Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Updating method name, variables, and properties to be unlocked.

This better reflects what is actually going to happen, as fields that are
unlocked are not checked.  It also works better with the idea that secure = false
means unlocked or unsecured.
  • Loading branch information...
commit f3f475f502699b6ee07cdaea1247828d1ed05493 1 parent 3389579
@markstory markstory authored
View
54 lib/Cake/Test/Case/View/Helper/FormHelperTest.php
@@ -835,8 +835,8 @@ public function testFormSecurityFields() {
'value' => urlencode($expected), 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -902,8 +902,8 @@ public function testFormSecurityMultipleFields() {
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -948,8 +948,8 @@ public function testFormSecurityMultipleSubmitButtons() {
'value' => 'preg:/.+/', 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -999,8 +999,8 @@ public function testFormSecurityMultipleInputFields() {
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -1019,7 +1019,7 @@ public function testFormSecurityMultipleInputDisabledFields() {
$key = 'testKey';
$this->Form->request->params['_Token'] = array(
'key' => $key,
- 'disabledFields' => array('first_name', 'address')
+ 'unlockedFields' => array('first_name', 'address')
);
$this->Form->create();
@@ -1048,8 +1048,8 @@ public function testFormSecurityMultipleInputDisabledFields() {
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -1064,14 +1064,14 @@ public function testFormSecurityMultipleInputDisabledFields() {
* @access public
* @return void
*/
- public function testFormSecurityInputDisabledFields() {
+ public function testFormSecurityInputUnlockedFields() {
$key = 'testKey';
$this->Form->request['_Token'] = array(
'key' => $key,
- 'disabledFields' => array('first_name', 'address')
+ 'unlockedFields' => array('first_name', 'address')
);
$this->Form->create();
- $this->assertEquals($this->Form->request['_Token']['disabledFields'], $this->Form->disableField());
+ $this->assertEquals($this->Form->request['_Token']['unlockedFields'], $this->Form->unlockField());
$this->Form->hidden('Addresses.id', array('value' => '123456'));
$this->Form->input('Addresses.title');
@@ -1098,8 +1098,8 @@ public function testFormSecurityInputDisabledFields() {
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => 'address%7Cfirst_name', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -1223,8 +1223,8 @@ public function testFormSecuredInput() {
'value' => $hash, 'id' => 'preg:/TokenFields\d+/'
)),
array('input' => array(
- 'type' => 'hidden', 'name' => 'data[_Token][disabled]',
- 'value' => '', 'id' => 'preg:/TokenDisabled\d+/'
+ 'type' => 'hidden', 'name' => 'data[_Token][unlocked]',
+ 'value' => '', 'id' => 'preg:/TokenUnlocked\d+/'
)),
'/div'
);
@@ -1318,28 +1318,28 @@ public function testDisableSecurityUsingForm() {
*
* @return void
*/
- public function testDisableFieldAddsToList() {
+ public function testUnlockFieldAddsToList() {
$this->Form->request['_Token'] = array(
'key' => 'testKey',
- 'disabledFields' => array()
+ 'unlockedFields' => array()
);
$this->Form->create('Contact');
- $this->Form->disableField('Contact.name');
+ $this->Form->unlockField('Contact.name');
$this->Form->text('Contact.name');
- $this->assertEquals(array('Contact.name'), $this->Form->disableField());
+ $this->assertEquals(array('Contact.name'), $this->Form->unlockField());
$this->assertEquals(array(), $this->Form->fields);
}
/**
- * test disableField removing from fields array.
+ * test unlockField removing from fields array.
*
* @return void
*/
- public function testDisableFieldRemovingFromFields() {
+ public function testUnlockFieldRemovingFromFields() {
$this->Form->request['_Token'] = array(
'key' => 'testKey',
- 'disabledFields' => array()
+ 'unlockedFields' => array()
);
$this->Form->create('Contact');
$this->Form->hidden('Contact.id', array('value' => 1));
@@ -1348,8 +1348,8 @@ public function testDisableFieldRemovingFromFields() {
$this->assertEquals(1, $this->Form->fields['Contact.id'], 'Hidden input should be secured.');
$this->assertTrue(in_array('Contact.name', $this->Form->fields), 'Field should be secured.');
- $this->Form->disableField('Contact.name');
- $this->Form->disableField('Contact.id');
+ $this->Form->unlockField('Contact.name');
+ $this->Form->unlockField('Contact.id');
$this->assertEquals(array(), $this->Form->fields);
}
View
48 lib/Cake/View/Helper/FormHelper.php
@@ -66,7 +66,7 @@ class FormHelper extends AppHelper {
/**
* Constant used internally to skip the securing process,
- * and neither add the field to the hash or to the disabled fields.
