CakePHP: the rapid development php framework: CakeBot

Log message #969305

#	At	Username	Text
#	Aug 21st 2009, 16:37	markstory	and should escape fields.
#	Aug 21st 2009, 16:37	markstory	Model::save() doesn't use updateAll
#	Aug 21st 2009, 16:35	kiger	But I never realized that Model::save() does not escape stuff either when you set Model->id because it will also use update.
#	Aug 21st 2009, 16:34	kiger	Basically, I didn't know that updateAll() doesn't escape stuff; the docs say it doesn't so no problem
#	Aug 21st 2009, 16:32	kiger	Should I mention it in here or does someone want me to explain in a pm?
#	Aug 21st 2009, 16:32	kiger	I think, and of course I'm probably wrong, I found a pretty big hole in cake regarding security that maybe many bakers don't know about?
#	Aug 18th 2009, 10:24	kuja	Ouch :\|
#	Aug 17th 2009, 12:53	ProLoser\|Work1	!log
#	Aug 16th 2009, 19:30	ProLoser	!seen techno-dude
#	Aug 16th 2009, 18:11	proloser	!seen ad7six
#	Aug 15th 2009, 15:56	sky_l3ppard	hi poLK, i fixed the article, please take a look, when you have time, thanks
#	Aug 15th 2009, 06:36	ADmad	i kinda got lost what was your take on this ?
#	Aug 15th 2009, 06:36	alkemann	well at least he has more content than the other one, but i must stick to our discussion of yesterday
#	Aug 15th 2009, 06:34	ADmad	ya
#	Aug 15th 2009, 06:34	alkemann	oh by Jon
#	Aug 15th 2009, 06:34	ADmad	yup suddenly people are too interested in that topic :)
#	Aug 15th 2009, 06:33	alkemann	another one?
#	Aug 15th 2009, 06:31	ADmad	alkemann: you checked this other canonical helper http://bakery.cakephp.org/articles/view/canonical-helper ?
#	Aug 14th 2009, 16:29	markstory	plus you can use shouty <HTML>
#	Aug 14th 2009, 16:29	alkemann	many smarter and more versed in the issue than me has written volumes about it on the web, that im sure is just a google away if you are really interested
#	Aug 14th 2009, 16:27	ADmad	and you want html4strict becuase ?
#	Aug 14th 2009, 16:27	alkemann	what you "like" is not relevant to the issue
#	Aug 14th 2009, 16:26	ADmad	whats bad about prefering stuff like lowercase tagnames and attributes, tags closing with /> etc
#	Aug 14th 2009, 16:24	alkemann	a lot of people use bad tools. because they like them or are used to them. thats fine. tool makers should make good tools though
#	Aug 14th 2009, 16:22	markstory	most do
#	Aug 14th 2009, 16:21	ADmad	i just go with 1.0
#	Aug 14th 2009, 16:20	markstory	not like xhtml 1.1 ever worked.
#	Aug 14th 2009, 16:20	ADmad	until that new road is fully paved and ready to tread i will stick to my dead end
#	Aug 14th 2009, 16:19	markstory	xhtml5 lives on!
#	Aug 14th 2009, 16:18	ADmad	give an option, yes would like that.. go back, i would say no
#	Aug 14th 2009, 16:16	alkemann	since we are sorta on the issue, can we make the helper go back to html4strict?
#	Aug 14th 2009, 16:16	poLK	I dislike mozilla way how they hacked view class
#	Aug 14th 2009, 16:16	markstory	need another map var.
#	Aug 14th 2009, 16:16	markstory	poLK: that setup conflicts with passing params to helpers.
#	Aug 14th 2009, 16:16	alkemann	u tell cake to put a different class instance in $html variable, but intention is that this new helper extends the one one expects to be there?
#	Aug 14th 2009, 16:16	poLK	declared to use in controller by $helpers = array('Html' => 'Canonical', 'Form', ...);
#	Aug 14th 2009, 16:15	poLK	alkemann: no, to overwrite meta() method in CanonicalHelper extending HtmlHelper, and then use it from views like $html->meta('canonical')
#	Aug 14th 2009, 16:13	alkemann	to add one method to do one line of code?
#	Aug 14th 2009, 16:13	poLK	I still think this way for replacing core helpers would be sweet
#	Aug 14th 2009, 16:13	alkemann	i dont think that helper is a reasonable solution to this issue. poLK gave two much better using the existing html helper
#	Aug 14th 2009, 16:12	poLK	(time to chat about ... again'