parent::beforeFilter();
Best regards
On 1 Mai, 21:02, Stinkbug <justink...@gmail.com> wrote:
> I usually use the security components requireAuth to make sure that
> hidden field values haven't been changed when the form is submitted
> back to the server. This usually works fine. However, I noticed it
> doesn't seem to matter on my admin_add and admin_edit actions. Is
> there something I'm missing?
>
> Here is some of my code:
>
> function beforeFilter() {
> parent::beforeFilter();
> $this->Security->requireAuth();
> }
>
> function admin_add() {
> }
>
> function admin_edit($id = null) {
> }
>
> I've also tried:
>
> $this->Security->requireAuth('admin_add', 'admin_edit');
>
> It doesn't seem to make a difference. I tested it by trying to modify
> hidden values in my form and it allows it to proceed with out
> blackholing the request.
>
> Is there something extra I have to add for admin actions to make the
> requireAuth work, or is there a better way to handle this?
>
> I am using the $form->create() and $form->end() and I also verified
> that the token hash is being set in the form.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment