I realized humorously, that my delete links for the posts on my mini-
discussion board were clearly showing in the status bar:
"www.mysite.com/index.php/posts/delete/45".
So of course even though the delete link only shows up only for posts
where post.userid = session[userid], if you are a user who has half a
brain, you would eventually see the URL on the status bar and you
could just type it in manually to delete any post you want that other
people posted.
So along with setting the status="" attribute for each "href", I
realized I need to add to my controller's code for the delete()
function:
If ( $session->read('userid') = $data->post[userid] )
Would you do even more than that, to prevent unwanted post deletions?
Steve
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
