Re: Login is not working

2011-06-22 Thread Prabha Vathi 
Bad and bad programmer :(

Thanks a lot. 
What a silly mistake.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Jquery not working in IE

2011-06-22 Thread Prabha Vathi 
For test freshly i created a tests controller

class TestsController extends AppController {
var $uses = array();
var $helpers = array('Form','Javascript','Html');

function check_ajax() {
}
}

simple.js
function ajax11() {
$.ajax({
url: "#",
context: document.body,
success: function(){
$('.good').html('works very good');
}
});
}

link('jquery-1.6.1.min', false);

//and now... some file that will be specific to this view (page)
 $javascript->link('sample', false);
?>
Click Me!


It works in firefox and chrome. But not in Internet Explorer. I have
already started to convert one my website to cakephp. It is half done.
When i check that in ie, i found none of the ajax working. I don't get
any error from IE.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread euromark 
i always do it the other way around
in core debug=0 and if on localhost, raise it afterwards to 1/2
this way there should be no flaws


On 23 Jun., 06:50, oceanguy  wrote:
> I've been baking for over 3 years, and while I know leaving debug >0
> is not kosher, I often leave it temporarily at 1 for quasi-production
> sites, as it is a heck of a lot easier to debug run-time issues.
>
> But I had no idea that database info would ever be exposed.  And why
> would I?  Seems like only a peculiar set of circumstances would have
> lead me to this error.  If there's one piece of config information
> that shouldn't be exposed at all by an application, it's the db
> connection info.  (Salt keys are probably a close second.)
>
> If something is a bad practice, then it's up to the community to find
> the best way to inhibit it automatically.  It's really a question of
> the community's integrity as a whole.  If it's common for end user
> developers to make a mistake, then that speaks to an issue that needs
> to be addressed at the core level, otherwise everyone's reputation
> suffers.
>
> CakePHP is a complex application and there is *a lot* to learn about
> it.  Verbal notes hidden in forums (or even the docs) won't cut it,
> nor will saying, "if you followed best practice X, you wouldn't have
> exposed yourself to Y."  End user developers do not know the details
> of how things might work under all circumstances, so we must trust the
> core developers to insure that best practices are in place to protect
> us from ourselves.
>
> If it's a question of encouraging developers to maintain separate
> core.php files on dev and production machines, I think an alternative
> distribution model might be helpful.  For example, maybe core.php
> should be distributed like database.php.default, which encourages devs
> to make a specific customized copy for each machine, which also
> implies not including it under version control.
>
> Aside from this quibble, thanks for an awesome framework (and Mark,
> for a great blog).
>
> -Sage
>
> On Jun 22, 1:02 pm, mark_story  wrote:
>
>
>
>
>
>
>
> > It is the developer's fault, for deploying a system in a way it should
> > never be deployed.
>
> > Since, I was working under the pre-tense that any developer who
> > actually cared about these kinds of things wouldn't make a stupid
> > mistake like this. And combined with the fact that removing the
> > passwords is a non-trivial problem, I punted on the issue.  The place
> > where this error gets displayed from is inside Debugger, and its more
> > than non-trivial to filter through the various parts of output,
> > looking for things that follow password, and cutting them out.  While
> > this is probably doable it will affect all the messages that Debugger
> > will create.
>
> > I guess I underestimated the ability of people to screw up basic
> > deployment.  If someone want's to prepare a patch, I'd be happy to
> > apply it so people who can't be bothered to properly deploy their
> > applications, can sleep better at night.
>
> > -Mark

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread oceanguy 
I've been baking for over 3 years, and while I know leaving debug >0
is not kosher, I often leave it temporarily at 1 for quasi-production
sites, as it is a heck of a lot easier to debug run-time issues.

But I had no idea that database info would ever be exposed.  And why
would I?  Seems like only a peculiar set of circumstances would have
lead me to this error.  If there's one piece of config information
that shouldn't be exposed at all by an application, it's the db
connection info.  (Salt keys are probably a close second.)

If something is a bad practice, then it's up to the community to find
the best way to inhibit it automatically.  It's really a question of
the community's integrity as a whole.  If it's common for end user
developers to make a mistake, then that speaks to an issue that needs
to be addressed at the core level, otherwise everyone's reputation
suffers.

CakePHP is a complex application and there is *a lot* to learn about
it.  Verbal notes hidden in forums (or even the docs) won't cut it,
nor will saying, "if you followed best practice X, you wouldn't have
exposed yourself to Y."  End user developers do not know the details
of how things might work under all circumstances, so we must trust the
core developers to insure that best practices are in place to protect
us from ourselves.

If it's a question of encouraging developers to maintain separate
core.php files on dev and production machines, I think an alternative
distribution model might be helpful.  For example, maybe core.php
should be distributed like database.php.default, which encourages devs
to make a specific customized copy for each machine, which also
implies not including it under version control.

Aside from this quibble, thanks for an awesome framework (and Mark,
for a great blog).

-Sage



On Jun 22, 1:02 pm, mark_story  wrote:
> It is the developer's fault, for deploying a system in a way it should
> never be deployed.
>
> Since, I was working under the pre-tense that any developer who
> actually cared about these kinds of things wouldn't make a stupid
> mistake like this. And combined with the fact that removing the
> passwords is a non-trivial problem, I punted on the issue.  The place
> where this error gets displayed from is inside Debugger, and its more
> than non-trivial to filter through the various parts of output,
> looking for things that follow password, and cutting them out.  While
> this is probably doable it will affect all the messages that Debugger
> will create.
>
> I guess I underestimated the ability of people to screw up basic
> deployment.  If someone want's to prepare a patch, I'd be happy to
> apply it so people who can't be bothered to properly deploy their
> applications, can sleep better at night.
>
> -Mark
>

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Notice (8): Uninitialized string offset?? No idea what's going on.

2011-06-22 Thread Jeremy Burns | Class Outfit 
What is in $this->data when the error occurs?

On 22 Jun 2011, at 21:22, cakephpnoob wrote:

> Error here:
> ==output in browser
> Notice (8): Uninitialized string offset: 0 [CORE/cake/libs/model/
> model.php, line 1319]
> 
> Code | Context
> 
> Model::__saveMulti() - CORE/cake/libs/model/model.php, line 1319
> Model::save() - CORE/cake/libs/model/model.php, line 1239
> PostsController::add() - APP/controllers/posts_controller.php, line 22
> Object::dispatchMethod() - CORE/cake/libs/object.php, line 115
> Dispatcher::_invoke() - CORE/cake/dispatcher.php, line 227
> Dispatcher::dispatch() - CORE/cake/dispatcher.php, line 194
> [main] - APP/webroot/index.php, line 88
> 
> 
> Where error comes from in posts_controller.php:
> =code==
> function add() {
>if (!empty($this->data)) {
>$this->Post->create();
>if ($this->Post->save($this->data)) {  /* this is line 22
> */
>$this->flash(__('Post saved.', true),
> array('action'=>'index'));
>} else {
>}
>}
>$tags = $this->Post->Tag->find('list');
>$statuses = $this->Post->Status->find('list');
>$this->set(compact('tags', 'statuses'));
>}
> ===
> 
> Can anyone help me figure out what is going on? I'm pretty new to
> CakePHP...
> 
> -- 
> Our newest site for the community: CakePHP Video Tutorials 
> http://tv.cakephp.org 
> Check out the new CakePHP Questions site http://ask.cakephp.org and help 
> others with their CakePHP related questions.
> 
> 
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
> http://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread rchavik 
On Wednesday, June 22, 2011 11:52:45 PM UTC+7, mark_story wrote:
>
> While I understand that people think this should be fixed, no one is 
> really coming forward with a patch.
> 


Hi Mark,

Here's a quick patch: 
https://github.com/rchavik/cakephp/commit/2be048eb6556d57314de5e3fb2bfa4ab11d2b039.
I think it would handle at least the case reported by thread starter.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread Miles J 
Thats my point, no? How is a developer supposed to know which step
core.php is loaded in the bootstrap process, in that it will cause
problems. No ones going to know this unless they dig into the core
files and discover it.

On Jun 22, 12:17 pm, AD7six  wrote:
> On Jun 22, 7:20 pm, Miles J  wrote:
>
> > The problem is, its unclear when this error is thrown. I developed in
> > Cake for over a year and still had this debug show in production.
>
> From your blog post:
>
> "debug in core.php was set to 2, and then disabled to 0 in
> bootstrap.php"
>
> with hindsight you can see the problem with that - but it should be
> obvious: That means any thing which happens generating a warning/error/
> notice inbetween loading core.php, and bootstrap.php will be sent to
> users - and failing to connect to the db is one of those things in
> cake 1.2/3.
>
> IMO what you describe in your blog post is a manufactured problem
> _purely_ because you are sharing the same core.php file on your local
> machine and your deployed site - don't do that.
>
> AD

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Notice (8): Uninitialized string offset?? No idea what's going on.

2011-06-22 Thread cakephpnoob 
Error here:
==output in browser
Notice (8): Uninitialized string offset: 0 [CORE/cake/libs/model/
model.php, line 1319]

Code | Context

Model::__saveMulti() - CORE/cake/libs/model/model.php, line 1319
Model::save() - CORE/cake/libs/model/model.php, line 1239
PostsController::add() - APP/controllers/posts_controller.php, line 22
Object::dispatchMethod() - CORE/cake/libs/object.php, line 115
Dispatcher::_invoke() - CORE/cake/dispatcher.php, line 227
Dispatcher::dispatch() - CORE/cake/dispatcher.php, line 194
[main] - APP/webroot/index.php, line 88


Where error comes from in posts_controller.php:
=code==
function add() {
if (!empty($this->data)) {
$this->Post->create();
if ($this->Post->save($this->data)) {  /* this is line 22
*/
$this->flash(__('Post saved.', true),
array('action'=>'index'));
} else {
}
}
$tags = $this->Post->Tag->find('list');
$statuses = $this->Post->Status->find('list');
$this->set(compact('tags', 'statuses'));
}
===

Can anyone help me figure out what is going on? I'm pretty new to
CakePHP...

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread mark_story 
Deploying an application with debug on is not a secure application.

-Mark

On Jun 22, 1:11 pm, bujanga  wrote:
> This should be fixed in core. A developer who actually needed the
> password would be able to get it easily enough. We developers are
> often rushed and do occasionally make stupid mistakes but a simple
> mistake should not reveal passwords. Great and effective effort has
> been put into the code to make it easy to deploy a secure application.
> The same care and effort should insure that simple mistakes by a
> developer do not break the secure application.
>
> Gary

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread bujanga 
This should be fixed in core. A developer who actually needed the
password would be able to get it easily enough. We developers are
often rushed and do occasionally make stupid mistakes but a simple
mistake should not reveal passwords. Great and effective effort has
been put into the code to make it easy to deploy a secure application.
The same care and effort should insure that simple mistakes by a
developer do not break the secure application.

Gary

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Containable - only show posts with comment

2011-06-22 Thread Jeremy Burns | Class Outfit 
In my experience you can't do that. There are two options; (1) do the search 
from the related model and contain the primary model - this works but the array 
is a bit twisted, or (2) construct your find using joins 
(http://book.cakephp.org/view/1047/Joining-tables). Option 2 will give you 
exactly what you want but it's a bit fiddly constructing it.

I'd love to see an option added to the Contain behaviour that uses an inner 
join rather than a left join, which would solve this.

On 22 Jun 2011, at 15:36, Michel wrote:

> Hi everybody,
> 
> I use CakePHP for quite some time now and I have stumpeld upon the
> same problem several times. While using the conatainable behavior I
> want to show a record only if a subrecord is present. For example:
> Show only blog-posts WITH comments.
> 
> any ideas?
> 
> greetings,
> Michel
> 
> -- 
> Our newest site for the community: CakePHP Video Tutorials 
> http://tv.cakephp.org 
> Check out the new CakePHP Questions site http://ask.cakephp.org and help 
> others with their CakePHP related questions.
> 
> 
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
> http://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Containable - only show posts with comment

2011-06-22 Thread Michel 
Hi everybody,

I use CakePHP for quite some time now and I have stumpeld upon the
same problem several times. While using the conatainable behavior I
want to show a record only if a subrecord is present. For example:
Show only blog-posts WITH comments.

any ideas?

greetings,
Michel

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread AD7six 


On Jun 22, 7:20 pm, Miles J  wrote:
> The problem is, its unclear when this error is thrown. I developed in
> Cake for over a year and still had this debug show in production.

>From your blog post:

"debug in core.php was set to 2, and then disabled to 0 in
bootstrap.php"

with hindsight you can see the problem with that - but it should be
obvious: That means any thing which happens generating a warning/error/
notice inbetween loading core.php, and bootstrap.php will be sent to
users - and failing to connect to the db is one of those things in
cake 1.2/3.

IMO what you describe in your blog post is a manufactured problem
_purely_ because you are sharing the same core.php file on your local
machine and your deployed site - don't do that.

AD

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Aw: Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread Jens Dittrich 
I can not agree that this is a "bug" that should be fixed in cake itself. 
This is definitely a bug in the release cycle or is the responsibility of 
the developer. 
Comparing cakes debug messages with messages in wordpress seems absurd to 
me. One is a CMS for beginners and the other is a development framework. A 
development framework targets at people who know about the context and the 
effects that their actions have. You can not and should not stop beginners 
from using a development framework but it is not the responsibility of the 
framework to protect them from doing very irresponsible things.
regards

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread Miles J 
The problem is, its unclear when this error is thrown. I developed in
Cake for over a year and still had this debug show in production. Its
not a problem of being a good developer, it was a problem of debug
being enabled at a certain point in the dispatch cycle and then turned
off at another point, but the error being thrown while debug was still
on. It was a problem with the order of operation, and the only way a
good developer will know this process is when it happens to them, and
that just might happen in prod. No developer will know about this
unless they reverse engineered the whole dispatch cycle to see how and
when this error is thrown.

http://milesj.me/blog/read/debug-off-prod-again

On Jun 22, 10:08 am, majna  wrote:
> How about to output debugger "Context" only for 127.0.0.1 ?
>
> On Jun 22, 7:02 pm, mark_story  wrote:
>
>
>
>
>
>
>
> > It is the developer's fault, for deploying a system in a way it should
> > never be deployed.
>
> > Since, I was working under the pre-tense that any developer who
> > actually cared about these kinds of things wouldn't make a stupid
> > mistake like this. And combined with the fact that removing the
> > passwords is a non-trivial problem, I punted on the issue.  The place
> > where this error gets displayed from is inside Debugger, and its more
> > than non-trivial to filter through the various parts of output,
> > looking for things that follow password, and cutting them out.  While
> > this is probably doable it will affect all the messages that Debugger
> > will create.
>
> > I guess I underestimated the ability of people to screw up basic
> > deployment.  If someone want's to prepare a patch, I'd be happy to
> > apply it so people who can't be bothered to properly deploy their
> > applications, can sleep better at night.
>
> > -Mark
>
> > On Jun 21, 10:22 am, Miles J  wrote:
>
> > > I have brought this problem up before. Last time, the Cake devs said
> > > it was the developers fault and it will stay in.
>
> > > -_-
>
> > > On Jun 21, 8:23 am, looklook look  wrote:
>
> > > > Now you got my point ;)
>
> > > > I have tried with google query to show database connection on Drupal,
> > > > Codeigniter, Wordpress and many else.
> > > > But yes, they can handle this database error carefully.
>
> > > > So, i think this is critical issue that should fixed immediatelly.
>
> > > > Thanks
>
> > > > Yodihttp://yoodey.com
>
> > > > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch 
> > > > wrote:
>
> > > > > OMG,
>
> > > > > I certainly could connect to __several__ mysql servers found with this
> > > > > google query.
>
> > > > > Although I agree that this is a developer's mistake, I am sure that
> > > > > there are a lot of unskilled developers that are doing this because 
> > > > > they
> > > > > just dont know it better. So removing those values from the output 
> > > > > would
> > > > > be a +1 from me.
>
> > > > > Regards,
> > > > > Thomas
>
> > > > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris:
> > > > > > I'm intrigued by this issue.
>
> > > > > > Can someone explain what situations would the whole config var be
> > > > > > output? Is it only when an error occurs, and only when at a certain
> > > > > > debug level? I've never seen it displayed at all whilst developing
> > > > > > with cakePHP.
>
> > > > > > Out of interested I googled the first part of the output, i.e.
>
> > > > > > $config = array( "persistent" => false,
>
> > > > > > and it certaintly suprised me how many sites this brings back with
> > > > > > passwords on show.
>
> > > > > > On Jun 21, 12:46 pm, yodi  wrote:
> > > > > > > Sorry, it was on random site build by CakePHP.
>
> > > > > > > To Euromark, i found more than 100 website affected with this 
> > > > > > > problem
> > > > > > > and i don't have much time to email them all.
>
> > > > > > > I think, whether it debug > 0, Cakephp should'nt throw real 
> > > > > > > password
> > > > > > > into CONTEXT.
>
> > > > > > > I try searching another CMS and Framework. Using same method, i 
> > > > > > > found
> > > > > > > nothing of them show real password where database error connection
> > > > > > > occured.
>
> > > > > > > Yes, this is security issued for me. Which there are many 
> > > > > > > developer
> > > > > > > using CakePHP.
>
> > > > > > > To Larry, i can send you some message to show how much it's 
> > > > > > > affected.
> > > > > It
> > > > > > > can be consideration.
>
> > > > > > > Thanks
>
> > > > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote:
> > > > > > > > Are you saying this was on the CakePHP website or a random site 
> > > > > > > > you
> > > > > > > > where visiting?
>
> > > > > > > > --
> > > > > > > > Larry E. Masters
>
> > > > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey  
> > > > > > > > wrote:
> > > > > > > >         Hello all,
>
> > > > > > > >         I'm randomly browsing and get a website with Database 
> > > > > > > > error
> > > > > > > >         connection.
> > > > > > > >         It gave

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread majna 
How about to output debugger "Context" only for 127.0.0.1 ?

