Cakephp Forms Security Flaw
I was checking tihs tutorial ...
http://book.cakephp.org/view/326/The-Cake-Blog-Tutorial
Here I see a big security flaw ... and I think this practice is used
throughout the framework.
# function add()
# {
# if (!empty($this-data))
# {
# if ($this-Post-save($this-data))
# {
# $this-flash('Your post has been saved.','/posts');
# }
# }
# }
We create HTML forms input with name like 'data[Post][field_name]' ...
and on post back we can access it using $this-data.
and that data array contains array of Post as in our input name.
Concern:
As value in input field_name directly maps to our DB field, if some
one tamper your HTML form by guessing database field name ... we have
no checks.
I want to know, is there any base solution provided by cakephp, or we
have to recheck the posted fields manually again.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Cake PHP running dead slow !-- 60.6669s --
Hi, Cake PHP is running dead slow on production server, plz check it yourself ... http://www.voiceofkhanqah.com, On load, at bottom of page it shows ... !-- 60.6669s -- For phpinfo() ... http://www.voiceofkhanqah.com/afnan.php For debug level 3 logs of main page ... - 3 queries took 57 ms Nr Query Error Affected Num. rows Took (ms) 1 DESCRIBE `majalis` 6 6 18 2 DESCRIBE `users` 5 5 29 3 SELECT `Majlis`.`id`, `Majlis`.`title`, `Majlis`.`start_time`, `Majlis`.`end_time`, `Majlis`.`status`, `Majlis`.`weekdays` FROM `majalis` AS `Majlis` WHERE status=1 5 5 10 other static content (htm) on same server runs comparatively faster .. http://www.voiceofkhanqah.com/old/ please reply what i m missing, thanks in advance. Afnan. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Cake PHP running dead slow !-- 60.6669s --
Just need to confirm... is there some known issue of cake with Apache1.3/CGI . i have also asked server hosting company to check load. sometimes it takes 2-3s and sometimes 20-60s for php exec. plz reply if someone have any idea ... On Jul 28, 11:44 pm, AzGhanv/. [EMAIL PROTECTED] wrote: Hi, Cake PHP is running dead slow on production server, plz check it yourself ...http://www.voiceofkhanqah.com, On load, at bottom of page it shows ... !-- 60.6669s -- For phpinfo() ...http://www.voiceofkhanqah.com/afnan.php For debug level 3 logs of main page ... - 3 queries took 57 ms Nr Query Error Affected Num. rows Took (ms) 1 DESCRIBE `majalis` 6 6 18 2 DESCRIBE `users` 5 5 29 3 SELECT `Majlis`.`id`, `Majlis`.`title`, `Majlis`.`start_time`, `Majlis`.`end_time`, `Majlis`.`status`, `Majlis`.`weekdays` FROM `majalis` AS `Majlis` WHERE status=1 5 5 10 other static content (htm) on same server runs comparatively faster ..http://www.voiceofkhanqah.com/old/ please reply what i m missing, thanks in advance. Afnan. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Using helper in Controller's action
Hi, I need to know how can we use helper such as $Text in controller's action. I want to use $Text-truncate() .. in controller's action. I know component will do the work, but is there any way i can use helper in it or i need to duplicate code of text helper as component. thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
