Making FormHelper clear fields on create() as well as end() this ensu…

…res that GET forms don't leak fields. Fixes #571
cakephp · Jun 13, 2010 · 50144d6 · 50144d6
1 parent d1651db
commit 50144d6
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php
@@ -306,6 +306,7 @@ function create($model = null, $options = array()) {
 		unset($options['default']);
 		$htmlAttributes = array_merge($options, $htmlAttributes);
 
+		$this->fields = array();
 		if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
 			$append .= $this->hidden('_Token.key', array(
 				'value' => $this->params['_Token']['key'], 'id' => 'Token' . mt_rand())

diff --git a/cake/tests/cases/libs/view/helpers/form.test.php b/cake/tests/cases/libs/view/helpers/form.test.php
@@ -751,6 +751,17 @@ function testCreateWithSecurity() {
 		$this->assertTags($result, $expected);
 	}
 
+/**
+ * test that create() clears the fields property so it starts fresh
+ *
+ * @return void
+ */
+	function testCreateClearingFields() {
+		$this->Form->fields = array('model_id');
+		$this->Form->create('Contact');
+		$this->assertEqual($this->Form->fields, array());
+	}
+
 /**
  * Tests form hash generation with model-less data
  *