mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-19 02:56:15 +00:00
Updating method name, variables, and properties to be unlocked.
This better reflects what is actually going to happen, as fields that are unlocked are not checked. It also works better with the idea that secure = false means unlocked or unsecured.
This commit is contained in:
mark_story
parent
338957936b
commit
f3f475f502
2 changed files with 51 additions and 51 deletions
|
|
@ -835,8 +835,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => urlencode($expected), 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -902,8 +902,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -948,8 +948,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => 'preg:/.+/', 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -999,8 +999,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -1019,7 +1019,7 @@ class FormHelperTest extends CakeTestCase {
|
|||
$key = 'testKey';
|
||||
$this->Form->request->params['_Token'] = array(
|
||||
'key' => $key,
|
||||
'disabledFields' => array('first_name', 'address')
|
||||
'unlockedFields' => array('first_name', 'address')
|
||||
);
|
||||
$this->Form->create();
|
||||
|
||||
|
|
@ -1048,8 +1048,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -1064,14 +1064,14 @@ class FormHelperTest extends CakeTestCase {
|
|||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function testFormSecurityInputDisabledFields() {
|
||||
public function testFormSecurityInputUnlockedFields() {
|
||||
$key = 'testKey';
|
||||
$this->Form->request['_Token'] = array(
|
||||
'key' => $key,
|
||||
'disabledFields' => array('first_name', 'address')
|
||||
'unlockedFields' => array('first_name', 'address')
|
||||
);
|
||||
$this->Form->create();
|
||||
$this->assertEquals($this->Form->request['_Token']['disabledFields'], $this->Form->disableField());
|
||||
$this->assertEquals($this->Form->request['_Token']['unlockedFields'], $this->Form->unlockField());
|
||||
|
||||
$this->Form->hidden('Addresses.id', array('value' => '123456'));
|
||||
$this->Form->input('Addresses.title');
|
||||
|
|
@ -1098,8 +1098,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -1223,8 +1223,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
|
||||
)),
|
||||
array('input' => array(
|
||||
'type' => 'hidden', 'name' => 'data[_Token][disabled]',
|
||||
'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
|
||||
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
|
||||
'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
|
||||
)),
|
||||
'/div'
|
||||
);
|
||||
|
|
@ -1318,28 +1318,28 @@ class FormHelperTest extends CakeTestCase {
|
|||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testDisableFieldAddsToList() {
|
||||
public function testUnlockFieldAddsToList() {
|
||||
$this->Form->request['_Token'] = array(
|
||||
'key' => 'testKey',
|
||||
'disabledFields' => array()
|
||||
'unlockedFields' => array()
|
||||
);
|
||||
$this->Form->create('Contact');
|
||||
$this->Form->disableField('Contact.name');
|
||||
$this->Form->unlockField('Contact.name');
|
||||
$this->Form->text('Contact.name');
|
||||
|
||||
$this->assertEquals(array('Contact.name'), $this->Form->disableField());
|
||||
$this->assertEquals(array('Contact.name'), $this->Form->unlockField());
|
||||
$this->assertEquals(array(), $this->Form->fields);
|
||||
}
|
||||
|
||||
/**
|
||||
* test disableField removing from fields array.
|
||||
* test unlockField removing from fields array.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testDisableFieldRemovingFromFields() {
|
||||
public function testUnlockFieldRemovingFromFields() {
|
||||
$this->Form->request['_Token'] = array(
|
||||
'key' => 'testKey',
|
||||
'disabledFields' => array()
|
||||
'unlockedFields' => array()
|
||||
);
|
||||
$this->Form->create('Contact');
|
||||
$this->Form->hidden('Contact.id', array('value' => 1));
|
||||
|
|
@ -1348,8 +1348,8 @@ class FormHelperTest extends CakeTestCase {
|
|||
$this->assertEquals(1, $this->Form->fields['Contact.id'], 'Hidden input should be secured.');
|
||||
$this->assertTrue(in_array('Contact.name', $this->Form->fields), 'Field should be secured.');
|
||||
|
||||
$this->Form->disableField('Contact.name');
|
||||
$this->Form->disableField('Contact.id');
|
||||
$this->Form->unlockField('Contact.name');
|
||||
$this->Form->unlockField('Contact.id');
|
||||
$this->assertEquals(array(), $this->Form->fields);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class FormHelper extends AppHelper {
|
|||
|
||||
/**
|
||||
* Constant used internally to skip the securing process,
|
||||
* and neither add the field to the hash or to the disabled fields.
