Permalink
Browse files

Fixing blackholes caused by using custom name attributes with inputs.…

… Fixes #1489
  • Loading branch information...
1 parent 38e286e commit 5464ed845594047b47285abd1afdc6506c3e0bc2 @markstory markstory committed Jan 28, 2011
Showing with 25 additions and 1 deletion.
  1. +10 −1 cake/libs/view/helpers/form.php
  2. +15 −0 cake/tests/cases/libs/view/helpers/form.test.php
View
11 cake/libs/view/helpers/form.php
@@ -2190,10 +2190,19 @@ function _initInputField($field, $options = array()) {
} else {
$secure = (isset($this->params['_Token']) && !empty($this->params['_Token']));
}
+
+ $fieldName = null;
+ if ($secure && !empty($options['name'])) {
+ preg_match_all('/\[(.*?)\]/', $options['name'], $matches);
+ if (isset($matches[1])) {
+ $fieldName = $matches[1];
+ }
+ }
+
$result = parent::_initInputField($field, $options);
if ($secure) {
- $this->__secure();
+ $this->__secure($fieldName);
}
return $result;
}
View
15 cake/tests/cases/libs/view/helpers/form.test.php
@@ -1084,6 +1084,21 @@ function testFormSecurityInputDisabledFields() {
}
/**
+ * test securing inputs with custom name attributes.
+ *
+ * @return void
+ */
+ function testFormSecureWithCustomNameAttribute() {
+ $this->Form->params['_Token']['key'] = 'testKey';
+
+ $this->Form->text('UserForm.published', array('name' => 'data[User][custom]'));
+ $this->assertEqual('User.custom', $this->Form->fields[0]);
+
+ $this->Form->text('UserForm.published', array('name' => 'data[User][custom][another][value]'));
+ $this->assertEqual('User.custom.another.value', $this->Form->fields[1]);
+ }
+
+/**
* testFormSecuredInput method
*
* Test generation of entire secure form, assertions made on input() output.

0 comments on commit 5464ed8

Please sign in to comment.