+ * and neither add the field to the hash or to the unlocked fields.
*
* @var string
*/
@@ -104,7 +104,7 @@ class FormHelper extends AppHelper {
* @see SecurityComponent::validatePost()
* @var array
*/
- protected $_disabledFields = array();
+ protected $_unlockedFields = array();
/**
* Introspects model information and extracts information related
@@ -339,9 +339,9 @@ public function create($model = null, $options = array()) {
'value' => $this->request->params['_Token']['key'], 'id' => 'Token' . mt_rand())
);
- if (!empty($this->request['_Token']['disabledFields'])) {
- foreach ((array)$this->request['_Token']['disabledFields'] as $disabled) {
- $this->_disabledFields[] = $disabled;
+ if (!empty($this->request['_Token']['unlockedFields'])) {
+ foreach ((array)$this->request['_Token']['unlockedFields'] as $unlocked) {
+ $this->_unlockedFields[] = $unlocked;
}
}
}
@@ -417,7 +417,7 @@ public function secure($fields = array()) {
return;
}
$locked = array();
- $disabledFields = $this->_disabledFields;
+ $unlockedFields = $this->_unlockedFields;
foreach ($fields as $key => $value) {
if (!is_int($key)) {
@@ -426,41 +426,41 @@ public function secure($fields = array()) {
}
}
- sort($disabledFields, SORT_STRING);
+ sort($unlockedFields, SORT_STRING);
sort($fields, SORT_STRING);
ksort($locked, SORT_STRING);
$fields += $locked;
$locked = implode(array_keys($locked), '|');
- $disabled = implode($disabledFields, '|');
- $fields = Security::hash(serialize($fields) . $disabled . Configure::read('Security.salt'));
+ $unlocked = implode($unlockedFields, '|');
+ $fields = Security::hash(serialize($fields) . $unlocked . Configure::read('Security.salt'));
$out = $this->hidden('_Token.fields', array(
'value' => urlencode($fields . ':' . $locked),
'id' => 'TokenFields' . mt_rand()
));
- $out .= $this->hidden('_Token.disabled', array(
- 'value' => urlencode($disabled),
- 'id' => 'TokenDisabled' . mt_rand()
+ $out .= $this->hidden('_Token.unlocked', array(
+ 'value' => urlencode($unlocked),
+ 'id' => 'TokenUnlocked' . mt_rand()
));
return $this->Html->useTag('block', ' style="display:none;"', $out);
}
/**
- * Add to or get the list of fields that are currently disabled.
- * Disabled fields are not included in the field hash used by SecurityComponent
- * disabling a field once its been added to the list of secured fields will remove
+ * Add to or get the list of fields that are currently unlocked.
+ * Unlocked fields are not included in the field hash used by SecurityComponent
+ * unlocking a field once its been added to the list of secured fields will remove
* it from the list of fields.
*
* @param string $name The dot separated name for the field.
* @return mixed Either null, or the list of fields.
*/
- public function disableField($name = null) {
+ public function unlockField($name = null) {
if ($name === null) {
- return $this->_disabledFields;
+ return $this->_unlockedFields;
}
- if (!in_array($name, $this->_disabledFields)) {
- $this->_disabledFields[] = $name;
+ if (!in_array($name, $this->_unlockedFields)) {
+ $this->_unlockedFields[] = $name;
}
$index = array_search($name, $this->fields);
if ($index !== false) {
@@ -474,7 +474,7 @@ public function disableField($name = null) {
* Populates $this->fields
*
* @param boolean $lock Whether this field should be part of the validation
- * or excluded as part of the disabledFields.
+ * or excluded as part of the unlockedFields.
* @param mixed $field Reference to field to be secured
* @param mixed $value Field value, if value should not be tampered with.
* @return void
@@ -486,9 +486,9 @@ protected function __secure($lock, $field = null, $value = null) {
$field = Set::filter(explode('.', $field), true);
}
- foreach ($this->_disabledFields as $disableField) {
- $disableParts = explode('.', $disableField);
- if (array_values(array_intersect($field, $disableParts)) === $disableParts) {
+ foreach ($this->_unlockedFields as $unlockField) {
+ $unlockParts = explode('.', $unlockField);
+ if (array_values(array_intersect($field, $unlockParts)) === $unlockParts) {
return;
}
}
@@ -503,7 +503,7 @@ protected function __secure($lock, $field = null, $value = null) {
$this->fields[] = $field;
}
} else {
- $this->disableField($field);
+ $this->unlockField($field);
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.