On Jun 22, 7:02 pm, mark_story  wrote:
> It is the developer's fault, for deploying a system in a way it should
> never be deployed.
>
> Since, I was working under the pre-tense that any developer who
> actually cared about these kinds of things wouldn't make a stupid
> mistake like this. And combined with the fact that removing the
> passwords is a non-trivial problem, I punted on the issue.  The place
> where this error gets displayed from is inside Debugger, and its more
> than non-trivial to filter through the various parts of output,
> looking for things that follow password, and cutting them out.  While
> this is probably doable it will affect all the messages that Debugger
> will create.
>
> I guess I underestimated the ability of people to screw up basic
> deployment.  If someone want's to prepare a patch, I'd be happy to
> apply it so people who can't be bothered to properly deploy their
> applications, can sleep better at night.
>
> -Mark
>
> On Jun 21, 10:22 am, Miles J  wrote:
>
>
>
>
>
>
>
> > I have brought this problem up before. Last time, the Cake devs said
> > it was the developers fault and it will stay in.
>
> > -_-
>
> > On Jun 21, 8:23 am, looklook look  wrote:
>
> > > Now you got my point ;)
>
> > > I have tried with google query to show database connection on Drupal,
> > > Codeigniter, Wordpress and many else.
> > > But yes, they can handle this database error carefully.
>
> > > So, i think this is critical issue that should fixed immediatelly.
>
> > > Thanks
>
> > > Yodihttp://yoodey.com
>
> > > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch 
> > > wrote:
>
> > > > OMG,
>
> > > > I certainly could connect to __several__ mysql servers found with this
> > > > google query.
>
> > > > Although I agree that this is a developer's mistake, I am sure that
> > > > there are a lot of unskilled developers that are doing this because they
> > > > just dont know it better. So removing those values from the output would
> > > > be a +1 from me.
>
> > > > Regards,
> > > > Thomas
>
> > > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris:
> > > > > I'm intrigued by this issue.
>
> > > > > Can someone explain what situations would the whole config var be
> > > > > output? Is it only when an error occurs, and only when at a certain
> > > > > debug level? I've never seen it displayed at all whilst developing
> > > > > with cakePHP.
>
> > > > > Out of interested I googled the first part of the output, i.e.
>
> > > > > $config = array( "persistent" => false,
>
> > > > > and it certaintly suprised me how many sites this brings back with
> > > > > passwords on show.
>
> > > > > On Jun 21, 12:46 pm, yodi  wrote:
> > > > > > Sorry, it was on random site build by CakePHP.
>
> > > > > > To Euromark, i found more than 100 website affected with this 
> > > > > > problem
> > > > > > and i don't have much time to email them all.
>
> > > > > > I think, whether it debug > 0, Cakephp should'nt throw real password
> > > > > > into CONTEXT.
>
> > > > > > I try searching another CMS and Framework. Using same method, i 
> > > > > > found
> > > > > > nothing of them show real password where database error connection
> > > > > > occured.
>
> > > > > > Yes, this is security issued for me. Which there are many developer
> > > > > > using CakePHP.
>
> > > > > > To Larry, i can send you some message to show how much it's 
> > > > > > affected.
> > > > It
> > > > > > can be consideration.
>
> > > > > > Thanks
>
> > > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote:
> > > > > > > Are you saying this was on the CakePHP website or a random site 
> > > > > > > you
> > > > > > > where visiting?
>
> > > > > > > --
> > > > > > > Larry E. Masters
>
> > > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey  
> > > > > > > wrote:
> > > > > > >         Hello all,
>
> > > > > > >         I'm randomly browsing and get a website with Database 
> > > > > > > error
> > > > > > >         connection.
> > > > > > >         It gave me error page : Warning (2): mysql_connect()
> > > > > > >         [function.mysql-
> > > > > > >         connect]: Access denied for user ...
>
> > > > > > >         So i click on Context option and got this information.
>
> > > > > > >         $config =       array(
> > > > > > >                "persistent" => false,
> > > > > > >                "host" => "xxx",
> > > > > > >                "login" => "dbx",
> > > > > > >                "password" => "dbtxxx",
> > > > > > >                "database" => "dbx",
> > > > > > >                "port" => "3306",
> > > > > > >                "driver" => "mysql",
> > > > > > >                "prefix" => "",
> > > > > > >                "encoding" => "UTF8"
> > > > > > >         )
>
> > > > > > >         To avoid other people doing bad thing, i'm not showing 
> > > > > > > real
> > > > > > >         error
> > > > > > >         information.
>
> > > > > > >         I'm doing my

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread mark_story 
It is the developer's fault, for deploying a system in a way it should
never be deployed.

Since, I was working under the pre-tense that any developer who
actually cared about these kinds of things wouldn't make a stupid
mistake like this. And combined with the fact that removing the
passwords is a non-trivial problem, I punted on the issue.  The place
where this error gets displayed from is inside Debugger, and its more
than non-trivial to filter through the various parts of output,
looking for things that follow password, and cutting them out.  While
this is probably doable it will affect all the messages that Debugger
will create.

I guess I underestimated the ability of people to screw up basic
deployment.  If someone want's to prepare a patch, I'd be happy to
apply it so people who can't be bothered to properly deploy their
applications, can sleep better at night.

-Mark

On Jun 21, 10:22 am, Miles J  wrote:
> I have brought this problem up before. Last time, the Cake devs said
> it was the developers fault and it will stay in.
>
> -_-
>
> On Jun 21, 8:23 am, looklook look  wrote:
>
>
>
>
>
>
>
> > Now you got my point ;)
>
> > I have tried with google query to show database connection on Drupal,
> > Codeigniter, Wordpress and many else.
> > But yes, they can handle this database error carefully.
>
> > So, i think this is critical issue that should fixed immediatelly.
>
> > Thanks
>
> > Yodihttp://yoodey.com
>
> > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch 
> > wrote:
>
> > > OMG,
>
> > > I certainly could connect to __several__ mysql servers found with this
> > > google query.
>
> > > Although I agree that this is a developer's mistake, I am sure that
> > > there are a lot of unskilled developers that are doing this because they
> > > just dont know it better. So removing those values from the output would
> > > be a +1 from me.
>
> > > Regards,
> > > Thomas
>
> > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris:
> > > > I'm intrigued by this issue.
>
> > > > Can someone explain what situations would the whole config var be
> > > > output? Is it only when an error occurs, and only when at a certain
> > > > debug level? I've never seen it displayed at all whilst developing
> > > > with cakePHP.
>
> > > > Out of interested I googled the first part of the output, i.e.
>
> > > > $config = array( "persistent" => false,
>
> > > > and it certaintly suprised me how many sites this brings back with
> > > > passwords on show.
>
> > > > On Jun 21, 12:46 pm, yodi  wrote:
> > > > > Sorry, it was on random site build by CakePHP.
>
> > > > > To Euromark, i found more than 100 website affected with this problem
> > > > > and i don't have much time to email them all.
>
> > > > > I think, whether it debug > 0, Cakephp should'nt throw real password
> > > > > into CONTEXT.
>
> > > > > I try searching another CMS and Framework. Using same method, i found
> > > > > nothing of them show real password where database error connection
> > > > > occured.
>
> > > > > Yes, this is security issued for me. Which there are many developer
> > > > > using CakePHP.
>
> > > > > To Larry, i can send you some message to show how much it's affected.
> > > It
> > > > > can be consideration.
>
> > > > > Thanks
>
> > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote:
> > > > > > Are you saying this was on the CakePHP website or a random site you
> > > > > > where visiting?
>
> > > > > > --
> > > > > > Larry E. Masters
>
> > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey  wrote:
> > > > > >         Hello all,
>
> > > > > >         I'm randomly browsing and get a website with Database error
> > > > > >         connection.
> > > > > >         It gave me error page : Warning (2): mysql_connect()
> > > > > >         [function.mysql-
> > > > > >         connect]: Access denied for user ...
>
> > > > > >         So i click on Context option and got this information.
>
> > > > > >         $config =       array(
> > > > > >                "persistent" => false,
> > > > > >                "host" => "xxx",
> > > > > >                "login" => "dbx",
> > > > > >                "password" => "dbtxxx",
> > > > > >                "database" => "dbx",
> > > > > >                "port" => "3306",
> > > > > >                "driver" => "mysql",
> > > > > >                "prefix" => "",
> > > > > >                "encoding" => "UTF8"
> > > > > >         )
>
> > > > > >         To avoid other people doing bad thing, i'm not showing real
> > > > > >         error
> > > > > >         information.
>
> > > > > >         I'm doing mysql command based on that information and guest
> > > > > >         what? I
> > > > > >         got full access!
> > > > > >         Curious with this error, i'm doing little research and found
> > > > > >         more than
> > > > > >         1000 website mysql root access. (there many others, but i 
> > > > > > too
> > > > > >         tired to
> > > > > >         check it one by one )

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread mark_story 
If you can turn on debug, you can probably just read the database file
as well.  The only way you should be able to toggle debug is by
editing files on the server.  If you have access to those files, you
can easily get the database passwords from disk.

While I understand that people think this should be fixed, no one is
really coming forward with a patch.  Also, expecting people to have
some basic understanding of the tools they are using and what the hell
they are doing, is not really a high bar.  CakePHP unlike drupal and
wordpress is not really usable by people who aren't developers.  I
personally expect _developers_ to care about the security of their
applications.  Maybe I'm crazy though.

