# |
Aug 9th 2008, 13:58 |
markstory |
Anon323: the component include is good. |
# |
Aug 9th 2008, 13:57 |
jaredhoyt |
Anon323: you can whitelist in save() |
# |
Aug 9th 2008, 13:57 |
Anon323 |
in my function? |
# |
Aug 9th 2008, 13:57 |
Anon323 |
$this->Security->disabledFields(array("foo", "bar")); |
# |
Aug 9th 2008, 13:57 |
Anon323 |
in my controller and |
# |
Aug 9th 2008, 13:57 |
Anon323 |
var $components = array("Security"); |
# |
Aug 9th 2008, 13:57 |
Anon323 |
markstory: @security component: Means I have to add |
# |
Aug 9th 2008, 13:56 |
Anon323 |
yes. i read about whitelisting. cleanUpFields() turned up as acceptable search result. |
# |
Aug 9th 2008, 13:55 |
markstory |
are you refereing to controller::cleanUpFields? |
# |
Aug 9th 2008, 13:54 |
markstory |
Anon323: security component stops form tampering. |
# |
Aug 9th 2008, 13:54 |
Anon323 |
markstory: So form inputs I didn't specify will be discarded? (e.g. an attacker can't manually add an form input element which cake will automatically save?) |
# |
Aug 9th 2008, 13:50 |
markstory |
its done automatically in Model::deconstruct |
# |
Aug 9th 2008, 13:49 |
markstory |
cleanUpFields doesnt exist any more in 1.2 |
# |
Aug 9th 2008, 13:47 |
Anon323 |
AD7six: Thanks for the security component / whitelist hint. how does cleanUpFields() work? how does it know what to clean up? |
# |
Aug 9th 2008, 13:43 |
TonkaTruck |
In order for the prefix routing example in the book to be reverse route compatible, the wildcard needs to be set as ...:action/* Then, it works swimmingly. |
# |
Aug 9th 2008, 13:41 |
infantigniter |
it's mind boggling |
# |
Aug 9th 2008, 13:41 |
infantigniter |
another weird thing, the table that has the null fields -- it only has like 5 rows. but it's displaying like 20/30 empty records on my browse pages |
# |
Aug 9th 2008, 13:40 |
markstory |
well then I dunno. |
# |
Aug 9th 2008, 13:40 |
infantigniter |
markstory: i don't do any of those in any view. i use some requestAction, but that's all Select * stuff |
# |
Aug 9th 2008, 13:37 |
markstory |
anything that could be considered a save() / saveField() |
# |
Aug 9th 2008, 13:37 |
infantigniter |
markstory: what qualifies as modifying a model? like trying to update records, etc. from a view? |
# |
Aug 9th 2008, 13:35 |
markstory |
google analyitics is client side. |
# |
Aug 9th 2008, 13:34 |
markstory |
if you modify a model on a page that is a view action. and a 404 occurs a new record will get inserted. |
# |
Aug 9th 2008, 13:34 |
infantigniter |
markstory: i'm using google analytics if that is relevant |
# |
Aug 9th 2008, 13:34 |
markstory |
infantigniter: are you doing anything like tracking views on pages? |
# |
Aug 9th 2008, 13:33 |
infantigniter |
anybody know how this could be happening? |
# |
Aug 9th 2008, 13:33 |
infantigniter |
it doesn't make sense because (1) the entire action is password protected and (2) all the save functions have validation rules that would prevent such null records from being created |
# |
Aug 9th 2008, 13:32 |
infantigniter |
very strangely, though i use DarkAuth to protect all administrative actions (such as Add), i'm winding up with like 20 new rows in one of my tables every day about. all fields in these rows are null |
# |
Aug 9th 2008, 13:32 |
freebox |
this is the problem with cake |
# |
Aug 9th 2008, 13:32 |
freebox |
great |
# |
Aug 9th 2008, 13:31 |
AD7six |
freebox there are no bugs in the sections I told you to read. your problem is nothing to do with creating paginateCount. there is nothing complex about your pagination scenario - just use the right parameters. |
# |
Aug 9th 2008, 13:30 |
freebox |
is more easy for me understand an php code snippet that an bugged english manual |
# |
Aug 9th 2008, 13:29 |
freebox |
yep |
# |
Aug 9th 2008, 13:29 |
AD7six |
freebox I don't know. it would be a great start |
# |
Aug 9th 2008, 13:29 |
freebox |
AD7six: why i don't show me how to do it? |
# |
Aug 9th 2008, 13:28 |
AD7six |
freebox that's true but you're reading the wrong section anyway - there is nothing complex about what you're doing |
# |
Aug 9th 2008, 13:27 |
freebox |
AD7six: manual is telling me to do things in the wrong way ($sql=..) |
# |
Aug 9th 2008, 13:27 |
jaredhoyt |
k |
# |
Aug 9th 2008, 13:27 |
trueaxe |
jaredhoyt: thanks, now it works just fine |
# |
Aug 9th 2008, 13:27 |
AD7six |
freebox yes but the help is reading the manual to you, holding your hand and reading your own debug output. |
# |
Aug 9th 2008, 13:26 |
TonkaTruck |
Will reverse routing of a prefix route honor arguments? Or must a new route be created for each possible uri format passing arguments? http://bin.cakephp.org/view/1344362767 |