Prevent blackhole auth error where are present multi fields #424

Merged
merged 1 commit into from Jan 20, 2012

Conversation

Projects
None yet
3 participants
@stefanozoffoli

You can reproduce the problem in Croogo CMS 1.4
In Nodes admin_add view ( https://github.com/croogo/croogo/blob/1.4/View/Nodes/admin_add.ctp )
it adds > 1 TaxonomyData inputs like this:

<?php
    foreach ($taxonomy AS $vocabularyId => $taxonomyTree) {
        echo $this->Form->input('TaxonomyData.'.$vocabularyId, array(
            'label' => $vocabularies[$vocabularyId]['title'],
            'type' => 'select',
            'multiple' => true,
            'options' => $taxonomyTree,
        ));
    }
?>

If I select one option of these input, when post data is submitted it gave me security error.
In _validatePost() method of the security component, these fields are flatted that way:

Array
(
    ...
    [TaxonomyData.1.0] => 2
    [TaxonomyData.2.0] => 3
    ...
)

That, after $multi preg_replace and array_unique, became:

Array
(
    ...
    [16] => TaxonomyData.1
    [17] => TaxonomyData.2
)

So, the check token is calculated with these two item instead of simply:

Array
(
    ...
    [16] => TaxonomyData
)

like it did on form creating, causing false _validatePost() return and blackhole auth error.

@markstory

This comment has been minimized.

Show comment Hide comment
@markstory

markstory Jan 20, 2012

Owner

Thanks for including a way to reproduce this error, I'll write up a test and merge this in.

Owner

markstory commented Jan 20, 2012

Thanks for including a way to reproduce this error, I'll write up a test and merge this in.

markstory added a commit that referenced this pull request Jan 20, 2012

Merge pull request #424 from stefanozoffoli/patch-2
Prevent blackhole auth error where are present multi fields

@markstory markstory merged commit 599d8b8 into cakephp:2.0 Jan 20, 2012

@lorenzo

This comment has been minimized.

Show comment Hide comment
@lorenzo

lorenzo Mar 13, 2012

Owner

Oh, wow. I was thinking yesterday about doing this. I love open source!! Big kudos :)

Owner

lorenzo commented Mar 13, 2012

Oh, wow. I was thinking yesterday about doing this. I love open source!! Big kudos :)

@stefanozoffoli

This comment has been minimized.

Show comment Hide comment
@stefanozoffoli

stefanozoffoli Mar 13, 2012

Kudos to you for such a good framework!

Kudos to you for such a good framework!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment