I have not tested this. ymmv function beforeFilter() { parent::beforeFilter(); // second test is optional if ($this->request->is('post') && $this->action == 'whatever') { // only want the keys here $dynamic_fields = array_keys(preg_grep('/^Cat[0-9]+name$/', $this->request->data['YourModel'])); // array_merge will leave duplicates for arrays with numeric indices $this->Security->unlockedFields = array_unique( array_merge( $this->Security->unlockedFields, $dynamic_fields ) ); } }
On Mon, Mar 4, 2013 at 7:48 PM, #2Will <willjbar...@gmail.com> wrote: > I'm dynamicly adding fields for hasMany relation in my form, with JS. Thats > obviously messing with the Security components form tampering detection - > and blackholing the request > > U can get it to not blackhole by doing this in the beforeFilter: > > $this->Security->unlockedFields = array( 'Cat0name'); > > I guess i could add Cat1name, Cat2name, cat3name etc etc to the array. But > it makes me feel sad. Is there a better way? Can I get it to pattern match > somehow? Iv'e got in my head ideas like "regex" - is that at all possible? > > I must admit, i read the code for the _validatePost function that uses the > unlockedFields setting, and I didn't really fully understand it. > > Thanks for any pointers > > Will > > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en. For more options, visit https://groups.google.com/groups/opt_out.