From f2941a660eaa8e71ad41c630784374be742c53e1 Mon Sep 17 00:00:00 2001 From: phpnut Date: Thu, 3 Apr 2008 02:29:17 +0000 Subject: [PATCH] "References #4239 Added test from ticket to showing ticket is invalid. Fixes #4394, fails when the hasMany multi-record form contains hidden fields. " git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6627 3807eeeb-6ff5-0310-8944-8be069107fe0 --- cake/libs/controller/components/security.php | 34 +++++++++++------ .../controller/components/security.test.php | 38 +++++++++++++++---- .../cases/libs/view/helpers/form.test.php | 10 ++++- 3 files changed, 61 insertions(+), 21 deletions(-) diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php index 3c17bb259..e08a5b48b 100644 --- a/cake/libs/controller/components/security.php +++ b/cake/libs/controller/components/security.php @@ -542,25 +542,35 @@ class SecurityComponent extends Object { $values = array_values($value); $k = array_keys($value); $count = count($k); + + if (is_numeric($k[0])) { + for ($i = 0; $count > $i; $i++) { + $field[$newKey][$i] = array_merge($field[$newKey][$i], array_keys($values[$i])); + } + $controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]); + } + for ($i = 0; $count > $i; $i++) { $field[$key][$k[$i]] = $values[$i]; } - } - foreach ($k as $lookup) { - if (isset($controller->data[$newKey][$lookup])) { - unset($controller->data[$key][$lookup]); - } elseif ($controller->data[$key][$lookup] === '0') { - $merge[] = $lookup; + foreach ($k as $lookup) { + if (isset($controller->data[$newKey][$lookup])) { + unset($controller->data[$key][$lookup]); + } elseif ($controller->data[$key][$lookup] === '0') { + $merge[] = $lookup; + } } } - if (isset($field[$newKey])) { - $field[$newKey] = array_merge($merge, $field[$newKey]); - } else { - $field[$newKey] = $merge; + if (!is_numeric($k[0])) { + if (isset($field[$newKey])) { + $field[$newKey] = array_merge($merge, $field[$newKey]); + } else { + $field[$newKey] = $merge; + } + $controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]); } - $controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]); unset($controller->data[$key]); continue; } @@ -584,8 +594,8 @@ class SecurityComponent extends Object { } } ksort($field); - $check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt'))); + $check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt'))); if ($form !== $check) { if (!$this->blackHole($controller, 'auth')) { return null; diff --git a/cake/tests/cases/libs/controller/components/security.test.php b/cake/tests/cases/libs/controller/components/security.test.php index b7b14a986..e32684f5b 100644 --- a/cake/tests/cases/libs/controller/components/security.test.php +++ b/cake/tests/cases/libs/controller/components/security.test.php @@ -83,6 +83,7 @@ class SecurityComponentTest extends CakeTestCase { $this->Controller->data = $data; $result = $this->Controller->Security->__validatePost($this->Controller); $this->assertTrue($result); + $this->assertTrue($this->Controller->data == $data); } function testValidatePostCheckbox() { @@ -107,6 +108,10 @@ class SecurityComponentTest extends CakeTestCase { $this->Controller->data = $data; $result = $this->Controller->Security->__validatePost($this->Controller); $this->assertTrue($result); + + unset($data['_Model']); + $data['Model']['valid'] = '0'; + $this->assertTrue($this->Controller->data == $data); } function testValidatePostHidden() { @@ -130,6 +135,10 @@ class SecurityComponentTest extends CakeTestCase { $this->Controller->data = $data; $result = $this->Controller->Security->__validatePost($this->Controller); $this->assertTrue($result); + + unset($data['_Model']); + $data['Model']['hidden'] = '0'; + $this->assertTrue($this->Controller->data == $data); } function testValidateHiddenMultipleModel() { @@ -159,34 +168,47 @@ class SecurityComponentTest extends CakeTestCase { $this->Controller->data = $data; $result = $this->Controller->Security->__validatePost($this->Controller); $this->assertTrue($result); + + unset($data['_Model'], $data['_Model2'], $data['_Model3']); + $data['Model']['valid'] = '0'; + $data['Model2']['valid'] = '0'; + $data['Model3']['valid'] = '0'; + $this->assertTrue($this->Controller->data == $data); } function testValidateHasManyModel() { - $this->Controller->Security->startup($this->Controller); + $this->Controller->Security->startup($this->Controller); $key = $this->Controller->params['_Token']['key']; $data['Model'][0]['username'] = ''; $data['Model'][0]['password'] = ''; $data['Model'][1]['username'] = ''; $data['Model'][1]['password'] = ''; + $data['_Model'][0]['hidden'] = 'value'; + $data['_Model'][1]['hidden'] = 'value'; $data['__Token']['key'] = $key; $fields = array( - 'Model' => array( - 0 => array('username', 'password'), - 1 => array('username', 'password'), - ), - '__Token' => array('key' => $key) - ); + 'Model' => array( + 0 => array('username', 'password', 'hidden'), + 1 => array('username', 'password', 'hidden')), + '_Model' => array( + 0 => array('hidden' => 'value'), + 1 => array('hidden' => 'value')), + '__Token' => array('key' => $key)); $fields = $this->__sortFields($fields); - $fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt'))); $data['__Token']['fields'] = $fields; $this->Controller->data = $data; $result = $this->Controller->Security->__validatePost($this->Controller); $this->assertTrue($result); + + unset($data['_Model']); + $data['Model'][0]['hidden'] = 'value'; + $data['Model'][1]['hidden'] = 'value'; + $this->assertTrue($this->Controller->data == $data); } function __sortFields($fields) { diff --git a/cake/tests/cases/libs/view/helpers/form.test.php b/cake/tests/cases/libs/view/helpers/form.test.php index 13c720cc5..79daf4427 100644 --- a/cake/tests/cases/libs/view/helpers/form.test.php +++ b/cake/tests/cases/libs/view/helpers/form.test.php @@ -707,7 +707,15 @@ class FormHelperTest extends CakeTestCase { $this->assertPattern('/id="ModelField1"/', $result); $this->assertPattern('/id="ModelField0".*checked="checked"/', $result); $this->assertPattern('/(]+name="data\[Model\]\[field\]"[^<>]+>.+){2}/', $result); - + + $result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'), array('value' => null)); + $this->assertPattern('/id="ModelField1"/', $result); + $this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result); + + $result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No')); + $this->assertPattern('/id="ModelField1"/', $result); + $this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result); + $result = $this->Form->input('Newsletter.subscribe', array('legend' => 'Legend title', 'type' => 'radio', 'options' => array('0' => 'Unsubscribe', '1' => 'Subscribe'))); $expected = '
Legend title
'; $this->assertEqual($result, $expected);