Re: Default label options?
Yeah, that's exactly what I had ended up doing. On Jan 26, 2013 3:02 AM, "Maxime Chêne" wrote: > The best way is to override the FormHelper with more output options. > slywalker is doing great job with his plugin, you should take a look : > https://github.com/slywalker/TwitterBootstrap > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com. > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php?hl=en. > > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Default label options?
After looking through the formHelper, I don't see a way of doing this.
So I added the code and submit a pull-request on GitHub.
Hopefully that helps someone else!
Cheers
On Thu, Apr 5, 2012 at 10:12 AM, nabeel wrote:
> Hi all,
>
> Is there a way to set the default label options? I want every label to
> have a certain class.
> Right now, on Form->create(), I call a helper function and pass it the
> options array, and it appends my default options from the helper, to the
> form specific ones.
> It works rather well:
>
>
> public function formOptions($params) {
>
> $params_default = array(
> 'url' => '', 'type' => 'post',
> 'class' => 'form-horizontal',
> 'inputDefaults' => array(
> 'label' => array('class' => 'control-label'),
> 'div' => 'control-group',
> 'between' => '', 'after' => '',
> 'error' => array('attributes' => array('wrap' => 'p', 'class' =>
> 'controls help-block'))
> )
> );
>
> return array_merge($params_default, $params);
> }
>
>
> If you're familiar with bootstrap, you can see that's what I'm using.
> But that inputDefault of the label options doesn't stick - I don't think
> there's a way of doing this the way I want to, looking through the
> formOptions code, I don't see it there. Don't know if there's a way without
> touching every form.
>
> Any ideas?
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Default label options?
Hi all,
Is there a way to set the default label options? I want every label to have
a certain class.
Right now, on Form->create(), I call a helper function and pass it the
options array, and it appends my default options from the helper, to the
form specific ones.
It works rather well:
public function formOptions($params) {
$params_default = array(
'url' => '', 'type' => 'post',
'class' => 'form-horizontal',
'inputDefaults' => array(
'label' => array('class' => 'control-label'),
'div' => 'control-group',
'between' => '', 'after' => '',
'error' => array('attributes' => array('wrap' => 'p', 'class' => 'controls
help-block'))
)
);
return array_merge($params_default, $params);
}
If you're familiar with bootstrap, you can see that's what I'm using.
But that inputDefault of the label options doesn't stick - I don't think
there's a way of doing this the way I want to, looking through the
formOptions code, I don't see it there. Don't know if there's a way without
touching every form.
Any ideas?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: "Mass Assignment Vulnerability" - protection in Cake
How does the SecurityComponent affect view caching? Does Cake automatically work around it? On Thu, Mar 8, 2012 at 6:59 PM, euromark wrote: > thats mainly what I was saying: adding or removing fields in the DOM will > cause trouble for sure. > > but also resubmitting the form via AJAX several times (as the session > token then expires) will blackhole if not avoided carefully. > > so it is always good to know how the fieldList solution works > > > Am Donnerstag, 8. März 2012 16:23:45 UTC+1 schrieb jeremyharris: > >> I've had no problem with ajax forms and the security component. The token >> is still added and it still goes through. It only blackholes if you >> dynamically change that field with javascript. >> >> On Thursday, March 8, 2012 7:20:34 AM UTC-8, euromark wrote: >>> >>> well, with ajax and dynamic field injection in forms you need to disable >>> the component or at least some fields in order to not get blackholed >>> therefore I rather use the field whitelisting than enabling the security >>> component >>> but either way: one of those two options you should use to be on the >>> safe side >>> >> -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: "Mass Assignment Vulnerability" - protection in Cake
Sorry, what do you mean by the only way?
I'm trying to fully understand the security component and all of the
caveats before I go and implement anything - I want to do it the proper way.
On Thu, Mar 8, 2012 at 9:07 AM, euromark wrote:
> @rodrigo
> right - this is also the only way to work with ajax form posts
>
>
> Am Donnerstag, 8. März 2012 13:57:08 UTC+1 schrieb Rodrigo Rodrigues Moyle:
>
>> I always use save($data, array('fieldList' => array())) to protect
>> against this problem regardless of the SecurityComponent.
>>
>> Em terça-feira, 6 de março de 2012 18h06min37s UTC-3, nabeel escreveu:
>>>
>>> Hi all,
>>>
>>> I'm sure we've all heard about what happened with RoR and Github just
>>> recently -
>>>
>>> https://github.com/rails/**rails/issues/5228<https://github.com/rails/rails/issues/5228>
>>> http://arstechnica.com/**business/news/2012/03/hacker-**
>>> commandeers-github-to-prove-**vuln-in-ruby.ars<http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars>
>>>
>>> So I can see how this could possibly be done in Cake as well (haven't
>>> tried), but just adding a hidden field to the form with the values.
