I have a this function and was wondering what are the security holes by
doing it this way?
I am not passing any variables so i do not need to check if this
$someVariable = this->Auth
You have to be logged in , all the info is pulled from the
Auth->User->('id')
I could use function personal($id) then compare $id =
$this->Auth->User('id') but seems un-needed in this situation
Can someone point out any security issues by doing it this way?
function personal()
{
if ($this->RequestHandler->isAjax()) {
$id = $this->Auth->user('id');
if (!$id && empty($this->data)) {
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
if ($this->User->save($this->data)) {
code.........
} else {
code....... }
}
if (empty($this->data)) {
.....code
}
} else {
$this->redirect('/' . $this->Auth->user('slug'));
}
}
Dave
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
