Fix disabled + SecurityComponent

Disabled inputs should be omitted from the secured fields.
This will enable forms to submit successfully as long as those
inputs stay excluded from the form submission.

Fixes #2333

Author: markstory

lib/Cake/Test/Case/View/Helper/FormHelperTest.php

@@ -1365,6 +1365,34 @@ public function testFormSecuredRadio() {
 		$this->assertEquals($this->Form->fields, $expected);
 	}
 
+/**
+ * test that forms with disabled inputs + secured forms leave off the inputs from the form
+ * hashing.
+ *
+ * @return void
+ */
+	public function testFormSecuredAndDisabled() {
+		$this->Form->request['_Token'] = array('key' => 'testKey');
+
+		$this->Form->checkbox('Model.checkbox', array('disabled' => true));
+		$this->Form->text('Model.text', array('disabled' => true));
+		$this->Form->password('Model.text', array('disabled' => true));
+		$this->Form->textarea('Model.textarea', array('disabled' => true));
+		$this->Form->select('Model.select', array(1, 2), array('disabled' => true));
+		$this->Form->radio('Model.radio', array(1, 2), array('disabled' => array(1, 2)));
+		$this->Form->year('Model.year', null, null, array('disabled' => true));
+		$this->Form->month('Model.month', array('disabled' => true));
+		$this->Form->day('Model.day', array('disabled' => true));
+		$this->Form->hour('Model.hour', false, array('disabled' => true));
+		$this->Form->minute('Model.minute', array('disabled' => true));
+		$this->Form->meridian('Model.meridian', array('disabled' => true));
+
+		$expected = array(
+			'Model.radio' => ''
+		);
+		$this->assertEquals($expected, $this->Form->fields);
+	}
+
 /**
  * testDisableSecurityUsingForm method
  *

lib/Cake/View/Helper/FormHelper.php

@@ -1778,7 +1778,7 @@ public function select($fieldName, $options = array(), $attributes = array()) {
 		}
 
 		if (!empty($tag) || isset($template)) {
-			if (!isset($secure) || $secure == true) {
+			if ((!isset($secure) || $secure == true) && empty($attributes['disabled'])) {
 				$this->_secure(true);
 			}
 			$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => '', 'value' => '')));
@@ -2492,7 +2492,9 @@ protected function _generateOptions($name, $options = array()) {
  *
  * ### Options
  *
- *  - `secure` - boolean whether or not the field should be added to the security fields.
+ * - `secure` - boolean whether or not the field should be added to the security fields.
+ *   Disabling the field using the `disabled` option, will also omit the field from being
+ *   part of the hashed key.
  *
  * @param string $field Name of the field to initialize options for.
  * @param array $options Array of options to append options into.
@@ -2507,7 +2509,7 @@ protected function _initInputField($field, $options = array()) {
 		}
 
 		$result = parent::_initInputField($field, $options);
-		if ($secure === self::SECURE_SKIP) {
+		if (!empty($result['disabled']) || $secure === self::SECURE_SKIP) {
 			return $result;
 		}