Fix datetime fields not being secured.

Ensure all the various datetime fields are added to Form->fields so they are not blackholed later. Fixes #3573
cakephp · May 27, 2014 · 64e6337 · 64e6337
1 parent e5b73bd
commit 64e6337
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 1 deletion.
diff --git a/src/View/Helper/FormHelper.php b/src/View/Helper/FormHelper.php
@@ -345,7 +345,6 @@ public function create($model = null, $options = []) {
 		if (!empty($append)) {
 			$append = $templater->format('hiddenblock', ['content' => $append]);
 		}
-
 		$this->_lastAction = $action;
 		if (strpos($action, '://')) {
 			$query = parse_url($action, PHP_URL_QUERY);
@@ -1955,9 +1954,21 @@ public function dateTime($fieldName, array $options = array()) {
 			'timeFormat' => 24,
 			'second' => false,
 		];
+		$secure = true;
+		if (isset($options['secure'])) {
+			$secure = $options['secure'];
+		}
+		$options['secure'] = static::SECURE_SKIP;
+
 		$options = $this->_initInputField($fieldName, $options);
 		$options = $this->_datetimeOptions($options);
 
+		foreach ($this->_datetimeParts as $type) {
+			if ($options[$type] !== false) {
+				$this->_secure($secure, $fieldName . '.' . $type);
+			}
+		}
+
 		return $this->widget('datetime', $options);
 	}
 
@@ -2080,9 +2091,22 @@ public function date($fieldName, array $options = []) {
 		];
 		$options['hour'] = $options['minute'] = false;
 		$options['meridian'] = $options['second'] = false;
+
+		$secure = true;
+		if (isset($options['secure'])) {
+			$secure = $options['secure'];
+		}
+		$options['secure'] = static::SECURE_SKIP;
+
 		$options = $this->_initInputField($fieldName, $options);
 		$options = $this->_datetimeOptions($options);
 
+		foreach ($this->_datetimeParts as $type) {
+			if ($options[$type] !== false) {
+				$this->_secure($secure, $fieldName . '.' . $type);
+			}
+		}
+
 		return $this->widget('datetime', $options);
 	}
 

diff --git a/tests/TestCase/View/Helper/FormHelperTest.php b/tests/TestCase/View/Helper/FormHelperTest.php
@@ -4233,6 +4233,34 @@ public function testDateTime() {
 		$this->assertTags($result, $expected);
 	}
 
+/**
+ * Test that datetime fields are added to protected fields list.
+ *
+ * @return void
+ */
+	public function testDateTimeSecured() {
+		$this->Form->request->params['_Token'] = ['unlockedFields' => []];
+		$this->Form->dateTime('Contact.date');
+		$expected = [
+			'Contact.date.year',
+			'Contact.date.month',
+			'Contact.date.day',
+			'Contact.date.hour',
+			'Contact.date.minute',
+			'Contact.date.meridian',
+		];
+		$this->assertEquals($expected, $this->Form->fields);
+
+		$this->Form->fields = [];
+		$this->Form->date('Contact.published');
+		$expected = [
+			'Contact.published.year',
+			'Contact.published.month',
+			'Contact.published.day',
+		];
+		$this->assertEquals($expected, $this->Form->fields);
+	}
+
 /**
  * Test empty defaulting to true for datetime.
  *