Skip to content
Permalink
Browse files

Fixing case where it was possible to pass array data to FormAuthenticate

fields
  • Loading branch information...
lorenzo committed Apr 24, 2013
1 parent e144afe commit db6dd18f865359fa01e88d2691078dba383b753b
@@ -49,11 +49,11 @@ protected function _checkFields(CakeRequest $request, $model, $fields) {
if (empty($request->data[$model])) {
return false;
}
if (
empty($request->data[$model][$fields['username']]) ||
empty($request->data[$model][$fields['password']])
) {
return false;
foreach (array($fields['username'], $fields['password']) as $field) {
$value = $request->data($model . '.' . $field);
if (empty($value) || !is_string($value)) {
return false;
}
}
return true;
}
@@ -115,6 +115,28 @@ public function testAuthenticatePasswordIsFalse() {
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test authenticate field is not string
*
* @return void
*/
public function testAuthenticateFieldsAreNotString() {
$request = new CakeRequest('posts/index', false);
$request->data = array(
'User' => array(
'user' => array('mariano', 'phpnut'),
'password' => 'my password'
));
$this->assertFalse($this->auth->authenticate($request, $this->response));
$request->data = array(
'User' => array(
'user' => 'mariano',
'password' => array('password1', 'password2')
));
$this->assertFalse($this->auth->authenticate($request, $this->response));
}
/**
* test the authenticate method
*

0 comments on commit db6dd18

Please sign in to comment.
You can’t perform that action at this time.