# |
Jun 23rd 2021, 20:14 |
tyler.adam.lazenby |
and that finally got me to be able to post on unit tests! |
# |
Jun 23rd 2021, 20:14 |
tyler.adam.lazenby |
Thank you |
# |
Jun 23rd 2021, 20:14 |
steinkel |
in any case, validate your inputs to ensure they match your expected types and limits |
# |
Jun 23rd 2021, 20:13 |
steinkel |
yeah, some checksum calculated with a salted hash based on selected params, or similar approach would work just fine |
# |
Jun 23rd 2021, 20:13 |
tyler.adam.lazenby |
oh I will. I am going to be following woocommerce's secret validation protecol |
# |
Jun 23rd 2021, 20:12 |
steinkel |
and, for your webhooks ensure you validate your input first thing |
# |
Jun 23rd 2021, 20:12 |
steinkel |
disable it too |
# |
Jun 23rd 2021, 20:12 |
tyler.adam.lazenby |
gawwww |
# |
Jun 23rd 2021, 20:12 |
tyler.adam.lazenby |
ok now i have done that... but now the security component is throwing an error |
# |
Jun 23rd 2021, 20:11 |
steinkel |
https://book.cakephp.org/4/en/controllers/components/form-protection.html#disabling-form-tampering-for-specific-actions |
# |
Jun 23rd 2021, 20:11 |
tyler.adam.lazenby |
That is exactly what I am trying to disable... I don't know how |
# |
Jun 23rd 2021, 20:10 |
steinkel |
you are not posting a form |
# |
Jun 23rd 2021, 20:10 |
steinkel |
don't enable FormProtection in your webhooks, they are going to be called by an external entity that's not going to get the required tokens configured |
# |
Jun 23rd 2021, 20:09 |
tyler.adam.lazenby |
Which I don't understand because the action is literally just going to be an endpoint for a webhook |
# |
Jun 23rd 2021, 20:04 |
tyler.adam.lazenby |
@kevin.pfeifer Form protection. sorry I didn't flag |
# |
Jun 23rd 2021, 20:02 |
tyler.adam.lazenby |
FormProtection |
# |
Jun 23rd 2021, 20:02 |
kevin.pfeifer |
@tyler.adam.lazenby this exception only gets thrown by either the SecurityComponent or the FormProtector. Can you tell from the callstack which it is? |
# |
Jun 23rd 2021, 20:00 |
kevin.pfeifer |
@sebastiansperandio093 a postlink is just an extra form that only gets submitted after you confirm the alert box So you need to find the corresponding form by the ID and adjust the action it would post to |
# |
Jun 23rd 2021, 19:56 |
sebastiansperandio093 |
I need to update $article->id var with jquery (depending of an ajax response) |
# |
Jun 23rd 2021, 19:55 |
sebastiansperandio093 |
```<?= $this->Form->postLink( 'Delete', ['action' => 'delete', $article->id], ['confirm' => 'Are you sure?']) ?>``` |
# |
Jun 23rd 2021, 19:55 |
sebastiansperandio093 |
I meant |
# |
Jun 23rd 2021, 19:54 |
sebastiansperandio093 |
hello there! can someone help me to find a way to update the parameter in a postLink with Jquery o Javascript? |
# |
Jun 23rd 2021, 19:52 |
tyler.adam.lazenby |
```$csrf = new CsrfProtectionMiddleware([ 'httponly' => true, ] ); $csrf->skipCheckCallback(function ($request) { if ($request->getParam('action') === 'sendOrderEmail') { return true; } });``` |
# |
Jun 23rd 2021, 19:52 |
tyler.adam.lazenby |
Possibly related to Cake\Http\Exception\BadRequestException: "`_Token` was not found in request data." |
# |
Jun 23rd 2021, 19:52 |
tyler.adam.lazenby |
So I tried the solution that was given yesterday on how to exclude an action from csrf protection checks... but when I test it... this is the error I get |
# |
Jun 23rd 2021, 15:01 |
joacir.santos |
So, I missunderstood the setter concept on entity. Appreciate your help! |
# |
Jun 23rd 2021, 14:52 |
joepferguson |
Submitted 2 talks. Thanks for the reminder! |
# |
Jun 23rd 2021, 14:46 |
joepferguson |
Chris: there's some ideas on the submit page https://cakefest.org/submit • CakePHP features • Optimization and performance • Development and deployment techniques • Integration with other packages or platforms • Plugins and extending the framework • CakePHP 4 • Successful projects in CakePHP |
# |
Jun 23rd 2021, 14:44 |
dereuromark |
Thats what behaviors are for, after all ;) Check out alone my tools ones, a huge list of specific things to modify specific fields with. I always try to keep these things out of entities, as this can only blow up. |
# |
Jun 23rd 2021, 14:42 |
chris301 |
what sort of things might you be looking for? |
# |
Jun 23rd 2021, 14:39 |
ndm |
Long story short, if you want to store base64 encoded data, use either `beforeSave`, or a custom database type. |
# |
Jun 23rd 2021, 14:39 |
amanda.goff |
As soon as talk submissions close! We planned maybe the end of this month but may extend through July. I will PM you each soon to discuss details :cake::cake::) |
# |
Jun 23rd 2021, 14:39 |
slackebot |
saved, ie the decoded value returned from your getter will land in the database. Basically your code is a complex noop. |
# |
Jun 23rd 2021, 14:39 |
ndm |
The value passed to the getter method is the value as it exists in the entity, the getter method can then return it in a modified fashion, it's intended to work that way. The setter receives the value passed from the outside when setting a property, the modified value will be stored in the entity. The getter/accessor will not only be invoked when you read the value in your code, it will also be invoked when the entity is being |
# |
Jun 23rd 2021, 14:38 |
joacir.santos |
Yea, I had use beforeSave too in cake 2, I am migrating to cake 4 and had think now I have should use setter to do it. |
# |
Jun 23rd 2021, 14:34 |
jamison508 |
I'm really not sure. I've never used an entity setter in Cake, only ever used beforeSave. |
# |
Jun 23rd 2021, 14:33 |
joacir.santos |
I had imagine the setter had must be used to convert the field and save on database converted. It´s wrong? |
# |
Jun 23rd 2021, 14:30 |
joacir.santos |
I agree about the args on getters, but I saw it like this in cake book reference. |
# |
Jun 23rd 2021, 14:26 |
jamison508 |
Secondarily, unless it is critical that the name be base64-encoded on the entity, if you are OK with it being unencoded until you actually save to the database, this might be better handled in the table's `beforeSave()` |
# |
Jun 23rd 2021, 14:25 |
jamison508 |
Why are you passing a parameter to `_getName()`? Shouldn't that just be a basic getter with no args? |
# |
Jun 23rd 2021, 14:24 |
kevin.pfeifer |
I was curious about the same question :) |