New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
input with attribute 'disabled'=>$someArrayValue causes Auth Security Error #5603
Comments
Is the selected value one of the disabled options? |
I did some testing. debug($hashParts[1]);//added in FormHelper Test code 1: echo $this->Form->create('User');
$this->Form->input('testing',array('options'=>array(1,2,3)));
echo $this->Form->end(); debug output for test1:
Test code 2: echo $this->Form->create('User');
$this->Form->input('testing',array('options'=>array(1,2,3),'disabled'=>array(2,3)));
echo $this->Form->end(); debug output for test2:
My quick investigation shows that existence of 'disabled'=>$nonEmptyArray causes field to be skipped in $hashParts[1] in FormHelper so it will generate different hash than SecurityComponent |
Any non-empty disabled set will exclude the input as the helpers make the assumption that a disabled input includes all options. A similar edge case will be present for select boxes as well. |
When some but not all inputs were disabled radio buttons were omitted from the security hash. This caused blackhole failures as the input was unexpected. Refs #5603
When some but not all inputs were disabled radio buttons were omitted from the security hash. This caused blackhole failures as the input was unexpected. Refs #5603
Pull request up now. |
When you enable SecurityComponent
This line work perfectly:
This line causes Auth Security error:
Tested on CakePHP 2.6.0
The text was updated successfully, but these errors were encountered: