Log message #4264222

# At Username Text
# May 29th 2021, 17:55 etibor yes document have a storage_id field too
# May 29th 2021, 17:54 ndm So you save storage IDs?
# May 29th 2021, 17:53 etibor the select field in the Documents, its depends on Storage "b" field value
# May 29th 2021, 17:53 etibor i have two models, Documents and Storage
# May 29th 2021, 17:52 etibor so bascily i dont know how can i add the validation rule in model to make it easier
# May 29th 2021, 17:50 etibor i store the form datas in db, for example the value of select list is also stored in this table
# May 29th 2021, 17:50 ndm You need to validate anyways, there's no way around that.
# May 29th 2021, 17:50 etibor i know i can validate the data, but i have too many forms now
# May 29th 2021, 17:49 etibor yes i dont know the whole process, just have this experience that adding extra fields will thrown black whole
# May 29th 2021, 17:49 ndm You should validate and verify your data in the backend anyways... which is why I was never really a fan of that feature anyways.
# May 29th 2021, 17:47 ndm *change its name
# May 29th 2021, 17:47 ndm I don't think select options are being secured, only the field itself, for example you cannot its name.
# May 29th 2021, 17:41 etibor but if change select list element value its just saved
# May 29th 2021, 17:41 etibor little progress: adding a new input field redirect to blackhole
# May 29th 2021, 17:31 ndm IIRC on 3.8 loading the security component should be enough to enable form tampering protection.
# May 29th 2021, 17:30 ndm CSRF has nothing to do with form tampering though, except for the field that holds the CSRF token of course. Unless you mean that this also won't make CSRF protection work?
# May 29th 2021, 17:28 etibor but nothing prevented
# May 29th 2021, 17:28 etibor i also added the $this->loadComponent('Csrf');
# May 29th 2021, 17:28 ndm the default identity class proxies access to the inner object
# May 29th 2021, 17:28 etibor thank you @ndm i use cake 3.8
# May 29th 2021, 17:27 ndm Check it
# May 29th 2021, 17:26 CakeIsGreat Seems to be returning it fine, as if it manually set user_id = ... getIdentity()->id; it saves it appropriately
# May 29th 2021, 17:26 ndm @etibor Depending on your CakePHP version, form protection is now a separate component.
# May 29th 2021, 17:25 ndm CakeIsGreat: Maybe `getIdentity()` doesn't return an entity, the ORM won't save anything else.
# May 29th 2021, 17:22 etibor is there any additional todo to make working the form tampering protection?
# May 29th 2021, 17:21 CakeIsGreat Well thanks both for the help. The posts association is fixed. I just don't understand why the user association isn't being saved.
# May 29th 2021, 17:14 admad If any IRC user has a problem with freenode they can use slack/discord/matrix :)
# May 29th 2021, 17:14 ndm @ionas I have no idea about that :)
# May 29th 2021, 17:12 admad Also conventionally the join table name should be "keywords_posts". You need to follow alphabetical order when combining the words.
# May 29th 2021, 17:12 admad CakeIsGreat: setting the fK field is the right way for belongsTo and hasOne associations. Why do you have Posts hasMany Keywords? It should be belongsToMany Keywords.
# May 29th 2021, 17:10 inoas @ndm we need to move the CakePHP IRC channel / bot to irc.libra.chat I think - or at least install it there, too
# May 29th 2021, 17:09 CakeIsGreat Thank you. Yes, I *just* discovered that, but took a lot of trial and error. What I still don't get though is why I can't set "$post->user = $this->Authentication->getIdentity();" I could manually set $post->user_id but that seems to be the wrong way to go about it since it should be able to save by association anyways
# May 29th 2021, 17:08 ndm That being said, you have set up `Posts hasMany Keywords`, so when saving a post with keywords there will be no join table involved. You probably want `Posts belongsToMany Keywords` instead, ie the opposite direction of what you have on your `Keywords` table.
# May 29th 2021, 17:04 ndm @CakeIsGreat Try slack or discord, you get a proper history there.
# May 29th 2021, 16:57 CakeIsGreat Associations are all messed up. Here's a little test function and the table associations: https://pastebin.com/ZuVXkxD6 Also thanks to anyone who tried to answer me yesterday, I got disconnected immediately so didn't see any responses
# May 29th 2021, 16:47 inoas Are we movign to irc.libra.chat, too? I assume
# May 29th 2021, 13:53 etibor i thought it woul be enough but its still not prevent form field change by client
# May 29th 2021, 13:53 etibor `public function initialize(){` `parent::initialize();` `$this->loadComponent('Security');` `}` `public function beforeFilter(Event $event){` `parent::beforeFilter($event);` `$this->Security->setConfig('blackHoleCallback', 'blackhole');` `}`
# May 29th 2021, 13:52 etibor i would like to prevent form tampering
# May 29th 2021, 13:52 etibor thank you @admad its helped
# May 29th 2021, 04:06 admad CakelsGreat: Conventionally the join table name should be "keywords_posts". You need to follow alphabetical order when combining the words.