Re: Pattern Matching for Security->unlockedFields

Tue, 05 Mar 2013 17:55:12 -0800 

I have not tested this. ymmv

function beforeFilter()
{
        parent::beforeFilter();
        
        // second test is optional
        if ($this->request->is('post') && $this->action == 'whatever')
        {
                // only want the keys here
                $dynamic_fields = array_keys(preg_grep('/^Cat[0-9]+name$/',
$this->request->data['YourModel']));
                
                // array_merge will leave duplicates for arrays with numeric 
indices
                $this->Security->unlockedFields = array_unique(
                        array_merge(
                                $this->Security->unlockedFields,
                                $dynamic_fields
                        )
                );
        }
}

On Mon, Mar 4, 2013 at 7:48 PM, #2Will <willjbar...@gmail.com> wrote:
> I'm dynamicly adding fields for hasMany relation in my form, with JS.  Thats
> obviously messing with the Security components form tampering detection -
> and blackholing the request
>
> U can get it to not blackhole by doing this in the beforeFilter:
>
>     $this->Security->unlockedFields = array(  'Cat0name');
>
> I guess i could add Cat1name, Cat2name, cat3name etc etc to the array.  But
> it makes me feel sad.  Is there a better way? Can I get it to pattern match
> somehow?  Iv'e got in my head ideas like "regex" - is that at all possible?
>
> I must admit, i read the code for the _validatePost function that uses the
> unlockedFields setting, and I didn't really fully understand it.
>
> Thanks for any pointers
>
> Will
>
>
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cake-php+unsubscr...@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to