Log message #4191338

# At Username Text
# Jun 30th 2019, 09:11 challgren @wgon0001 are you nuts??? Eval is very very dangerous
# Jun 30th 2019, 08:51 ra7bi can i override CakePdf `Engine` `TcpdfEngine.php` configuration in my controller ? i need to set more values and more options to `Tcpd Engine`
# Jun 30th 2019, 08:49 ra7bi @wgon0001 Why not disable Eval function
# Jun 30th 2019, 07:44 savant Feel free to pm me
# Jun 30th 2019, 07:44 savant @chrisshick happy to discuss this (I run infra for cakephp and also have done so for a much larger e-commerce org and currently a heroku-like org)
# Jun 30th 2019, 04:50 wgon0001 Can I prevent the evil code from ‘Chinese chopper’ such as `<?php @eval($_POST[value]);?>` by using validator applying the rules to inputs box?
# Jun 30th 2019, 04:47 bgrinter I've run through the v3 tutorial and also done a test upgrade of v2 to v3 for the sample blog app, but now looking to do it for real and looking for advice
# Jun 30th 2019, 04:46 bgrinter Do I install using composer in a new directory and copy existing controller / model / views over? Do I set up to use composer on v2 first and update instead?
# Jun 30th 2019, 04:45 bgrinter I have a CakePHP 2.x app that I'm looking to update to v3. the v2 app doesn't use composer so I'm wondering the best / correct path to take.
# Jun 30th 2019, 03:00 challgren CakePHP 4.0.0-beta1 released! https://github.com/cakephp/cakephp/releases/tag/4.0.0-beta1
# Jun 30th 2019, 02:42 chrisshick @savant
# Jun 30th 2019, 02:36 chrisshick Now I’m curious, why do you think that?
# Jun 30th 2019, 02:35 savant Most anything else in the deployment space is going the wrong way imo
# Jun 30th 2019, 02:35 savant Use Kubernetes or something similar @chrisshick
# Jun 30th 2019, 01:30 slackebot changes the symlink accordingly.
# Jun 30th 2019, 01:30 chrisshick Hosting wise: i am currently using a private cloud provider. Security wise they have everything locked down pretty hardcore. I would like to avoid having to make firewall changes and make ssh accounts. I was envisioning a master server that holds all the builds. An api that the agents use to pull the latest build version. If it is different then it gets the build via the api, places it in the folder labeled for that version, and then
# Jun 30th 2019, 01:25 chrisshick @savant I mean it to be a little more secure due to the nature of opening firewall ports and setting up ssh accounts. Albeit those concerns can be addressed pretty simply The scalability concern I feel is well addressed with puppet for the nodes.
# Jun 29th 2019, 20:43 savant regardless, is there a specific hosting setup you’re thinking about?
# Jun 29th 2019, 20:43 savant @chrisshick pull based isn’t inherently more secure, and at scale, you need to start thinking about how to scale those lovely command and conquer nodes
# Jun 29th 2019, 18:47 ndm you're welcome
# Jun 29th 2019, 18:46 st.steinkuehler Thank you very much
# Jun 29th 2019, 18:46 slackebot ->add($authentication); return $middleware;```
# Jun 29th 2019, 18:46 st.steinkuehler ``` $middleware // Catch any exceptions in the lower layers, // and make an error page/response ->add(ErrorHandlerMiddleware::class) // Handle plugin/theme assets like CakePHP normally does. ->add(AssetMiddleware::class) // Apply routing ->add(RoutingMiddleware::class) ->add(new LocaleSelectorMiddleware(['de','en']))
# Jun 29th 2019, 18:45 st.steinkuehler the ´add´ is made at the end of the middleware queue before the routing
# Jun 29th 2019, 18:44 st.steinkuehler > Currently however your `Router::url()` call happens before the routing middleware is being invoked,
# Jun 29th 2019, 18:44 st.steinkuehler @ndm wow! that works immediately without problems
# Jun 29th 2019, 18:35 slackebot Router::url('/administrators/login'), 'queryParam' => 'redirect', ]); return $middleware($request, $response, $next); }; $middlewareQueue // ... ->add($authentication); ``` That way you'd also avoid "breaking" the routing middleware's caching functionality.
# Jun 29th 2019, 18:35 slackebot generated URLs. What you could for example do, is wrapping the authorization middleware construction into a custom/callback middleware, so that the code is being invoked after the routing middleware, like this: ```php $authentication = function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, callable $next) { $middleware = new AuthenticationMiddleware($this, [ 'unauthenticatedRedirect' =>
# Jun 29th 2019, 18:35 ndm @st.steinkuehler You'd have to use `Router::url()` calls for both URLs. Currently however your `Router::url()` call happens before the routing middleware is being invoked, which is where the router context is fed with the current request object, from which the router can obtain the possible base path value. Without that request context the router falls back to the `App.base` config value, which is empty in your case, hence there's no base in the
# Jun 29th 2019, 16:57 slackebot $service->loadAuthenticator('Authentication.Session'); $service->loadAuthenticator('Authentication.Form', [ 'fields' => $fields, 'loginUrl' => '/administrators/login' ]); ``` Adding `/myapp/` to both URLs works, but in production there will be no `/myapp/`. I would expect it works auto detected. Can someone give me a tip on what I'm doing wrong?
# Jun 29th 2019, 16:57 slackebot Middleware redirects to the url without the `myapp` and the browser gets an error from the webserver. Changing it to `Router::url('/myapp/administrators/login')` works, but the authentication does not work with the error: `Login URL http://192.168.0.2/administrators/login?redirect=http%3A%2F%2F192.168.0.2%2Fmyapp%2Fdashboards%2F did not match /administrators/login` I guess because of this: ``` // Load the authenticators, you want session first
# Jun 29th 2019, 16:57 st.steinkuehler Still trying the "newer" Authentication Plugin: My app runs in the browser under `/myapp/` and the base directory in `config/app.php` is set to `App => base => false` (auto detected). No problems with generating urls by cake so far. But now with this ``` $authentication = new AuthenticationMiddleware($this, [ 'unauthenticatedRedirect' => Router::url('/administrators/login'), 'queryParam' => 'redirect', ]); ``` the Authentication
# Jun 29th 2019, 16:33 martin https://github.com/uafrica/oauth-server is sadly outdated :(
# Jun 29th 2019, 16:33 martin but should be nice if there was a default thing to do it :P
# Jun 29th 2019, 16:33 martin wel it is not authentication
# Jun 29th 2019, 16:33 martin why is oauth 2 not a default authentication in cakephp?
# Jun 29th 2019, 16:01 admad And sqlite itself installed of course :slightly_smiling_face:
# Jun 29th 2019, 16:00 admad You will just need pdo_sqlite extension enabled for PHP which you will have to do in ampp/wampp
# Jun 29th 2019, 15:59 admad Of course, cake doesn't care about ampp or wampp
# Jun 29th 2019, 15:45 olanowsubomi but can the sqlite database work indepently on cakephp without the integration with ampp
# Jun 29th 2019, 15:12 admad @olanowsubomi https://book.cakephp.org/3.0/en/orm/database-basics.html#supported-databases