diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index 3e4d664db..6974c22f4 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -7616,6 +7616,40 @@ class FormHelperTest extends CakeTestCase { )); } +/** + * Test that security hashes for postLink include the url. + * + * @return void + */ + public function testPostLinkSecurityHash() { + $hash = Security::hash( + '/posts/delete/1' . + serialize(array()) . + '' . + Configure::read('Security.salt') + ); + $hash .= '%3A'; + $this->Form->request->params['_Token']['key'] = 'test'; + + $result = $this->Form->postLink('Delete', '/posts/delete/1'); + $this->assertTags($result, array( + 'form' => array( + 'method' => 'post', 'action' => '/posts/delete/1', + 'name', 'id', 'style' => 'display:none;' + ), + array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')), + array('input' => array('type' => 'hidden', 'name' => 'data[_Token][key]', 'value' => 'test', 'id')), + 'div' => array('style' => 'display:none;'), + array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => $hash, 'id')), + array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '', 'id')), + '/div', + '/form', + 'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'), + 'Delete', + '/a' + )); + } + /** * Test using postLink with N dimensional data. * diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index cef295ef3..26250768d 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -1790,6 +1790,8 @@ class FormHelper extends AppHelper { unset($options['target']); } + $this->_lastAction = $formUrl; + $out = $this->Html->useTag('form', $formUrl, $formOptions); $out .= $this->Html->useTag('hidden', '_method', array( 'value' => $requestMethod