Skip to content
This repository
Browse code

Fixing issue where forms generated with requestAction would be missin…

…g the _Token fields that Security component creates. Test cases added to ensure that token key does not change when requestAction is used.

Fixes #68
  • Loading branch information...
commit 6356c6ed874e45360af164888776540d56bc5c40 1 parent bbc72c3
Mark Story authored December 18, 2009
5  cake/libs/controller/components/security.php
@@ -621,6 +621,10 @@ function _validatePost(&$controller) {
621 621
  */
622 622
 	function _generateToken(&$controller) {
623 623
 		if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
  624
+			if ($this->Session->check('_Token')) {
  625
+				$tokenData = unserialize($this->Session->read('_Token'));
  626
+				$controller->params['_Token'] = $tokenData;
  627
+			}
624 628
 			return false;
625 629
 		}
626 630
 		$authKey = Security::generateAuthKey();
@@ -651,7 +655,6 @@ function _generateToken(&$controller) {
651 655
 		}
652 656
 		$controller->params['_Token'] = $token;
653 657
 		$this->Session->write('_Token', serialize($token));
654  
-
655 658
 		return true;
656 659
 	}
657 660
 /**
18  cake/tests/cases/libs/controller/components/security.test.php
@@ -1127,5 +1127,23 @@ function testInvalidAuthHeaders() {
1127 1127
 		$this->assertEqual(count($this->Controller->testHeaders), 1);
1128 1128
 		$this->assertEqual(current($this->Controller->testHeaders), $expected);
1129 1129
 	}
  1130
+
  1131
+/**
  1132
+ * test that a requestAction's controller will have the _Token appended to
  1133
+ * the params.
  1134
+ *
  1135
+ * @return void
  1136
+ * @see http://cakephp.lighthouseapp.com/projects/42648/tickets/68
  1137
+ */
  1138
+	function testSettingTokenForRequestAction() {
  1139
+		$this->Controller->Security->startup($this->Controller);
  1140
+		$key = $this->Controller->params['_Token']['key'];
  1141
+
  1142
+		$this->Controller->params['requested'] = 1;
  1143
+		unset($this->Controller->params['_Token']);
  1144
+
  1145
+		$this->Controller->Security->startup($this->Controller);
  1146
+		$this->assertEqual($this->Controller->params['_Token']['key'], $key);
  1147
+	}
1130 1148
 }
1131 1149
 ?>

0 notes on commit 6356c6e

Please sign in to comment.
Something went wrong with that request. Please try again.