| # |
May 29th 2021, 17:54 |
 ndm |
So you save storage IDs? |
| # |
May 29th 2021, 17:53 |
etibor |
the select field in the Documents, its depends on Storage "b" field value |
| # |
May 29th 2021, 17:53 |
etibor |
i have two models, Documents and Storage |
| # |
May 29th 2021, 17:52 |
etibor |
so bascily i dont know how can i add the validation rule in model to make it easier |
| # |
May 29th 2021, 17:50 |
etibor |
i store the form datas in db, for example the value of select list is also stored in this table |
| # |
May 29th 2021, 17:50 |
ndm |
You need to validate anyways, there's no way around that. |
| # |
May 29th 2021, 17:50 |
etibor |
i know i can validate the data, but i have too many forms now |
| # |
May 29th 2021, 17:49 |
etibor |
yes i dont know the whole process, just have this experience that adding extra fields will thrown black whole |
| # |
May 29th 2021, 17:49 |
ndm |
You should validate and verify your data in the backend anyways... which is why I was never really a fan of that feature anyways. |
| # |
May 29th 2021, 17:47 |
ndm |
*change its name |
| # |
May 29th 2021, 17:47 |
ndm |
I don't think select options are being secured, only the field itself, for example you cannot its name. |
| # |
May 29th 2021, 17:41 |
etibor |
but if change select list element value its just saved |
| # |
May 29th 2021, 17:41 |
etibor |
little progress: adding a new input field redirect to blackhole |
| # |
May 29th 2021, 17:31 |
ndm |
IIRC on 3.8 loading the security component should be enough to enable form tampering protection. |
| # |
May 29th 2021, 17:30 |
ndm |
CSRF has nothing to do with form tampering though, except for the field that holds the CSRF token of course. Unless you mean that this also won't make CSRF protection work? |
| # |
May 29th 2021, 17:28 |
etibor |
but nothing prevented |
| # |
May 29th 2021, 17:28 |
etibor |
i also added the $this->loadComponent('Csrf'); |
| # |
May 29th 2021, 17:28 |
ndm |
the default identity class proxies access to the inner object |
| # |
May 29th 2021, 17:28 |
etibor |
thank you @ndm i use cake 3.8 |
| # |
May 29th 2021, 17:27 |
ndm |
Check it |
| # |
May 29th 2021, 17:26 |
CakeIsGreat |
Seems to be returning it fine, as if it manually set user_id = ... getIdentity()->id; it saves it appropriately |
| # |
May 29th 2021, 17:26 |
ndm |
@etibor Depending on your CakePHP version, form protection is now a separate component. |
| # |
May 29th 2021, 17:25 |
ndm |
CakeIsGreat: Maybe `getIdentity()` doesn't return an entity, the ORM won't save anything else. |
| # |
May 29th 2021, 17:22 |
etibor |
is there any additional todo to make working the form tampering protection? |
| # |
May 29th 2021, 17:21 |
CakeIsGreat |
Well thanks both for the help. The posts association is fixed. I just don't understand why the user association isn't being saved. |
| # |
May 29th 2021, 17:14 |
admad |
If any IRC user has a problem with freenode they can use slack/discord/matrix :) |
| # |
May 29th 2021, 17:14 |
ndm |
@ionas I have no idea about that :) |
| # |
May 29th 2021, 17:12 |
admad |
Also conventionally the join table name should be "keywords_posts". You need to follow alphabetical order when combining the words. |
| # |
May 29th 2021, 17:12 |
admad |
CakeIsGreat: setting the fK field is the right way for belongsTo and hasOne associations. Why do you have Posts hasMany Keywords? It should be belongsToMany Keywords. |
| # |
May 29th 2021, 17:10 |
inoas |
@ndm we need to move the CakePHP IRC channel / bot to irc.libra.chat I think - or at least install it there, too |
| # |
May 29th 2021, 17:09 |
CakeIsGreat |
Thank you. Yes, I *just* discovered that, but took a lot of trial and error. What I still don't get though is why I can't set "$post->user = $this->Authentication->getIdentity();" I could manually set $post->user_id but that seems to be the wrong way to go about it since it should be able to save by association anyways |
| # |
May 29th 2021, 17:08 |
ndm |
That being said, you have set up `Posts hasMany Keywords`, so when saving a post with keywords there will be no join table involved. You probably want `Posts belongsToMany Keywords` instead, ie the opposite direction of what you have on your `Keywords` table. |
| # |
May 29th 2021, 17:04 |
ndm |
@CakeIsGreat Try slack or discord, you get a proper history there. |
| # |
May 29th 2021, 16:57 |
CakeIsGreat |
Associations are all messed up. Here's a little test function and the table associations: https://pastebin.com/ZuVXkxD6 Also thanks to anyone who tried to answer me yesterday, I got disconnected immediately so didn't see any responses |
| # |
May 29th 2021, 16:47 |
inoas |
Are we movign to irc.libra.chat, too? I assume |
| # |
May 29th 2021, 13:53 |
etibor |
i thought it woul be enough but its still not prevent form field change by client |
| # |
May 29th 2021, 13:53 |
etibor |
`public function initialize(){` `parent::initialize();` `$this->loadComponent('Security');` `}` `public function beforeFilter(Event $event){` `parent::beforeFilter($event);` `$this->Security->setConfig('blackHoleCallback', 'blackhole');` `}` |
| # |
May 29th 2021, 13:52 |
etibor |
i would like to prevent form tampering |
| # |
May 29th 2021, 13:52 |
etibor |
thank you @admad its helped |
| # |
May 29th 2021, 04:06 |
admad |
CakelsGreat: Conventionally the join table name should be "keywords_posts". You need to follow alphabetical order when combining the words. |
| # |
May 28th 2021, 22:11 |
CakeIsGreat |
incorrect as it should be looking in "posts_keywords" table if I understand things correctly. |