Adding a new hidden field for the disabled fields.

Updating the FormHelper tests for the new field.
cakephp · Jun 15, 2011 · 0c3c6e5 · 0c3c6e5
1 parent 83184c9
commit 0c3c6e5
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 15 deletions.
diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php
@@ -830,10 +830,14 @@ public function testFormSecurityFields() {
 
 		$expected = array(
 			'div' => array('style' => 'display:none;'),
-			'input' => array(
+			array('input' => array(
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => urlencode($expected), 'id' => 'preg:/TokenFields\d+/'
-			),
+			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);
@@ -893,10 +897,14 @@ public function testFormSecurityMultipleFields() {
 
 		$expected = array(
 			'div' => array('style' => 'display:none;'),
-			'input' => array(
+			array('input' => array(
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
-			),
+			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);
@@ -935,10 +943,14 @@ public function testFormSecurityMultipleSubmitButtons() {
 
 		$expected = array(
 			'div' => array('style' => 'display:none;'),
-			'input' => array(
+			array('input' => array(
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => 'preg:/.+/', 'id' => 'preg:/TokenFields\d+/'
-			),
+			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);
@@ -982,10 +994,14 @@ public function testFormSecurityMultipleInputFields() {
 
 		$expected = array(
 			'div' => array('style' => 'display:none;'),
-			'input' => array(
+			array('input' => array(
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
-			),
+			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);
@@ -1023,14 +1039,18 @@ public function testFormSecurityMultipleInputDisabledFields() {
 		$this->Form->input('Addresses.1.phone');
 
 		$result = $this->Form->secure($this->Form->fields);
-		$hash = '774df31936dc850b7d8a5277dc0b890123788b09%3AAddresses.0.id%7CAddresses.1.id';
+		$hash = '629b6536dcece48aa41a117045628ce602ccbbb2%3AAddresses.0.id%7CAddresses.1.id';
 
 		$expected = array(
 			'div' => array('style' => 'display:none;'),
-			'input' => array(
+			array('input' => array(
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
-			),
+			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);
@@ -1070,13 +1090,17 @@ public function testFormSecurityInputDisabledFields() {
 
 		$result = $this->Form->secure($expected);
 
-		$hash = '449b7e889128e8e52c5e81d19df68f5346571492%3AAddresses.id';
+		$hash = '2981c38990f3f6ba935e6561dc77277966fabd6d%3AAddresses.id';
 		$expected = array(
 			'div' => array('style' => 'display:none;'),
-			'input' => array(
+			array('input' => array(
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
-			),
+			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);
@@ -1198,6 +1222,10 @@ public function testFormSecuredInput() {
 				'type' => 'hidden', 'name' => 'data[_Token][fields]',
 				'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
 			)),
+			array('input' => array(
+				'type' => 'hidden', 'name' => 'data[_Token][disabled]',
+				'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+			)),
 			'/div'
 		);
 		$this->assertTags($result, $expected);

diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php
@@ -417,24 +417,32 @@ public function secure($fields = array()) {
 			return;
 		}
 		$locked = array();
+		$disabledFields = $this->_disabledFields;
 
 		foreach ($fields as $key => $value) {
 			if (!is_int($key)) {
 				$locked[$key] = $value;
 				unset($fields[$key]);
 			}
 		}
+
+		sort($disabledFields, SORT_STRING);
 		sort($fields, SORT_STRING);
 		ksort($locked, SORT_STRING);
 		$fields += $locked;
 
-		$fields = Security::hash(serialize($fields) . Configure::read('Security.salt'));
 		$locked = implode(array_keys($locked), '|');
+		$disabled = implode($disabledFields, '|');
+		$fields = Security::hash(serialize($fields) . $disabled . Configure::read('Security.salt'));
 
 		$out = $this->hidden('_Token.fields', array(
 			'value' => urlencode($fields . ':' . $locked),
 			'id' => 'TokenFields' . mt_rand()
 		));
+		$out .= $this->hidden('_Token.disabled', array(
+			'value' => urlencode($disabled),
+			'id' => 'TokenDisabled' . mt_rand()
+		));
 		return $this->Html->useTag('block', ' style="display:none;"', $out);
 	}