I don't think you should have delete links available in areas where search spiders, or rogue users can easily get to them. You should at the very least ensure that the user is logged into the site before running any sort of delete behaviour (IMO)
And, having any sort of confirmation message is considered bad practise, the way to do things is to "soft delete" items and allow the user to restore them if necessary. Then run a script that hard deletes these trashed items older then x days. On Jun 5, 3:40 pm, "rich...@home" <[email protected]> wrote: > I think the way CakePHP handles the delete links is very bad practice > tbh. The delete action should be through a POST not a get. Also, > protecting it with Javascript doesn't help if your site is being > spidered... > > A better approach is to create your own delete($id) method > AppController (so its available to all your controllers) which asks > for confirmation (by a POST form) before it does the actual delete. > Something like: > > function delete($id) { > > $model = $this->modelClass; > > if (!empty($this->data)) { > > $this->{$model)->del($this->data[$model]['id']; > > // redirect to the index page > $this->redirect("action"=>"index"); > > } > > $this->data = $this->{$model)->read(null, $id); > > } > > and the view: > > <?php echo $form->create("Model", array("action"=>"delete")) ?> > <?php echo $form->hidden("id") ?> > <p>Are you sure you want to delete this item?</p> > <?php echo $form->end("Delete"); ?> > > (replace "Model" with the name of the model you are deleting) > > (beware typo's, I've just typed this straight into the post ;-) > > On Jun 5, 10:37 am, Ernesto <[email protected]> wrote: > > > that works great! > > > thanks :D > > > On 5 Giu, 11:04, toby1kenobi <[email protected]> wrote: > > > > I think I may be misunderstanding, but if you use $html->link to > > > generate your delete url you can add this as a parameter: > > > > link(string $title, mixed $url = null, array $htmlAttributes = array > > > (), string $confirmMessage = false, boolean $escapeTitle = true) > > > > See the liink method here : > > > >http://book.cakephp.org/view/206/Inserting-Well-Formatted-elements > > > > Hope this helps, > > > > Toby > > > > On Jun 5, 10:00 am, Ernesto <[email protected]> wrote: > > > > > Hello :) > > > > > is there any behavior that asks "Are you sure" before deleting any > > > > record? > > > > > i can't find anything similar in the bakery --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
