Re: AppController::beforeRender usage question.

When looking at the Security I find the following:

Controller creates data array.
View is rendered.
  1) In the view I create an input for a field NOT already defined in the data array... blackhole
  2) I create an input for a field NOT already defined in the data array (type=hidden) I also get..  blackhole
  3) If an input is created <div style="display:none"> input </div> NO blackhole
  4) If the input is created <div style="display:none"> input with type=hidden </div> YES to the blackhole

I don't think Security should allow #3, but as of 2.5.4 it does!

My original question concerning adding data fields to every edit and add method with beforeRender was to get around points 1 & 2; to keep from doing it in each and every controller, and to keep from using lock/unlock security settings.

So my question now becomes:  When does Security calculate its _Token for an edit or add form...  Before the beforeRender() or after?

Thanks,
Greg

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.