By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.
Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
If inputs are placed outside of the form elements the form attribute
needs to be set on the hidden inputs. Without this attribute the empty
state does not submit correctly.
Fixes#3053
improved tests for testing against additional attributes for Form::secure()
improved tests for testing against additional attributes for Form::end()
removed array cast, fixed test
fixed docblock format
format
Fixed a bug, this won't work as some forms are just empty
In general fixed the issue where enabling SECURE_SKIP for a field
skipped "required" attribute check altogether. Instead now "required"
is set to false for hidden fields by default.
Radio elements would contain ModelModelFieldValue instead of
ModelFieldValue like they should. This was caused by the fix for #3936
and lack of tests for create() + radio().
Fixes#4071
I believe I found a fix for this issue. I am here at #CakeFest2013 and during the #HourOfContribution I ran across this issue.
Currently in CakePHP 2.4 on Line 1522 - 1524 you can see the following code:
@@@ php
if ($label) {
$optTitle = $this->Html->useTag('label', $tagName, '', $optTitle);
}
@@@
The $label variable here the is the $label array passed into the input method in Sethathi example above. The problem is that the $label array is completely ignored and instead a label is created using the HtmlHelper->useTag method.
I have what I believe is a fix for this issue but it hasn't been extensively tested. I tested against Sethathi example in the ticket and it produced the correct result.
The fix is simple. We detect if an array is passed in and then send it to the FormHelper label method instead of the HtmlHelper useTag method. The FormHelper label methods accepts an options array, so we pass in the $label array.
This will probably need to be fixed for checkbox also
"ask":https://cakephp.lighthouseapp.com/users/235987 helped me with this fix
