# |
Aug 7th 2008, 21:05 |
infantigniter |
SamuraiDio: np |
# |
Aug 7th 2008, 21:05 |
infantigniter |
SamuraiDio: put that in an array with a rule |
# |
Aug 7th 2008, 21:05 |
SamuraiDio |
infantigniter, thanks |
# |
Aug 7th 2008, 21:04 |
lqdice__ |
Found this that seems to work even w/o taking the security setting to medium.. i wonder if it will work for all clients though.. http://blogs.bigfish.tv/adam/2008/04/01/cakephp-12-sessions-and-swfupload/ |
# |
Aug 7th 2008, 21:04 |
infantigniter |
SamuraiDio: 'allowEmpty'=>false |
# |
Aug 7th 2008, 21:03 |
markstory |
check $this->params['form'] |
# |
Aug 7th 2008, 21:02 |
SamuraiDio |
i was using this until now: 'first_name' => VALID_NOT_EMPTY, |
# |
Aug 7th 2008, 21:02 |
markstory |
if its not in model[field] form. |
# |
Aug 7th 2008, 21:02 |
zeeneo |
just debug($this->data); |
# |
Aug 7th 2008, 21:02 |
SamuraiDio |
how do i validade a field just to do not be empty, with the new validation rules? |
# |
Aug 7th 2008, 21:02 |
zeeneo |
$this->data['params']['url'] i think |
# |
Aug 7th 2008, 21:01 |
markstory |
$this->data |
# |
Aug 7th 2008, 21:01 |
infantigniter |
...string name |
# |
Aug 7th 2008, 21:01 |
infantigniter |
one other question, since i really can't think of what to search for... if i'm using prototype and it sends a POST like "average=3.5andidentity=demo_12andmax=5andrated=2andrerated=falseandtotal=2anduser_id=0andparentname=gamesandparentid=23andtime=14", basically the format is var=valueandvar=value... where can i access that data? is it assigned to $this->data? if so, does it parse the vars/values or is it some... |
# |
Aug 7th 2008, 21:00 |
lqdice__ |
markstory: yeah i might have to knock it down to medium security.. maybe i can do that just for 1 action |
# |
Aug 7th 2008, 21:00 |
markstory |
which is what you are trying to do. |
# |
Aug 7th 2008, 21:00 |
zeeneo |
i know |
# |
Aug 7th 2008, 21:00 |
markstory |
helps stop session hijacking. |
# |
Aug 7th 2008, 21:00 |
markstory |
compares a useragent string hash to that in the session. |
# |
Aug 7th 2008, 20:59 |
markstory |
lqdice__: it checks a bunch of stuff in the headers too. |
# |
Aug 7th 2008, 20:59 |
lqdice__ |
usually you can get by just by sending the session id |
# |
Aug 7th 2008, 20:59 |
markstory |
with someone else. perhaps not with cake but with other session authenticated processes. |
# |
Aug 7th 2008, 20:59 |
lqdice__ |
markstory: yeah but cake does some fancy session checking |
# |
Aug 7th 2008, 20:59 |
markstory |
lqdice__: check the swfupload docs? I'm sure this has happened before. |
# |
Aug 7th 2008, 20:58 |
zeeneo |
can't find it :| |
# |
Aug 7th 2008, 20:58 |
lqdice__ |
zeeneo: do you have a link or know where it was ? |
# |
Aug 7th 2008, 20:57 |
zeeneo |
you do it in the javascript |
# |
Aug 7th 2008, 20:57 |
lqdice__ |
i can easily send the session id but cake checks for more than that |
# |
Aug 7th 2008, 20:57 |
lqdice__ |
i found one but its editing core files |
# |
Aug 7th 2008, 20:57 |
markstory |
) |
# |
Aug 7th 2008, 20:57 |
markstory |
lqdice__: no auth! |
# |
Aug 7th 2008, 20:56 |
lqdice__ |
anyone got a quick fix ? |
# |
Aug 7th 2008, 20:56 |
zeeneo |
someone has a fix somewhere |
# |
Aug 7th 2008, 20:56 |
lqdice__ |
bah dammit |
# |
Aug 7th 2008, 20:56 |
zeeneo |
lqdice__, it doesn't send the session cookie when you send data |
# |
Aug 7th 2008, 20:56 |
markstory |
swfupload can be a pain as it doesn't send sessions.' |
# |
Aug 7th 2008, 20:56 |
infantigniter |
markstory: thanks you answered me before i really asked |
# |
Aug 7th 2008, 20:56 |
markstory |
lqdice__: nope. |
# |
Aug 7th 2008, 20:56 |
infantigniter |
cakephp seems to be doing that automagically at this point. but it also sends the entire view page. how can i stop that? (trust me i spent a half hour searching before i decided to bother the chat) |
# |
Aug 7th 2008, 20:56 |
lqdice__ |
its giving me a hard time |
# |
Aug 7th 2008, 20:56 |
lqdice__ |
markstory: err have you used swfupload before w/ Auth? |