-Mark

On Jun 22, 9:44 am, Jamie  wrote:
> Wow, seriously? That's very irresponsible of the developers. If you
> can install a stock CakePHP and expose database login credentials just
> by turning on debug, that needs to be addressed in the core.
>
> On Jun 21, 10:22 am, Miles J  wrote:
>
>
>
>
>
>
>
> > I have brought this problem up before. Last time, the Cake devs said
> > it was the developers fault and it will stay in.
>
> > -_-
>
> > On Jun 21, 8:23 am, looklook look  wrote:
>
> > > Now you got my point ;)
>
> > > I have tried with google query to show database connection on Drupal,
> > > Codeigniter, Wordpress and many else.
> > > But yes, they can handle this database error carefully.
>
> > > So, i think this is critical issue that should fixed immediatelly.
>
> > > Thanks
>
> > > Yodihttp://yoodey.com
>
> > > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch 
> > > wrote:
>
> > > > OMG,
>
> > > > I certainly could connect to __several__ mysql servers found with this
> > > > google query.
>
> > > > Although I agree that this is a developer's mistake, I am sure that
> > > > there are a lot of unskilled developers that are doing this because they
> > > > just dont know it better. So removing those values from the output would
> > > > be a +1 from me.
>
> > > > Regards,
> > > > Thomas
>
> > > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris:
> > > > > I'm intrigued by this issue.
>
> > > > > Can someone explain what situations would the whole config var be
> > > > > output? Is it only when an error occurs, and only when at a certain
> > > > > debug level? I've never seen it displayed at all whilst developing
> > > > > with cakePHP.
>
> > > > > Out of interested I googled the first part of the output, i.e.
>
> > > > > $config = array( "persistent" => false,
>
> > > > > and it certaintly suprised me how many sites this brings back with
> > > > > passwords on show.
>
> > > > > On Jun 21, 12:46 pm, yodi  wrote:
> > > > > > Sorry, it was on random site build by CakePHP.
>
> > > > > > To Euromark, i found more than 100 website affected with this 
> > > > > > problem
> > > > > > and i don't have much time to email them all.
>
> > > > > > I think, whether it debug > 0, Cakephp should'nt throw real password
> > > > > > into CONTEXT.
>
> > > > > > I try searching another CMS and Framework. Using same method, i 
> > > > > > found
> > > > > > nothing of them show real password where database error connection
> > > > > > occured.
>
> > > > > > Yes, this is security issued for me. Which there are many developer
> > > > > > using CakePHP.
>
> > > > > > To Larry, i can send you some message to show how much it's 
> > > > > > affected.
> > > > It
> > > > > > can be consideration.
>
> > > > > > Thanks
>
> > > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote:
> > > > > > > Are you saying this was on the CakePHP website or a random site 
> > > > > > > you
> > > > > > > where visiting?
>
> > > > > > > --
> > > > > > > Larry E. Masters
>
> > > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey  
> > > > > > > wrote:
> > > > > > >         Hello all,
>
> > > > > > >         I'm randomly browsing and get a website with Database 
> > > > > > > error
> > > > > > >         connection.
> > > > > > >         It gave me error page : Warning (2): mysql_connect()
> > > > > > >         [function.mysql-
> > > > > > >         connect]: Access denied for user ...
>
> > > > > > >         So i click on Context option and got this information.
>
> > > > > > >         $config =       array(
> > > > > > >                "persistent" => false,
> > > > > > >                "host" => "xxx",
> > > > > > >                "login" => "dbx",
> > > > > > >                "password" => "dbtxxx",
> > > > > > >                "database" => "dbx",
> > > > > > >                "port" => "3306",
> > > > > > >                "driver" => "mysql",
> > > > > > >                "prefix" => "",
> > > > > > >                "encoding" => "UTF8"
> > > > > > >         )
>
> > > > > > >         To avoid other people doing bad thing, i'm not showing 
> > > > > > > real
> > > > > > >         error
> > > > > > >         information.
>
> > > > > > >         I'm doing mysql command based on that information and 
> > > > > > > guest
> > > > >

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread Jamie 
Wow, seriously? That's very irresponsible of the developers. If you
can install a stock CakePHP and expose database login credentials just
by turning on debug, that needs to be addressed in the core.

On Jun 21, 10:22 am, Miles J  wrote:
> I have brought this problem up before. Last time, the Cake devs said
> it was the developers fault and it will stay in.
>
> -_-
>
> On Jun 21, 8:23 am, looklook look  wrote:
>
>
>
>
>
>
>
> > Now you got my point ;)
>
> > I have tried with google query to show database connection on Drupal,
> > Codeigniter, Wordpress and many else.
> > But yes, they can handle this database error carefully.
>
> > So, i think this is critical issue that should fixed immediatelly.
>
> > Thanks
>
> > Yodihttp://yoodey.com
>
> > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch 
> > wrote:
>
> > > OMG,
>
> > > I certainly could connect to __several__ mysql servers found with this
> > > google query.
>
> > > Although I agree that this is a developer's mistake, I am sure that
> > > there are a lot of unskilled developers that are doing this because they
> > > just dont know it better. So removing those values from the output would
> > > be a +1 from me.
>
> > > Regards,
> > > Thomas
>
> > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris:
> > > > I'm intrigued by this issue.
>
> > > > Can someone explain what situations would the whole config var be
> > > > output? Is it only when an error occurs, and only when at a certain
> > > > debug level? I've never seen it displayed at all whilst developing
> > > > with cakePHP.
>
> > > > Out of interested I googled the first part of the output, i.e.
>
> > > > $config = array( "persistent" => false,
>
> > > > and it certaintly suprised me how many sites this brings back with
> > > > passwords on show.
>
> > > > On Jun 21, 12:46 pm, yodi  wrote:
> > > > > Sorry, it was on random site build by CakePHP.
>
> > > > > To Euromark, i found more than 100 website affected with this problem
> > > > > and i don't have much time to email them all.
>
> > > > > I think, whether it debug > 0, Cakephp should'nt throw real password
> > > > > into CONTEXT.
>
> > > > > I try searching another CMS and Framework. Using same method, i found
> > > > > nothing of them show real password where database error connection
> > > > > occured.
>
> > > > > Yes, this is security issued for me. Which there are many developer
> > > > > using CakePHP.
>
> > > > > To Larry, i can send you some message to show how much it's affected.
> > > It
> > > > > can be consideration.
>
> > > > > Thanks
>
> > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote:
> > > > > > Are you saying this was on the CakePHP website or a random site you
> > > > > > where visiting?
>
> > > > > > --
> > > > > > Larry E. Masters
>
> > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey  wrote:
> > > > > >         Hello all,
>
> > > > > >         I'm randomly browsing and get a website with Database error
> > > > > >         connection.
> > > > > >         It gave me error page : Warning (2): mysql_connect()
> > > > > >         [function.mysql-
> > > > > >         connect]: Access denied for user ...
>
> > > > > >         So i click on Context option and got this information.
>
> > > > > >         $config =       array(
> > > > > >                "persistent" => false,
> > > > > >                "host" => "xxx",
> > > > > >                "login" => "dbx",
> > > > > >                "password" => "dbtxxx",
> > > > > >                "database" => "dbx",
> > > > > >                "port" => "3306",
> > > > > >                "driver" => "mysql",
> > > > > >                "prefix" => "",
> > > > > >                "encoding" => "UTF8"
> > > > > >         )
>
> > > > > >         To avoid other people doing bad thing, i'm not showing real
> > > > > >         error
> > > > > >         information.
>
> > > > > >         I'm doing mysql command based on that information and guest
> > > > > >         what? I
> > > > > >         got full access!
> > > > > >         Curious with this error, i'm doing little research and found
> > > > > >         more than
> > > > > >         1000 website mysql root access. (there many others, but i 
> > > > > > too
> > > > > >         tired to
> > > > > >         check it one by one ).
>
> > > > > >         This is very dangerous things which i'm big fans of CakePHP.
> > > I
> > > > > >         working
> > > > > >         on 50K/day visitors website powered by CakePHP which i don't
> > > > > >         wanna
> > > > > >         this thing happen to me.
>
> > > > > >         So, please tell me, which people in cakephp.org should be
> > > > > >         contacted
> > > > > >         because this issue. Opening ticket will leaked real
> > > > > >         information for
> > > > > >         the victim website.
>
> > > > > >         Thanks
>
> > > > > >         Yoodey
>
> > > > > >         --
> > > > > >         Our newest site for the community: CakePHP Video Tutori

Re: Recent troubles with 'minYear' and 'maxYear'

2011-06-22 Thread krisspnet 
Yes I have tried, but the problem remains the same.

--
View this message in context: 
http://cakephp.1045679.n5.nabble.com/Recent-troubles-with-minYear-and-maxYear-tp4502140p4514201.html
Sent from the CakePHP mailing list archive at Nabble.com.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: cakephp 1.3.10 - URL rewriting is not properly configured on your server

2011-06-22 Thread ADmad 
The new css rule for "#url-rewriting-warning" was added to app/webroot/
cake.generic.css but was it was missing in the skeleton files used for
baking cake/console/templates/skel/webroot/css/cake.generic.css
That's why the warning message incorrectly showed up when you baked an
app. Its fixed now on the 1.3 branch.

To explain how it works that message is present in you cake/libs/view/
pages/home.ctp  in a div with id "url-rewriting-warning". When your
url rewriting is setup properly the cake.generic.css would be loaded
and hide that message. If your url rewriting isn't configured properly
the css file won't be loaded and the message will show up. We had
noticed numerous tickets/posts/questions on IRC from newbies about how
to fix the problem of not getting colors on homepage when setting up
cakephp. So this message was added give them a hint about url
rewriting mis-configuration and pointing to the manual.

