Re: [CakePHP : The Rapid Development Framework for PHP] #6134: Paginator helper has XSS problem

Mon, 23 Feb 2009 19:49:42 -0800 

#6134: Paginator helper has XSS problem
---------------------------+------------------------------------------------
    Reporter:  ichikaway   |         Owner:           
        Type:  Bug         |        Status:  new      
    Priority:  High        |     Milestone:  1.2.x.x  
   Component:  Helpers     |       Version:  1.2 Final
    Severity:  Major       |    Resolution:           
    Keywords:              |   Php_version:  n/a      
Cake_version:  1.2.1.8004  |  
---------------------------+------------------------------------------------
Comment (by ichikaway):

 Thank you for your reply.[[BR]]
 This is my code.
 [[BR]][[BR]]
 DB table
 {{{
 CREATE TABLE `posts` (
   `id` int(11) NOT NULL auto_increment,
   `test` text  NOT NULL,
   `created` timestamp NULL default NULL,
   `modified` timestamp NULL default NULL,
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM ;
 }}}
 [[BR]]

 Model
 {{{
 <?php
 class Post extends AppModel {

         var $name = 'Post';

 }
 ?>
 }}}
 [[BR]]

 Controller
 {{{
 <?php
 class PostsController extends AppController {

         var $name = 'Posts';
         var $helpers = array('Html', 'Form');

         var $paginate = array(
                           "limit" => 3,
         );

         function index() {
                 $this->set('posts', $this->paginate());

         }
 }
 ?>
 }}}


 == new patch ==
 I understand it is better to set the clean value to
 passedArgs[page].[[BR]]
 This is new patch.[[BR]]
 Append the following after line 1045 in Controller::paginate():
 {{{
 if( !is_numeric($options['page']) ){
         $options['page'] = $page = 1;
 }
 }}}

-- 
Ticket URL: <https://trac.cakephp.org/ticket/6134#comment:3>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to