Log message #113750

# At Username Text
# Aug 9th 2008, 13:57 jaredhoyt Anon323: you can whitelist in save()
# Aug 9th 2008, 13:57 Anon323 in my function?
# Aug 9th 2008, 13:57 Anon323 $this->Security->disabledFields(array("foo", "bar"));
# Aug 9th 2008, 13:57 Anon323 in my controller and
# Aug 9th 2008, 13:57 Anon323 var $components = array("Security");
# Aug 9th 2008, 13:57 Anon323 markstory: @security component: Means I have to add
# Aug 9th 2008, 13:56 Anon323 yes. i read about whitelisting. cleanUpFields() turned up as acceptable search result.
# Aug 9th 2008, 13:55 markstory are you refereing to controller::cleanUpFields?
# Aug 9th 2008, 13:54 markstory Anon323: security component stops form tampering.
# Aug 9th 2008, 13:54 Anon323 markstory: So form inputs I didn't specify will be discarded? (e.g. an attacker can't manually add an form input element which cake will automatically save?)
# Aug 9th 2008, 13:50 markstory its done automatically in Model::deconstruct
# Aug 9th 2008, 13:49 markstory cleanUpFields doesnt exist any more in 1.2
# Aug 9th 2008, 13:47 Anon323 AD7six: Thanks for the security component / whitelist hint. how does cleanUpFields() work? how does it know what to clean up?
# Aug 9th 2008, 13:43 TonkaTruck In order for the prefix routing example in the book to be reverse route compatible, the wildcard needs to be set as ...:action/* Then, it works swimmingly.
# Aug 9th 2008, 13:41 infantigniter it's mind boggling
# Aug 9th 2008, 13:41 infantigniter another weird thing, the table that has the null fields -- it only has like 5 rows. but it's displaying like 20/30 empty records on my browse pages
# Aug 9th 2008, 13:40 markstory well then I dunno.
# Aug 9th 2008, 13:40 infantigniter markstory: i don't do any of those in any view. i use some requestAction, but that's all Select * stuff
# Aug 9th 2008, 13:37 markstory anything that could be considered a save() / saveField()
# Aug 9th 2008, 13:37 infantigniter markstory: what qualifies as modifying a model? like trying to update records, etc. from a view?
# Aug 9th 2008, 13:35 markstory google analyitics is client side.
# Aug 9th 2008, 13:34 markstory if you modify a model on a page that is a view action. and a 404 occurs a new record will get inserted.
# Aug 9th 2008, 13:34 infantigniter markstory: i'm using google analytics if that is relevant
# Aug 9th 2008, 13:34 markstory infantigniter: are you doing anything like tracking views on pages?
# Aug 9th 2008, 13:33 infantigniter anybody know how this could be happening?
# Aug 9th 2008, 13:33 infantigniter it doesn't make sense because (1) the entire action is password protected and (2) all the save functions have validation rules that would prevent such null records from being created
# Aug 9th 2008, 13:32 infantigniter very strangely, though i use DarkAuth to protect all administrative actions (such as Add), i'm winding up with like 20 new rows in one of my tables every day about. all fields in these rows are null
# Aug 9th 2008, 13:32 freebox this is the problem with cake
# Aug 9th 2008, 13:32 freebox great
# Aug 9th 2008, 13:31 AD7six freebox there are no bugs in the sections I told you to read. your problem is nothing to do with creating paginateCount. there is nothing complex about your pagination scenario - just use the right parameters.
# Aug 9th 2008, 13:30 freebox is more easy for me understand an php code snippet that an bugged english manual
# Aug 9th 2008, 13:29 freebox yep
# Aug 9th 2008, 13:29 AD7six freebox I don't know. it would be a great start
# Aug 9th 2008, 13:29 freebox AD7six: why i don't show me how to do it?
# Aug 9th 2008, 13:28 AD7six freebox that's true but you're reading the wrong section anyway - there is nothing complex about what you're doing
# Aug 9th 2008, 13:27 freebox AD7six: manual is telling me to do things in the wrong way ($sql=..)
# Aug 9th 2008, 13:27 jaredhoyt k
# Aug 9th 2008, 13:27 trueaxe jaredhoyt: thanks, now it works just fine
# Aug 9th 2008, 13:27 AD7six freebox yes but the help is reading the manual to you, holding your hand and reading your own debug output.
# Aug 9th 2008, 13:26 TonkaTruck Will reverse routing of a prefix route honor arguments? Or must a new route be created for each possible uri format passing arguments? http://bin.cakephp.org/view/1344362767
# Aug 9th 2008, 13:26 freebox btw i'm here asking help, because i dont know how to do it right