Look into the Security component. However, I have to ask: so what? If a user is determined to be a jackass, this is one of the least things I'd be concerned about.
On Thu, Aug 27, 2009 at 1:18 PM, Robert Popplewell<[email protected]> wrote: > > I am trying to add a comments area to a simple blog application and I > would like to pass the id of a specific blog post to the comments > controller. > > The only example I can find involves setting a hidden form field and > passing it via the form data... > > echo $form->hidden('Comment.post_id', array('value' => $post['Post'] > ['id'])); > > Is there any other way to pass the contents of $post['Post']['id'] to > the comments controller? > > The reason I am concerned about this method is (correct me if i'm > wrong) it is possible to manipulate the client side of html forms - > such as the post id to be passed via html form data therefore a user > could tell their browser to add a comment to ANY post id. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
