Skip to content
Permalink
Browse files

Fixed bug causing requests with queries to be invalidated

The SecurityComponent would fail at _validatePost because the query
arguments were not encoded when the tokens were generated in the
IntegrationTestCase
  • Loading branch information...
jeremyharris committed Jul 27, 2017
1 parent c75f2e7 commit 44d001ced09887c3040697beda05fa4585522549
Showing with 21 additions and 2 deletions.
  1. +3 −2 src/TestSuite/IntegrationTestCase.php
  2. +18 −0 tests/TestCase/TestSuite/IntegrationTestCaseTest.php
@@ -547,11 +547,12 @@ protected function _buildRequest($url, $method, $data)
list ($url, $query) = $this->_url($url);
$tokenUrl = $url;
parse_str($query, $queryData);
if ($query) {
$tokenUrl .= '?' . $query;
$tokenUrl .= '?' . http_build_query($queryData);
}
parse_str($query, $queryData);
$props = [
'url' => $url,
'post' => $this->_addTokens($tokenUrl, $data),
@@ -534,6 +534,24 @@ public function testPostSecuredFormWithQuery()
$this->assertResponseContains('Request was accepted');
}
/**
* Test posting to a secured form action with a query that has a part that
* will be encoded by the security component
*
* @return void
*/
public function testPostSecuredFormWithUnencodedQuery()
{
$this->enableSecurityToken();
$data = [
'title' => 'Some title',
'body' => 'Some text'
];
$this->post('/posts/securePost?foo=/', $data);
$this->assertResponseOk();
$this->assertResponseContains('Request was accepted');
}
/**
* Test posting to a secured form action action.
*

0 comments on commit 44d001c

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.