mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-18 10:36:16 +00:00
"References #4239 Added test from ticket to showing ticket is invalid.
Fixes #4394, fails when the hasMany multi-record form contains hidden fields. " git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6627 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
parent
06d06c85d9
commit
f2941a660e
3 changed files with 61 additions and 21 deletions
|
@ -542,25 +542,35 @@ class SecurityComponent extends Object {
|
|||
$values = array_values($value);
|
||||
$k = array_keys($value);
|
||||
$count = count($k);
|
||||
|
||||
if (is_numeric($k[0])) {
|
||||
for ($i = 0; $count > $i; $i++) {
|
||||
$field[$newKey][$i] = array_merge($field[$newKey][$i], array_keys($values[$i]));
|
||||
}
|
||||
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
|
||||
}
|
||||
|
||||
for ($i = 0; $count > $i; $i++) {
|
||||
$field[$key][$k[$i]] = $values[$i];
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($k as $lookup) {
|
||||
if (isset($controller->data[$newKey][$lookup])) {
|
||||
unset($controller->data[$key][$lookup]);
|
||||
} elseif ($controller->data[$key][$lookup] === '0') {
|
||||
$merge[] = $lookup;
|
||||
foreach ($k as $lookup) {
|
||||
if (isset($controller->data[$newKey][$lookup])) {
|
||||
unset($controller->data[$key][$lookup]);
|
||||
} elseif ($controller->data[$key][$lookup] === '0') {
|
||||
$merge[] = $lookup;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($field[$newKey])) {
|
||||
$field[$newKey] = array_merge($merge, $field[$newKey]);
|
||||
} else {
|
||||
$field[$newKey] = $merge;
|
||||
if (!is_numeric($k[0])) {
|
||||
if (isset($field[$newKey])) {
|
||||
$field[$newKey] = array_merge($merge, $field[$newKey]);
|
||||
} else {
|
||||
$field[$newKey] = $merge;
|
||||
}
|
||||
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
|
||||
}
|
||||
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
|
||||
unset($controller->data[$key]);
|
||||
continue;
|
||||
}
|
||||
|
@ -584,8 +594,8 @@ class SecurityComponent extends Object {
|
|||
}
|
||||
}
|
||||
ksort($field);
|
||||
$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
|
||||
|
||||
$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
|
||||
if ($form !== $check) {
|
||||
if (!$this->blackHole($controller, 'auth')) {
|
||||
return null;
|
||||
|
|
|
@ -83,6 +83,7 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->Controller->data = $data;
|
||||
$result = $this->Controller->Security->__validatePost($this->Controller);
|
||||
$this->assertTrue($result);
|
||||
$this->assertTrue($this->Controller->data == $data);
|
||||
}
|
||||
|
||||
function testValidatePostCheckbox() {
|
||||
|
@ -107,6 +108,10 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->Controller->data = $data;
|
||||
$result = $this->Controller->Security->__validatePost($this->Controller);
|
||||
$this->assertTrue($result);
|
||||
|
||||
unset($data['_Model']);
|
||||
$data['Model']['valid'] = '0';
|
||||
$this->assertTrue($this->Controller->data == $data);
|
||||
}
|
||||
|
||||
function testValidatePostHidden() {
|
||||
|
@ -130,6 +135,10 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->Controller->data = $data;
|
||||
$result = $this->Controller->Security->__validatePost($this->Controller);
|
||||
$this->assertTrue($result);
|
||||
|
||||
unset($data['_Model']);
|
||||
$data['Model']['hidden'] = '0';
|
||||
$this->assertTrue($this->Controller->data == $data);
|
||||
}
|
||||
|
||||
function testValidateHiddenMultipleModel() {
|
||||
|
@ -159,34 +168,47 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->Controller->data = $data;
|
||||
$result = $this->Controller->Security->__validatePost($this->Controller);
|
||||
$this->assertTrue($result);
|
||||
|
||||
unset($data['_Model'], $data['_Model2'], $data['_Model3']);
|
||||
$data['Model']['valid'] = '0';
|
||||
$data['Model2']['valid'] = '0';
|
||||
$data['Model3']['valid'] = '0';
|
||||
$this->assertTrue($this->Controller->data == $data);
|
||||
}
|
||||
|
||||
function testValidateHasManyModel() {
|
||||
$this->Controller->Security->startup($this->Controller);
|
||||
$this->Controller->Security->startup($this->Controller);
|
||||
$key = $this->Controller->params['_Token']['key'];
|
||||
|
||||
$data['Model'][0]['username'] = '';
|
||||
$data['Model'][0]['password'] = '';
|
||||
$data['Model'][1]['username'] = '';
|
||||
$data['Model'][1]['password'] = '';
|
||||
$data['_Model'][0]['hidden'] = 'value';
|
||||
$data['_Model'][1]['hidden'] = 'value';
|
||||
$data['__Token']['key'] = $key;
|
||||
|
||||
$fields = array(
|
||||
'Model' => array(
|
||||
0 => array('username', 'password'),
|
||||
1 => array('username', 'password'),
|
||||
),
|
||||
'__Token' => array('key' => $key)
|
||||
);
|
||||
'Model' => array(
|
||||
0 => array('username', 'password', 'hidden'),
|
||||
1 => array('username', 'password', 'hidden')),
|
||||
'_Model' => array(
|
||||
0 => array('hidden' => 'value'),
|
||||
1 => array('hidden' => 'value')),
|
||||
'__Token' => array('key' => $key));
|
||||
|
||||
$fields = $this->__sortFields($fields);
|
||||
|
||||
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
||||
$data['__Token']['fields'] = $fields;
|
||||
|
||||
$this->Controller->data = $data;
|
||||
$result = $this->Controller->Security->__validatePost($this->Controller);
|
||||
$this->assertTrue($result);
|
||||
|
||||
unset($data['_Model']);
|
||||
$data['Model'][0]['hidden'] = 'value';
|
||||
$data['Model'][1]['hidden'] = 'value';
|
||||
$this->assertTrue($this->Controller->data == $data);
|
||||
}
|
||||
|
||||
function __sortFields($fields) {
|
||||
|
|
|
@ -707,7 +707,15 @@ class FormHelperTest extends CakeTestCase {
|
|||
$this->assertPattern('/id="ModelField1"/', $result);
|
||||
$this->assertPattern('/id="ModelField0".*checked="checked"/', $result);
|
||||
$this->assertPattern('/(<input[^<>]+name="data\[Model\]\[field\]"[^<>]+>.+){2}/', $result);
|
||||
|
||||
|
||||
$result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'), array('value' => null));
|
||||
$this->assertPattern('/id="ModelField1"/', $result);
|
||||
$this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result);
|
||||
|
||||
$result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'));
|
||||
$this->assertPattern('/id="ModelField1"/', $result);
|
||||
$this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result);
|
||||
|
||||
$result = $this->Form->input('Newsletter.subscribe', array('legend' => 'Legend title', 'type' => 'radio', 'options' => array('0' => 'Unsubscribe', '1' => 'Subscribe')));
|
||||
$expected = '<div class="input"><fieldset><legend>Legend title</legend><input type="hidden" name="data[Newsletter][subscribe]" value="" id="NewsletterSubscribe_" /><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe0" value="0" /><label for="NewsletterSubscribe0">Unsubscribe</label><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe1" value="1" /><label for="NewsletterSubscribe1">Subscribe</label></fieldset></div>';
|
||||
$this->assertEqual($result, $expected);
|
||||
|
|
Loading…
Add table
Reference in a new issue