No one checked your $id. It is insecure. Anyone can call your action as http://domain.com/controller/edit or http://domain.com/controller/edit/013 or http://domain.com/controller/edit/kill%20your%20app
On Mar 16, 1:04 am, Aurelius <[email protected]> wrote: > Hi! > > When I have a function like > function edit($id = null) { ... } > is the $id already checked against hacking and can only be a integer > or is it unsecure? > > thx > Aurelius --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
