When looking at the Security I find the following: Controller creates data array. View is rendered. 1) In the view I create an input for a field NOT already defined in the data array... blackhole 2) I create an input for a field NOT already defined in the data array (type=hidden) I also get.. blackhole *3) If an input is created <div style="display:none"> input </div> NO blackhole* 4) If the input is created <div style="display:none"> input with type=hidden </div> YES to the blackhole
I don't think Security should allow #3, but as of 2.5.4 it does! My original question concerning adding data fields to every edit and add method with beforeRender was to get around points 1 & 2; to keep from doing it in each and every controller, and to keep from using lock/unlock security settings. So my question now becomes: When does Security calculate its _Token for an edit or add form... Before the beforeRender() or after? Thanks, Greg -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
