Permalink
Browse files

prevent possible XSS attack via form helper selects and unescaped out…

…put.
  • Loading branch information...
dereuromark committed Dec 4, 2013
1 parent aae0f76 commit 587a04ab84f2ffeb5bff7ab06a7790bc201581ed
Showing with 31 additions and 0 deletions.
  1. +28 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +3 −0 lib/Cake/View/Helper/FormHelper.php
@@ -4634,6 +4634,34 @@ public function testSelectMultiple() {
'/select'
);
$this->assertTags($result, $expected);
$result = $this->Form->select(
'Model.multi_field',
array('a>b' => 'first', 'a<b' => 'second', 'a"b' => 'third'),
array('multiple' => true)
);
$expected = array(
'input' => array(
'type' => 'hidden', 'name' => 'data[Model][multi_field]', 'value' => '',
'id' => 'ModelMultiField_'
),
array('select' => array('name' => 'data[Model][multi_field][]',
'multiple' => 'multiple', 'id' => 'ModelMultiField'
)),
array('option' => array('value' => 'a&gt;b')),
'first',
'/option',
array('option' => array('value' => 'a&lt;b')),
'second',
'/option',
array('option' => array(
'value' => 'a&quot;b'
)),
'third',
'/option',
'/select'
);
$this->assertTags($result, $expected);
}
/**
@@ -2733,6 +2733,9 @@ protected function _selectOptions($elements = array(), $parents = array(), $show
$item = $this->Html->useTag('checkboxmultiple', $name, $htmlOptions);
$select[] = $this->Html->div($attributes['class'], $item . $label);
} else {
if ($attributes['escape']) {
$name = h($name);
}
$select[] = $this->Html->useTag('selectoption', $name, $htmlOptions, $title);
}
}

0 comments on commit 587a04a

Please sign in to comment.