Log message #110619

# At Username Text
# Aug 7th 2008, 22:44 lqdice__ and its like
# Aug 7th 2008, 22:44 lqdice__ i mean yuo just get a white screen
# Aug 7th 2008, 22:43 markstory lqdice__: it isn't helpful as any help provided could be used against it. but I guess with debug on it could be more helpful.
# Aug 7th 2008, 22:42 lqdice__ i think perhaps the security component could be a bit more helpful .. i had to add debug in the thing to figure out wtf was happening
# Aug 7th 2008, 22:42 markstory lqdice__: I'm not overly familiar with security component.
# Aug 7th 2008, 22:41 markstory well disabled fields would work :)
# Aug 7th 2008, 22:40 lqdice__ https://trac.cakephp.org/changeset/4978
# Aug 7th 2008, 22:40 markstory unless you include them in the disabled fields list possibly
# Aug 7th 2008, 22:40 lqdice__ what about the disabledFields option?
# Aug 7th 2008, 22:39 markstory if you are going to be changing hidden inputs. then you can't use security component.
# Aug 7th 2008, 22:39 lqdice__ u sure?
# Aug 7th 2008, 22:39 markstory lqdice__: there isn't.
# Aug 7th 2008, 22:39 lqdice__ there should be an option around this.. im gonna look
# Aug 7th 2008, 22:39 markstory ronparker: you can do anything you want with it.
# Aug 7th 2008, 22:38 markstory lqdice__: it certainly does.
# Aug 7th 2008, 22:38 anthony ronparker: it's under the MIT license
# Aug 7th 2008, 22:38 lqdice__ so it black lists it when swfupload changes it
# Aug 7th 2008, 22:38 lqdice__ markstory: i figured out my problem.. Security expects hidden fields to have the same value
# Aug 7th 2008, 22:38 ronparker what about license, may i use cakephp and sell making profit of it?
# Aug 7th 2008, 22:37 Jonah markstory: it is leaving everything blank... now it looks like a bug in php ill get back to you...
# Aug 7th 2008, 22:34 markstory however it can be used with components from zend framework or pear if you wish.
# Aug 7th 2008, 22:34 markstory ronparker: nope, just cake based.
# Aug 7th 2008, 22:34 ronparker is Cakephp based on Pear or any other framework?
# Aug 7th 2008, 22:34 markstory to make sure there is something there?
# Aug 7th 2008, 22:33 markstory are you validating username?
# Aug 7th 2008, 22:33 Jonah because of this I found a way to hack my own site and create users with a blank username
# Aug 7th 2008, 22:29 Jonah am i missing something?
# Aug 7th 2008, 22:28 Jonah this means that you have to manually check that all the fields were passed?
# Aug 7th 2008, 22:28 Jonah uhh...
# Aug 7th 2008, 22:26 Jonah it should not return true if not all the required fields are passed to it
# Aug 7th 2008, 22:26 Jonah why is validates() not validating fields that are not passed to it? this is a security hole
# Aug 7th 2008, 22:19 cobol well, we'll see
# Aug 7th 2008, 22:19 cobol yeah. question is if it will remember it if I had get parameters up in the url
# Aug 7th 2008, 22:18 markstory paginator remembers sort and such.
# Aug 7th 2008, 22:18 markstory try it find out :)
# Aug 7th 2008, 22:18 cobol will go away
# Aug 7th 2008, 22:18 cobol one or the other, either the parameters or the page result
# Aug 7th 2008, 22:18 cobol but i imagine as soon as i hit submit, or change pages,
# Aug 7th 2008, 22:18 cobol with a submit action, to filter the properties
# Aug 7th 2008, 22:18 cobol i'd have a form there
# Aug 7th 2008, 22:18 cobol well