Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Don't add empty names to secure fields list.
  • Loading branch information
ADmad committed Mar 29, 2015
1 parent c86a9ae commit 12b4cea
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 3 deletions.
14 changes: 11 additions & 3 deletions src/View/Helper/FormHelper.php
Expand Up @@ -613,10 +613,14 @@ public function unlockField($name = null)
* @param string|array $field Reference to field to be secured. Can be dot
* separated string to indicate nesting or array of fieldname parts.
* @param mixed $value Field value, if value should not be tampered with.
* @return mixed|null Not used yet
* @return void
*/
protected function _secure($lock, $field, $value = null)
{
if (empty($field)) {
return;
}

if (is_string($field)) {
$field = Hash::filter(explode('.', $field));
}
Expand Down Expand Up @@ -2381,11 +2385,15 @@ protected function _initInputField($field, $options = [])
* fieldname parts like ['Model', 'field'] is returned.
*
* @param string $name The form inputs name attribute.
* @return string|array|null Dot separated string like Foo.bar, array of filename
* params like ['Model', 'field'] or null if options does not contain name.
* @return array Array of field name params like ['Model.field'] or
* ['Model', 'field'] for array fields or empty array if $name is empty.
*/
protected function _secureFieldName($name)
{
if (empty($name)) {
return [];
}

if (strpos($name, '[') === false) {
return [$name];
}
Expand Down
15 changes: 15 additions & 0 deletions tests/TestCase/View/Helper/FormHelperTest.php
Expand Up @@ -262,6 +262,21 @@ public function testAddWidgetAndRenderWidget()
$this->assertEquals('HTML', $result);
}

/**
* Test that empty string is not added to secure fields list when
* rendering input widget without name.
*
* @return void
*/
public function testRenderingWidgetWithEmptyName()
{
$this->assertEquals([], $this->Form->fields);

$result = $this->Form->widget('select', ['secure' => true, 'name' => '']);
$this->assertEquals('<select name=""></select>', $result);
$this->assertEquals([], $this->Form->fields);
}

/**
* Test registering an invalid widget class.
*
Expand Down

0 comments on commit 12b4cea

Please sign in to comment.