Log message #110457

# At Username Text
# Aug 7th 2008, 21:05 SamuraiDio infantigniter, thanks
# Aug 7th 2008, 21:04 lqdice__ Found this that seems to work even w/o taking the security setting to medium.. i wonder if it will work for all clients though.. http://blogs.bigfish.tv/adam/2008/04/01/cakephp-12-sessions-and-swfupload/
# Aug 7th 2008, 21:04 infantigniter SamuraiDio: 'allowEmpty'=>false
# Aug 7th 2008, 21:03 markstory check $this->params['form']
# Aug 7th 2008, 21:02 SamuraiDio i was using this until now: 'first_name' => VALID_NOT_EMPTY,
# Aug 7th 2008, 21:02 markstory if its not in model[field] form.
# Aug 7th 2008, 21:02 zeeneo just debug($this->data);
# Aug 7th 2008, 21:02 SamuraiDio how do i validade a field just to do not be empty, with the new validation rules?
# Aug 7th 2008, 21:02 zeeneo $this->data['params']['url'] i think
# Aug 7th 2008, 21:01 markstory $this->data
# Aug 7th 2008, 21:01 infantigniter ...string name
# Aug 7th 2008, 21:01 infantigniter one other question, since i really can't think of what to search for... if i'm using prototype and it sends a POST like "average=3.5andidentity=demo_12andmax=5andrated=2andrerated=falseandtotal=2anduser_id=0andparentname=gamesandparentid=23andtime=14", basically the format is var=valueandvar=value... where can i access that data? is it assigned to $this->data? if so, does it parse the vars/values or is it some...
# Aug 7th 2008, 21:00 lqdice__ markstory: yeah i might have to knock it down to medium security.. maybe i can do that just for 1 action
# Aug 7th 2008, 21:00 markstory which is what you are trying to do.
# Aug 7th 2008, 21:00 zeeneo i know
# Aug 7th 2008, 21:00 markstory helps stop session hijacking.
# Aug 7th 2008, 21:00 markstory compares a useragent string hash to that in the session.
# Aug 7th 2008, 20:59 markstory lqdice__: it checks a bunch of stuff in the headers too.
# Aug 7th 2008, 20:59 lqdice__ usually you can get by just by sending the session id
# Aug 7th 2008, 20:59 markstory with someone else. perhaps not with cake but with other session authenticated processes.
# Aug 7th 2008, 20:59 lqdice__ markstory: yeah but cake does some fancy session checking
# Aug 7th 2008, 20:59 markstory lqdice__: check the swfupload docs? I'm sure this has happened before.
# Aug 7th 2008, 20:58 zeeneo can't find it :|
# Aug 7th 2008, 20:58 lqdice__ zeeneo: do you have a link or know where it was ?
# Aug 7th 2008, 20:57 zeeneo you do it in the javascript
# Aug 7th 2008, 20:57 lqdice__ i can easily send the session id but cake checks for more than that
# Aug 7th 2008, 20:57 lqdice__ i found one but its editing core files
# Aug 7th 2008, 20:57 markstory )
# Aug 7th 2008, 20:57 markstory lqdice__: no auth!
# Aug 7th 2008, 20:56 lqdice__ anyone got a quick fix ?
# Aug 7th 2008, 20:56 zeeneo someone has a fix somewhere
# Aug 7th 2008, 20:56 lqdice__ bah dammit
# Aug 7th 2008, 20:56 zeeneo lqdice__, it doesn't send the session cookie when you send data
# Aug 7th 2008, 20:56 markstory swfupload can be a pain as it doesn't send sessions.'
# Aug 7th 2008, 20:56 infantigniter markstory: thanks you answered me before i really asked
# Aug 7th 2008, 20:56 markstory lqdice__: nope.
# Aug 7th 2008, 20:56 infantigniter cakephp seems to be doing that automagically at this point. but it also sends the entire view page. how can i stop that? (trust me i spent a half hour searching before i decided to bother the chat)
# Aug 7th 2008, 20:56 lqdice__ its giving me a hard time
# Aug 7th 2008, 20:56 lqdice__ markstory: err have you used swfupload before w/ Auth?
# Aug 7th 2008, 20:56 markstory and set $this->autoRender = false
# Aug 7th 2008, 20:56 zeeneo something like that, can't remember the parameter and it depends what you're using