# |
Dec 28th 2019, 21:57 |
dsar |
The issue is already here: https://github.com/cakephp/cakephp/issues/11427 |
# |
Dec 28th 2019, 21:57 |
admad |
or you can open an issue to see if making the inclusion of form url in the hash optional is acceptable and if so provide a patch to implement it |
# |
Dec 28th 2019, 21:54 |
admad |
if a feature doesn't suit your needs supplant it with your own implementation. Just because you don't consider something a class of abuse doesn't mean other dont |
# |
Dec 28th 2019, 21:52 |
dsar |
@admad I don't understand, a sort of provocation? |
# |
Dec 28th 2019, 21:48 |
admad |
so implement your own form tampering prevention :) |
# |
Dec 28th 2019, 21:48 |
dsar |
https://www.w3schools.com/tags/att_button_formaction.asp |
# |
Dec 28th 2019, 21:47 |
dsar |
Plus, this kind of prevention limits the use of the new formaction attribute of html5 |
# |
Dec 28th 2019, 21:47 |
dsar |
I don't consider this a "class of abuse" but a very uncommon kind of attack |
# |
Dec 28th 2019, 21:44 |
challgren |
if its the same controller with different prefixes |
# |
Dec 28th 2019, 21:44 |
challgren |
And 99% of the time they will |
# |
Dec 28th 2019, 21:44 |
dsar |
Those two forms must have the same fields to work |
# |
Dec 28th 2019, 21:43 |
challgren |
Someone changing the action url to submit the form elsewhere. Aka /entity/edit to /admin/entity/edit |
# |
Dec 28th 2019, 21:34 |
dsar |
@admad I see, however hashing form fields is an already strong fingerprint, what class of abuses this countermeasure does prevent? |
# |
Dec 28th 2019, 21:24 |
admad |
@dsar https://github.com/cakephp/cakephp/commit/f23d811ff59c50ef278e98bb75f4ec1e7e54a5b3 |
# |
Dec 28th 2019, 19:48 |
dsar |
Other frameworks also have security related measure against form tampering, but cakephp is the only one that took this in consideration (and it is rather limiting both ajax and the new formaction attribute for submit buttons) |
# |
Dec 28th 2019, 19:46 |
dsar |
Could someone explain me why the action url is included in the hash generated by the FormProtection component? |
# |
Dec 28th 2019, 11:46 |
challgren |
@ashesh.social I updated the docs at https://github.com/narendravaghela/cakephp-mailgun/tree/master/docs hopefully this helps |
# |
Dec 28th 2019, 04:09 |
challgren |
It also should be `$this->getMailer('ContactUs')->send('contactUs', [$entity]);` |
# |
Dec 28th 2019, 01:07 |
challgren |
@ashesh.social you need a meeting in your mailer |
# |
Dec 27th 2019, 23:24 |
dereuromark |
Looks like I finished upgrading the next plugin, https://github.com/dereuromark/cakephp-test-helper for 4.x |
# |
Dec 27th 2019, 23:23 |
dereuromark |
jep, the other one doesnt work :) |
# |
Dec 27th 2019, 23:12 |
jimbo2150 |
The deprecation note indicated to use parseRequest: `$url = Router::parseRequest( new Cake\Http\ServerRequest($url) );` ( https://github.com/cakephp/docs/issues/5595#issuecomment-445815915 ). It probably should have noted that RouteCollection has a parse method. |
# |
Dec 27th 2019, 23:02 |
dereuromark |
Ah, looks like `$params = Router::getRouteCollection()->parse($url);` works |
# |
Dec 27th 2019, 22:50 |
dereuromark |
Does anyone know what `$url = Router::parse($url);` in 4.x is now? To get a parsed URL with they array params etc. |
# |
Dec 27th 2019, 22:43 |
ashesh.social |
while calling `$this->getMailer('ContactUs')->send('contactUs', $entity);` getting the error ```Error: [TypeError] Argument 1 passed to Cake\Mailer\Message::validateEmail() must be of the type string, null given, called in /usr/local/cake-app/vendor/cakephp/cakephp/src/Mailer/Message.php``` |
# |
Dec 27th 2019, 22:41 |
ashesh.social |
working on the above process only @challgren |
# |
Dec 27th 2019, 21:50 |
challgren |
Second code block |
# |
Dec 27th 2019, 21:50 |
challgren |
https://book.cakephp.org/4/en/core-libraries/email.html#creating-reusable-emails |
# |
Dec 27th 2019, 21:49 |
challgren |
use MailerAwareTrait; then $this->getMailer(‘ContactUs’)->send(‘contactUs’, $entity); |
# |
Dec 27th 2019, 21:49 |
ashesh.social |
any code ? |
# |
Dec 27th 2019, 21:48 |
challgren |
in your controller add MailerAwareTrait |
# |
Dec 27th 2019, 21:48 |
ashesh.social |
@challgren how to use Mailer contactUs() method in controller |
# |
Dec 27th 2019, 20:53 |
wizardfix |
Thanks @dereuromark I'll have a good look at that. :) |
# |
Dec 27th 2019, 20:48 |
ashesh.social |
Seriously great job guys @challgren @narendravaghela :clap::skin-tone-3::clap::skin-tone-3: |
# |
Dec 27th 2019, 20:47 |
challgren |
But @narendravaghela did the heavy lifting with the transport |
# |
Dec 27th 2019, 20:47 |
challgren |
Ive pretty much taken it over since 3.7 |
# |
Dec 27th 2019, 20:46 |
ashesh.social |
Great going @challgren :clap::skin-tone-3::clap::skin-tone-3: |
# |
Dec 27th 2019, 20:46 |
ashesh.social |
Just checked that project in github and your contribution |
# |
Dec 27th 2019, 20:46 |
ashesh.social |
Yeahhhhh |
# |
Dec 27th 2019, 20:45 |
challgren |
I love this plug-in because it's so lightweight. Hence why I've contributed to it a lot and I use it on just about every project that needs to send mail |
# |
Dec 27th 2019, 20:41 |
ashesh.social |
Loving it<3 |