Skip to content
Permalink
Browse files

Fix incorrect lastAction generation when named parameters are used.

Fixes #3549
  • Loading branch information...
markstory committed Jun 10, 2014
1 parent 49a3cfd commit 82579ff389171e903b98516afa8cba54e2af3d84
Showing with 34 additions and 1 deletion.
  1. +13 −1 cake/libs/view/helpers/form.php
  2. +21 −0 cake/tests/cases/libs/view/helpers/form.test.php
@@ -329,12 +329,24 @@ function create($model = null, $options = array()) {
$append = sprintf($this->Html->tags['block'], ' style="display:none;"', $append);
}
$this->_lastAction = parse_url($action, PHP_URL_PATH);
$this->_lastAction($action);
$this->setEntity($model . '.', true);
$attributes = sprintf('action="%s" ', $action) . $this->_parseAttributes($htmlAttributes, null, '');
return sprintf($this->Html->tags['form'], $attributes) . $append;
}
/**
* Sets the last created form action.
*
* @param string|array $url URL.
* @return void
*/
function _lastAction($url) {
$action = Router::url($url, true);
$parts = parse_url($action);
$this->_lastAction = $parts['path'];
}
/**
* Closes an HTML form, cleans up values set by FormHelper::create(), and writes hidden
* input fields where appropriate.
@@ -1011,6 +1011,27 @@ function testFormSecurityArrayFields() {
$this->assertEqual('Address.primary', $this->Form->fields[0]);
}
/**
* Test form security hash generation with relative urls.
*
* @return void
*/
function testFormSecurityRelativeUrl() {
$key = 'testKey';
$this->Form->params['_Token']['key'] = $key;
$expected = Security::hash(
'/posts/edit/type:5' .
serialize(array()) .
Configure::read('Security.salt')
);
$this->Form->create('Post', array(
'url' => array('controller' => 'posts', 'action' => 'edit', 'type' => 5)
));
$result = $this->Form->secure($this->Form->fields);
$this->assertTrue(strpos($result, $expected) !== false);
}
/**
* testFormSecurityMultipleInputDisabledFields method
*

0 comments on commit 82579ff

Please sign in to comment.
You can’t perform that action at this time.