"References #4239 Added test from ticket to showing ticket is invalid.

Fixes #4394, fails when the hasMany multi-record form contains hidden fields.
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6627 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2008-04-03 02:29:17 +00:00
parent 06d06c85d9
commit f2941a660e
3 changed files with 61 additions and 21 deletions

View file

@ -542,25 +542,35 @@ class SecurityComponent extends Object {
$values = array_values($value);
$k = array_keys($value);
$count = count($k);
if (is_numeric($k[0])) {
for ($i = 0; $count > $i; $i++) {
$field[$newKey][$i] = array_merge($field[$newKey][$i], array_keys($values[$i]));
}
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
}
for ($i = 0; $count > $i; $i++) {
$field[$key][$k[$i]] = $values[$i];
}
}
foreach ($k as $lookup) {
if (isset($controller->data[$newKey][$lookup])) {
unset($controller->data[$key][$lookup]);
} elseif ($controller->data[$key][$lookup] === '0') {
$merge[] = $lookup;
foreach ($k as $lookup) {
if (isset($controller->data[$newKey][$lookup])) {
unset($controller->data[$key][$lookup]);
} elseif ($controller->data[$key][$lookup] === '0') {
$merge[] = $lookup;
}
}
}
if (isset($field[$newKey])) {
$field[$newKey] = array_merge($merge, $field[$newKey]);
} else {
$field[$newKey] = $merge;
if (!is_numeric($k[0])) {
if (isset($field[$newKey])) {
$field[$newKey] = array_merge($merge, $field[$newKey]);
} else {
$field[$newKey] = $merge;
}
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
}
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
unset($controller->data[$key]);
continue;
}
@ -584,8 +594,8 @@ class SecurityComponent extends Object {
}
}
ksort($field);
$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
if ($form !== $check) {
if (!$this->blackHole($controller, 'auth')) {
return null;

View file

@ -83,6 +83,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
$this->assertTrue($this->Controller->data == $data);
}
function testValidatePostCheckbox() {
@ -107,6 +108,10 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
unset($data['_Model']);
$data['Model']['valid'] = '0';
$this->assertTrue($this->Controller->data == $data);
}
function testValidatePostHidden() {
@ -130,6 +135,10 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
unset($data['_Model']);
$data['Model']['hidden'] = '0';
$this->assertTrue($this->Controller->data == $data);
}
function testValidateHiddenMultipleModel() {
@ -159,34 +168,47 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
unset($data['_Model'], $data['_Model2'], $data['_Model3']);
$data['Model']['valid'] = '0';
$data['Model2']['valid'] = '0';
$data['Model3']['valid'] = '0';
$this->assertTrue($this->Controller->data == $data);
}
function testValidateHasManyModel() {
$this->Controller->Security->startup($this->Controller);
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$data['Model'][0]['username'] = '';
$data['Model'][0]['password'] = '';
$data['Model'][1]['username'] = '';
$data['Model'][1]['password'] = '';
$data['_Model'][0]['hidden'] = 'value';
$data['_Model'][1]['hidden'] = 'value';
$data['__Token']['key'] = $key;
$fields = array(
'Model' => array(
0 => array('username', 'password'),
1 => array('username', 'password'),
),
'__Token' => array('key' => $key)
);
'Model' => array(
0 => array('username', 'password', 'hidden'),
1 => array('username', 'password', 'hidden')),
'_Model' => array(
0 => array('hidden' => 'value'),
1 => array('hidden' => 'value')),
'__Token' => array('key' => $key));
$fields = $this->__sortFields($fields);
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$data['__Token']['fields'] = $fields;
$this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result);
unset($data['_Model']);
$data['Model'][0]['hidden'] = 'value';
$data['Model'][1]['hidden'] = 'value';
$this->assertTrue($this->Controller->data == $data);
}
function __sortFields($fields) {

View file

@ -707,7 +707,15 @@ class FormHelperTest extends CakeTestCase {
$this->assertPattern('/id="ModelField1"/', $result);
$this->assertPattern('/id="ModelField0".*checked="checked"/', $result);
$this->assertPattern('/(<input[^<>]+name="data\[Model\]\[field\]"[^<>]+>.+){2}/', $result);
$result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'), array('value' => null));
$this->assertPattern('/id="ModelField1"/', $result);
$this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result);
$result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'));
$this->assertPattern('/id="ModelField1"/', $result);
$this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result);
$result = $this->Form->input('Newsletter.subscribe', array('legend' => 'Legend title', 'type' => 'radio', 'options' => array('0' => 'Unsubscribe', '1' => 'Subscribe')));
$expected = '<div class="input"><fieldset><legend>Legend title</legend><input type="hidden" name="data[Newsletter][subscribe]" value="" id="NewsletterSubscribe_" /><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe0" value="0" /><label for="NewsletterSubscribe0">Unsubscribe</label><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe1" value="1" /><label for="NewsletterSubscribe1">Subscribe</label></fieldset></div>';
$this->assertEqual($result, $expected);