- ADmad

On Jun 22, 4:32 pm, Jeremy Burns | Class Outfit
 wrote:
> True, but my point is that this lump of code is only really good while you 
> are making sure your config is OK. Once you know it is (including db 
> connection) you'd remove it and replace it with your own genuine layout, home 
> page and stylesheet, and then handle any errors (such as db connection 
> failure) in another way.
>
> On 22 Jun 2011, at 12:27, Thomas Ploch wrote:
>
>
>
>
>
>
>
> > This message will also appear on fatal errors during home page
> > rendering.
>
> > i.e. the call to check for database connection is sometimes in some
> > circumstances raising Fatal Errors.
>
> > Am Mittwoch, den 22.06.2011, 11:30 +0100 schrieb Jeremy Burns | Class
> > Outfit:
> >> I just experienced this when setting up a new site and concluded that
> >> it is not really an error. The default Cake set up has:
> >>      * a generic stylesheet (/app/webroot/css/cake.generic.css)
> >>      * a default layout (/cake/libs/view/layouts) that calls the
> >>        generic stylesheet
> >>      * a default home page (/cake/libs/view/pages/home.ctp)
>
> >> The generic home page has an element with an id of
> >> 'url-rewriting-warning'. This is hidden by default by a class in the
> >> generic stylesheet if:
> >>      * you are using the default layout, home page and style sheet
> >>      * and mod rewrite is working
>
> >> If mod rewrite is not working, the style sheet will not load and
> >> therefore the element will not be hidden, and voila you see the error
> >> or if you remove the generic style sheet (as the style sheet is not
> >> loading the element will not be hidden).
>
> >> These defaults are not really intended for production. They are just
> >> there to make sure your basic environment is correct.
>
> >> On 14 Jun 2011, at 19:12, Anderson Machado wrote:
>
> >>> Hello,
>
> >>> I did it but to no avail. I'm using wamp.
>
> >>> I removed the comment that line: LoadModule rewrite_module modules/
> >>> mod_rewrite.so
>
> >>> I observed the following lines:
>
> >>> 
> >>>   Options FollowSymLinks
> >>>   AllowOverride All
> >>> #    Order deny,allow
> >>> #    Deny from all
> >>> 
>
> >>> Continues to show the error. What can I do?
>
> >>> On Jun 8, 8:21 am, saidbakr  wrote:
>  So it is a bug in home.ctp and cake.generic.css and it could be
>  solved
>  as follows:
>
>  add an id tag to the div that includes therewritingerror, the tag
>  will take the value : id="url-rewriting-warning". then in
>  cake.generic.css at the end of it add the following rule:
>  #url-rewriting-warning{
>  display: none;
>
>  }
>
>  so if rewrite is going fine, it will load the css file anf hence
>  the
>  error message willnotbe displayed.
>
>  On Jun 6, 11:59 pm, majna  wrote:
>
> > You need to update webroot/css/cake.generic.css
> > used byURLrewritingcheck
>
> > #url-rewriting-warning {
> >        display: none;
>
> > }
>
> >https://github.com/cakephp/cakephp/blob/1.3/app/webroot/css/cake.gene...
>
> > On Jun 6, 4:03 pm, Ryan Olton  wrote:
>
> >>> Sounds likeyourconfig isn't checkable somehow by the new
> >>> 'check for
> >>> urlrewriting' validation - work out why and file a bug
> >>> report :)
>
> >> It appears that in the default home.ctp page there is this
> >> block of
> >> code just hanging out without any conditional code in place to
> >> show or
> >> hide this text ... in other words, you see in to matter what:
>
> >> 
> >>         >> __('URLrewritingisnotproperlyconfiguredonyourserver.
> >> '); ?>
> >>        
> >>                
> >>                         >> href="http://book.cakephp.org/view/917/Apache-
> >> and-mod_rewrite-and-htaccess" style="color:#fff;">
> >>                                 >> it')?>
> >>                        
> >>                
> >>                
> >>                         >> href="http://book.cakephp.org/view/931/CakePHP-
> >> Core-Configurati

Re: Recent troubles with 'minYear' and 'maxYear'

2011-06-22 Thread euromark 
did you try a simply
echo $this->Form->input()
instead of inputs()?

On 22 Jun., 13:21, krisspnet  wrote:
> Well no, the date did not changed on the server...
>
> /Off topic : Yes, true the use of Sanitize is not required./
>
> --
> View this message in 
> context:http://cakephp.1045679.n5.nabble.com/Recent-troubles-with-minYear-and...
> Sent from the CakePHP mailing list archive at Nabble.com.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Ask about regex in routes rule .

2011-06-22 Thread Điển vũ 
In routers.php , i wrote this line.

Router::connect('/pages/:id/:slug', array('controller' => 'pages', 
'action' => 'view'), array('pass' => array('id', 'slug'), 'id' => 
'[0-9A-Za-z]{6}'));

now i can access http://example.com/pages/7hf763/this_is_slug 
but how i can access function public() action : http://example.com/pages/public 


-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: cakephp 1.3.10 - URL rewriting is not properly configured on your server

2011-06-22 Thread Jeremy Burns | Class Outfit 
True, but my point is that this lump of code is only really good while you are 
making sure your config is OK. Once you know it is (including db connection) 
you'd remove it and replace it with your own genuine layout, home page and 
stylesheet, and then handle any errors (such as db connection failure) in 
another way.

On 22 Jun 2011, at 12:27, Thomas Ploch wrote:

> This message will also appear on fatal errors during home page
> rendering.
> 
> i.e. the call to check for database connection is sometimes in some
> circumstances raising Fatal Errors.
> 
> Am Mittwoch, den 22.06.2011, 11:30 +0100 schrieb Jeremy Burns | Class
> Outfit:
>> I just experienced this when setting up a new site and concluded that
>> it is not really an error. The default Cake set up has:
>>  * a generic stylesheet (/app/webroot/css/cake.generic.css)
>>  * a default layout (/cake/libs/view/layouts) that calls the
>>generic stylesheet
>>  * a default home page (/cake/libs/view/pages/home.ctp)
>> 
>> 
>> 
>> The generic home page has an element with an id of
>> 'url-rewriting-warning'. This is hidden by default by a class in the
>> generic stylesheet if:
>>  * you are using the default layout, home page and style sheet
>>  * and mod rewrite is working
>> 
>> 
>> If mod rewrite is not working, the style sheet will not load and
>> therefore the element will not be hidden, and voila you see the error
>> or if you remove the generic style sheet (as the style sheet is not
>> loading the element will not be hidden).
>> 
>> 
>> These defaults are not really intended for production. They are just
>> there to make sure your basic environment is correct.
>> 
>> On 14 Jun 2011, at 19:12, Anderson Machado wrote:
>> 
>>> Hello,
>>> 
>>> I did it but to no avail. I'm using wamp.
>>> 
>>> I removed the comment that line: LoadModule rewrite_module modules/
>>> mod_rewrite.so
>>> 
>>> I observed the following lines:
>>> 
>>> 
>>>   Options FollowSymLinks
>>>   AllowOverride All
>>> #Order deny,allow
>>> #Deny from all
>>> 
>>> 
>>> Continues to show the error. What can I do?
>>> 
>>> On Jun 8, 8:21 am, saidbakr  wrote:
 So it is a bug in home.ctp and cake.generic.css and it could be
 solved
 as follows:
 
 add an id tag to the div that includes therewritingerror, the tag
 will take the value : id="url-rewriting-warning". then in
 cake.generic.css at the end of it add the following rule:
 #url-rewriting-warning{
 display: none;
 
 }
 
 so if rewrite is going fine, it will load the css file anf hence
 the
 error message willnotbe displayed.
 
 On Jun 6, 11:59 pm, majna  wrote:
 
 
 
> You need to update webroot/css/cake.generic.css
> used byURLrewritingcheck
 
> #url-rewriting-warning {
>display: none;
 
> }
 
> https://github.com/cakephp/cakephp/blob/1.3/app/webroot/css/cake.gene...
 
> On Jun 6, 4:03 pm, Ryan Olton  wrote:
 
>>> Sounds likeyourconfig isn't checkable somehow by the new
>>> 'check for
>>> urlrewriting' validation - work out why and file a bug
>>> report :)
 
>> It appears that in the default home.ctp page there is this
>> block of
>> code just hanging out without any conditional code in place to
>> show or
>> hide this text ... in other words, you see in to matter what:
 
>> 
>>> __('URLrewritingisnotproperlyconfiguredonyourserver.
>> '); ?>
>>
>>
>>> href="http://book.cakephp.org/view/917/Apache-
>> and-mod_rewrite-and-htaccess" style="color:#fff;">
>>> it')?>
>>
>>
>>
>>> href="http://book.cakephp.org/view/931/CakePHP-
>> Core-Configuration-Variables" style="color:#fff;">
>>> useURLrewriting')?>
>>
>>
>>
>> 
>>> 
>>> -- 
>>> Our newest site for the community: CakePHP Video Tutorials
>>> http://tv.cakephp.org 
>>> Check out the new CakePHP Questions site http://ask.cakephp.org and
>>> help others with their CakePHP related questions.
>>> 
>>> 
>>> To unsubscribe from this group, send email to
>>> cake-php+unsubscr...@googlegroups.com For more options, visit this
>>> group at http://groups.google.com/group/cake-php
>>> 
>> 
>> 
>> 
>> -- 
>> Our newest site for the community: CakePHP Video Tutorials
>> http://tv.cakephp.org 
>> Check out the new CakePHP Questions site http://ask.cakephp.org and
>> help others with their CakePHP related questions.
>> 
>> 
>> To unsubscribe from this group, send email to
>> cake-php+unsubscr...@googlegroups.com For more options, visit this
>> group at http://groups.google.com/group/cake-php
> 
> 
> -- 
> Our newest site for the community: CakePHP Video Tuto

Re: landing page not working after payment on https

2011-06-22 Thread Ritesh R Aryal 
Still looking for your valued response.
Lets brainstorm to have right solution.

Is this a Session issues ?

but it is working fine when the site is worked on http://sitename.com.
But it gives problem when i get response back from payment page.

cheers

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: cakephp 1.3.10 - URL rewriting is not properly configured on your server

2011-06-22 Thread Thomas Ploch 
This message will also appear on fatal errors during home page
rendering.

i.e. the call to check for database connection is sometimes in some
circumstances raising Fatal Errors.

