You should use a whitelist to specify the fields to save, any other fields will not be saved.
Even if you don't display the field on the page, a user can still create the post variable from within their browser and use it to change data they shouldn't really be allowed to.
Hope this helps
Stephen
On 26 November 2010 10:38, psybear83 <psybear83@gmail.com> wrote:
Hey everybody
In my application, users can edit their email, phone number etc., but
they are *not* allowed to edit their username - only admins are
allowed to do that.
So I'm wondering: is it safe to simply not display the username field
to the user? Afaik CakePHP makes sure that the form hasn't been
manually edited (e.g. adding a username input field), right? So I
don't have to double-check on the application's side, e.g. by
unsetting the $data[User][username] field, as long as I'm only
displaying form fields using CakePHP's form helper (and not
"deactivating" them by just hiding them using CSS or so), right?
If so - yeah, sweet! Thanks, CakePHP! :-)
Waiting for your confirmation about this fact, guys... Thanks!
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
--
Kind Regards
Stephen @ NinjaCoderMonkey
www.ninjacodermonkey.co.uk
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment