Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix disabled + SecurityComponent
Disabled inputs should be omitted from the secured fields.
This will enable forms to submit successfully as long as those
inputs stay excluded from the form submission.

Fixes #2333
  • Loading branch information
markstory committed Dec 8, 2011
1 parent 123a1a2 commit 64eb38a
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 3 deletions.
28 changes: 28 additions & 0 deletions lib/Cake/Test/Case/View/Helper/FormHelperTest.php
Expand Up @@ -1365,6 +1365,34 @@ public function testFormSecuredRadio() {
$this->assertEquals($this->Form->fields, $expected);
}

/**
* test that forms with disabled inputs + secured forms leave off the inputs from the form
* hashing.
*
* @return void
*/
public function testFormSecuredAndDisabled() {
$this->Form->request['_Token'] = array('key' => 'testKey');

$this->Form->checkbox('Model.checkbox', array('disabled' => true));
$this->Form->text('Model.text', array('disabled' => true));
$this->Form->password('Model.text', array('disabled' => true));
$this->Form->textarea('Model.textarea', array('disabled' => true));
$this->Form->select('Model.select', array(1, 2), array('disabled' => true));
$this->Form->radio('Model.radio', array(1, 2), array('disabled' => array(1, 2)));
$this->Form->year('Model.year', null, null, array('disabled' => true));
$this->Form->month('Model.month', array('disabled' => true));
$this->Form->day('Model.day', array('disabled' => true));
$this->Form->hour('Model.hour', false, array('disabled' => true));
$this->Form->minute('Model.minute', array('disabled' => true));
$this->Form->meridian('Model.meridian', array('disabled' => true));

$expected = array(
'Model.radio' => ''
);
$this->assertEquals($expected, $this->Form->fields);
}

/**
* testDisableSecurityUsingForm method
*
Expand Down
8 changes: 5 additions & 3 deletions lib/Cake/View/Helper/FormHelper.php
Expand Up @@ -1778,7 +1778,7 @@ public function select($fieldName, $options = array(), $attributes = array()) {
}

if (!empty($tag) || isset($template)) {
if (!isset($secure) || $secure == true) {
if ((!isset($secure) || $secure == true) && empty($attributes['disabled'])) {
$this->_secure(true);
}
$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => '', 'value' => '')));
Expand Down Expand Up @@ -2492,7 +2492,9 @@ protected function _generateOptions($name, $options = array()) {
*
* ### Options
*
* - `secure` - boolean whether or not the field should be added to the security fields.
* - `secure` - boolean whether or not the field should be added to the security fields.
* Disabling the field using the `disabled` option, will also omit the field from being
* part of the hashed key.
*
* @param string $field Name of the field to initialize options for.
* @param array $options Array of options to append options into.
Expand All @@ -2507,7 +2509,7 @@ protected function _initInputField($field, $options = array()) {
}

$result = parent::_initInputField($field, $options);
if ($secure === self::SECURE_SKIP) {
if (!empty($result['disabled']) || $secure === self::SECURE_SKIP) {
return $result;
}

Expand Down

0 comments on commit 64eb38a

Please sign in to comment.