Skip to content
Permalink
Browse files

Making FormHelper clear fields on create() as well as end() this ensu…

…res that GET forms don't leak fields. Fixes #571
  • Loading branch information...
markstory committed Jun 13, 2010
1 parent d1651db commit 50144d6b5b1db2d31e1be3019e47c66a58fc50f3
Showing with 12 additions and 0 deletions.
  1. +1 −0 cake/libs/view/helpers/form.php
  2. +11 −0 cake/tests/cases/libs/view/helpers/form.test.php
@@ -306,6 +306,7 @@ function create($model = null, $options = array()) {
unset($options['default']);
$htmlAttributes = array_merge($options, $htmlAttributes);
$this->fields = array();
if (isset($this->params['_Token']) && !empty($this->params['_Token'])) {
$append .= $this->hidden('_Token.key', array(
'value' => $this->params['_Token']['key'], 'id' => 'Token' . mt_rand())
@@ -751,6 +751,17 @@ function testCreateWithSecurity() {
$this->assertTags($result, $expected);
}
/**
* test that create() clears the fields property so it starts fresh
*
* @return void
*/
function testCreateClearingFields() {
$this->Form->fields = array('model_id');
$this->Form->create('Contact');
$this->assertEqual($this->Form->fields, array());
}
/**
* Tests form hash generation with model-less data
*

0 comments on commit 50144d6

Please sign in to comment.
You can’t perform that action at this time.