Re: [CakePHP : The Rapid Development Framework for PHP] #5588: security error when using multiple select

Mon, 27 Oct 2008 20:29:40 -0700 

#5588: security error when using multiple select
------------------------------------------------+---------------------------
    Reporter:  cakeman                          |         Owner:  mark_story
        Type:  Bug                              |        Status:  reopened  
    Priority:  High                             |     Milestone:  1.2.x.x   
   Component:  Components                       |       Version:  RC3       
    Severity:  Normal                           |    Resolution:            
    Keywords:  SecurityComponent multiple form  |   Php_version:  n/a       
Cake_version:                                   |  
------------------------------------------------+---------------------------
Changes (by zackenbarsch):

  * status:  closed => reopened
  * resolution:  fixed =>

Comment:

 This fix doesn't do it for me, the += operator (security.php:586) only
 appends elements of the remaining keys from the new array, and since
 $multi starts with key 0 it will append only something if no other data is
 submitted/present in $fieldList (that's why the test case works), 'cause
 otherwise the keys (at least one) in $multi are already taken in
 $fieldList.
 [[BR]][[BR]]
 Example:
 [[BR]][[BR]]
 The following

 {{{
 $fieldList = array
 (
         0 => 'Model.someField',
         1 => 'Model.someOtherField',
         3 => 'OtherModel.someField.0',
         4 => 'OtherModel.someField.1',
 )
 }}}

 ends up with this multi and fieldlist array since key 0 is already taken
 {{{
 $multi = array
 (
         0 => 'OtherModel.someField',
 )

 $fieldList = array
 (
         0 => 'Model.someField',
         1 => 'Model.someOtherField'
 )
 }}}

 [[BR]][[BR]]
 To fix it either array_merge could be used instead of +=, or the values
 could be added to $multi with the indices they have in $fieldList

 {{{
 $multi[$i] = preg_replace('/\.\d+$/', '', $key);
 }}}

 {{{
 $fieldList = array_merge($fieldList, array_unique($multi));
 }}}

-- 
Ticket URL: <https://trac.cakephp.org/ticket/5588#comment:4>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to