I usually use the security components requireAuth to make sure that
hidden field values haven't been changed when the form is submitted
back to the server. This usually works fine. However, I noticed it
doesn't seem to matter on my admin_add and admin_edit actions. Is
there something I'm missing?
Here is some of my code:
function beforeFilter() {
parent::beforeFilter();
$this->Security->requireAuth();
}
function admin_add() {
}
function admin_edit($id = null) {
}
I've also tried:
$this->Security->requireAuth('admin_add', 'admin_edit');
It doesn't seem to make a difference. I tested it by trying to modify
hidden values in my form and it allows it to proceed with out
blackholing the request.
Is there something extra I have to add for admin actions to make the
requireAuth work, or is there a better way to handle this?
I am using the $form->create() and $form->end() and I also verified
that the token hash is being set in the form.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
