action is in the forms action attribute ie
array( 'url'=>array( 'controller'=>'foo', 'action'=>'bar',$foo['Foo']
['id'] ))..
Also, if you use char(36) for id's then you get UUID's - and it would
be really unlikely that a user will guess a correct uuid, although
this isn't a reason not to check the action in the controller for
tampering (Security component etc)
On Jun 13, 11:19 pm, Ed Propsner <crotchf...@gmail.com> wrote:
> Thanks John, I appreciate it.
>
> Every time an id becomes visible in the url I take precautions (extra code)
> to ensure any other record can't be altered or manipulated by changing the
> id
> through the url.
>
> I never thought about just writing the id temporarily to the session.
> Thanks for the tip, it should work just fine.
>
> - Ed
>
> On Mon, Jun 14, 2010 at 1:55 AM, John Andersen <j.andersen...@gmail.com>wrote:
>
> > I can't tell you why it happen, but I can tell you how I work with
> > editing an existing record.
>
> > When a record is chosen for editing, I store the record id in the
> > session. Upon saving the record I take the id from the session. I
> > don't rely on the record id being in the url. If I did that, then the
> > user could easily change it upon submitting the form, which would be a
> > bad thing :)
>
> > Hope this helps you on the way,
> > John
>
> > On Jun 14, 3:34 am, Ed Propsner <crotchf...@gmail.com> wrote:
> > > I notice that when I submit a form to a url such as
>
> > >http://mysite.com/controller/action/25
>
> > > If validation fails on the first attempt the form reloads under the exact
> > > same url and retains all of $this->data
> > > but if the validation fails on subsequent attempts the form reloads
> > > but the record id gets dropped from the url and the only info left in
> > > $this->data is the value
> > > of the submitted form element and that's all.
>
> > > What causes this? Is there a way around it?
>
> > > - Ed
>
> > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others
> > with their CakePHP related questions.
>
> > You received this message because you are subscribed to the Google Groups
> > "CakePHP" group.
> > To post to this group, send email to cake-php@googlegroups.com
> > To unsubscribe from this group, send email to
> > cake-php+unsubscribe@googlegroups.com<cake-php%2Bunsubscribe@googlegroups.com>For more options, visit this group at
> >http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment