tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2030 from oddnoc/form-submission-method-case-fix

Browse Source 
Use upper case to represent HTTP methods for forms
This commit is contained in:
Sean Harvey 2013-05-29 23:15:04 -07:00
commit f2460e018c
2 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
forms/Form.php
View File

@ -64,7 +64,7 @@ class Form extends RequestHandler {
protected $validator; protected $validator;
protected $formMethod = "post"; protected $formMethod = "POST";
/** /**
* @var boolean * @var boolean
@ -248,14 +248,14 @@ class Form extends RequestHandler {
if($this->strictFormMethodCheck) { if($this->strictFormMethodCheck) {
// Throws an error if the method is bad... // Throws an error if the method is bad...
if($this->formMethod != strtolower($request->httpMethod())) { if($this->formMethod != $request->httpMethod()) {
$response = Controller::curr()->getResponse(); $response = Controller::curr()->getResponse();
$response->addHeader('Allow', $this->formMethod); $response->addHeader('Allow', $this->formMethod);
$this->httpError(405, _t("Form.BAD_METHOD", "This form requires a ".$this->formMethod." submission")); $this->httpError(405, _t("Form.BAD_METHOD", "This form requires a ".$this->formMethod." submission"));
} }
// ...and only uses the vairables corresponding to that method type // ...and only uses the variables corresponding to that method type
$vars = $this->formMethod == 'get' ? $request->getVars() : $request->postVars(); $vars = $this->formMethod == 'GET' ? $request->getVars() : $request->postVars();
} else { } else {
$vars = $request->requestVars(); $vars = $request->requestVars();
} }
@ -546,7 +546,7 @@ class Form extends RequestHandler {
$this->securityTokenAdded = true; $this->securityTokenAdded = true;
// add the "real" HTTP method if necessary (for PUT, DELETE and HEAD) // add the "real" HTTP method if necessary (for PUT, DELETE and HEAD)
if($this->FormMethod() != $this->FormHttpMethod()) { if (strtoupper($this->FormMethod()) != $this->FormHttpMethod()) {
$methodField = new HiddenField('_method', '', $this->FormHttpMethod()); $methodField = new HiddenField('_method', '', $this->FormHttpMethod());
$methodField->setForm($this); $methodField->setForm($this);
$extraFields->push($methodField); $extraFields->push($methodField);
@ -676,7 +676,7 @@ class Form extends RequestHandler {
// - forms with security tokens shouldn't be cached because security tokens expire // - forms with security tokens shouldn't be cached because security tokens expire
$needsCacheDisabled = false; $needsCacheDisabled = false;
if ($this->getSecurityToken()->isEnabled()) $needsCacheDisabled = true; if ($this->getSecurityToken()->isEnabled()) $needsCacheDisabled = true;
if ($this->FormMethod() != 'get') $needsCacheDisabled = true; if ($this->FormMethod() != 'GET') $needsCacheDisabled = true;
if (!($this->validator instanceof RequiredFields) || count($this->validator->getRequired())) { if (!($this->validator instanceof RequiredFields) || count($this->validator->getRequired())) {
$needsCacheDisabled = true; $needsCacheDisabled = true;
} }
@ -692,7 +692,12 @@ class Form extends RequestHandler {
// Remove excluded // Remove excluded
if($exclude) $attrs = array_diff_key($attrs, array_flip($exclude)); if($exclude) $attrs = array_diff_key($attrs, array_flip($exclude));
// Create markkup // Prepare HTML-friendly 'method' attribute (lower-case)
if (isset($attrs['method'])) {
$attrs['method'] = strtolower($attrs['method']);
}
// Create markup
$parts = array(); $parts = array();
foreach($attrs as $name => $value) { foreach($attrs as $name => $value) {
$parts[] = ($value === true) ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\""; $parts[] = ($value === true) ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\"";
@ -800,13 +805,13 @@ class Form extends RequestHandler {
* Returns the form method to be used in the <form> tag. * Returns the form method to be used in the <form> tag.
* See {@link FormHttpMethod()} to get the "real" method. * See {@link FormHttpMethod()} to get the "real" method.
* *
* @return string Form tag compatbile HTTP method: 'get' or 'post' * @return string Form HTTP method restricted to 'GET' or 'POST'
*/ */
public function FormMethod() { public function FormMethod() {
if(in_array($this->formMethod,array('get','post'))) { if(in_array($this->formMethod,array('GET','POST'))) {
return $this->formMethod; return $this->formMethod;
} else { } else {
return 'post'; return 'POST';
} }
} }
@ -817,7 +822,7 @@ class Form extends RequestHandler {
* @param $strict If non-null, pass value to {@link setStrictFormMethodCheck()}. * @param $strict If non-null, pass value to {@link setStrictFormMethodCheck()}.
*/ */
public function setFormMethod($method, $strict = null) { public function setFormMethod($method, $strict = null) {
$this->formMethod = strtolower($method); $this->formMethod = strtoupper($method);
if($strict !== null) $this->setStrictFormMethodCheck($strict); if($strict !== null) $this->setStrictFormMethodCheck($strict);
return $this; return $this;
} }

8
tests/forms/FormTest.php
View File

@ -210,19 +210,19 @@ class FormTest extends FunctionalTest {
$form = $this->getStubForm(); $form = $this->getStubForm();
$form->setFormMethod('PUT'); $form->setFormMethod('PUT');
$this->assertEquals($form->Fields()->dataFieldByName('_method')->Value(), 'put', $this->assertEquals($form->Fields()->dataFieldByName('_method')->Value(), 'PUT',
'PUT override in forms has PUT in hiddenfield' 'PUT override in forms has PUT in hiddenfield'
); );
$this->assertEquals($form->FormMethod(), 'post', $this->assertEquals($form->FormMethod(), 'POST',
'PUT override in forms has POST in <form> tag' 'PUT override in forms has POST in <form> tag'
); );
$form = $this->getStubForm(); $form = $this->getStubForm();
$form->setFormMethod('DELETE'); $form->setFormMethod('DELETE');
$this->assertEquals($form->Fields()->dataFieldByName('_method')->Value(), 'delete', $this->assertEquals($form->Fields()->dataFieldByName('_method')->Value(), 'DELETE',
'PUT override in forms has PUT in hiddenfield' 'PUT override in forms has PUT in hiddenfield'
); );
$this->assertEquals($form->FormMethod(), 'post', $this->assertEquals($form->FormMethod(), 'POST',
'PUT override in forms has POST in <form> tag' 'PUT override in forms has POST in <form> tag'
); );
} }