I'd rather it werent possible for some random "jackass" to post comments to ANY published/unpublished post :p
Regardless of how far down the list, it is still a concern! 2009/8/28 brian <[email protected]> > > Look into the Security component. However, I have to ask: so what? If > a user is determined to be a jackass, this is one of the least things > I'd be concerned about. > > On Thu, Aug 27, 2009 at 1:18 PM, Robert Popplewell<[email protected]> > wrote: > > > > I am trying to add a comments area to a simple blog application and I > > would like to pass the id of a specific blog post to the comments > > controller. > > > > The only example I can find involves setting a hidden form field and > > passing it via the form data... > > > > echo $form->hidden('Comment.post_id', array('value' => $post['Post'] > > ['id'])); > > > > Is there any other way to pass the contents of $post['Post']['id'] to > > the comments controller? > > > > The reason I am concerned about this method is (correct me if i'm > > wrong) it is possible to manipulate the client side of html forms - > > such as the post id to be passed via html form data therefore a user > > could tell their browser to add a comment to ANY post id. > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
