need that parent::beforeFitler(). Like I said it only appears to be a
problem with admin routing, or my admin prefixed actions.
On May 1, 2:25 pm, "Benedikt R." <bened...@rossgardt.de> wrote:
> Try to remove
>
> parent::beforeFilter();
>
> Best regards
>
> On 1 Mai, 21:02, Stinkbug <justink...@gmail.com> wrote:
>
> > I usually use the security components requireAuth to make sure that
> > hidden field values haven't been changed when the form is submitted
> > back to the server. This usually works fine. However, I noticed it
> > doesn't seem to matter on my admin_add and admin_edit actions. Is
> > there something I'm missing?
>
> > Here is some of my code:
>
> > function beforeFilter() {
> > parent::beforeFilter();
> > $this->Security->requireAuth();
> > }
>
> > function admin_add() {
> > }
>
> > function admin_edit($id = null) {
> > }
>
> > I've also tried:
>
> > $this->Security->requireAuth('admin_add', 'admin_edit');
>
> > It doesn't seem to make a difference. I tested it by trying to modify
> > hidden values in my form and it allows it to proceed with out
> > blackholing the request.
>
> > Is there something extra I have to add for admin actions to make the
> > requireAuth work, or is there a better way to handle this?
>
> > I am using the $form->create() and $form->end() and I also verified
> > that the token hash is being set in the form.
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment