Have you tested that it is in fact possible to remove fields from a form when using the SecurityComponent?
-- /** * @author Larry E. Masters * @var string $userName * @param string $realName * @returns string aka PhpNut * @access public */ On 10/16/07, 2000Man <[EMAIL PROTECTED]> wrote: > > > Hi guys, > > I've been playing around with the Security-component, which is able to > prevent forms to be manipulated (fields being added to the form). This > works perfectly, but there is still another problem: by downloading > and manipulating it isn't possible to add fields, but is is still > possible to remove fields. > > This is a real problem, because when the field is removed, the > Security-component doesn't detect this, but model::validates also > doesn't, because the latter works the other way around: foreach of the > fields of $model->data is makes sure it validates. So what it doesn't > do is check if all fields specified in model->validate are really > present. > > Is there a way to solve this problem using Cake's build-in > functionality? Of course I can add this check to my > Appmodel::validates, but I think this is something the framework > should be able to do? Does anyone know how to prevent this problem? > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
