protected function _secure($lock, $field, $value = null)
{
if (empty($field) && $field !== '0') {
return;
}
if (is_string($field)) {
$field = Hash::filter(explode('.', $field));
}
foreach ($this->_unlockedFields as $unlockField) {
$unlockParts = explode('.', $unlockField);
if (array_values(array_intersect($field, $unlockParts)) === $unlockParts) {
return;
}
}
$field = implode('.', $field);
$field = preg_replace('/(\\.\\d+)+$/', '', $field);
if ($lock) {
if (!in_array($field, $this->fields)) {
if ($value !== null) {
return $this->fields[$field] = $value;
}
if (isset($this->fields[$field]) && $value === null) {
unset($this->fields[$field]);
}
$this->fields[] = $field;
}
} else {
$this->unlockField($field);
}
}