Log message #4209987

#	At	Username	Text
#	Oct 22nd 2019, 10:39	jotpe	Or the Identity Object?
#	Oct 22nd 2019, 10:38	jotpe	Is there a way to access the Authentication Service from the Authentication Plugin within a Table class? https://book.cakephp.org/authentication/1.1/en/identity-object.html#the-identity-object
#	Oct 22nd 2019, 10:00	dev.cyrusjayson	@neon1024 I love you man! :kissing_heart: :P
#	Oct 22nd 2019, 09:59	neon1024	If you know the scalar type expected
#	Oct 22nd 2019, 09:58	neon1024	You can still do a little sanitization by casting values and such though
#	Oct 22nd 2019, 09:58	neon1024	https://book.cakephp.org/3.0/en/orm/query-builder.html#sql-injection-prevention
#	Oct 22nd 2019, 09:57	neon1024	`$this->Examples->find()->where(['thing' => $this->getRequest()->getData('something')])`
#	Oct 22nd 2019, 09:57	neon1024	As long as they’re assigned as array values
#	Oct 22nd 2019, 09:57	neon1024	The ORM will sanitize things for you
#	Oct 22nd 2019, 09:55	dev.cyrusjayson	it is an API
#	Oct 22nd 2019, 09:55	david	when I validate an input, the Form helper add the "Form.errorClass" to the input. But if I validate a select multiple, it doesn't add de "Form.errorClass" to the select. I am looking at the templates (https://api.cakephp.org/3.8/source-class-Cake.View.Helper.FormHelper.html#79-171) but I don't know how to do that
#	Oct 22nd 2019, 09:54	dev.cyrusjayson	I know it is not nice.
#	Oct 22nd 2019, 09:54	dev.cyrusjayson	in cake 2 there is a module call sanitize and they removed it in 3. any alternative that I can do something like this $email = CleanerSample($this->request->data['email'])
#	Oct 22nd 2019, 09:53	alexdd55976	@dev.cyrusjayson you could iterate and clean things up or validate againt some madeup validation rules
#	Oct 22nd 2019, 09:50	dev.cyrusjayson	Guys, I accept parameters and directly put in my query builder so it is vulnerable in SQL Injection. is there a way to clean the $this->request->data in the middleware or appcontroller.php ? "$this->request->data['email']" 3.4.13
#	Oct 22nd 2019, 09:07	jotpe	Thank you :slightly_smiling_face:
#	Oct 22nd 2019, 09:06	jotpe	ok
#	Oct 22nd 2019, 09:06	savant	that’ll be more or less instant
#	Oct 22nd 2019, 09:06	savant	import it into a temporary table and execute sql to do two table renames in a single statement
#	Oct 22nd 2019, 09:05	savant	so ingest that data once a week or whatever
#	Oct 22nd 2019, 09:05	jotpe	Yes, they're known in advance. But i don't want end up managing zip code data, if something changes
#	Oct 22nd 2019, 09:05	admad	use a db table and update from time to time as required
#	Oct 22nd 2019, 09:04	admad	ditto
#	Oct 22nd 2019, 09:04	savant	if they are known in advance, i’d probably have them in a database so I can do a quick lookup
#	Oct 22nd 2019, 09:01	jotpe	Off-Cake Question: Do you use a Lib or Service to resolve zip codes to cities (especially german postleitzahlen)?
#	Oct 22nd 2019, 08:33	admad	*none
#	Oct 22nd 2019, 08:32	admad	no besides 2.10 in 2.x series
#	Oct 22nd 2019, 08:31	tokam	how about 2.1.1?
#	Oct 22nd 2019, 08:30	admad	2.9 won't have any new bugfix release
#	Oct 22nd 2019, 08:30	admad	okay, like i said upgrade to latest 2.10.x and if issue persists submit a bug report
#	Oct 22nd 2019, 08:30	tokam	but this is not enough.
#	Oct 22nd 2019, 08:29	tokam	I tries to do this validation with if ( (!isset($this->_values[$this->name][$firstName])
#	Oct 22nd 2019, 08:29	tokam	and be also backwards compatible
#	Oct 22nd 2019, 08:29	tokam	and if I use an api that manages cookies, the API should do that.
#	Oct 22nd 2019, 08:29	tokam	it comes from $_COOKIES
#	Oct 22nd 2019, 08:29	tokam	no
#	Oct 22nd 2019, 08:28	admad	you should validate user input
#	Oct 22nd 2019, 08:27	tokam	$this->_values[$this->name][$firstName]
#	Oct 22nd 2019, 08:27	tokam	Some user had this value in this variable
#	Oct 22nd 2019, 08:27	tokam	string(64) " %'w/ Bo" x}%2 D @ B 2ӵ Mand [ y U0 W vh "
#	Oct 22nd 2019, 08:27	admad	it's more likely the problem is in your app rather than core code, 2.x code is very mature.