I have additional code in my app controllers beforeFilter. So I still need that parent::beforeFitler(). Like I said it only appears to be a problem with admin routing, or my admin prefixed actions.
On May 1, 2:25 pm, "Benedikt R." <[email protected]> wrote: > Try to remove > > parent::beforeFilter(); > > Best regards > > On 1 Mai, 21:02, Stinkbug <[email protected]> wrote: > > > I usually use the security components requireAuth to make sure that > > hidden field values haven't been changed when the form is submitted > > back to the server. This usually works fine. However, I noticed it > > doesn't seem to matter on my admin_add and admin_edit actions. Is > > there something I'm missing? > > > Here is some of my code: > > > function beforeFilter() { > > parent::beforeFilter(); > > $this->Security->requireAuth(); > > } > > > function admin_add() { > > } > > > function admin_edit($id = null) { > > } > > > I've also tried: > > > $this->Security->requireAuth('admin_add', 'admin_edit'); > > > It doesn't seem to make a difference. I tested it by trying to modify > > hidden values in my form and it allows it to proceed with out > > blackholing the request. > > > Is there something extra I have to add for admin actions to make the > > requireAuth work, or is there a better way to handle this? > > > I am using the $form->create() and $form->end() and I also verified > > that the token hash is being set in the form. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
