Hi,
I'm performing a search the following way
function searchform() {
// Displays searchform
}
function search_redirect() {
// redirect to get values
$this->redirect("/results/".$this->data['Search']['searchvalue1']."/".
$this->data['Search']['searchvalue2']."/".$this->data['Search']
['searchvalue3']);
}
function results( $searchvalue1, $searchvalue2, $searchvalue3 ) {
// Displays results
}
Originally i wanted to ask whether it is a security problem to
validate just before redirect, or validate in the results action. Is
there a possibility to catch (and hijack) the programflow, at the
intern redirect.
But with writing it down, it's sure that someone could change the GET
Values and just reload.
So that leads me to another question:
Is there a way to guarantee that results is only redirected from
action search_redirect? and not accessed direct?
Can I check this ? Perhaps with refererer ?
Regards,
Alexander
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
