@rodrigo
right - this is also the only way to work with ajax form posts
Am Donnerstag, 8. März 2012 13:57:08 UTC+1 schrieb Rodrigo Rodrigues Moyle:
>
> I always use save($data, array('fieldList' => array())) to protect against
> this problem regardless of the SecurityComponent.
>
> Em terça-feira, 6 de março de 2012 18h06min37s UTC-3, nabeel escreveu:
>>
>> Hi all,
>>
>> I'm sure we've all heard about what happened with RoR and Github just
>> recently -
>>
>> https://github.com/rails/rails/issues/5228
>>
>> http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars
>>
>>
>> So I can see how this could possibly be done in Cake as well (haven't
>> tried), but just adding a hidden field to the form with the values.
>>
>> So - what's the best way (in Cake) to protect against this? Is it
>> setting the allowed fields in the $this->Model->save() call? Is the a
>> better way?
>
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
