/form.php
View file

@ -606,11 +606,14 @@ class FormHelper extends AppHelper {
$options = $this->__initInputField($fieldName, $options); $options = $this->__initInputField($fieldName, $options);
$model = $this->model(); $model = $this->model();
unset($options['class']); unset($options['class']);
if(isset($this->params['_Token']) && !empty($this->params['_Token'])) {
$model = '_' . $model;
}
$this->fields[$model][$this->field()] = $options['value'];
if (in_array($fieldName, array('_method', '_fields'))) { if (in_array($fieldName, array('_method', '_fields'))) {
$model = null; $model = null;
} }
$this->fields[$model][] = $this->field();
return $this->output(sprintf($this->Html->tags['hidden'], $model, $this->field(), $this->_parseAttributes($options, null, ' ', ' '))); return $this->output(sprintf($this->Html->tags['hidden'], $model, $this->field(), $this->_parseAttributes($options, null, ' ', ' ')));
} }
/** /**
@ -1364,7 +1367,7 @@ class FormHelper extends AppHelper {
if(!isset($field['value'])){ if(!isset($field['value'])){
$field['value'] = null; $field['value'] = null;
} }
$strFormFields = $strFormFields . $this->Html->hidden($field['tagName'], $field['value']); $strFormFields = $strFormFields . $this->hidden($field['tagName'], $field['value']);
break; break;
case "date": case "date":
if (!isset($field['selected'])) { if (!isset($field['selected'])) {