Permalink
Browse files

Making submit() and button() create unlocked fields by default.

This fixes issues where buttons would cause post validation checks to
fail.
Fixes #1746
  • Loading branch information...
1 parent 878b854 commit 613410f985b8868f22a4c331a3d22e46bce82e47 @markstory markstory committed Jun 15, 2011
Showing with 40 additions and 3 deletions.
  1. +30 −1 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +10 −2 lib/Cake/View/Helper/FormHelper.php
@@ -949,7 +949,7 @@ public function testFormSecurityMultipleSubmitButtons() {
)),
array('input' => array(
'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
- 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
+ 'value' => 'cancel%7Csave', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -5573,6 +5573,20 @@ public function testButton() {
}
/**
+ * Test that button() makes unlocked fields by default.
+ *
+ * @return void
+ */
+ public function testButtonUnlockedByDefault() {
+ $this->Form->request->params['_Token']['key'] = 'secured';
+ $this->Form->button('Save', array('name' => 'save'));
+ $this->Form->button('Clear');
+
+ $result = $this->Form->unlockField();
+ $this->assertEquals(array('save'), $result);
+ }
+
+/**
* testPostButton method
*
* @return void
@@ -5812,6 +5826,21 @@ public function testSubmitImage() {
}
/**
+ * Submit buttons should be unlocked by default as there could be multiples, and only one will
+ * be submitted at a time.
+ *
+ * @return void
+ */
+ public function testSubmitUnlockedByDefault() {
+ $this->Form->request->params['_Token']['key'] = 'secured';
+ $this->Form->submit('Go go');
+ $this->Form->submit('Save', array('name' => 'save'));
+
+ $result = $this->Form->unlockField();
+ $this->assertEquals(array('save'), $result, 'Only submits with name attributes should be unlocked.');
+ }
+
+/**
* test the create() method
*
* @access public
@@ -1344,10 +1344,13 @@ public function file($fieldName, $options = array()) {
* @link http://book.cakephp.org/view/1415/button
*/
public function button($title, $options = array()) {
- $options += array('type' => 'submit', 'escape' => false);
+ $options += array('type' => 'submit', 'escape' => false, 'secure' => false);
if ($options['escape']) {
$title = h($title);
}
+ if (isset($options['name'])) {
+ $this->__secure($options['secure'], $options['name']);
+ }
return $this->Html->useTag('button', $options['type'], array_diff_key($options, array('type' => '')), $title);
}
@@ -1470,7 +1473,7 @@ public function submit($caption = null, $options = array()) {
$div = $options['div'];
unset($options['div']);
}
- $options += array('type' => 'submit', 'before' => null, 'after' => null);
+ $options += array('type' => 'submit', 'before' => null, 'after' => null, 'secure' => false);
$divOptions = array('tag' => 'div');
if ($div === true) {
@@ -1483,6 +1486,11 @@ public function submit($caption = null, $options = array()) {
$divOptions = array_merge(array('class' => 'submit', 'tag' => 'div'), $div);
}
+ if (isset($options['name'])) {
+ $this->__secure($options['secure'], $options['name']);
+ }
+ unset($options['secure']);
+
$before = $options['before'];
$after = $options['after'];
unset($options['before'], $options['after']);

0 comments on commit 613410f

Please sign in to comment.