Skip to content
Permalink
Browse files

Fix secure field lists when select elements have custom name attributes.

When a select element had a custom name attribute the secured field name
was incorrect.

Fixes #3753
  • Loading branch information...
markstory committed Apr 12, 2013
1 parent 8bd1980 commit ed435870ae0b15380b92ba1373983c9e66ebd26c
Showing with 45 additions and 9 deletions.
  1. +26 −1 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. +19 −8 lib/Cake/View/Helper/FormHelper.php
@@ -1200,7 +1200,8 @@ public function testFormSecuredInput() {
$this->assertTags($result, $expected);
$result = $this->Form->hidden('UserForm.stuff');
$expected = array('input' => array(
$expected = array(
'input' => array(
'type' => 'hidden', 'name' => 'data[UserForm][stuff]',
'id' => 'UserFormStuff'
));
@@ -1256,6 +1257,30 @@ public function testFormSecuredInput() {
$this->assertTags($result, $expected);
}
/**
* Test secured inputs with custom names.
*
* @return void
*/
public function testSecuredInputCustomName() {
$this->Form->request['_Token'] = array('key' => 'testKey');
$this->assertEquals(array(), $this->Form->fields);
$this->Form->input('text_input', array(
'name' => 'data[Option][General.default_role]',
));
$expected = array('Option.General.default_role');
$this->assertEquals($expected, $this->Form->fields);
$this->Form->input('select_box', array(
'name' => 'data[Option][General.select_role]',
'type' => 'select',
'options' => array(1, 2),
));
$expected = array('Option.General.default_role', 'Option.General.select_role');
$this->assertEquals($expected, $this->Form->fields);
}
/**
* Tests that the correct keys are added to the field hash index
*
@@ -9,7 +9,7 @@
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package Cake.View.Helper
* @package Cake.View.Helper
* @since CakePHP(tm) v 0.10.0.1076
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
@@ -2015,7 +2015,7 @@ public function select($fieldName, $options = array(), $attributes = array()) {
empty($attributes['disabled']) &&
(!empty($attributes['multiple']) || $hasOptions)
) {
$this->_secure(true);
$this->_secure(true, $this->_secureFieldName($attributes));
}
$select[] = $this->Html->useTag($tag, $attributes['name'], array_diff_key($attributes, array('name' => null, 'value' => null)));
}
@@ -2828,16 +2828,27 @@ protected function _initInputField($field, $options = array()) {
$result['required'] = true;
}
$fieldName = null;
if (!empty($options['name'])) {
$this->_secure($secure, $this->_secureFieldName($options));
return $result;
}
/**
* Get the field name for use with _secure().
*
* Parses the name attribute to create a dot separated name value for use
* in secured field hash.
*
* @param array $options An array of options possibly containing a name key.
* @return string|null
*/
protected function _secureFieldName($options) {
if (isset($options['name'])) {
preg_match_all('/\[(.*?)\]/', $options['name'], $matches);
if (isset($matches[1])) {
$fieldName = $matches[1];
return $matches[1];
}
}
$this->_secure($secure, $fieldName);
return $result;
return null;
}
/**

0 comments on commit ed43587

Please sign in to comment.
You can’t perform that action at this time.