From f55b44a75c593fc22143c6031c1d952747d00b27 Mon Sep 17 00:00:00 2001
From: Mark Story <mark@mark-story.com>
Date: Fri, 1 Jan 2016 17:29:57 -0500
Subject: [PATCH] Fix integration test case with form tampering.

IntegrationTestCase form tamper token generation was not the same as
FormHelpers, and had issues with nested fields always triggering
a blackhole. This builds upon the work done in #7717 and fixes issues
introduced there.
---
 src/TestSuite/IntegrationTestCase.php         |  6 +++--
 .../TestSuite/IntegrationTestCaseTest.php     | 22 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/TestSuite/IntegrationTestCase.php b/src/TestSuite/IntegrationTestCase.php
index 670225953ca..82ed68033a9 100644
--- a/src/TestSuite/IntegrationTestCase.php
+++ b/src/TestSuite/IntegrationTestCase.php
@@ -467,8 +467,10 @@ protected function _buildRequest($url, $method, $data)
     protected function _addTokens($url, $data)
     {
         if ($this->_securityToken === true) {
-            $keys = Hash::flatten($data);
-            $tokenData = $this->_buildFieldToken($url, array_keys($keys));
+            $keys = array_map(function ($field) {
+                return preg_replace('/(\.\d+)+$/', '', $field);
+            }, array_keys(Hash::flatten($data)));
+            $tokenData = $this->_buildFieldToken($url, array_unique($keys));
             $data['_Token'] = $tokenData;
         }
 
diff --git a/tests/TestCase/TestSuite/IntegrationTestCaseTest.php b/tests/TestCase/TestSuite/IntegrationTestCaseTest.php
index 3d8461e641e..76e20aed53d 100644
--- a/tests/TestCase/TestSuite/IntegrationTestCaseTest.php
+++ b/tests/TestCase/TestSuite/IntegrationTestCaseTest.php
@@ -240,7 +240,7 @@ public function testPostAndErrorHandling()
     }
 
     /**
-     * Test posting to a secured form action action.
+     * Test posting to a secured form action.
      *
      * @return void
      */
@@ -256,6 +256,26 @@ public function testPostSecuredForm()
         $this->assertResponseContains('Request was accepted');
     }
 
+    /**
+     * Test posting to a secured form action with nested data.
+     *
+     * @return void
+     */
+    public function testPostSecuredFormNestedData()
+    {
+        $this->enableSecurityToken();
+        $data = [
+            'title' => 'New post',
+            'comments' => [
+                ['comment' => 'A new comment']
+            ],
+            'tags' => ['_ids' => [1, 2, 3, 4]]
+        ];
+        $this->post('/posts/securePost', $data);
+        $this->assertResponseOk();
+        $this->assertResponseContains('Request was accepted');
+    }
+
     /**
      * Test posting to a secured form action action.
      *