http://localhost/CakePHP/cakeBlog/posts/delete/1
1 can be anything What if a cracker visits http://localhost/CakePHP/cakeBlog/posts/delete/'all' or something like that? How are you protecting your site? What would an explanation look like in the manual about denying any argument like 'all' from being passed to a method like delete? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