Am Mittwoch, den 22.06.2011, 11:30 +0100 schrieb Jeremy Burns | Class
Outfit:
> I just experienced this when setting up a new site and concluded that
> it is not really an error. The default Cake set up has:
>   * a generic stylesheet (/app/webroot/css/cake.generic.css)
>   * a default layout (/cake/libs/view/layouts) that calls the
> generic stylesheet
>   * a default home page (/cake/libs/view/pages/home.ctp)
> 
> 
> 
> The generic home page has an element with an id of
> 'url-rewriting-warning'. This is hidden by default by a class in the
> generic stylesheet if:
>   * you are using the default layout, home page and style sheet
>   * and mod rewrite is working
> 
> 
> If mod rewrite is not working, the style sheet will not load and
> therefore the element will not be hidden, and voila you see the error
> or if you remove the generic style sheet (as the style sheet is not
> loading the element will not be hidden).
> 
> 
> These defaults are not really intended for production. They are just
> there to make sure your basic environment is correct.
> 
> On 14 Jun 2011, at 19:12, Anderson Machado wrote:
> 
> > Hello,
> > 
> > I did it but to no avail. I'm using wamp.
> > 
> > I removed the comment that line: LoadModule rewrite_module modules/
> > mod_rewrite.so
> > 
> > I observed the following lines:
> > 
> > 
> >Options FollowSymLinks
> >AllowOverride All
> > #Order deny,allow
> > #Deny from all
> > 
> > 
> > Continues to show the error. What can I do?
> > 
> > On Jun 8, 8:21 am, saidbakr  wrote:
> > > So it is a bug in home.ctp and cake.generic.css and it could be
> > > solved
> > > as follows:
> > > 
> > > add an id tag to the div that includes therewritingerror, the tag
> > > will take the value : id="url-rewriting-warning". then in
> > > cake.generic.css at the end of it add the following rule:
> > > #url-rewriting-warning{
> > > display: none;
> > > 
> > > }
> > > 
> > > so if rewrite is going fine, it will load the css file anf hence
> > > the
> > > error message willnotbe displayed.
> > > 
> > > On Jun 6, 11:59 pm, majna  wrote:
> > > 
> > > 
> > > 
> > > > You need to update webroot/css/cake.generic.css
> > > > used byURLrewritingcheck
> > > 
> > > > #url-rewriting-warning {
> > > > display: none;
> > > 
> > > > }
> > > 
> > > > https://github.com/cakephp/cakephp/blob/1.3/app/webroot/css/cake.gene...
> > > 
> > > > On Jun 6, 4:03 pm, Ryan Olton  wrote:
> > > 
> > > > > > Sounds likeyourconfig isn't checkable somehow by the new
> > > > > > 'check for
> > > > > > urlrewriting' validation - work out why and file a bug
> > > > > > report :)
> > > 
> > > > > It appears that in the default home.ctp page there is this
> > > > > block of
> > > > > code just hanging out without any conditional code in place to
> > > > > show or
> > > > > hide this text ... in other words, you see in to matter what:
> > > 
> > > > > 
> > > > >  > > > > __('URLrewritingisnotproperlyconfiguredonyourserver.
> > > > > '); ?>
> > > > > 
> > > > > 
> > > > >  > > > > href="http://book.cakephp.org/view/917/Apache-
> > > > > and-mod_rewrite-and-htaccess" style="color:#fff;">
> > > > >  > > > > it')?>
> > > > > 
> > > > > 
> > > > > 
> > > > >  > > > > href="http://book.cakephp.org/view/931/CakePHP-
> > > > > Core-Configuration-Variables" style="color:#fff;">
> > > > >  > > > > useURLrewriting')?>
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > 
> > -- 
> > Our newest site for the community: CakePHP Video Tutorials
> > http://tv.cakephp.org 
> > Check out the new CakePHP Questions site http://ask.cakephp.org and
> > help others with their CakePHP related questions.
> > 
> > 
> > To unsubscribe from this group, send email to
> > cake-php+unsubscr...@googlegroups.com For more options, visit this
> > group at http://groups.google.com/group/cake-php
> > 
> 
> 
> 
> -- 
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org 
> Check out the new CakePHP Questions site http://ask.cakephp.org and
> help others with their CakePHP related questions.
>  
>  
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this
> group at http://groups.google.com/group/cake-php


-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group

Re: Recent troubles with 'minYear' and 'maxYear'

2011-06-22 Thread krisspnet 
Well no, the date did not changed on the server...

/Off topic : Yes, true the use of Sanitize is not required./

--
View this message in context: 
http://cakephp.1045679.n5.nabble.com/Recent-troubles-with-minYear-and-maxYear-tp4502140p4513700.html
Sent from the CakePHP mailing list archive at Nabble.com.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: 2nd order pagination using Containable with a filter

2011-06-22 Thread Johan 
That's weird because that code should throw an SQL error. When you
paginate or do a find, CakePHP will only use on the primary query the
immediate hasOne/belongsTo associations (in this case Result -> Test),
so your code should generate something similar to this query:

SELECT * FROM results Result LEFT JOIN tests Test ON Test.id =
Result.test_id WHERE Nationality.language_id LIKE '2';

If that query would work (which doesn't), it would generate an
additional query for each row fetching the required data from the
table nationalities.
So the problem is that you are setting the conditions on the wrong
place. This code should work correctly:

$this->paginate = array(
  'limit' => 20,
  'contain' => array(
'Test' => array(
  'Nationality' => array(
'fields' => array('language_id'),
'conditions' => array('Nationality.language_id LIKE ?' =>
2)  // Do you really need to use LIKE instead of equals?
  )
)
  )
);

If you require the Nationality to be an inner join, you may need to
rebind the models on runtime or add an explicit inner join:
http://book.cakephp.org/view/1047/Joining-tables

Cheers,
- Johan

On Jun 20, 4:49 pm, thomaus  wrote:
> Thanks for helping.
>
> I just tried and that is very strange. I don't get anymore SQL error
> but it doesn't work. I mean the filtering returns an empty array,
> while it should not. I checked and I'm 100% sure there should be some
> output after the filtering.
>
> On Jun 20, 11:12 am, Tilen Majerle  wrote:
>
>
>
>
>
>
>
> > emm...try this
>
> > $filter = array();
> > $filter['Nationality.language_id LIKE'] = 2;
>
> > --
> > Lep pozdrav, Tilen Majerlehttp://majerle.eu
>
> > 2011/6/20 thomaus 
>
> > > Nobody no clue?
>
> > > On Jun 17, 5:43 pm, thomaus  wrote:
> > > > Hi there,
>
> > > > I am doing2ndorderpaginationusing Containable. It is working fine
> > > > but when I try to paginate with a2ndorderfilter, it doesn't work
> > > > anymore.
>
> > > > Here are my models relations :
>
> > > > "Result" belongs to "Test"
> > > > "Test" belongs to "Nationality"
>
> > > > Here is my code :
>
> > > > $this->Result->recursive = 2;
> > > > $this->Result->Behaviors->attach('Containable');
>
> > > > $this->paginate = array(
> > > > 'limit' => 20,
> > > > 'contain' => array(
> > > > 'Test' => array(
> > > > 'Nationality' => array('fields' => array('language_id'))
> > > > )));
>
> > > > $filter = array();
> > > > $filter['Test.Nationality.language_id LIKE'] = 2;
>
> > > > $results = $this->paginate(null, $filter);
>
> > > > and I get this error:
>
> > > > SQL Error: 1054: Unknown column 'Test.Nationality.language_id'
>
> > > > If I empty the filter array, I can access $result['Test']
> > > > ['Nationality']['language_id'] from my view without any problem so the
> > > >paginationis working fine BUT the filtering is NOT. Why?
>
> > > --
> > > Our newest site for the community: CakePHP Video Tutorials
> > >http://tv.cakephp.org
> > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp
> > > others with their CakePHP related questions.
>
> > > To unsubscribe from this group, send email to
> > > cake-php+unsubscr...@googlegroups.com For more options, visit this group
> > > athttp://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: 2nd order pagination using Containable with a filter

2011-06-22 Thread Johan 
That's weird because that code should throw an SQL error. When you
paginate or do a find, CakePHP will only use on the primary query the
immediate hasOne/belongsTo associations (in this case Result -> Test),
so your code should generate something similar to this query:

SELECT * FROM results Result LEFT JOIN tests Test ON Test.id =
Result.test_id WHERE Nationality.language_id LIKE '2';

If that query would work (which doesn't), it would generate an
additional query for each row fetching the required data from the
table nationalities.
So the problem is that you are setting the conditions on the wrong
place. This code should work correctly:

$this->paginate = array(
  'limit' => 20,
  'contain' => array(
'Test' => array(
  'Nationality' => array(
'fields' => array('language_id'),
'conditions' => array('Nationality.language_id LIKE ?' =>
2)  // Do you really need to use LIKE instead of equals?
  )
)
  )
);

If you require the Nationality to be an inner join, you may need to
rebind the models on runtime or add an explicit inner join:
http://book.cakephp.org/view/1047/Joining-tables

Cheers,
- Johan

On Jun 20, 4:49 pm, thomaus  wrote:
> Thanks for helping.
>
> I just tried and that is very strange. I don't get anymore SQL error
> but it doesn't work. I mean the filtering returns an empty array,
> while it should not. I checked and I'm 100% sure there should be some
> output after the filtering.
>
> On Jun 20, 11:12 am, Tilen Majerle  wrote:
>
>
>
>
>
>
>
> > emm...try this
>
> > $filter = array();
> > $filter['Nationality.language_id LIKE'] = 2;
>
> > --
> > Lep pozdrav, Tilen Majerlehttp://majerle.eu
>
> > 2011/6/20 thomaus 
>
> > > Nobody no clue?
>
> > > On Jun 17, 5:43 pm, thomaus  wrote:
> > > > Hi there,
>
> > > > I am doing2ndorderpaginationusing Containable. It is working fine
> > > > but when I try to paginate with a2ndorderfilter, it doesn't work
> > > > anymore.
>
> > > > Here are my models relations :
>
> > > > "Result" belongs to "Test"
> > > > "Test" belongs to "Nationality"
>
> > > > Here is my code :
>
> > > > $this->Result->recursive = 2;
> > > > $this->Result->Behaviors->attach('Containable');
>
> > > > $this->paginate = array(
> > > > 'limit' => 20,
> > > > 'contain' => array(
> > > > 'Test' => array(
> > > > 'Nationality' => array('fields' => array('language_id'))
> > > > )));
>
> > > > $filter = array();
> > > > $filter['Test.Nationality.language_id LIKE'] = 2;
>
> > > > $results = $this->paginate(null, $filter);
>
> > > > and I get this error:
>
> > > > SQL Error: 1054: Unknown column 'Test.Nationality.language_id'
>
> > > > If I empty the filter array, I can access $result['Test']
> > > > ['Nationality']['language_id'] from my view without any problem so the
> > > >paginationis working fine BUT the filtering is NOT. Why?
>
> > > --
> > > Our newest site for the community: CakePHP Video Tutorials
> > >http://tv.cakephp.org
> > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp
> > > others with their CakePHP related questions.
>
> > > To unsubscribe from this group, send email to
> > > cake-php+unsubscr...@googlegroups.com For more options, visit this group
> > > athttp://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Using Plug-Ins with the /app directory

2011-06-22 Thread JustDoIT 
Hi,

I just installed the cakephp and went through the two examples in the
1.3 documentation. But am trying to now figure out how to get the plug-
ins to work.. my understanding is that the M C V files have their own
dirs in the app directory chain. Which is fine, but how do I get the
plug-ins to work?

For example, trying to get the users plug-in to work, I copied the
entire downloaded, unzipped, folder into /app/plugins/users as the
instructions say.

Then I did the "cake bake plugin users" which seems to have worked,
have the users & details tables set up, but am getting this error
now.. when I go to: http://localhost/cakephp/users

I guess I don't understand how files can sit under /app/plugins when
in the two documentation examples i had everything under the /app dir?

Do plug-ins stay under /app/plugins and you can have files under /app?
Also can I set up independent database.php files for each module, so
to speak?

I guess I don't get the special names or using, Users or user, as the
ordering is great in keeping a naming convention, but where do I look
to understand the flow is confusing. So is it the Model loads the
Connector and the Connector is displayed in the view, based on the url
that is entered?

So to back track based on URL, I would say that the "Model name" and
the "View" they are looking at is the last 2 folders in the URL?

http://localhost/cakephp/users
http://localhost/cakephp/users/login


--

Error: The Behavior file app\models\behaviors\utils.sluggable.php can
not be found or does not exist.

Error: Create the class below in file: app\models\behaviors
\utils.sluggable.php



--

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

validation related models

2011-06-22 Thread Patryk 
Welcome. At beginning, sorry for my english.

OK, so... I've got problem with data validation.
I've got two related models: User and Profile. When i'm registering
new user, i'm sending data to database from one form using fields:
User.username
Profile.firstname,
etc.

I save data by: $this->User->saveAll($this->data);
I have validtion rules in model's files: user.php and profile.php
When I save data - validation errors from user.php are showing for me,
but not from profile.php.

What should i do?

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Retrieving all Themes with associated Activities

2011-06-22 Thread mjleitch 
I have an Activity model and a Theme model. Activities are associated
to themes by theme_id. Some themes currently don't have any activities
yet  i'm wanting to get a list of only themes for which activities
exist.

I thought $this->Activity->Theme->find('all') would do this, but it
returns all themes, not just the themes to which activities are
attached. What's the proper way to accomplish this? I'm doing this in
the Activities controller, so I already have the Themes model through
it's association to Activities already.

Thanks!

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread AD7six 


On Jun 22, 12:49 pm, chris  wrote:
> Can someone confirm the circustances this ouput will appear?

On tuesdays.
>
> Does it happen if the debug level is set to 1 as well?

yes.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Recent troubles with 'minYear' and 'maxYear'

2011-06-22 Thread Jeremy Burns | Class Outfit 
Nothing looks odd there. Has the date changed on your server?

Out of interest, why are you using Sanitize?

On 18 Jun 2011, at 22:58, krisspnet wrote:

> Hi everyone, 
> 
> From the begining the 'minYear' and 'maxYear' in the code below worked
> pretty well. 
> However since 1 week it begins to fail. 
> Does anyone knows why the following code display from 1991 to 2031 where it
> has displayed from 1911 to 2011 before ? 
> 
> echo $form->inputs(array( 
>'legend' => __('Edit', true), 
>/* ... */ 
>Sanitize::html('birthday') => array('type' => 'date',
> array('minYear' => date('Y') - 100, 'maxYear' => date('Y'))) 
>)); 
> echo $form->end(__('Submit', true));
> 
> --
> View this message in context: 
> http://cakephp.1045679.n5.nabble.com/Recent-troubles-with-minYear-and-maxYear-tp4502140p4502140.html
> Sent from the CakePHP mailing list archive at Nabble.com.
> 
> -- 
> Our newest site for the community: CakePHP Video Tutorials 
> http://tv.cakephp.org 
> Check out the new CakePHP Questions site http://ask.cakephp.org and help 
> others with their CakePHP related questions.
> 
> 
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
> http://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Recent troubles with 'minYear' and 'maxYear'

2011-06-22 Thread krisspnet 
No idea ?

--
View this message in context: 
http://cakephp.1045679.n5.nabble.com/Recent-troubles-with-minYear-and-maxYear-tp4502140p4513633.html
Sent from the CakePHP mailing list archive at Nabble.com.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Where should i contact right people in CakePHP.org because this security critical problem

2011-06-22 Thread chris 
Can someone confirm the circustances this ouput will appear?

Does it happen if the debug level is set to 1 as well?

Thanks


On Jun 21, 6:48 pm, looklook look  wrote:
> Sad to hear that, Miles.
>
> I hope cake devs not blaming developers fault again.
> Otherwise, cake devs make it more safer way to new developer in learning
> CakePHP.
> Which always have many mistakes as progress of learning.
>
> Thanks
>
> http://yoodey.com
>
>
>
>
>
>
>
> On Wed, Jun 22, 2011 at 12:22 AM, Miles J  wrote:
> > I have brought this problem up before. Last time, the Cake devs said
> > it was the developers fault and it will stay in.
>
> > -_-
>
> > On Jun 21, 8:23 am, looklook look  wrote:
> > > Now you got my point ;)
>
> > > I have tried with google query to show database connection on Drupal,
> > > Codeigniter, Wordpress and many else.
> > > But yes, they can handle this database error carefully.
>
> > > So, i think this is critical issue that should fixed immediatelly.
>
> > > Thanks
>
> > > Yodihttp://yoodey.com
>
> > > On Tue, Jun 21, 2011 at 9:36 PM, Thomas Ploch  > >wrote:
>
> > > > OMG,
>
> > > > I certainly could connect to __several__ mysql servers found with this
> > > > google query.
>
> > > > Although I agree that this is a developer's mistake, I am sure that
> > > > there are a lot of unskilled developers that are doing this because
> > they
> > > > just dont know it better. So removing those values from the output
> > would
> > > > be a +1 from me.
>
> > > > Regards,
> > > > Thomas
>
> > > > Am Dienstag, den 21.06.2011, 06:02 -0700 schrieb chris:
> > > > > I'm intrigued by this issue.
>
> > > > > Can someone explain what situations would the whole config var be
> > > > > output? Is it only when an error occurs, and only when at a certain
> > > > > debug level? I've never seen it displayed at all whilst developing
> > > > > with cakePHP.
>
> > > > > Out of interested I googled the first part of the output, i.e.
>
> > > > > $config = array( "persistent" => false,
>
> > > > > and it certaintly suprised me how many sites this brings back with
> > > > > passwords on show.
>
> > > > > On Jun 21, 12:46 pm, yodi  wrote:
> > > > > > Sorry, it was on random site build by CakePHP.
>
> > > > > > To Euromark, i found more than 100 website affected with this
> > problem
> > > > > > and i don't have much time to email them all.
>
> > > > > > I think, whether it debug > 0, Cakephp should'nt throw real
> > password
> > > > > > into CONTEXT.
>
> > > > > > I try searching another CMS and Framework. Using same method, i
> > found
> > > > > > nothing of them show real password where database error connection
> > > > > > occured.
>
> > > > > > Yes, this is security issued for me. Which there are many developer
> > > > > > using CakePHP.
>
> > > > > > To Larry, i can send you some message to show how much it's
> > affected.
> > > > It
> > > > > > can be consideration.
>
> > > > > > Thanks
>
> > > > > > On Tue, 2011-06-21 at 06:13 -0500, Larry E. Masters wrote:
> > > > > > > Are you saying this was on the CakePHP website or a random site
> > you
> > > > > > > where visiting?
>
> > > > > > > --
> > > > > > > Larry E. Masters
>
> > > > > > > On Mon, Jun 20, 2011 at 2:18 PM, yoodey 
> > wrote:
> > > > > > >         Hello all,
>
> > > > > > >         I'm randomly browsing and get a website with Database
> > error
> > > > > > >         connection.
> > > > > > >         It gave me error page : Warning (2): mysql_connect()
> > > > > > >         [function.mysql-
> > > > > > >         connect]: Access denied for user ...
>
> > > > > > >         So i click on Context option and got this information.
>
> > > > > > >         $config =       array(
> > > > > > >                "persistent" => false,
> > > > > > >                "host" => "xxx",
> > > > > > >                "login" => "dbx",
> > > > > > >                "password" => "dbtxxx",
> > > > > > >                "database" => "dbx",
> > > > > > >                "port" => "3306",
> > > > > > >                "driver" => "mysql",
> > > > > > >                "prefix" => "",
> > > > > > >                "encoding" => "UTF8"
> > > > > > >         )
>
> > > > > > >         To avoid other people doing bad thing, i'm not showing
> > real
> > > > > > >         error
> > > > > > >         information.
>
> > > > > > >         I'm doing mysql command based on that information and
> > guest
> > > > > > >         what? I
> > > > > > >         got full access!
> > > > > > >         Curious with this error, i'm doing little research and
> > found
> > > > > > >         more than
> > > > > > >         1000 website mysql root access. (there many others, but i
> > too
> > > > > > >         tired to
> > > > > > >         check it one by one ).
>
> > > > > > >         This is very dangerous things which i'm big fans of
> > CakePHP.
> > > > I
> > > > > > >         working
> > > > > > >         on 50K/day visitors website powered by CakePHP which i
> > don't
> > > > > > >         wann

Re: cakephp 1.3.10 - URL rewriting is not properly configured on your server

2011-06-22 Thread Jeremy Burns | Class Outfit 
I just experienced this when setting up a new site and concluded that it is not 
really an error. The default Cake set up has:
a generic stylesheet (/app/webroot/css/cake.generic.css)
a default layout (/cake/libs/view/layouts) that calls the generic stylesheet
a default home page (/cake/libs/view/pages/home.ctp)

The generic home page has an element with an id of 'url-rewriting-warning'. 
This is hidden by default by a class in the generic stylesheet if:
you are using the default layout, home page and style sheet
and mod rewrite is working

If mod rewrite is not working, the style sheet will not load and therefore the 
element will not be hidden, and voila you see the error or if you remove the 
generic style sheet (as the style sheet is not loading the element will not be 
hidden).

