Skip to content
Permalink
Browse files

Fixing limit:0 and controller::paginate. Removes possibilty to genera…

…te sql errors by inputting invalid limit options. Tests updated. Refs #264
  • Loading branch information...
markstory committed Nov 6, 2009
1 parent 0327f15 commit 4bbfcbff7e90fab42bef39e01003113dc715a3b0
Showing with 15 additions and 5 deletions.
  1. +3 −2 cake/libs/controller/controller.php
  2. +12 −3 cake/tests/cases/libs/controller/controller.test.php
@@ -1044,8 +1044,9 @@ function paginate($object = null, $scope = array(), $whitelist = array()) {
$type = $defaults[0];
unset($defaults[0]);
}
extract($options = array_merge(array('page' => 1, 'limit' => 20), $defaults, $options));
$options = array_merge(array('page' => 1, 'limit' => 20), $defaults, $options);
$options['limit'] = (empty($options['limit']) || !is_numeric($options['limit'])) ? 1 : $options['limit'];
extract($options);
if (is_array($scope) && !empty($scope)) {
$conditions = array_merge($conditions, $scope);
@@ -511,13 +511,22 @@ function testPaginate() {
$Controller->paginate('ControllerPost');
$this->assertIdentical($Controller->params['paging']['ControllerPost']['page'], 1, 'XSS exploit opened %s');
$this->assertIdentical($Controller->params['paging']['ControllerPost']['options']['page'], 1, 'XSS exploit opened %s');
$Controller->passedArgs = array();
$Controller->paginate = array('limit' => 0);
$Controller->paginate('ControllerPost');
$this->assertIdentical($Controller->params['paging']['ControllerPost']['page'], 1);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 1);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 3);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['prevPage'], false);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], true);
$Controller->passedArgs = array();
$Controller->paginate = array('limit' => 'garbage!');
$Controller->paginate('ControllerPost');
$this->assertIdentical($Controller->params['paging']['ControllerPost']['page'], 1);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 3);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['prevPage'], false);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], false);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], true);
}
/**
* testPaginateExtraParams method

0 comments on commit 4bbfcbf

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.