From 54b4dca799510c29122d6fef16c2588275dde5b3 Mon Sep 17 00:00:00 2001
From: Kirk Mayo <kirk@silverstripe.com>
Date: Mon, 6 Jan 2014 15:15:01 +1300
Subject: [PATCH] BUG: Fixing unit tests for form processing and adding unit
 test to check if form has been completed

---
 code/model/UserDefinedForm.php          | 13 ++++++-------
 tests/UserDefinedFormControllerTest.php | 17 +++++++++++++++++
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/code/model/UserDefinedForm.php b/code/model/UserDefinedForm.php
index 47e963b..56187d6 100755
--- a/code/model/UserDefinedForm.php
+++ b/code/model/UserDefinedForm.php
@@ -1046,8 +1046,11 @@ JS
 		
 		$referrer = (isset($data['Referrer'])) ? '?referrer=' . urlencode($data['Referrer']) : "";
 
+
 		// set a session variable from the security ID to stop people accessing the finished method directly
-		Session::set('FormProcessed',$data['SecurityID']);
+		if (isset($data['SecurityID'])) {
+			Session::set('FormProcessed',$data['SecurityID']);
+		}
 		
 		return $this->redirect($this->Link() . 'finished' . $referrer);
 	}
@@ -1059,25 +1062,21 @@ JS
 	 * @return ViewableData
 	 */
 	public function finished() {
+		$referrer = isset($_GET['referrer']) ? urldecode($_GET['referrer']) : null;
+		
 		$formProcessed = Session::get('FormProcessed');
 		if (!isset($formProcessed)) {
-				$referrer = (isset($data['Referrer'])) ? '?referrer=' .
-					urlencode($data['Referrer']) : "";
 				return $this->redirect($this->Link() . $referrer);
 		} else {
 			$securityID = Session::get('SecurityID');
 			// make sure the session matches the SecurityID and is not left over from another form
 			if ($formProcessed != $securityID) {
-				$referrer = (isset($data['Referrer'])) ? '?referrer=' .
-					urlencode($data['Referrer']) : "";
 				return $this->redirect($this->Link() . $referrer);
 			}
 		}
 		// remove the session variable as we do not want it to be re-used
 		Session::clear('FormProcessed');
 
-		$referrer = isset($_GET['referrer']) ? urldecode($_GET['referrer']) : null;
-		
 		return $this->customise(array(
 			'Content' => $this->customise(
 				array(
diff --git a/tests/UserDefinedFormControllerTest.php b/tests/UserDefinedFormControllerTest.php
index d159a23..f05a7ba 100644
--- a/tests/UserDefinedFormControllerTest.php
+++ b/tests/UserDefinedFormControllerTest.php
@@ -59,10 +59,27 @@ class UserDefinedFormControllerTest extends FunctionalTest {
 	
 	function testFinished() {
 		$form = $this->setupFormFrontend();
+
+		// set formProcessed and SecurityID to replicate the form being filled out
+		$this->session()->inst_set('SecurityID', 1);
+		$this->session()->inst_set('FormProcessed', 1);
+
 		$response = $this->get($form->URLSegment.'/finished');
 		
 		$this->assertContains($form->OnCompleteMessage ,$response->getBody());
 	}
+
+	function testAppendingFinished() {
+		$form = $this->setupFormFrontend();
+
+		// replicate finished being added to the end of the form URL without the form being filled out
+		$this->session()->inst_set('SecurityID', 1);
+		$this->session()->inst_set('FormProcessed', null);
+
+		$response = $this->get($form->URLSegment.'/finished');
+		
+		$this->assertNotContains($form->OnCompleteMessage ,$response->getBody());
+	}
 	
 	function testForm() {
 		$form = $this->objFromFixture('UserDefinedForm', 'basic-form-page');