# |
May 29th 2021, 17:49 |
ndm |
You should validate and verify your data in the backend anyways... which is why I was never really a fan of that feature anyways. |
# |
May 29th 2021, 17:47 |
ndm |
*change its name |
# |
May 29th 2021, 17:47 |
ndm |
I don't think select options are being secured, only the field itself, for example you cannot its name. |
# |
May 29th 2021, 17:41 |
etibor |
but if change select list element value its just saved |
# |
May 29th 2021, 17:41 |
etibor |
little progress: adding a new input field redirect to blackhole |
# |
May 29th 2021, 17:31 |
ndm |
IIRC on 3.8 loading the security component should be enough to enable form tampering protection. |
# |
May 29th 2021, 17:30 |
ndm |
CSRF has nothing to do with form tampering though, except for the field that holds the CSRF token of course. Unless you mean that this also won't make CSRF protection work? |
# |
May 29th 2021, 17:28 |
etibor |
but nothing prevented |
# |
May 29th 2021, 17:28 |
etibor |
i also added the $this->loadComponent('Csrf'); |
# |
May 29th 2021, 17:28 |
ndm |
the default identity class proxies access to the inner object |
# |
May 29th 2021, 17:28 |
etibor |
thank you @ndm i use cake 3.8 |
# |
May 29th 2021, 17:27 |
ndm |
Check it |
# |
May 29th 2021, 17:26 |
CakeIsGreat |
Seems to be returning it fine, as if it manually set user_id = ... getIdentity()->id; it saves it appropriately |
# |
May 29th 2021, 17:26 |
ndm |
@etibor Depending on your CakePHP version, form protection is now a separate component. |
# |
May 29th 2021, 17:25 |
ndm |
CakeIsGreat: Maybe `getIdentity()` doesn't return an entity, the ORM won't save anything else. |
# |
May 29th 2021, 17:22 |
etibor |
is there any additional todo to make working the form tampering protection? |
# |
May 29th 2021, 17:21 |
CakeIsGreat |
Well thanks both for the help. The posts association is fixed. I just don't understand why the user association isn't being saved. |
# |
May 29th 2021, 17:14 |
admad |
If any IRC user has a problem with freenode they can use slack/discord/matrix :) |
# |
May 29th 2021, 17:14 |
ndm |
@ionas I have no idea about that :) |
# |
May 29th 2021, 17:12 |
admad |
Also conventionally the join table name should be "keywords_posts". You need to follow alphabetical order when combining the words. |
# |
May 29th 2021, 17:12 |
admad |
CakeIsGreat: setting the fK field is the right way for belongsTo and hasOne associations. Why do you have Posts hasMany Keywords? It should be belongsToMany Keywords. |
# |
May 29th 2021, 17:10 |
inoas |
@ndm we need to move the CakePHP IRC channel / bot to irc.libra.chat I think - or at least install it there, too |
# |
May 29th 2021, 17:09 |
CakeIsGreat |
Thank you. Yes, I *just* discovered that, but took a lot of trial and error. What I still don't get though is why I can't set "$post->user = $this->Authentication->getIdentity();" I could manually set $post->user_id but that seems to be the wrong way to go about it since it should be able to save by association anyways |
# |
May 29th 2021, 17:08 |
ndm |
That being said, you have set up `Posts hasMany Keywords`, so when saving a post with keywords there will be no join table involved. You probably want `Posts belongsToMany Keywords` instead, ie the opposite direction of what you have on your `Keywords` table. |
# |
May 29th 2021, 17:04 |
ndm |
@CakeIsGreat Try slack or discord, you get a proper history there. |
# |
May 29th 2021, 16:57 |
CakeIsGreat |
Associations are all messed up. Here's a little test function and the table associations: https://pastebin.com/ZuVXkxD6 Also thanks to anyone who tried to answer me yesterday, I got disconnected immediately so didn't see any responses |
# |
May 29th 2021, 16:47 |
inoas |
Are we movign to irc.libra.chat, too? I assume |
# |
May 29th 2021, 13:53 |
etibor |
i thought it woul be enough but its still not prevent form field change by client |
# |
May 29th 2021, 13:53 |
etibor |
`public function initialize(){` `parent::initialize();` `$this->loadComponent('Security');` `}` `public function beforeFilter(Event $event){` `parent::beforeFilter($event);` `$this->Security->setConfig('blackHoleCallback', 'blackhole');` `}` |
# |
May 29th 2021, 13:52 |
etibor |
i would like to prevent form tampering |
# |
May 29th 2021, 13:52 |
etibor |
thank you @admad its helped |
# |
May 29th 2021, 04:06 |
admad |
CakelsGreat: Conventionally the join table name should be "keywords_posts". You need to follow alphabetical order when combining the words. |
# |
May 28th 2021, 22:11 |
CakeIsGreat |
incorrect as it should be looking in "posts_keywords" table if I understand things correctly. |
# |
May 28th 2021, 22:11 |
CakeIsGreat |
I have a "Posts" entity/table which has a ->hasMany('Keywords') relationship. Keywords has a ->belongsToMany('Posts') relationship. In my controller I'm doing a simple call to get a post by it's ID and containing 'Users' and 'Keywords'. Neither association is working. I'm getting an error about it looking up the keyword by Keywords.post_id which is |
# |
May 28th 2021, 18:39 |
etibor |
but its only return text/html even for pdf too |
# |
May 28th 2021, 18:39 |
etibor |
i tried to dicide if the page extension has pdf content-type by get_header |
# |
May 28th 2021, 18:39 |
ndm |
Sure, but by default the regular view and the PDF view use different templates, the one's for the PDF live in the `pdf` subfolder. |
# |
May 28th 2021, 18:38 |
etibor |
@ndm the pdf is more colorful than the pdf, the normal view is just a simple table, while pdf have colored thead for example |
# |
May 28th 2021, 18:37 |
st.steinkuehler |
@steinkel setting the table for the CakeDC User plugin in `Application::pluginBootstrap` with `Configure::write('Users.table','Administrators')` should work? I removed the `role` from `$_accessible` in the Adminstrator Entity because I want to set the role from the frontend - but it only works for me if the table is set in the `config/users.php` . |
# |
May 28th 2021, 18:37 |
ndm |
Why do you need to use different template names in the first place? What problem is that trying to solve= |
# |
May 28th 2021, 18:36 |
etibor |
i have to difine somehow if the extension is pdf than use template for pdf |