|
||||
* and neither add the field to the hash or to the unlocked fields.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
|
|
@ -104,7 +104,7 @@ class FormHelper extends AppHelper {
|
|||
* @see SecurityComponent::validatePost()
|
||||
* @var array
|
||||
*/
|
||||
protected $_disabledFields = array();
|
||||
protected $_unlockedFields = array();
|
||||
|
||||
/**
|
||||
* Introspects model information and extracts information related
|
||||
|
|
@ -339,9 +339,9 @@ class FormHelper extends AppHelper {
|
|||
'value' => $this->request->params['_Token']['key'], 'id' => 'Token' . mt_rand())
|
||||
);
|
||||
|
||||
if (!empty($this->request['_Token']['disabledFields'])) {
|
||||
foreach ((array)$this->request['_Token']['disabledFields'] as $disabled) {
|
||||
$this->_disabledFields[] = $disabled;
|
||||
if (!empty($this->request['_Token']['unlockedFields'])) {
|
||||
foreach ((array)$this->request['_Token']['unlockedFields'] as $unlocked) {
|
||||
$this->_unlockedFields[] = $unlocked;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -417,7 +417,7 @@ class FormHelper extends AppHelper {
|
|||
return;
|
||||
}
|
||||
$locked = array();
|
||||
$disabledFields = $this->_disabledFields;
|
||||
$unlockedFields = $this->_unlockedFields;
|
||||
|
||||
foreach ($fields as $key => $value) {
|
||||
if (!is_int($key)) {
|
||||
|
|
@ -426,41 +426,41 @@ class FormHelper extends AppHelper {
|
|||
}
|
||||
}
|
||||
|
||||
sort($disabledFields, SORT_STRING);
|
||||
sort($unlockedFields, SORT_STRING);
|
||||
sort($fields, SORT_STRING);
|
||||
ksort($locked, SORT_STRING);
|
||||
$fields += $locked;
|
||||
|
||||
$locked = implode(array_keys($locked), '|');
|
||||
$disabled = implode($disabledFields, '|');
|
||||
$fields = Security::hash(serialize($fields) . $disabled . Configure::read('Security.salt'));
|
||||
$unlocked = implode($unlockedFields, '|');
|
||||
$fields = Security::hash(serialize($fields) . $unlocked . Configure::read('Security.salt'));
|
||||
|
||||
$out = $this->hidden('_Token.fields', array(
|
||||
'value' => urlencode($fields . ':' . $locked),
|
||||
'id' => 'TokenFields' . mt_rand()
|
||||
));
|
||||
$out .= $this->hidden('_Token.disabled', array(
|
||||
'value' => urlencode($disabled),
|
||||
'id' => 'TokenDisabled' . mt_rand()
|
||||
$out .= $this->hidden('_Token.unlocked', array(
|
||||
'value' => urlencode($unlocked),
|
||||
'id' => 'TokenUnlocked' . mt_rand()
|
||||
));
|
||||
return $this->Html->useTag('block', ' style="display:none;"', $out);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add to or get the list of fields that are currently disabled.
|
||||
* Disabled fields are not included in the field hash used by SecurityComponent
|
||||
* disabling a field once its been added to the list of secured fields will remove
|
||||
* Add to or get the list of fields that are currently unlocked.
|
||||
* Unlocked fields are not included in the field hash used by SecurityComponent
|
||||
* unlocking a field once its been added to the list of secured fields will remove
|
||||
* it from the list of fields.
|
||||
*
|
||||
* @param string $name The dot separated name for the field.
|
||||
* @return mixed Either null, or the list of fields.
|
||||
*/
|
||||
public function disableField($name = null) {
|
||||
public function unlockField($name = null) {
|
||||
if ($name === null) {
|
||||
return $this->_disabledFields;
|
||||
return $this->_unlockedFields;
|
||||
}
|
||||
if (!in_array($name, $this->_disabledFields)) {
|
||||
$this->_disabledFields[] = $name;
|
||||
if (!in_array($name, $this->_unlockedFields)) {
|
||||
$this->_unlockedFields[] = $name;
|
||||
}
|
||||
$index = array_search($name, $this->fields);
|
||||
if ($index !== false) {
|
||||
|
|
@ -474,7 +474,7 @@ class FormHelper extends AppHelper {
|
|||
* Populates $this->fields
|
||||
*
|
||||
* @param boolean $lock Whether this field should be part of the validation
|
||||
* or excluded as part of the disabledFields.
|
||||
* or excluded as part of the unlockedFields.
|
||||
* @param mixed $field Reference to field to be secured
|
||||
* @param mixed $value Field value, if value should not be tampered with.
|
||||
* @return void
|
||||
|
|
@ -486,9 +486,9 @@ class FormHelper extends AppHelper {
|
|||
$field = Set::filter(explode('.', $field), true);
|
||||
}
|
||||
|
||||
foreach ($this->_disabledFields as $disableField) {
|
||||
$disableParts = explode('.', $disableField);
|
||||
if (array_values(array_intersect($field, $disableParts)) === $disableParts) {
|
||||
foreach ($this->_unlockedFields as $unlockField) {
|
||||
$unlockParts = explode('.', $unlockField);
|
||||
if (array_values(array_intersect($field, $unlockParts)) === $unlockParts) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
@ -503,7 +503,7 @@ class FormHelper extends AppHelper {
|
|||
$this->fields[] = $field;
|
||||
}
|
||||
} else {
|
||||
$this->disableField($field);
|
||||
$this->unlockField($field);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue