In risk of looking a little bit stupid, I'll ask this. If you need a field to be required, you can set that in model, so why bother with other stuff ? doI it that way. You can either use predefined rules of cake or make your own using regular expressions.. You can firebug all you want but when you click save, if you didn't input required value (if you even specified what types of character can be used), there is no way you'll pass submitting, and user will not even be redirected from the page.. And if you really need to make something very tricky , you can always use ajax . This component of cake is beautiful. It even flashes messages next to the fields if there is an error with them.. Also one more comment. I do not see much point of protecting your form from being firebuged... Because, if somebody tries to hack a form on the client side (smth that is already loaded in his browser) you can't really stop them. When they receive a form it is kinda their now and they can change it or do whatever they want with it, because you have no control over data on his computer. But, in order to make sure no hacks are gonna happen, just made the same security on the server side of app and there you have it. The security you put on client side is for clients. So that it would make their lives easier, when filling forms etc. But for those evil clients who wish to ruin your work, you put security on server side and you have done all you needed to do.
Hope i didn't miss the subject :) All the best, Milos On Apr 2, 9:26 pm, "Krissy Masters" <naked.cake.ba...@gmail.com> wrote: > Right on. Was only curious since Security create a hash based on the fields > I figured there must be some way to do the same thing and use it for > whatever reason. > > Thanks for the info all the same. > > K > > -----Original Message----- > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf > > Of euromark > Sent: Saturday, April 02, 2011 10:43 PM > To: CakePHP > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > null) { > > it is not possible > > the controller has no direct link to the form helper > especially not after a post (and therefore BEFORE the form is rendered > again). > controller + model are finished before the view even starts to render. > > you would need to embed the keys as a hidden field in the form itself > (+ hash etc to disallow any modifications). > but then you could just as well use the security component and you > would be already done. > > so i dont see a point in that. > i agree that it can be a pain in the but. > in some rare occasions you could use blacklisting (especially if you > only want to forbid 1 field of 50 allowed fields). > in other occasions you would store those field names in a (long?) > array in the model and simply use it in the controller > $this->Model->allowedFieldsForEdit > etc > > either way linking the form helper / form inputs to the model logic > can probably do more harm than good. > i would think about which fields are allowed and manually pass them to > the set/save methods. using the model arrays to store the fields will > also ensure that after an update of the schema you got all field names > in a single place. less likely you will forget to add/delete fields. > > On 3 Apr., 00:51, "Krissy Masters" <naked.cake.ba...@gmail.com> wrote: > > Sorry I think you missed my point. > > Example: > > I have a form with 50 fields. I would have to manually type out all 50 if > > they have to be in the form = pain > > Im interested in grabbing all the field names the form has before its > > rendered. Then use that in the function before saving > > > beforeRender() / beforeFilter(){ > > grab all the fields your form has before rendering it > > > $form_fields = ??? somefunction to grab all your fields > > > Then use an array / !in_array / arrys_keys to keep / exclude ones that > are > > required to be there > > > $required_fields = array_diff( array('optional', 'fields', 'here' > > ),$form_fields); //something like that so you type out a few not all type > > thing > > > } > > > That's what I am wondering, if anyone knows how you could grab a list of > > fields in the form. > > > Thanks, > > > K > > > -----Original Message----- > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On > Behalf > > > Of cricket > > Sent: Saturday, April 02, 2011 7:45 PM > > To: cake-php@googlegroups.com > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > null) { > > > On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters > > <naked.cake.ba...@gmail.com> wrote: > > > Reading the bit about making fields required in a form so a user can not > > > firebug them out and thought is there a way to manually grab the names > of > > > the fields in a form being rendered in the controller? > > > Form might have 50 fields and you need them all, writing out all of that > > > would be trauma. (but writing the names and updating the model in the > > > future, spelling....so on) > > > > Security component does something with all the names to makes it hash > no? > > > > Anyone have any ideas? Here is a link to his excellent idea incase > anyone > > > wants to read up on it. > > > >http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ > > > > secion => Protection against missing fields > > > I think it would be best to use a class var in the model. > > > $this->Model->set( > > $this->data, > > null, > > $this->Model->required_fields > > ); > > > You could even have separate field lists for different actions: > > > $this->Model->set( > > $this->data, > > null, > > $this->Model->required_fields['edit'] > > ); > > > -- > > Our newest site for the community: CakePHP Video > Tutorialshttp://tv.cakephp.org > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp > > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > athttp://groups.google.com/group/cake-php > > -- > Our newest site for the community: CakePHP Video > Tutorialshttp://tv.cakephp.org > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > others with their CakePHP related questions. > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > athttp://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
