Skip to content
Permalink
Browse files

Fix FormHelper::postLink() not working when SecurityComponent is enab…

…led.

The action attribute value was not being included in the generated hash,
so postLink() forms never worked properly.

Fixes #3418
  • Loading branch information...
markstory committed Apr 29, 2014
1 parent 1a39917 commit e1057e3e6b5f4a60f43f38a51e1cad02f017e94d
Showing with 36 additions and 0 deletions.
  1. +34 −0 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +2 −0 lib/Cake/View/Helper/FormHelper.php
@@ -7616,6 +7616,40 @@ public function testPostLink() {
));
}
/**
* Test that security hashes for postLink include the url.
*
* @return void
*/
public function testPostLinkSecurityHash() {
$hash = Security::hash(
'/posts/delete/1' .
serialize(array()) .
'' .
Configure::read('Security.salt')
);
$hash .= '%3A';
$this->Form->request->params['_Token']['key'] = 'test';
$result = $this->Form->postLink('Delete', '/posts/delete/1');
$this->assertTags($result, array(
'form' => array(
'method' => 'post', 'action' => '/posts/delete/1',
'name', 'id', 'style' => 'display:none;'
),
array('input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][key]', 'value' => 'test', 'id')),
'div' => array('style' => 'display:none;'),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][fields]', 'value' => $hash, 'id')),
array('input' => array('type' => 'hidden', 'name' => 'data[_Token][unlocked]', 'value' => '', 'id')),
'/div',
'/form',
'a' => array('href' => '#', 'onclick' => 'preg:/document\.post_\w+\.submit\(\); event\.returnValue = false; return false;/'),
'Delete',
'/a'
));
}
/**
* Test using postLink with N dimensional data.
*
@@ -1790,6 +1790,8 @@ public function postLink($title, $url = null, $options = array(), $confirmMessag
unset($options['target']);
}
$this->_lastAction = $formUrl;
$out = $this->Html->useTag('form', $formUrl, $formOptions);
$out .= $this->Html->useTag('hidden', '_method', array(
'value' => $requestMethod

7 comments on commit e1057e3

@mirceaagr

This comment has been minimized.

Copy link

mirceaagr replied May 13, 2014

updated to 2.5 and get this error on more than one of my websites.. including a small app developed with the shell
CORE/lib/Cake/View/Helper/FormHelper.php Unsuported Operand
Line: 1802

@markstory

This comment has been minimized.

Copy link
Member Author

markstory replied May 13, 2014

Yes the signature for postLink() was modified slightly.

@henriquebremenkanp

This comment has been minimized.

Copy link
Contributor

henriquebremenkanp replied May 14, 2014

Why not change that line from $options += array('inline' => true, 'block' => null); to $options = (array)$options + array('inline' => true, 'block' => null); and make it backwards compatible for easier upgrades?

@dereuromark

This comment has been minimized.

Copy link
Member

dereuromark replied May 14, 2014

@Hikkijp That is exactly what I did yesterday - see 8af76a3

@henriquebremenkanp

This comment has been minimized.

Copy link
Contributor

henriquebremenkanp replied May 14, 2014

@dereuromark Sorry for that! I don't know how to use git very well, I just got into the same error and wanted to help. Thank you for the answer and the patch.

@dereuromark

This comment has been minimized.

Copy link
Member

dereuromark replied May 14, 2014

No problem. Just note that it is always good to check the current master branch for recent fixes.

@dereuromark

This comment has been minimized.

Copy link
Member

dereuromark replied May 15, 2014

This is not the commit that broke it @mirceaagr - This was: d647fe8
6 months ago and no one noticed until 2 days ago .. :)

Please sign in to comment.
You can’t perform that action at this time.