Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

input with attribute 'disabled'=>$someArrayValue causes Auth Security Error #5603

Closed
asgraf opened this issue Jan 8, 2015 · 4 comments
Closed

input with attribute 'disabled'=>$someArrayValue causes Auth Security Error #5603

asgraf opened this issue Jan 8, 2015 · 4 comments
Assignees
@markstory
Labels
defect helpers
Milestone
2.6.1

Comments

@asgraf
Copy link

asgraf commented Jan 8, 2015

When you enable SecurityComponent

This line work perfectly:

echo $this->Form->input('avatar_from',array('type'=>'radio','values'=>array('Gravatar'=>'Gravatar','Facebook'=>'Facebook','Google'=>'Google','Twitter'=>'Twitter')));

This line causes Auth Security error:

echo $this->Form->input('avatar_from',array('type'=>'radio','values'=>array('Gravatar'=>'Gravatar','Facebook'=>'Facebook','Google'=>'Google','Twitter'=>'Twitter'),'disabled'=>array('Facebook','Google')));

Tested on CakePHP 2.6.0
@markstory markstory added this to the 2.6.1 milestone Jan 8, 2015
@markstory
Copy link
Member

Is the selected value one of the disabled options?

@asgraf
Copy link
Author

asgraf commented Jan 8, 2015

I did some testing.
I have added following line to FormHelper:

debug($hashParts[1]);//added in FormHelper

Test code 1:

echo $this->Form->create('User');
$this->Form->input('testing',array('options'=>array(1,2,3)));
echo $this->Form->end();

debug output for test1:

'a:1:{i:0;s:12:"User.testing";}'

Test code 2:

echo $this->Form->create('User');
$this->Form->input('testing',array('options'=>array(1,2,3),'disabled'=>array(2,3)));
echo $this->Form->end();

debug output for test2:

'a:0:{}'

My quick investigation shows that existence of 'disabled'=>$nonEmptyArray causes field to be skipped in $hashParts[1] in FormHelper so it will generate different hash than SecurityComponent

@markstory
Copy link
Member

Any non-empty disabled set will exclude the input as the helpers make the assumption that a disabled input includes all options. A similar edge case will be present for select boxes as well.

@markstory markstory self-assigned this Jan 8, 2015
markstory added a commit that referenced this issue Jan 9, 2015
@markstory
Fix radio buttons not being added to security hash.
9ec7979 
When some but not all inputs were disabled radio buttons were omitted
from the security hash. This caused blackhole failures as the input was
unexpected.

Refs #5603
markstory added a commit that referenced this issue Jan 9, 2015
@markstory
Fix radio buttons not being added to security hash.
98909fb 
When some but not all inputs were disabled radio buttons were omitted
from the security hash. This caused blackhole failures as the input was
unexpected.

Refs #5603
@markstory markstory mentioned this issue Jan 9, 2015
Merged
@markstory
Copy link
Member

Pull request up now.

@iglocska iglocska mentioned this issue Jun 29, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markstory markstory

Labels
defect helpers
Projects
None yet
Milestone
2.6.1
Development

No branches or pull requests
2 participants
@markstory @asgraf