| # |
Mar 6th 2019, 08:00 |
acosonic |
Hi all, I've built this script to protect my cakephp servers from hackers trying to access wordpress ... |
| # |
Mar 6th 2019, 07:04 |
 tjkalinowski |
Do you have experience with scaning tickets qr code via iphone? Record is send to cakephp database. |
| # |
Mar 6th 2019, 07:03 |
tjkalinowski |
Hello to all cakephp programmers :) |
| # |
Mar 6th 2019, 05:23 |
vipul.onus |
Hello when i do post rest api at that time facing error like " Error: Missing CSRF token cookie " this.. any solution in cakephp 3.7v |
| # |
Mar 5th 2019, 23:22 |
rightscoreanalysis |
thanks |
| # |
Mar 5th 2019, 23:21 |
dereuromark |
see e.g. https://github.com/dereuromark/cakephp-tinyauth/blob/master/src/View/Helper/AuthUserHelper.php#L47 |
| # |
Mar 5th 2019, 23:21 |
rightscoreanalysis |
s |
| # |
Mar 5th 2019, 23:21 |
rightscoreanalysis |
is that $this->request->param |
| # |
Mar 5th 2019, 23:21 |
dereuromark |
the new way is >getAttribute('params'); |
| # |
Mar 5th 2019, 23:20 |
dereuromark |
check prefix key the param() array values |
| # |
Mar 5th 2019, 23:19 |
rightscoreanalysis |
how can i check if the current route has an admin prefix |
| # |
Mar 5th 2019, 21:20 |
spriz |
Wow, there is literally an example in the book under “SQL injection”….. :) https://book.cakephp.org/3.0/en/orm/query-builder.html#sql-injection-prevention |
| # |
Mar 5th 2019, 21:19 |
spriz |
What’s the best way to do a `WHERE MATCH (column) AGAINST($foo);` query safely with user-supplied ´$foo` with the Cake ORM? :thinking_face: |
| # |
Mar 5th 2019, 21:14 |
spriz |
That also really seems like a design pattern to avoid ,:) |
| # |
Mar 5th 2019, 19:58 |
challgren |
Guess it is https://book.cakephp.org/3.0/en/orm/retrieving-data-and-resultsets.html#dynamic-finders |
| # |
Mar 5th 2019, 19:55 |
challgren |
So in CakePHP 3.7.* is magic find methods still around? |
| # |
Mar 5th 2019, 17:39 |
jeremyharris |
I prefer the symfony component I linked you to and using a proper queue system which makes error handling easier than a background process just fired from app code. That seems like it could lead to issues |
| # |
Mar 5th 2019, 17:31 |
daniel.upshaw |
You might find this neat: https://github.com/cocur/background-process |
| # |
Mar 5th 2019, 17:31 |
daniel.upshaw |
@jeremyharris |
| # |
Mar 5th 2019, 17:21 |
manthan.budheliya |
Thanks @jeremyharris It works for me |
| # |
Mar 5th 2019, 17:19 |
daniel.upshaw |
Lol alright cool :slightly_smiling_face: |
| # |
Mar 5th 2019, 17:17 |
jeremyharris |
Cake doesn’t need to have one, symfony does :slightly_smiling_face: just add it to your project and you can use it. Cake works well with lots of libraries, and there’s no need to re-write things that exist already |
| # |
Mar 5th 2019, 17:17 |
daniel.upshaw |
Thanks so much |
| # |
Mar 5th 2019, 17:17 |
daniel.upshaw |
Just not in Cake yet... I think it would be cool but not a priority for Cake at the moment |
| # |
Mar 5th 2019, 17:16 |
daniel.upshaw |
Hmmm nice |
| # |
Mar 5th 2019, 17:16 |
jeremyharris |
cake doesn’t have wrappers for that, but php you can do it with `exec()` symfony has a process component that helps with this: https://symfony.com/doc/current/components/process.html |
| # |
Mar 5th 2019, 17:15 |
daniel.upshaw |
You'd probably want it to start cropping right away |
| # |
Mar 5th 2019, 17:15 |
daniel.upshaw |
For example, if you wanted to run imagemagick to crop an image, you might not want to queue it |
| # |
Mar 5th 2019, 17:15 |
jeremyharris |
I see |
| # |
Mar 5th 2019, 17:14 |
jeremyharris |
wrap it in a `if ($this->request->getParam('action') === 'edit') {}` for specific actions |
| # |
Mar 5th 2019, 17:14 |
jeremyharris |
then do it like this: https://book.cakephp.org/3.0/en/controllers/components/csrf.html#disabling-the-csrf-component-for-specific-actions |
| # |
Mar 5th 2019, 17:14 |
daniel.upshaw |
It seems Cake doesn't really have the wrappers for running processing, and encourages instead queues only |
| # |
Mar 5th 2019, 17:14 |
jeremyharris |
(if you use jquery, for example, you can use $.ajaxSetup to add that header to each request) |
| # |
Mar 5th 2019, 17:14 |
manthan.budheliya |
ok.. But what if I want to disable csrf also for the action? |
| # |
Mar 5th 2019, 17:14 |
jeremyharris |
and https://book.cakephp.org/3.0/en/controllers/components/csrf.html#csrf-protection-and-ajax-requests |
| # |
Mar 5th 2019, 17:13 |
jeremyharris |
for unlocking a certain action from form tampering (Security), it’s $this->Security->setConfig(‘unlockedActions’. [‘index’]), see: https://book.cakephp.org/3.0/en/controllers/components/security.html#disabling-security-component-for-specific-actions |
| # |
Mar 5th 2019, 17:13 |
daniel.upshaw |
Kind of neat I think.. for a pure PHP solution |
| # |
Mar 5th 2019, 17:12 |
jeremyharris |
CSRF and Security are two different things. If you want to use CSRF with ajax within your application, add the token to the headers (see the CSRF docs for this) |
| # |
Mar 5th 2019, 17:12 |
daniel.upshaw |
https://stackoverflow.com/a/45966 |
| # |
Mar 5th 2019, 17:12 |
manthan.budheliya |
My aim is to off the both component only for the particular action |
| # |
Mar 5th 2019, 17:12 |
daniel.upshaw |
What I want to do is execute a `ps` to check the status... I feel pretty good about that idea |