| # |
Aug 7th 2008, 21:02 |
zeeneo |
$this->data['params']['url'] i think |
| # |
Aug 7th 2008, 21:01 |
markstory |
$this->data |
| # |
Aug 7th 2008, 21:01 |
infantigniter |
...string name |
| # |
Aug 7th 2008, 21:01 |
infantigniter |
one other question, since i really can't think of what to search for... if i'm using prototype and it sends a POST like "average=3.5andidentity=demo_12andmax=5andrated=2andrerated=falseandtotal=2anduser_id=0andparentname=gamesandparentid=23andtime=14", basically the format is var=valueandvar=value... where can i access that data? is it assigned to $this->data? if so, does it parse the vars/values or is it some... |
| # |
Aug 7th 2008, 21:00 |
lqdice__ |
markstory: yeah i might have to knock it down to medium security.. maybe i can do that just for 1 action |
| # |
Aug 7th 2008, 21:00 |
markstory |
which is what you are trying to do. |
| # |
Aug 7th 2008, 21:00 |
zeeneo |
i know |
| # |
Aug 7th 2008, 21:00 |
markstory |
helps stop session hijacking. |
| # |
Aug 7th 2008, 21:00 |
markstory |
compares a useragent string hash to that in the session. |
| # |
Aug 7th 2008, 20:59 |
markstory |
lqdice__: it checks a bunch of stuff in the headers too. |
| # |
Aug 7th 2008, 20:59 |
lqdice__ |
usually you can get by just by sending the session id |
| # |
Aug 7th 2008, 20:59 |
markstory |
with someone else. perhaps not with cake but with other session authenticated processes. |
| # |
Aug 7th 2008, 20:59 |
lqdice__ |
markstory: yeah but cake does some fancy session checking |
| # |
Aug 7th 2008, 20:59 |
markstory |
lqdice__: check the swfupload docs? I'm sure this has happened before. |
| # |
Aug 7th 2008, 20:58 |
zeeneo |
can't find it :| |
| # |
Aug 7th 2008, 20:58 |
lqdice__ |
zeeneo: do you have a link or know where it was ? |
| # |
Aug 7th 2008, 20:57 |
zeeneo |
you do it in the javascript |
| # |
Aug 7th 2008, 20:57 |
lqdice__ |
i can easily send the session id but cake checks for more than that |
| # |
Aug 7th 2008, 20:57 |
lqdice__ |
i found one but its editing core files |
| # |
Aug 7th 2008, 20:57 |
markstory |
) |
| # |
Aug 7th 2008, 20:57 |
markstory |
lqdice__: no auth! |
| # |
Aug 7th 2008, 20:56 |
lqdice__ |
anyone got a quick fix ? |
| # |
Aug 7th 2008, 20:56 |
zeeneo |
someone has a fix somewhere |
| # |
Aug 7th 2008, 20:56 |
lqdice__ |
bah dammit |
| # |
Aug 7th 2008, 20:56 |
zeeneo |
lqdice__, it doesn't send the session cookie when you send data |
| # |
Aug 7th 2008, 20:56 |
markstory |
swfupload can be a pain as it doesn't send sessions.' |
| # |
Aug 7th 2008, 20:56 |
infantigniter |
markstory: thanks you answered me before i really asked |
| # |
Aug 7th 2008, 20:56 |
markstory |
lqdice__: nope. |
| # |
Aug 7th 2008, 20:56 |
infantigniter |
cakephp seems to be doing that automagically at this point. but it also sends the entire view page. how can i stop that? (trust me i spent a half hour searching before i decided to bother the chat) |
| # |
Aug 7th 2008, 20:56 |
lqdice__ |
its giving me a hard time |
| # |
Aug 7th 2008, 20:56 |
lqdice__ |
markstory: err have you used swfupload before w/ Auth? |
| # |
Aug 7th 2008, 20:56 |
markstory |
and set $this->autoRender = false |
| # |
Aug 7th 2008, 20:56 |
zeeneo |
something like that, can't remember the parameter and it depends what you're using |
| # |
Aug 7th 2008, 20:56 |
markstory |
infantigniter: if you want quick and dirty echo 'foo' |
| # |
Aug 7th 2008, 20:56 |
zeeneo |
so then in your onSuccess(r) { if(r.json.success != true) { alert('arg'); } } |
| # |
Aug 7th 2008, 20:55 |
infantigniter |
oh, i understand |
| # |
Aug 7th 2008, 20:54 |
zeeneo |
infantigniter, you'd send the success of receiving the data |
| # |
Aug 7th 2008, 20:54 |
infantigniter |
well, "things" in this case being a minimal amount of data, like a 3 digit number |
| # |
Aug 7th 2008, 20:54 |
infantigniter |
markstory: lol. because my script only NEEDS to send data, not receive it. it sends a rating and some associated data; javascript does the updating of the page that sent the data. i don't need anything back. and i can't figure out how to send things back :) |
| # |
Aug 7th 2008, 20:54 |
zeeneo |
yeah, generally { success:true } |
| # |
Aug 7th 2008, 20:54 |
markstory |
and replying to it lets you know that all is well. |