Permalink
Browse files

Fix incorrect CSRF token fields when using postLink()

Creating a postLink after creating a GET form would result in the
incorrect fields being generated.

Fixes #2308
  • Loading branch information...
markstory committed Nov 12, 2013
1 parent 1f5d1ee commit a07608cbb9463343b3aede21d9a3cbf092020667
Showing with 30 additions and 0 deletions.
  1. +29 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +1 −0 lib/Cake/View/Helper/FormHelper.php
@@ -7172,6 +7172,35 @@ public function testPostLink() {
));
}
/**
* test creating postLinks after a GET form.
*
* @return void
*/
public function testPostLinkAfterGetForm() {
$this->Form->request->params['_Token']['key'] = 'testkey';
$this->Form->create('User', array('type' => 'get'));
$this->Form->end();
$result = $this->Form->postLink('Delete', '/posts/delete/1');
$this->assertTags($result, array(
'form' => array(
'method' => 'post', 'action' => '/posts/delete/1',
'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;'
),
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][key]', 'value' => 'testkey', 'id' => 'preg:/Token\d+/')),
'div' => array('style' => 'display:none;'),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => 'preg:/[\w\d%]+/', 'id' => 'preg:/TokenFields\d+/')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/')),
'/div',
'/form',
'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'),
'Delete',
'/a'
));
}
/**
* Test that postLink adds _Token fields.
*
@@ -523,6 +523,7 @@ public function end($options = null) {
$out .= $this->Html->useTag('formend');
$this->_View->modelScope = false;
$this->requestType = null;
return $out;
}

0 comments on commit a07608c

Please sign in to comment.