know can a user manually type something
> > into the place of id that would be harful to the site?
>
> > -----Original Message-
> > From: Jamie [mailto:jamie@gmail.com]
> > Sent: December-11-10 4:16 PM
> > To: CakePHP
> > Subject: Re: Passing Variable to
that would be harful to the site?
>
>
>
>
>
>
>
> -Original Message-
> From: Jamie [mailto:jamie....@gmail.com]
> Sent: December-11-10 4:16 PM
> To: CakePHP
> Subject: Re: Passing Variable to delete
>
> Cake's DB layer (i.e. DboSource and its
On Dec 11, 2010, at 21:12, Dave Maharaj wrote:
> I have been taking the $id /$slug / $whatever_anyone_wants_to_call_it at
> face value and doing
>
> $data = $this->Model->some_function($id, $other, $var);
>
> if(!data){
>
> //see ya
>
> }
>
> if($data){
>
> //good stuff do what I need to do
s.com
Subject: Re: Passing Variable to delete
On Dec 11, 2010, at 08:29, Dave Maharaj wrote:
> When passing an id / slug thru a url for delete is there any security
precautions to add?
>
> Example
>
> Function delete ($id) {
>
> $this->Model->deleteAll(array(
On Dec 11, 2010, at 08:29, Dave Maharaj wrote:
> When passing an id / slug thru a url for delete is there any security
> precautions to add?
>
> Example
>
> Function delete ($id) {
>
> $this->Model->deleteAll(array(Model.id => $id, Model.owner =>
> $this->Auth->user(‘id’)));
>
> }
>
d
to do anything prior to this? That’s the question or does cake take care of
this so no matter what is $id is its going to be safe.
Thanks for the patience.
Dave
-Original Message-
From: Jamie [mailto:jamie@gmail.com]
Sent: December-11-10 4:16 PM
To: CakePHP
Subject: Re: Passing Varia
know check if id 123
belongs to userbut I want to know can a user manually type something
into the place of id that would be harful to the site?
-Original Message-
From: Jamie [mailto:jamie@gmail.com]
Sent: December-11-10 4:16 PM
To: CakePHP
Subject: Re: Passing Variable to delete
Cake's DB layer (i.e. DboSource and its children) sanitizes everything
before passing it to your database.
- Jamie
On Dec 11, 6:29 am, "Dave Maharaj" wrote:
> When passing an id / slug thru a url for delete is there any security
> precautions to add?
>
> Example
>
> Function delete ($id) {
>
>
It's ok nevermind. You do not understand what I am asking.
Dave
From: Tilen Majerle [mailto:tilen.maje...@gmail.com]
Sent: December-11-10 3:53 PM
To: cake-php@googlegroups.com
Subject: Re: Passing Variable to delete
if u sanitize string it's the same shit as if u slug it
irect
> anything.
>
>
>
> Having the site do something or attempt to do something by messing with the
> url.
>
>
>
> Does that make sense or am I just not clear?
>
>
>
>
>
>
>
> *From:* Tilen Majerle [mailto:tilen.maje...@gmail.com]
> *Sent:* Dec
ething by messing with the
url.
Does that make sense or am I just not clear?
From: Tilen Majerle [mailto:tilen.maje...@gmail.com]
Sent: December-11-10 2:55 PM
To: cake-php@googlegroups.com
Subject: Re: Passing Variable to delete
with Inflector::slug($id) i think that will be ok
the controller what should you do if anything to make sure its no code
> capable of damage / injection / disruption
>
>
>
> Dave
>
>
>
> *From:* Tilen Majerle [mailto:tilen.maje...@gmail.com]
> *Sent:* December-11-10 12:08 PM
> *To:* cake-php@googlegroups.com
> *Subject
tilen.maje...@gmail.com]
Sent: December-11-10 12:08 PM
To: cake-php@googlegroups.com
Subject: Re: Passing Variable to delete
in ur case, i will first check, if given id is id for record from some user,
and if is, then delete it, otherwise don't delete it...
--
Tilen Majerle
http://majerle.eu
in ur case, i will first check, if given id is id for record from some user,
and if is, then delete it, otherwise don't delete it...
--
Tilen Majerle
http://majerle.eu
2010/12/11 Dave Maharaj
> When passing an id / slug thru a url for delete is there any security
> precautions to add?
>
>
>
14 matches
Mail list logo
