Skip to content
Permalink
Browse files

Data passed through FormHelper::postLink is excluded from CSRF creati…

…on of an outer form. Subsequent fix for #8387.
  • Loading branch information...
MarkusBauer committed Mar 2, 2016
1 parent 7df96b3 commit 95558d0bba655428dc58b77fe75746a70956523d
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Cake/View/Helper/FormHelper.php
@@ -1883,7 +1883,7 @@ public function postLink($title, $url = null, $options = array(), $confirmMessag
if (isset($options['data']) && is_array($options['data'])) {
foreach (Hash::flatten($options['data']) as $key => $value) {
$fields[$key] = $value;
$out .= $this->hidden($key, array('value' => $value, 'id' => false));
$out .= $this->hidden($key, array('value' => $value, 'id' => false, 'secure' => static::SECURE_SKIP));
}
unset($options['data']);
}

0 comments on commit 95558d0

Please sign in to comment.
You can’t perform that action at this time.