Permalink
Browse files

Fix issue with button() and nested name attributes.

Buttons with nested name attributes were not properly unlocked
and caused SecurityComponent to black hole the request.

Fixes #2271
  • Loading branch information...
1 parent f36c43b commit 95b85118c77ed410f54d6fbfc4ff3fb5d1376bbd @markstory markstory committed Nov 19, 2011
Showing with 18 additions and 2 deletions.
  1. +15 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +3 −2 lib/Cake/View/Helper/FormHelper.php
View
15 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
@@ -961,6 +961,21 @@ public function testFormSecurityMultipleSubmitButtons() {
}
/**
+ * Test that buttons created with foo[bar] name attributes are unlocked correctly.
+ *
+ * @return void
+ */
+ public function testSecurityButtonNestedNamed() {
+ $key = 'testKey';
+ $this->Form->request['_Token'] = array('key' => $key);
+
+ $this->Form->create('Addresses');
+ $this->Form->button('Test', array('type' => 'submit', 'name' => 'Address[button]'));
+ $result = $this->Form->unlockField();
+ $this->assertEquals(array('Address.button'), $result);
+ }
+
+/**
* Test that the correct fields are unlocked for image submits with no names.
*
* @return void
View
5 lib/Cake/View/Helper/FormHelper.php
@@ -591,7 +591,7 @@ public function unlockField($name = null) {
*
* @param boolean $lock Whether this field should be part of the validation
* or excluded as part of the unlockedFields.
- * @param mixed $field Reference to field to be secured
+ * @param mixed $field Reference to field to be secured. Should be dot separted to indicate nesting.
* @param mixed $value Field value, if value should not be tampered with.
* @return void
*/
@@ -1466,7 +1466,8 @@ public function button($title, $options = array()) {
$title = h($title);
}
if (isset($options['name'])) {
- $this->_secure($options['secure'], $options['name']);
+ $name = str_replace(array('[', ']'), array('.', ''), $options['name']);
+ $this->_secure($options['secure'], $name);
}
return $this->Html->useTag('button', $options['type'], array_diff_key($options, array('type' => '')), $title);
}

0 comments on commit 95b8511

Please sign in to comment.