Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixing safe parameter from leaking into request() calls in JsHelper::…
…submit() and JsHelper::link(). Fixes #656
  • Loading branch information
markstory committed May 3, 2010
1 parent 1180f66 commit c48f6d6
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 14 deletions.
24 changes: 17 additions & 7 deletions cake/libs/view/helpers/js.php
Expand Up @@ -309,17 +309,22 @@ function link($title, $url = null, $options = array()) {
list($options, $htmlOptions) = $this->_getHtmlOptions($options);
$out = $this->Html->link($title, $url, $htmlOptions);
$this->get('#' . $htmlOptions['id']);
$requestString = '';
$requestString = $event = '';
if (isset($options['confirm'])) {
$requestString = $this->confirmReturn($options['confirm']);
unset($options['confirm']);
}
$buffer = isset($options['buffer']) ? $options['buffer'] : null;
$safe = isset($options['safe']) ? $options['safe'] : true;
unset($options['buffer'], $options['safe']);

$requestString .= $this->request($url, $options);

if (!empty($requestString)) {
$event = $this->event('click', $requestString, $options);
$event = $this->event('click', $requestString, $options + array('buffer' => $buffer));
}
if (isset($options['buffer']) && $options['buffer'] == false) {
$opts = array_intersect_key(array('safe' => null), $options);
if (isset($buffer) && !$buffer) {
$opts = array('safe' => $safe);
$out .= $this->Html->scriptBlock($event, $opts);
}
return $out;
Expand Down Expand Up @@ -389,12 +394,17 @@ function submit($caption = null, $options = array()) {
$options['method'] = 'post';
}
$options['dataExpression'] = true;

$buffer = isset($options['buffer']) ? $options['buffer'] : null;
$safe = isset($options['safe']) ? $options['safe'] : true;
unset($options['buffer'], $options['safe']);

$requestString .= $this->request($url, $options);
if (!empty($requestString)) {
$event = $this->event('click', $requestString, $options);
$event = $this->event('click', $requestString, $options + array('buffer' => $buffer));
}
if (isset($options['buffer']) && $options['buffer'] == false) {
$opts = array_intersect_key(array('safe' => null), $options);
if (isset($buffer) && !$buffer) {
$opts = array('safe' => $safe);
$out .= $this->Html->scriptBlock($event, $opts);
}
return $out;
Expand Down
18 changes: 11 additions & 7 deletions cake/tests/cases/libs/view/helpers/js.test.php
Expand Up @@ -309,7 +309,7 @@ function testLinkWithMock() {
'request', array('/posts/view/1', $options)
));
$this->Js->TestJsEngine->expectAt(2, 'dispatchMethod', array(
'event', array('click', 'ajax code', $options)
'event', array('click', 'ajax code', $options + array('buffer' => null))
));

$result = $this->Js->link('test link', '/posts/view/1', $options);
Expand Down Expand Up @@ -362,7 +362,9 @@ function testLinkWithMock() {
*/
function testLinkWithNoBuffering() {
$this->_useMock();
$this->Js->TestJsEngine->setReturnValue('dispatchMethod', 'ajax code', array('request', '*'));
$this->Js->TestJsEngine->setReturnValue('dispatchMethod', 'ajax code', array(
'request', array('/posts/view/1', array('update' => '#content'))
));
$this->Js->TestJsEngine->setReturnValue('dispatchMethod', '-event handler-', array('event', '*'));

$options = array('update' => '#content', 'buffer' => false);
Expand Down Expand Up @@ -411,7 +413,7 @@ function testSubmitWithMock() {

$params = array(
'update' => $options['update'], 'data' => 'serialize-code',
'method' => 'post', 'dataExpression' => true
'method' => 'post', 'dataExpression' => true, 'buffer' => null
);
$this->Js->TestJsEngine->expectAt(3, 'dispatchMethod', array(
'event', array('click', "ajax-code", $params)
Expand Down Expand Up @@ -440,7 +442,7 @@ function testSubmitWithMock() {

$params = array(
'update' => '#content', 'data' => 'serialize-code',
'method' => 'post', 'dataExpression' => true
'method' => 'post', 'dataExpression' => true, 'buffer' => null
);
$this->Js->TestJsEngine->expectAt(7, 'dispatchMethod', array(
'event', array('click', "ajax-code", $params)
Expand Down Expand Up @@ -471,11 +473,13 @@ function testSubmitWithNoBuffer() {

$this->Js->TestJsEngine->expectAt(0, 'dispatchMethod', array('get', '*'));
$this->Js->TestJsEngine->expectAt(1, 'dispatchMethod', array(new PatternExpectation('/serializeForm/i'), '*'));
$this->Js->TestJsEngine->expectAt(2, 'dispatchMethod', array('request', '*'));
$this->Js->TestJsEngine->expectAt(2, 'dispatchMethod', array('request', array(
'', array('update' => $options['update'], 'data' => 'serialize-code', 'method' => 'post', 'dataExpression' => true)
)));

$params = array(
'update' => $options['update'], 'buffer' => false, 'safe' => false, 'data' => 'serialize-code',
'method' => 'post', 'dataExpression' => true
'update' => $options['update'], 'data' => 'serialize-code',
'method' => 'post', 'dataExpression' => true, 'buffer' => false
);
$this->Js->TestJsEngine->expectAt(3, 'dispatchMethod', array(
'event', array('click', "ajax-code", $params)
Expand Down

0 comments on commit c48f6d6

Please sign in to comment.