Permalink
Browse files

Fix disabled + SecurityComponent

Disabled inputs should be omitted from the secured fields.
This will enable forms to submit successfully as long as those
inputs stay excluded from the form submission.

Fixes #2333
  • Loading branch information...
1 parent 123a1a2 commit 64eb38a9531df2793f2a7679a4444f7bd94c66cd @markstory markstory committed Dec 8, 2011
Showing with 33 additions and 3 deletions.
  1. +28 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +5 −3 lib/Cake/View/Helper/FormHelper.php
@@ -1366,6 +1366,34 @@ public function testFormSecuredRadio() {
}
/**
+ * test that forms with disabled inputs + secured forms leave off the inputs from the form
+ * hashing.
+ *
+ * @return void
+ */
+ public function testFormSecuredAndDisabled() {
+ $this->Form->request['_Token'] = array('key' => 'testKey');
+
+ $this->Form->checkbox('Model.checkbox', array('disabled' => true));
+ $this->Form->text('Model.text', array('disabled' => true));
+ $this->Form->password('Model.text', array('disabled' => true));
+ $this->Form->textarea('Model.textarea', array('disabled' => true));
+ $this->Form->select('Model.select', array(1, 2), array('disabled' => true));
+ $this->Form->radio('Model.radio', array(1, 2), array('disabled' => array(1, 2)));
+ $this->Form->year('Model.year', null, null, array('disabled' => true));
+ $this->Form->month('Model.month', array('disabled' => true));
+ $this->Form->day('Model.day', array('disabled' => true));
+ $this->Form->hour('Model.hour', false, array('disabled' => true));
+ $this->Form->minute('Model.minute', array('disabled' => true));
+ $this->Form->meridian('Model.meridian', array('disabled' => true));
+
+ $expected = array(
+ 'Model.radio' => ''
+ );
+ $this->assertEquals($expected, $this->Form->fields);
+ }
+
+/**
* testDisableSecurityUsingForm method
*
* @return void
@@ -1778,7 +1778,7 @@ public function select($fieldName, $options = array(), $attributes = array()) {
}
if (!empty($tag) || isset($template)) {
- if (!isset($secure) || $secure == true) {
+ if ((!isset($secure) || $secure == true) && empty($attributes['disabled'])) {
$this->_secure(true);
}
$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => '', 'value' => '')));
@@ -2492,7 +2492,9 @@ protected function _generateOptions($name, $options = array()) {
*
* ### Options
*
- * - `secure` - boolean whether or not the field should be added to the security fields.
+ * - `secure` - boolean whether or not the field should be added to the security fields.
+ * Disabling the field using the `disabled` option, will also omit the field from being
+ * part of the hashed key.
*
* @param string $field Name of the field to initialize options for.
* @param array $options Array of options to append options into.
@@ -2507,7 +2509,7 @@ protected function _initInputField($field, $options = array()) {
}
$result = parent::_initInputField($field, $options);
- if ($secure === self::SECURE_SKIP) {
+ if (!empty($result['disabled']) || $secure === self::SECURE_SKIP) {
return $result;
}

0 comments on commit 64eb38a

Please sign in to comment.