No.
http://us.php.net/json_decode
On Jun 27, 2:54 pm, "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]> wrote:
> > Data is escaped properly when it is inserted into the db which
> > prevents sql injection. You then escape output so to remove unexpected/
> > malicious output.
>
> Is there any chance of malicious PHP code inserted as input that would
> get executed during the massaging of data to get it into $this->data
> array?
>
> > 1. function beforeFilter() {
> > 2. if(isset($this->params['form']['json'])) {
> > 3. $this->data = json_decode($this->params['form']
> > ['json']);
> > 4. }
> > 5. }
>
> > Ok turns out to be five lines. $this->params['form']['json']
> > represents the packaged posted json data from GWT.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
