From 29c9836ff8c9489243fdcf93101c9987d92dbda9 Mon Sep 17 00:00:00 2001
From: Mark Story <mark@mark-story.com>
Date: Thu, 30 Apr 2015 22:43:12 -0400
Subject: [PATCH] Fix incorrect pattern in SecurityComponent.

The test pattern was not catching multi digit numbers.

Refs #6456
---
 src/Controller/Component/SecurityComponent.php              | 2 +-
 .../TestCase/Controller/Component/SecurityComponentTest.php | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Controller/Component/SecurityComponent.php b/src/Controller/Component/SecurityComponent.php
index 3afd659cf05..1aa416b85fd 100644
--- a/src/Controller/Component/SecurityComponent.php
+++ b/src/Controller/Component/SecurityComponent.php
@@ -306,7 +306,7 @@ protected function _validatePost(Controller $controller)
         $multi = [];
 
         foreach ($fieldList as $i => $key) {
-            if (preg_match('/(\.\d){1,10}$/', $key)) {
+            if (preg_match('/(\.\d+){1,10}$/', $key)) {
                 $multi[$i] = preg_replace('/(\.\d+){1,10}$/', '', $key);
                 unset($fieldList[$i]);
             } else {
diff --git a/tests/TestCase/Controller/Component/SecurityComponentTest.php b/tests/TestCase/Controller/Component/SecurityComponentTest.php
index 133613e1882..a5e1d2e66fd 100644
--- a/tests/TestCase/Controller/Component/SecurityComponentTest.php
+++ b/tests/TestCase/Controller/Component/SecurityComponentTest.php
@@ -500,6 +500,12 @@ public function testValidatePostArray()
             '_Token' => compact('fields', 'unlocked')
         ];
         $this->assertTrue($this->Controller->Security->validatePost($this->Controller));
+
+        $this->Controller->request->data = [
+            'Model' => ['multi_field' => [12 => '1',  20 => '3']],
+            '_Token' => compact('fields', 'unlocked')
+        ];
+        $this->assertTrue($this->Controller->Security->validatePost($this->Controller));
     }
 
     /**