Permalink
Browse files

prevent possible XSS attack via form helper selects and unescaped out…

…put.
  • Loading branch information...
1 parent aae0f76 commit 587a04ab84f2ffeb5bff7ab06a7790bc201581ed @dereuromark dereuromark committed Dec 4, 2013
Showing with 31 additions and 0 deletions.
  1. +28 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +3 −0 lib/Cake/View/Helper/FormHelper.php
@@ -4634,6 +4634,34 @@ public function testSelectMultiple() {
'/select'
);
$this->assertTags($result, $expected);
+
+ $result = $this->Form->select(
+ 'Model.multi_field',
+ array('a>b' => 'first', 'a<b' => 'second', 'a"b' => 'third'),
+ array('multiple' => true)
+ );
+ $expected = array(
+ 'input' => array(
+ 'type' => 'hidden', 'name' => 'data[Model][multi_field]', 'value' => '',
+ 'id' => 'ModelMultiField_'
+ ),
+ array('select' => array('name' => 'data[Model][multi_field][]',
+ 'multiple' => 'multiple', 'id' => 'ModelMultiField'
+ )),
+ array('option' => array('value' => 'a&gt;b')),
+ 'first',
+ '/option',
+ array('option' => array('value' => 'a&lt;b')),
+ 'second',
+ '/option',
+ array('option' => array(
+ 'value' => 'a&quot;b'
+ )),
+ 'third',
+ '/option',
+ '/select'
+ );
+ $this->assertTags($result, $expected);
}
/**
@@ -2733,6 +2733,9 @@ protected function _selectOptions($elements = array(), $parents = array(), $show
$item = $this->Html->useTag('checkboxmultiple', $name, $htmlOptions);
$select[] = $this->Html->div($attributes['class'], $item . $label);
} else {
+ if ($attributes['escape']) {
+ $name = h($name);
+ }
$select[] = $this->Html->useTag('selectoption', $name, $htmlOptions, $title);
}
}

0 comments on commit 587a04a

Please sign in to comment.