Permalink
Browse files

Fix Token fields being added to GET forms.

They are not used so there is not much point in appending them.

Fixes #3565
  • Loading branch information...
markstory committed Jan 25, 2013
1 parent e4f241d commit ce7f85abe8e54352ad8ad38425ce20e1aac794ec
Showing with 25 additions and 2 deletions.
  1. +17 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +8 −2 lib/Cake/View/Helper/FormHelper.php
@@ -723,6 +723,23 @@ public function testCreateWithSecurity() {
$this->assertTags($result, $expected);
}
/**
* testFormCreateGetNoSecurity method
*
* Test form->create() with no security key as its a get form
*
* @return void
*/
public function testCreateEndGetNoSecurity() {
$this->Form->request['_Token'] = array('key' => 'testKey');
$encoding = strtolower(Configure::read('App.encoding'));
$result = $this->Form->create('Contact', array('type' => 'get', 'url' => '/contacts/add'));
$this->assertNotContains('Token', $result);
$result = $this->Form->end('Save');
$this->assertNotContains('Token', $result);
}
/**
* test that create() clears the fields property so it starts fresh
*
@@ -433,7 +433,9 @@ public function create($model = null, $options = array()) {
$htmlAttributes = array_merge($options, $htmlAttributes);
$this->fields = array();
$append .= $this->_csrfField();
if ($this->requestType !== 'get') {
$append .= $this->_csrfField();
}
if (!empty($append)) {
$append = $this->Html->useTag('block', ' style="display:none;"', $append);
@@ -504,7 +506,11 @@ public function end($options = null) {
}
$out .= $this->submit($submit, $submitOptions);
}
if (isset($this->request['_Token']) && !empty($this->request['_Token'])) {
if (
$this->requestType !== 'get' &&
isset($this->request['_Token']) &&
!empty($this->request['_Token'])
) {
$out .= $this->secure($this->fields);
$this->fields = array();
}

0 comments on commit ce7f85a

Please sign in to comment.