| # |
Aug 7th 2008, 22:46 |
lqdice__ |
the error is minimal .. it sends a string like "Auth" or "Login" |
| # |
Aug 7th 2008, 22:46 |
markstory |
lqdice__: it sends to controller::blackhole I think. |
| # |
Aug 7th 2008, 22:44 |
lqdice__ |
ok what field is bad |
| # |
Aug 7th 2008, 22:44 |
lqdice__ |
and its like |
| # |
Aug 7th 2008, 22:44 |
lqdice__ |
i mean yuo just get a white screen |
| # |
Aug 7th 2008, 22:43 |
markstory |
lqdice__: it isn't helpful as any help provided could be used against it. but I guess with debug on it could be more helpful. |
| # |
Aug 7th 2008, 22:42 |
lqdice__ |
i think perhaps the security component could be a bit more helpful .. i had to add debug in the thing to figure out wtf was happening |
| # |
Aug 7th 2008, 22:42 |
markstory |
lqdice__: I'm not overly familiar with security component. |
| # |
Aug 7th 2008, 22:41 |
markstory |
well disabled fields would work :) |
| # |
Aug 7th 2008, 22:40 |
lqdice__ |
https://trac.cakephp.org/changeset/4978 |
| # |
Aug 7th 2008, 22:40 |
markstory |
unless you include them in the disabled fields list possibly |
| # |
Aug 7th 2008, 22:40 |
lqdice__ |
what about the disabledFields option? |
| # |
Aug 7th 2008, 22:39 |
markstory |
if you are going to be changing hidden inputs. then you can't use security component. |
| # |
Aug 7th 2008, 22:39 |
lqdice__ |
u sure? |
| # |
Aug 7th 2008, 22:39 |
markstory |
lqdice__: there isn't. |
| # |
Aug 7th 2008, 22:39 |
lqdice__ |
there should be an option around this.. im gonna look |
| # |
Aug 7th 2008, 22:39 |
markstory |
ronparker: you can do anything you want with it. |
| # |
Aug 7th 2008, 22:38 |
markstory |
lqdice__: it certainly does. |
| # |
Aug 7th 2008, 22:38 |
anthony |
ronparker: it's under the MIT license |
| # |
Aug 7th 2008, 22:38 |
lqdice__ |
so it black lists it when swfupload changes it |
| # |
Aug 7th 2008, 22:38 |
lqdice__ |
markstory: i figured out my problem.. Security expects hidden fields to have the same value |
| # |
Aug 7th 2008, 22:38 |
ronparker |
what about license, may i use cakephp and sell making profit of it? |
| # |
Aug 7th 2008, 22:37 |
Jonah |
markstory: it is leaving everything blank... now it looks like a bug in php ill get back to you... |
| # |
Aug 7th 2008, 22:34 |
markstory |
however it can be used with components from zend framework or pear if you wish. |
| # |
Aug 7th 2008, 22:34 |
markstory |
ronparker: nope, just cake based. |
| # |
Aug 7th 2008, 22:34 |
ronparker |
is Cakephp based on Pear or any other framework? |
| # |
Aug 7th 2008, 22:34 |
markstory |
to make sure there is something there? |
| # |
Aug 7th 2008, 22:33 |
markstory |
are you validating username? |
| # |
Aug 7th 2008, 22:33 |
Jonah |
because of this I found a way to hack my own site and create users with a blank username |
| # |
Aug 7th 2008, 22:29 |
Jonah |
am i missing something? |
| # |
Aug 7th 2008, 22:28 |
Jonah |
this means that you have to manually check that all the fields were passed? |
| # |
Aug 7th 2008, 22:28 |
Jonah |
uhh... |
| # |
Aug 7th 2008, 22:26 |
Jonah |
it should not return true if not all the required fields are passed to it |
| # |
Aug 7th 2008, 22:26 |
Jonah |
why is validates() not validating fields that are not passed to it? this is a security hole |
| # |
Aug 7th 2008, 22:19 |
cobol |
well, we'll see |
| # |
Aug 7th 2008, 22:19 |
cobol |
yeah. question is if it will remember it if I had get parameters up in the url |
| # |
Aug 7th 2008, 22:18 |
markstory |
paginator remembers sort and such. |
| # |
Aug 7th 2008, 22:18 |
markstory |
try it find out :) |
| # |
Aug 7th 2008, 22:18 |
cobol |
will go away |
| # |
Aug 7th 2008, 22:18 |
cobol |
one or the other, either the parameters or the page result |
| # |
Aug 7th 2008, 22:18 |
cobol |
but i imagine as soon as i hit submit, or change pages, |