Fixed bug causing requests with queries to be invalidated

The SecurityComponent would fail at _validatePost because the query arguments were not encoded when the tokens were generated in the IntegrationTestCase
cakephp · Jul 27, 2017 · 44d001c · 44d001c
1 parent c75f2e7
commit 44d001c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/src/TestSuite/IntegrationTestCase.php b/src/TestSuite/IntegrationTestCase.php
@@ -547,11 +547,12 @@ protected function _buildRequest($url, $method, $data)
         list ($url, $query) = $this->_url($url);
         $tokenUrl = $url;
 
+        parse_str($query, $queryData);
+
         if ($query) {
-            $tokenUrl .= '?' . $query;
+            $tokenUrl .= '?' . http_build_query($queryData);
         }
 
-        parse_str($query, $queryData);
         $props = [
             'url' => $url,
             'post' => $this->_addTokens($tokenUrl, $data),

diff --git a/tests/TestCase/TestSuite/IntegrationTestCaseTest.php b/tests/TestCase/TestSuite/IntegrationTestCaseTest.php
@@ -534,6 +534,24 @@ public function testPostSecuredFormWithQuery()
         $this->assertResponseContains('Request was accepted');
     }
 
+    /**
+     * Test posting to a secured form action with a query that has a part that
+     * will be encoded by the security component
+     *
+     * @return void
+     */
+    public function testPostSecuredFormWithUnencodedQuery()
+    {
+        $this->enableSecurityToken();
+        $data = [
+            'title' => 'Some title',
+            'body' => 'Some text'
+        ];
+        $this->post('/posts/securePost?foo=/', $data);
+        $this->assertResponseOk();
+        $this->assertResponseContains('Request was accepted');
+    }
+
     /**
      * Test posting to a secured form action action.
      *