Skip to content
Permalink
Browse files

Don't add empty names to secure fields list.

  • Loading branch information...
ADmad committed Mar 29, 2015
1 parent c86a9ae commit 12b4ceacf180e6e8d81f30c2844344ce6f2f9bd2
Showing with 26 additions and 3 deletions.
  1. +11 −3 src/View/Helper/FormHelper.php
  2. +15 −0 tests/TestCase/View/Helper/FormHelperTest.php
@@ -613,10 +613,14 @@ public function unlockField($name = null)
* @param string|array $field Reference to field to be secured. Can be dot
* separated string to indicate nesting or array of fieldname parts.
* @param mixed $value Field value, if value should not be tampered with.
* @return mixed|null Not used yet
* @return void
*/
protected function _secure($lock, $field, $value = null)
{
if (empty($field)) {
return;
}
if (is_string($field)) {
$field = Hash::filter(explode('.', $field));
}
@@ -2381,11 +2385,15 @@ protected function _initInputField($field, $options = [])
* fieldname parts like ['Model', 'field'] is returned.
*
* @param string $name The form inputs name attribute.
* @return string|array|null Dot separated string like Foo.bar, array of filename
* params like ['Model', 'field'] or null if options does not contain name.
* @return array Array of field name params like ['Model.field'] or
* ['Model', 'field'] for array fields or empty array if $name is empty.
*/
protected function _secureFieldName($name)
{
if (empty($name)) {
return [];
}
if (strpos($name, '[') === false) {
return [$name];
}
@@ -262,6 +262,21 @@ public function testAddWidgetAndRenderWidget()
$this->assertEquals('HTML', $result);
}
/**
* Test that empty string is not added to secure fields list when
* rendering input widget without name.
*
* @return void
*/
public function testRenderingWidgetWithEmptyName()
{
$this->assertEquals([], $this->Form->fields);
$result = $this->Form->widget('select', ['secure' => true, 'name' => '']);
$this->assertEquals('<select name=""></select>', $result);
$this->assertEquals([], $this->Form->fields);
}
/**
* Test registering an invalid widget class.
*

0 comments on commit 12b4cea

Please sign in to comment.
You can’t perform that action at this time.