AD7six: to be fair, the whitelist is not in the manual. It is in the
api though... I'm wondering how I missed that!
On Oct 12, 1:22 pm, AD7six <[EMAIL PROTECTED]> wrote:
> On Oct 12, 10:28 am, Sharkoon <[EMAIL PROTECTED]> wrote:
>
> > Well he's got a point.
>
> > When I have this:
> > $form->input('User.email');
> > $form->input('User.password');
>
> > and put via firebug <input type="text" name="data[User][active]"
> > value="1">
>
> > and then $this->User->save($this->data);
> > It saves active as well!!!
>
> > A huge security risk!!
>
> If you don't know what you are doing and don't read the api/manual
> (whitelist).
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