These defaults are not really intended for production. They are just there to 
make sure your basic environment is correct.

On 14 Jun 2011, at 19:12, Anderson Machado wrote:

> Hello,
> 
> I did it but to no avail. I'm using wamp.
> 
> I removed the comment that line: LoadModule rewrite_module modules/
> mod_rewrite.so
> 
> I observed the following lines:
> 
> 
>Options FollowSymLinks
>AllowOverride All
> #Order deny,allow
> #Deny from all
> 
> 
> Continues to show the error. What can I do?
> 
> On Jun 8, 8:21 am, saidbakr  wrote:
>> So it is a bug in home.ctp and cake.generic.css and it could be solved
>> as follows:
>> 
>> add an id tag to the div that includes therewritingerror, the tag
>> will take the value : id="url-rewriting-warning". then in
>> cake.generic.css at the end of it add the following rule:
>> #url-rewriting-warning{
>> display: none;
>> 
>> }
>> 
>> so if rewrite is going fine, it will load the css file anf hence the
>> error message willnotbe displayed.
>> 
>> On Jun 6, 11:59 pm, majna  wrote:
>> 
>> 
>> 
>>> You need to update webroot/css/cake.generic.css
>>> used byURLrewritingcheck
>> 
>>> #url-rewriting-warning {
>>> display: none;
>> 
>>> }
>> 
>>> https://github.com/cakephp/cakephp/blob/1.3/app/webroot/css/cake.gene...
>> 
>>> On Jun 6, 4:03 pm, Ryan Olton  wrote:
>> 
> Sounds likeyourconfig isn't checkable somehow by the new 'check for
> urlrewriting' validation - work out why and file a bug report :)
>> 
 It appears that in the default home.ctp page there is this block of
 code just hanging out without any conditional code in place to show or
 hide this text ... in other words, you see in to matter what:
>> 
 
 >>> '); ?>
 
 
 >>> href="http://book.cakephp.org/view/917/Apache-
 and-mod_rewrite-and-htaccess" style="color:#fff;">
 
 
 
 
 >>> href="http://book.cakephp.org/view/931/CakePHP-
 Core-Configuration-Variables" style="color:#fff;">
 >>> useURLrewriting')?>
 
 
 
 
> 
> -- 
> Our newest site for the community: CakePHP Video Tutorials 
> http://tv.cakephp.org 
> Check out the new CakePHP Questions site http://ask.cakephp.org and help 
> others with their CakePHP related questions.
> 
> 
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
> http://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

landing page not working after payment on https

2011-06-22 Thread Ritesh R Aryal 
Hi Everybody,
I'm at the end of the development of a client based site which allows
clients to make online payment.

The site is working fine with HTTP://sitename.com while receiving
response back from payment gateway.
(I mean it is returning back to the system [landing-page] properly)

However, it is not working with HTTPS://sitename.com.
Once the payment is done, then, instead of going back to the payment
confirmation page it is directly bouncing back to the login page.

What could be the error / issues right here ?

Is it the issue of handing HTTP and HTTPS on cakephp ?

your early response will be highly appreciated.

regards

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: cake model association error

2011-06-22 Thread madusanka hettiarachchi 
Hi Jeramy,

thank you very much, As u said error was there. thanks you again for saving
my time!

-- Forwarded message --
From: Jeremy Burns | Class Outfit 
Date: Wed, Jun 22, 2011 at 1:38 PM
Subject: Re: cake model association error
To: cake-php@googlegroups.com


Try this instead:

:Subalbum model:::

var $belongsTo = array('Album');

Jeremy Burns
*Class Outfit*
*
*
jeremybu...@classoutfit.com 
http://www.classoutfit.com

On 22 Jun 2011, at 08:54, madusanka hettiarachchi wrote:

HI guys,

Im new to cake! I made a association between two models called "Album" and
"Subalbum".
association should be like this,

Subalbum hasOne Album
Album hasMany Subalbums

bt I got error like this,
*
1054: Unknown column 'Album.subalbum_id' in 'on clause'
[CORE\cake\libs\model\datasources\dbo_source.php, line 684]

*SELECT `Subalbum`.`id`, `Subalbum`.`sub_album_name`,
`Subalbum`.`date_created`, `Subalbum`.`last_modified_date`,
`Subalbum`.`music_id`, `Subalbum`.`size`, `Subalbum`.`album_id`,
`Album`.`id`, `Album`.`album_name`, `Album`.`sub_directory`,
`Album`.`create_date`, `Album`.`last_modified_date`, `Album`.`music_id`,
`Album`.`album_category`, `Album`.`album_description`, `Album`.`user_id`,
`Album`.`size` FROM `subalbums` AS `Subalbum` LEFT JOIN `albums` AS `Album`
ON (`Album`.`subalbum_id` = `Subalbum`.`id`)  WHERE 1 = 1

error occuerd due to highlighted part of the query, it should be
(`Album`.`subalbum_id`
= `Subalbum`.`id`)

here are my codes

:Subalbum model:::

var $hasOne = array('Album');

:Album model 

var $hasMany = 'Subalbum';


can any body help me?
-- 
Ganganath Hettiarachchi

-- 
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help
others with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php


 --
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help
others with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php



-- 
Ganganath Hettiarachchi
Faculty of Information Technology
UOM

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Site Relaunch using Cake 1.3

2011-06-22 Thread Niels 
Nice site, I'm looking forward to hear more how you setup you're site
architecture.

How did you manage you're image and video's for example.
I'm also curious how setup the master and 2 slaves databases with
cakephp, is it hard to implement ?

Regards,

Niels

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: cake model association error

2011-06-22 Thread Jeremy Burns | Class Outfit 
Try this instead:

:Subalbum model:::

var $belongsTo = array('Album');

Jeremy Burns
Class Outfit

jeremybu...@classoutfit.com
http://www.classoutfit.com

On 22 Jun 2011, at 08:54, madusanka hettiarachchi wrote:

> HI guys,
> 
> Im new to cake! I made a association between two models called "Album" and 
> "Subalbum".
> association should be like this,
> 
> Subalbum hasOne Album
> Album hasMany Subalbums
> 
> bt I got error like this,
> 
> 1054: Unknown column 'Album.subalbum_id' in 'on clause' 
> [CORE\cake\libs\model\datasources\dbo_source.php, line 684]
> 
> SELECT `Subalbum`.`id`, `Subalbum`.`sub_album_name`, 
> `Subalbum`.`date_created`, `Subalbum`.`last_modified_date`, 
> `Subalbum`.`music_id`, `Subalbum`.`size`, `Subalbum`.`album_id`, 
> `Album`.`id`, `Album`.`album_name`, `Album`.`sub_directory`, 
> `Album`.`create_date`, `Album`.`last_modified_date`, `Album`.`music_id`, 
> `Album`.`album_category`, `Album`.`album_description`, `Album`.`user_id`, 
> `Album`.`size` FROM `subalbums` AS `Subalbum` LEFT JOIN `albums` AS `Album` 
> ON (`Album`.`subalbum_id` = `Subalbum`.`id`)  WHERE 1 = 1
> 
> error occuerd due to highlighted part of the query, it should be 
> (`Album`.`subalbum_id` = `Subalbum`.`id`) 
> 
> here are my codes 
> 
> :Subalbum model:::
> 
> var $hasOne = array('Album');
> 
> :Album model 
> 
> var $hasMany = 'Subalbum';
> 
> 
> can any body help me?
> -- 
> Ganganath Hettiarachchi
> 
> -- 
> Our newest site for the community: CakePHP Video Tutorials 
> http://tv.cakephp.org 
> Check out the new CakePHP Questions site http://ask.cakephp.org and help 
> others with their CakePHP related questions.
>  
>  
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
> http://groups.google.com/group/cake-php

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

cake model association error

2011-06-22 Thread madusanka hettiarachchi 
HI guys,

Im new to cake! I made a association between two models called "Album" and
"Subalbum".
association should be like this,

Subalbum hasOne Album
Album hasMany Subalbums

bt I got error like this,
*
1054: Unknown column 'Album.subalbum_id' in 'on clause'
[CORE\cake\libs\model\datasources\dbo_source.php, line 684]

*SELECT `Subalbum`.`id`, `Subalbum`.`sub_album_name`,
`Subalbum`.`date_created`, `Subalbum`.`last_modified_date`,
`Subalbum`.`music_id`, `Subalbum`.`size`, `Subalbum`.`album_id`,
`Album`.`id`, `Album`.`album_name`, `Album`.`sub_directory`,
`Album`.`create_date`, `Album`.`last_modified_date`, `Album`.`music_id`,
`Album`.`album_category`, `Album`.`album_description`, `Album`.`user_id`,
`Album`.`size` FROM `subalbums` AS `Subalbum` LEFT JOIN `albums` AS `Album`
ON (`Album`.`subalbum_id` = `Subalbum`.`id`)  WHERE 1 = 1

error occuerd due to highlighted part of the query, it should be
(`Album`.`subalbum_id`
= `Subalbum`.`id`)

here are my codes

:Subalbum model:::

var $hasOne = array('Album');

:Album model 

var $hasMany = 'Subalbum';


can any body help me?
-- 
Ganganath Hettiarachchi

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php