Fixing blackholes caused by using custom name attributes with inputs. F…

…ixes #1489
cakephp · Jan 28, 2011 · 5464ed8 · 5464ed8
1 parent 38e286e
commit 5464ed8
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php
@@ -2190,10 +2190,19 @@ function _initInputField($field, $options = array()) {
 		} else {
 			$secure = (isset($this->params['_Token']) && !empty($this->params['_Token']));
 		}
+
+		$fieldName = null;
+		if ($secure && !empty($options['name'])) {
+			preg_match_all('/\[(.*?)\]/', $options['name'], $matches);
+			if (isset($matches[1])) {
+				$fieldName = $matches[1];
+			}
+		}
+
 		$result = parent::_initInputField($field, $options);
 
 		if ($secure) {
-			$this->__secure();
+			$this->__secure($fieldName);
 		}
 		return $result;
 	}

diff --git a/cake/tests/cases/libs/view/helpers/form.test.php b/cake/tests/cases/libs/view/helpers/form.test.php
@@ -1083,6 +1083,21 @@ function testFormSecurityInputDisabledFields() {
 		$this->assertTags($result, $expected);
 	}
 
+/**
+ * test securing inputs with custom name attributes.
+ *
+ * @return void
+ */
+	function testFormSecureWithCustomNameAttribute() {
+		$this->Form->params['_Token']['key'] = 'testKey';
+
+		$this->Form->text('UserForm.published', array('name' => 'data[User][custom]'));
+		$this->assertEqual('User.custom', $this->Form->fields[0]);
+
+		$this->Form->text('UserForm.published', array('name' => 'data[User][custom][another][value]'));
+		$this->assertEqual('User.custom.another.value', $this->Form->fields[1]);
+	}
+
 /**
  * testFormSecuredInput method
  *