Re: validating in controller with preg_match "script"

[Chris]

the problem is solved,... 
Here is the concept,... if the user accidentally or intentionally try to 
submit script to your database using jeditable,... you or him will not be 
able to erase it,... you will have to go to your database and edit manually 
to reset. and to avoid all that headache you will have to prevent posting 
starting with "<", as well as "script",... etc,... 
after all,... here is what works for me: enjoy it,... 

  function ajax_short_status($id = null) 
  {
    $this->authorize();
    
    if(!($user = $this->User->findById($id)))
    {
      die();
    }
    else
    {
      $this->authorize($user['User']['id']);

       $short_status = $this->params['form']['value'];

       $regex = '/^<\w+|<|script|java|javascript|>$/';

           if(preg_match($regex, $short_status))
          {
        die(); // this will aboard ajax posting 
          }
    else
     {
       $user['User']['short_status'] = $this->params['form']['value'];

        if($this->User->save($user))
        {
      if(!empty($this->params['form']['value']))
      {
      $title = ' Update Status ';
      $content = '<a href="' . Router::url('/profile/' . 
$user['User']['username'], true) . '">' . $user['User']['short_status'] . 
'</a>';

          $this->Notification->create();
          $this->Notification->save(array('Notification' => array('user_id' 
=> $user['User']['id'], 'member_id' => $this->user['id'], 'content' => 
$content, 'note' => $title, 'type' => 21, 'created' => date('Y-m-d 
H:i:s'))));
      }
      }

      echo $user['User']['short_status'];
      die();

    }

   }

  }

I love cakephp ! 


On Thursday, April 18, 2013 5:48:04 PM UTC-7, Chris wrote:
>
> hi guys,... can anyone help please,... 
> how can I find if string contains "script" tag with preg_match,... ? 
> I'm trying to avoid/aboard submission if data passed as 
> <script>...</script> 
>
>         $short_status = $this->params['form']['value'];
>
>           $regex = '/^[<script>]$/i'; 
>            if(preg_match($regex, $short_status))
>           {
>        die();
>           }
>
>     else
>     {
>      to process post and save to database,... 
>
> thanks in advance, 
> chris 
>
>
>
>

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.