adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-18 18:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

"References #4239 Added test from ticket to showing ticket is invalid.

Browse source 
Fixes #4394, fails when the hasMany multi-record form contains hidden fields.
"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6627 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2008-04-03 02:29:17 +00:00
parent 06d06c85d9
commit f2941a660e
3 changed files with 61 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
cake/libs/controller/components/security.php
View file

@ -542,25 +542,35 @@ class SecurityComponent extends Object {
$values = array_values($value); $values = array_values($value);
$k = array_keys($value); $k = array_keys($value);
$count = count($k); $count = count($k);
if (is_numeric($k[0])) {
for ($i = 0; $count > $i; $i++) {
$field[$newKey][$i] = array_merge($field[$newKey][$i], array_keys($values[$i]));
}
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
}
for ($i = 0; $count > $i; $i++) { for ($i = 0; $count > $i; $i++) {
$field[$key][$k[$i]] = $values[$i]; $field[$key][$k[$i]] = $values[$i];
} }
}
foreach ($k as $lookup) { foreach ($k as $lookup) {
if (isset($controller->data[$newKey][$lookup])) { if (isset($controller->data[$newKey][$lookup])) {
unset($controller->data[$key][$lookup]); unset($controller->data[$key][$lookup]);
} elseif ($controller->data[$key][$lookup] === '0') { } elseif ($controller->data[$key][$lookup] === '0') {
$merge[] = $lookup; $merge[] = $lookup;
}
} }
} }
if (isset($field[$newKey])) { if (!is_numeric($k[0])) {
$field[$newKey] = array_merge($merge, $field[$newKey]); if (isset($field[$newKey])) {
} else { $field[$newKey] = array_merge($merge, $field[$newKey]);
$field[$newKey] = $merge; } else {
$field[$newKey] = $merge;
}
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
} }
$controller->data[$newKey] = Set::pushDiff($controller->data[$key], $controller->data[$newKey]);
unset($controller->data[$key]); unset($controller->data[$key]);
continue; continue;
} }
@ -584,8 +594,8 @@ class SecurityComponent extends Object {
} }
} }
ksort($field); ksort($field);
$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
$check = urlencode(Security::hash(serialize($field) . Configure::read('Security.salt')));
if ($form !== $check) { if ($form !== $check) {
if (!$this->blackHole($controller, 'auth')) { if (!$this->blackHole($controller, 'auth')) {
return null; return null;

