From 82579ff389171e903b98516afa8cba54e2af3d84 Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Mon, 9 Jun 2014 22:05:09 -0400
Subject: [PATCH] Fix incorrect lastAction generation when named parameters are
 used.

Fixes #3549
---
 cake/libs/view/helpers/form.php               | 14 ++++++++++++-
 .../cases/libs/view/helpers/form.test.php     | 21 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php
index a0823056ec6..5eb901c5914 100644
--- a/cake/libs/view/helpers/form.php
+++ b/cake/libs/view/helpers/form.php
@@ -329,12 +329,24 @@ function create($model = null, $options = array()) {
 			$append = sprintf($this->Html->tags['block'], ' style="display:none;"', $append);
 		}
 
-		$this->_lastAction = parse_url($action, PHP_URL_PATH);
+		$this->_lastAction($action);
 		$this->setEntity($model . '.', true);
 		$attributes = sprintf('action="%s" ', $action) . $this->_parseAttributes($htmlAttributes, null, '');
 		return sprintf($this->Html->tags['form'], $attributes) . $append;
 	}
 
+/**
+ * Sets the last created form action.
+ *
+ * @param string|array $url URL.
+ * @return void
+ */
+	function _lastAction($url) {
+		$action = Router::url($url, true);
+		$parts = parse_url($action);
+		$this->_lastAction = $parts['path'];
+	}
+
 /**
  * Closes an HTML form, cleans up values set by FormHelper::create(), and writes hidden
  * input fields where appropriate.
diff --git a/cake/tests/cases/libs/view/helpers/form.test.php b/cake/tests/cases/libs/view/helpers/form.test.php
index b1b18cbb31d..0d639214736 100644
--- a/cake/tests/cases/libs/view/helpers/form.test.php
+++ b/cake/tests/cases/libs/view/helpers/form.test.php
@@ -1011,6 +1011,27 @@ function testFormSecurityArrayFields() {
 		$this->assertEqual('Address.primary', $this->Form->fields[0]);
 	}
 
+/**
+ * Test form security hash generation with relative urls.
+ *
+ * @return void
+ */
+	function testFormSecurityRelativeUrl() {
+		$key = 'testKey';
+		$this->Form->params['_Token']['key'] = $key;
+
+		$expected = Security::hash(
+			'/posts/edit/type:5' .
+			serialize(array()) .
+			Configure::read('Security.salt')
+		);
+		$this->Form->create('Post', array(
+			'url' => array('controller' => 'posts', 'action' => 'edit', 'type' => 5)
+		));
+		$result = $this->Form->secure($this->Form->fields);
+		$this->assertTrue(strpos($result, $expected) !== false);
+	}
+
 /**
  * testFormSecurityMultipleInputDisabledFields method
  *