| # |
Mar 13th 2018, 10:43 |
braguzz |
(i'm on 2.x) |
| # |
Mar 13th 2018, 10:43 |
 reg01 |
I couldn't find anything on the website as to where to report security vulnerabilities. I would recommend adding that. |
| # |
Mar 13th 2018, 10:43 |
braguzz |
some examples?? :) |
| # |
Mar 13th 2018, 10:41 |
alysson-azevedo |
yes, you can. write a getter on the profstrut entity for that field that returns the titolo's data |
| # |
Mar 13th 2018, 10:28 |
braguzz |
can I use a field in Titolo in a Profstrut virtulfield? |
| # |
Mar 13th 2018, 10:27 |
braguzz |
Profstrut belongsTo Titolo |
| # |
Mar 13th 2018, 10:27 |
braguzz |
hi all |
| # |
Mar 13th 2018, 10:22 |
neon1024 |
Morning everyone |
| # |
Mar 13th 2018, 10:18 |
steinkel |
^ I understand this is a qa/staging environment |
| # |
Mar 13th 2018, 10:15 |
steinkel |
enable debug, you should get a more verbose message description from security component |
| # |
Mar 13th 2018, 10:14 |
spriz |
@steinkel 3.4.x :) |
| # |
Mar 13th 2018, 10:13 |
turkles |
Hi, is it possible to use paginate after tampering with some data? I have tried looping through my result set and adding/modifying data, but when I put the result into paginate it seems to reload the data from original query and not the modified stuff I have |
| # |
Mar 13th 2018, 10:09 |
dereuromark |
acosonic: all of them resolved, right? |
| # |
Mar 13th 2018, 10:04 |
steinkel |
@spriz which version of the framework? |
| # |
Mar 13th 2018, 10:03 |
alysson-azevedo |
Hi. |
| # |
Mar 13th 2018, 10:01 |
pierre-baptiste.varle |
Hello, anybody there? |
| # |
Mar 13th 2018, 09:39 |
acosonic |
Hi all, cakephp rulez :) only 10 CVE entries... |
| # |
Mar 13th 2018, 09:31 |
spriz |
anyone have an idea why cakephp would blackhole all requests to a heroku instance? :thinking_face: With “security” as reason - while it’s running with SSL already |
| # |
Mar 13th 2018, 09:30 |
dereuromark |
asdfsdfsdfs : did your cat run over the keyboard? :slightly_smiling_face: |
| # |
Mar 13th 2018, 09:04 |
asdfsdfsdfs |
hey |
| # |
Mar 13th 2018, 09:01 |
dereuromark |
Does it work? |
| # |
Mar 13th 2018, 01:47 |
dereuromark |
Wrong commit message at 3 in the morning - but hey.. :slightly_smiling_face: Good night |
| # |
Mar 13th 2018, 01:47 |
dereuromark |
I might have fixed it: https://github.com/dereuromark/cakephp-tags/commit/a9b30fca9ebb88ffc65219d7a533d4f2d47d5385 |
| # |
Mar 13th 2018, 01:32 |
bakro.istvan |
Thank you for your help again :slightly_smiling_face: |
| # |
Mar 13th 2018, 01:31 |
bakro.istvan |
Is there any sec. concern about this at all? I will check on that... |
| # |
Mar 13th 2018, 01:25 |
bakro.istvan |
I havent studied the security aspects, but I feel some questions |
| # |
Mar 13th 2018, 01:25 |
dereuromark |
Yeah I think so - https://book.cakephp.org/3.0/en/orm/entities.html#modifying-the-guarded-fields-at-runtime |
| # |
Mar 13th 2018, 01:24 |
bakro.istvan |
I mean |
| # |
Mar 13th 2018, 01:24 |
bakro.istvan |
Is it possible at all? |
| # |
Mar 13th 2018, 01:24 |
bakro.istvan |
Thank you for your help. I hope hope I can put a passing PR together :slightly_smiling_face: |
| # |
Mar 13th 2018, 01:23 |
dereuromark |
Can you make a PR for the behavior that whitelists the tags property? so we can fix this for others? |
| # |
Mar 13th 2018, 01:22 |
bakro.istvan |
Voila it works |
| # |
Mar 13th 2018, 01:21 |
dereuromark |
Most likely you have your entity whitelist narrowed down too much. I usually use https://github.com/dereuromark/cakephp-sandbox/blob/3.0/src/Model/Entity/User.php#L33-L34 etc. Maybe we have to add whitelisting for the entity fields here somehow in your case. |
| # |
Mar 13th 2018, 01:20 |
bakro.istvan |
Me neighter, but the beforeMarshal does its job. |
| # |
Mar 13th 2018, 01:20 |
bakro.istvan |
``` public function beforeMarshal($event, $data, $options) { debug($data); die; } ``` ``` /src/Model/Table/PeopleTable.php (line 71) object(ArrayObject) { name => 'steve' description => 'desc' tag_list => 'my1tag' tags => [ (int) 0 => [ '_joinData' => [ 'fk_model' => 'People' ], 'label' => 'my1tag', 'slug' => 'my1tag' ] ] } ``` |
| # |
Mar 13th 2018, 01:19 |
dereuromark |
I dont see any tags_list or tags for that matter. |
| # |
Mar 13th 2018, 01:19 |
slackebot |
'2018-03-13T01:17:48+00:00', 'timezone' => 'UTC', 'fixedNowTime' => false }, '[new]' => true, '[accessible]' => [ 'name' => true, 'description' => true, 'created' => true, 'modified' => true ], '[dirty]' => [ 'name' => true, 'description' => true, 'created' => true, 'modified' => true ], '[original]' => [], '[virtual]' => [], '[errors]' => [], '[invalid]' => [], '[repository]' => 'People' } ``` |
| # |
Mar 13th 2018, 01:19 |
bakro.istvan |
I put the following: ``` public function beforeSave($event, $data, $options) { debug($data); die; } ``` ```/src/Model/Table/PeopleTable.php (line 71) object(App\Model\Entity\Person) { 'name' => 'steve', 'description' => 'desc', 'created' => object(Cake\I18n\Time) { 'time' => '2018-03-13T01:17:48+00:00', 'timezone' => 'UTC', 'fixedNowTime' => false }, 'modified' => object(Cake\I18n\Time) { 'time' => |
| # |
Mar 13th 2018, 01:10 |
dereuromark |
How does the data look like right beforeSave() end? |
| # |
Mar 13th 2018, 00:55 |
spencdev |
But as they say, this too shall pass. |
| # |
Mar 13th 2018, 00:55 |
bakro.istvan |
Could you please look at it. Am I missing some configs? |