38
cake/tests/cases/libs/controller/components/security.test.php
View file

@ -83,6 +83,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data; $this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller); $result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result); $this->assertTrue($result);
$this->assertTrue($this->Controller->data == $data);
} }
function testValidatePostCheckbox() { function testValidatePostCheckbox() {
@ -107,6 +108,10 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data; $this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller); $result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result); $this->assertTrue($result);
unset($data['_Model']);
$data['Model']['valid'] = '0';
$this->assertTrue($this->Controller->data == $data);
} }
function testValidatePostHidden() { function testValidatePostHidden() {
@ -130,6 +135,10 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data; $this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller); $result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result); $this->assertTrue($result);
unset($data['_Model']);
$data['Model']['hidden'] = '0';
$this->assertTrue($this->Controller->data == $data);
} }
function testValidateHiddenMultipleModel() { function testValidateHiddenMultipleModel() {
@ -159,34 +168,47 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->data = $data; $this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller); $result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result); $this->assertTrue($result);
unset($data['_Model'], $data['_Model2'], $data['_Model3']);
$data['Model']['valid'] = '0';
$data['Model2']['valid'] = '0';
$data['Model3']['valid'] = '0';
$this->assertTrue($this->Controller->data == $data);
} }
function testValidateHasManyModel() { function testValidateHasManyModel() {
$this->Controller->Security->startup($this->Controller); $this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key']; $key = $this->Controller->params['_Token']['key'];
$data['Model'][0]['username'] = ''; $data['Model'][0]['username'] = '';
$data['Model'][0]['password'] = ''; $data['Model'][0]['password'] = '';
$data['Model'][1]['username'] = ''; $data['Model'][1]['username'] = '';
$data['Model'][1]['password'] = ''; $data['Model'][1]['password'] = '';
$data['_Model'][0]['hidden'] = 'value';
$data['_Model'][1]['hidden'] = 'value';
$data['__Token']['key'] = $key; $data['__Token']['key'] = $key;
$fields = array( $fields = array(
'Model' => array( 'Model' => array(
0 => array('username', 'password'), 0 => array('username', 'password', 'hidden'),
1 => array('username', 'password'), 1 => array('username', 'password', 'hidden')),
), '_Model' => array(
'__Token' => array('key' => $key) 0 => array('hidden' => 'value'),
); 1 => array('hidden' => 'value')),
'__Token' => array('key' => $key));
$fields = $this->__sortFields($fields); $fields = $this->__sortFields($fields);
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt'))); $fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$data['__Token']['fields'] = $fields; $data['__Token']['fields'] = $fields;
$this->Controller->data = $data; $this->Controller->data = $data;
$result = $this->Controller->Security->__validatePost($this->Controller); $result = $this->Controller->Security->__validatePost($this->Controller);
$this->assertTrue($result); $this->assertTrue($result);
unset($data['_Model']);
$data['Model'][0]['hidden'] = 'value';
$data['Model'][1]['hidden'] = 'value';
$this->assertTrue($this->Controller->data == $data);
} }
function __sortFields($fields) { function __sortFields($fields) {

10
cake/tests/cases/libs/view/helpers/form.test.php
View file

@ -707,7 +707,15 @@ class FormHelperTest extends CakeTestCase {
$this->assertPattern('/id="ModelField1"/', $result); $this->assertPattern('/id="ModelField1"/', $result);
$this->assertPattern('/id="ModelField0".*checked="checked"/', $result); $this->assertPattern('/id="ModelField0".*checked="checked"/', $result);
$this->assertPattern('/(<input[^<>]+name="data\[Model\]\[field\]"[^<>]+>.+){2}/', $result); $this->assertPattern('/(<input[^<>]+name="data\[Model\]\[field\]"[^<>]+>.+){2}/', $result);
$result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'), array('value' => null));
$this->assertPattern('/id="ModelField1"/', $result);
$this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result);
$result = $this->Form->radio('Model.field', array('1' => 'Yes', '0' => 'No'));
$this->assertPattern('/id="ModelField1"/', $result);
$this->assertPattern('/id="ModelField0"\svalue="0"\s(?!checked="checked")/', $result);
$result = $this->Form->input('Newsletter.subscribe', array('legend' => 'Legend title', 'type' => 'radio', 'options' => array('0' => 'Unsubscribe', '1' => 'Subscribe'))); $result = $this->Form->input('Newsletter.subscribe', array('legend' => 'Legend title', 'type' => 'radio', 'options' => array('0' => 'Unsubscribe', '1' => 'Subscribe')));
$expected = '<div class="input"><fieldset><legend>Legend title</legend><input type="hidden" name="data[Newsletter][subscribe]" value="" id="NewsletterSubscribe_" /><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe0" value="0" /><label for="NewsletterSubscribe0">Unsubscribe</label><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe1" value="1" /><label for="NewsletterSubscribe1">Subscribe</label></fieldset></div>'; $expected = '<div class="input"><fieldset><legend>Legend title</legend><input type="hidden" name="data[Newsletter][subscribe]" value="" id="NewsletterSubscribe_" /><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe0" value="0" /><label for="NewsletterSubscribe0">Unsubscribe</label><input type="radio" name="data[Newsletter][subscribe]" id="NewsletterSubscribe1" value="1" /><label for="NewsletterSubscribe1">Subscribe</label></fieldset></div>';
$this->assertEqual($result, $expected); $this->assertEqual($result, $expected);