On Dec 9, 10:14 am, WebbedIT <[EMAIL PROTECTED]> wrote:
> > Try an exit() after the redirect/flash.
>
> I will first try the exit() call as I've seen that mentioned in
> relation to Session->flash and it does seem to be a case that if the
> flash message does not appear in time the script continues and then
> kicks out an error when it cant find the view.
Your issue stems from a combination of factors/bad habits/
assumtpions ;)
* Depending on your php config, a script will stop if it detects that
the client has dropped the connection (
http://es2.php.net/features.connection-handling)
* Assuming that a flash will cause the controller action code to stop
(it doesn't. hint: *return* $this->redirect|flash|etc)
* Your delete method assumes that when it is called with a param it
will always succeed - you have no logic in place for an id present but
invalid/the delete not succeeding - hence if falls through and tries
to render a view
* Your delete method works with only get params - so if by chance or
malicious intent a page generates a request to /whatever/delete/anint
- it'll perform the delete with you none the wiser (although if you
used session setflash you would probably see a confusing (because you
did it yourself, but not deliberately) "xyz with id 123 deleted"
message) - As a concequence a duplicate delete request will show a
missing view because it doesn't exist to be deleted (see previous
point). Google csrf for more details.
You'll probably find you get bored of delay and annoyance of seeing
flash message screens - use session set flash with or without a
redirect depending on whether you want to redirect the user or not
(but RETURN or otherwise prevent any further controller/model logic
from executing and don't rely on your redirect/flash/whatever to
prevent further code from executing) - but the problem in brief is not
accounting for all logical possibilities.
hth
AD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
