Skip to content

Commit

Permalink
Update tests for FormHelper::postButton()
Browse files Browse the repository at this point in the history 
Since this method just combines fixed methods it can continue to pass.
I've decided to remove random id attributes from the CSRF and
SecurityComponent fields. Because the ID values are random they are
impossible to use for scripting which is the main utility ID attributes
provide.
  • Loading branch information
@markstory
markstory committed Feb 17, 2014
1 parent 555a376 commit 865a3fe
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 23 deletions.
3 changes: 0 additions & 3 deletions src/View/Helper/FormHelper.php
View file
Expand Up @@ -436,7 +436,6 @@ protected function _csrfField() {
}
return $this->hidden('_csrfToken', array(
'value' => $this->request->params['_csrfToken'],
'id' => 'Token' . mt_rand(),
'secure' => static::SECURE_SKIP
));
}
Expand Down Expand Up @@ -525,11 +524,9 @@ public function secure($fields = array()) {

$out = $this->hidden('_Token.fields', array(
'value' => urlencode($fields . ':' . $locked),
'id' => 'TokenFields' . mt_rand()
));
$out .= $this->hidden('_Token.unlocked', array(
'value' => urlencode($unlocked),
'id' => 'TokenUnlocked' . mt_rand()
));
return $this->Html->useTag('hiddenblock', $out);
}
Expand Down
39 changes: 19 additions & 20 deletions tests/TestCase/View/Helper/FormHelperTest.php
View file
Expand Up @@ -1124,7 +1124,7 @@ public function testCreateWithSecurity() {
'div' => array('style' => 'display:none;'),
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array(
'type' => 'hidden', 'name' => '_csrfToken', 'value' => 'testKey', 'id'
'type' => 'hidden', 'name' => '_csrfToken', 'value' => 'testKey'
)),
'/div'
);
Expand Down Expand Up @@ -1244,7 +1244,7 @@ public function testFormSecurityFields() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand All @@ -1261,7 +1261,7 @@ public function testFormSecurityFields() {
'div' => array('class' => 'hidden'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -1408,7 +1408,7 @@ public function testFormSecurityMultipleFields() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -1455,7 +1455,7 @@ public function testFormSecurityMultipleSubmitButtons() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => 'preg:/.+/', 'id' => 'preg:/TokenFields\d+/'
'value' => 'preg:/.+/'
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -1579,7 +1579,7 @@ public function testFormSecurityMultipleInputFields() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -1646,7 +1646,7 @@ public function testFormSecurityMultipleInputDisabledFields() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -1696,7 +1696,7 @@ public function testFormSecurityInputUnlockedFields() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -1845,7 +1845,7 @@ public function testFormSecuredInput() {
'div' => array('style' => 'display:none;'),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[fields]',
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
'value' => $hash
)),
array('input' => array(
'type' => 'hidden', 'name' => '_Token[unlocked]',
Expand Down Expand Up @@ -7220,7 +7220,6 @@ public function testButtonUnlockedByDefault() {
* @return void
*/
public function testPostButton() {
$this->markTestIncomplete('Need to revisit once models work again.');
$result = $this->Form->postButton('Hi', '/controller/action');
$this->assertTags($result, array(
'form' => array('method' => 'post', 'action' => '/controller/action', 'accept-charset' => 'utf-8'),
Expand All @@ -7234,7 +7233,7 @@ public function testPostButton() {
));

$result = $this->Form->postButton('Send', '/', array('data' => array('extra' => 'value')));
$this->assertTrue(strpos($result, '<input type="hidden" name="extra" value="value"/>') !== false);
$this->assertTrue(strpos($result, '<input type="hidden" name="extra" value="value"') !== false);
}

/**
Expand All @@ -7243,8 +7242,8 @@ public function testPostButton() {
* @return void
*/
public function testSecurePostButton() {
$this->markTestIncomplete('Need to revisit once models work again.');
$this->Form->request->params['_csrfToken'] = 'testkey';
$this->Form->request->params['_Token'] = ['unlockedFields' => []];

$result = $this->Form->postButton('Delete', '/posts/delete/1');
$expected = array(
Expand All @@ -7253,14 +7252,14 @@ public function testSecurePostButton() {
),
array('div' => array('style' => 'display:none;')),
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array('type' => 'hidden', 'name' => '_csrfToken', 'value' => 'testkey', 'id' => 'preg:/Token\d+/')),
array('input' => array('type' => 'hidden', 'name' => '_csrfToken', 'value' => 'testkey')),
'/div',
'button' => array('type' => 'submit'),
'Delete',
'/button',
array('div' => array('style' => 'display:none;')),
array('input' => array('type' => 'hidden', 'name' => '_Token[fields]', 'value' => 'preg:/[\w\d%]+/', 'id' => 'preg:/TokenFields\d+/')),
array('input' => array('type' => 'hidden', 'name' => '_Token[unlocked]', 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/')),
array('input' => array('type' => 'hidden', 'name' => '_Token[fields]', 'value' => 'preg:/[\w\d%]+/')),
array('input' => array('type' => 'hidden', 'name' => '_Token[unlocked]', 'value' => '')),
'/div',
'/form',
);
Expand Down Expand Up @@ -7380,8 +7379,8 @@ public function testPostLinkAfterGetForm() {
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][key]', 'value' => 'testkey', 'id' => 'preg:/Token\d+/')),
'div' => array('style' => 'display:none;'),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => 'preg:/[\w\d%]+/', 'id' => 'preg:/TokenFields\d+/')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => 'preg:/[\w\d%]+/')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '')),
'/div',
'/form',
'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'),
Expand All @@ -7406,10 +7405,10 @@ public function testSecurePostLink() {
'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;'
),
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array('type' => 'hidden', 'name' => '_csrfToken', 'value' => 'testkey', 'id' => 'preg:/Token\d+/')),
array('input' => array('type' => 'hidden', 'name' => '_csrfToken', 'value' => 'testkey')),
'div' => array('style' => 'display:none;'),
array('input' => array('type' => 'hidden', 'name' => '_Token[fields]', 'value' => 'preg:/[\w\d%]+/', 'id' => 'preg:/TokenFields\d+/')),
array('input' => array('type' => 'hidden', 'name' => '_Token[unlocked]', 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/')),
array('input' => array('type' => 'hidden', 'name' => '_Token[fields]', 'value' => 'preg:/[\w\d%]+/')),
array('input' => array('type' => 'hidden', 'name' => '_Token[unlocked]', 'value' => '')),
'/div',
'/form',
'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'),
Expand Down

0 comments on commit 865a3fe

Please sign in to comment.