Skip to content

Commit c48f6d6

Browse files
markstorymarkstory
committed
Fixing safe parameter from leaking into request() calls in JsHelper::submit() and JsHelper::link(). Fixes #656 
1 parent 1180f66 commit c48f6d6

File tree

2 files changed

+28
-14
lines changed

2 files changed

+28
-14
lines changed

cake/libs/view/helpers/js.php

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -309,17 +309,22 @@ function link($title, $url = null, $options = array()) {
309309
list($options, $htmlOptions) = $this->_getHtmlOptions($options);
310310
$out = $this->Html->link($title, $url, $htmlOptions);
311311
$this->get('#' . $htmlOptions['id']);
312-
$requestString = '';
312+
$requestString = $event = '';
313313
if (isset($options['confirm'])) {
314314
$requestString = $this->confirmReturn($options['confirm']);
315315
unset($options['confirm']);
316316
}
317+
$buffer = isset($options['buffer']) ? $options['buffer'] : null;
318+
$safe = isset($options['safe']) ? $options['safe'] : true;
319+
unset($options['buffer'], $options['safe']);
320+
317321
$requestString .= $this->request($url, $options);
322+
318323
if (!empty($requestString)) {
319-
$event = $this->event('click', $requestString, $options);
324+
$event = $this->event('click', $requestString, $options + array('buffer' => $buffer));
320325
}
321-
if (isset($options['buffer']) && $options['buffer'] == false) {
322-
$opts = array_intersect_key(array('safe' => null), $options);
326+
if (isset($buffer) && !$buffer) {
327+
$opts = array('safe' => $safe);
323328
$out .= $this->Html->scriptBlock($event, $opts);
324329
}
325330
return $out;
@@ -389,12 +394,17 @@ function submit($caption = null, $options = array()) {
389394
$options['method'] = 'post';
390395
}
391396
$options['dataExpression'] = true;
397+
398+
$buffer = isset($options['buffer']) ? $options['buffer'] : null;
399+
$safe = isset($options['safe']) ? $options['safe'] : true;
400+
unset($options['buffer'], $options['safe']);
401+
392402
$requestString .= $this->request($url, $options);
393403
if (!empty($requestString)) {
394-
$event = $this->event('click', $requestString, $options);
404+
$event = $this->event('click', $requestString, $options + array('buffer' => $buffer));
395405
}
396-
if (isset($options['buffer']) && $options['buffer'] == false) {
397-
$opts = array_intersect_key(array('safe' => null), $options);
406+
if (isset($buffer) && !$buffer) {
407+
$opts = array('safe' => $safe);
398408
$out .= $this->Html->scriptBlock($event, $opts);
399409
}
400410
return $out;

cake/tests/cases/libs/view/helpers/js.test.php

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -309,7 +309,7 @@ function testLinkWithMock() {
309309
'request', array('/posts/view/1', $options)
310310
));
311311
$this->Js->TestJsEngine->expectAt(2, 'dispatchMethod', array(
312-
'event', array('click', 'ajax code', $options)
312+
'event', array('click', 'ajax code', $options + array('buffer' => null))
313313
));
314314

315315
$result = $this->Js->link('test link', '/posts/view/1', $options);
@@ -362,7 +362,9 @@ function testLinkWithMock() {
362362
*/
363363
function testLinkWithNoBuffering() {
364364
$this->_useMock();
365-
$this->Js->TestJsEngine->setReturnValue('dispatchMethod', 'ajax code', array('request', '*'));
365+
$this->Js->TestJsEngine->setReturnValue('dispatchMethod', 'ajax code', array(
366+
'request', array('/posts/view/1', array('update' => '#content'))
367+
));
366368
$this->Js->TestJsEngine->setReturnValue('dispatchMethod', '-event handler-', array('event', '*'));
367369

368370
$options = array('update' => '#content', 'buffer' => false);
@@ -411,7 +413,7 @@ function testSubmitWithMock() {
411413

412414
$params = array(
413415
'update' => $options['update'], 'data' => 'serialize-code',
414-
'method' => 'post', 'dataExpression' => true
416+
'method' => 'post', 'dataExpression' => true, 'buffer' => null
415417
);
416418
$this->Js->TestJsEngine->expectAt(3, 'dispatchMethod', array(
417419
'event', array('click', "ajax-code", $params)
@@ -440,7 +442,7 @@ function testSubmitWithMock() {
440442

441443
$params = array(
442444
'update' => '#content', 'data' => 'serialize-code',
443-
'method' => 'post', 'dataExpression' => true
445+
'method' => 'post', 'dataExpression' => true, 'buffer' => null
444446
);
445447
$this->Js->TestJsEngine->expectAt(7, 'dispatchMethod', array(
446448
'event', array('click', "ajax-code", $params)
@@ -471,11 +473,13 @@ function testSubmitWithNoBuffer() {
471473

472474
$this->Js->TestJsEngine->expectAt(0, 'dispatchMethod', array('get', '*'));
473475
$this->Js->TestJsEngine->expectAt(1, 'dispatchMethod', array(new PatternExpectation('/serializeForm/i'), '*'));
474-
$this->Js->TestJsEngine->expectAt(2, 'dispatchMethod', array('request', '*'));
476+
$this->Js->TestJsEngine->expectAt(2, 'dispatchMethod', array('request', array(
477+
'', array('update' => $options['update'], 'data' => 'serialize-code', 'method' => 'post', 'dataExpression' => true)
478+
)));
475479

476480
$params = array(
477-
'update' => $options['update'], 'buffer' => false, 'safe' => false, 'data' => 'serialize-code',
478-
'method' => 'post', 'dataExpression' => true
481+
'update' => $options['update'], 'data' => 'serialize-code',
482+
'method' => 'post', 'dataExpression' => true, 'buffer' => false
479483
);
480484
$this->Js->TestJsEngine->expectAt(3, 'dispatchMethod', array(
481485
'event', array('click', "ajax-code", $params)

0 commit comments

Comments
 (0)