>>>
>>> So - what's the best way (in Cake) to protect against this? Is it
>>> setting the allowed fields in the $this->Model->save() call? Is the a
>>> better way?
>>
>> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: "Mass Assignment Vulnerability" - protection in Cake
Yeah, I'm on Cake 2.1, so I will have to test it thoroughly for sure.
Thanks!
On Wed, Mar 7, 2012 at 4:07 PM, jeremyharris wrote:
> Enabling the Security component should be the first thing you do. You are
> immediately protected against form tampering.
>
> Something to note on enabling it on an existing app: test it thoroughly!
> Checkboxes with no hiddenField will blackhole (at least in 1.3) comes to
> mind.
>
> On Wednesday, March 7, 2012 7:59:39 AM UTC-8, nabeel wrote:
>>
>> I figured, so using SecurityComponent will protect against this.
>> I have to re-visit that component, I was having some issues on forms when
>> they came from a redirect (ie, external auth)
>>
>> Thanks
>>
>> On Tuesday, March 6, 2012 5:01:38 PM UTC-5, PhpNut - Larry E. Masters
>> wrote:
>>>
>>>
>>> Hi all,
>>>>
>>>> I'm sure we've all heard about what happened with RoR and Github just
>>>> recently -
>>>>
>>>> https://github.com/rails/**rails/issues/5228<https://github.com/rails/rails/issues/5228>
>>>> http://arstechnica.com/**business/news/2012/03/hacker-**
>>>> commandeers-github-to-prove-**vuln-in-ruby.ars<http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars>
>>>>
>>>> So I can see how this could possibly be done in Cake as well (haven't
>>>> tried), but just adding a hidden field to the form with the values.
>>>>
>>>> So - what's the best way (in Cake) to protect against this? Is it
>>>> setting the allowed fields in the $this->Model->save() call? Is the a
>>>> better way?
>>>
>>>
>>>
>>> CakePHP has protected against this for years. Follow conventions, use
>>> the Security Component and Form Helper.
>>>
>>> $components = array('Security');
>>>
>>>
>>> --
>>> Larry E. Masters
>>>
>>>
>> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: "Mass Assignment Vulnerability" - protection in Cake
I figured, so using SecurityComponent will protect against this.
I have to re-visit that component, I was having some issues on forms when
they came from a redirect (ie, external auth)
Thanks
On Tuesday, March 6, 2012 5:01:38 PM UTC-5, PhpNut - Larry E. Masters wrote:
>
>
> Hi all,
>>
>> I'm sure we've all heard about what happened with RoR and Github just
>> recently -
>>
>> https://github.com/rails/rails/issues/5228
>>
>> http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars
>>
>> So I can see how this could possibly be done in Cake as well (haven't
>> tried), but just adding a hidden field to the form with the values.
>>
>> So - what's the best way (in Cake) to protect against this? Is it
>> setting the allowed fields in the $this->Model->save() call? Is the a
>> better way?
>
>
>
> CakePHP has protected against this for years. Follow conventions, use the
> Security Component and Form Helper.
>
> $components = array('Security');
>
>
> --
> Larry E. Masters
>
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
"Mass Assignment Vulnerability" - protection in Cake
Hi all, I'm sure we've all heard about what happened with RoR and Github just recently - https://github.com/rails/rails/issues/5228 http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars So I can see how this could possibly be done in Cake as well (haven't tried), but just adding a hidden field to the form with the values. So - what's the best way (in Cake) to protect against this? Is it setting the allowed fields in the $this->Model->save() call? Is the a better way? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Forms/Model SQL Error
Hi all,
I'm trying to create a form - I have a Users model with some simple
validation. I'm creating a form with:
http://bin.cakephp.org/view/2134760139
The output from this on the page is:
http://bin.cakephp.org/view/220211324
Hmm, that's not right. So I turn up debug:
http://bin.cakephp.org/view/1647080842
Not so pretty but basically:
Warning (512): SQL Error: 1064: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near 'entity' at line 1 [CORE/cake/libs/model/
datasources/dbo_source.php, line 673]
Showing where the form starts, and then:
Warning (2): implode() [http://php.net/function.implode]: Invalid
arguments passed [CORE/cake/libs/view/helper.php, line 643
Warning (2): array_shift() expects parameter 1 to be array, boolean
given [CORE/cake/libs/view/helper.php, line 597]
Warning (2): array_map() [http://php.net/function.array-map]: Argument
#2 should be an array [CORE/cake/libs/view/hel
Warning (2): join() [http://php.net/function.join]: Invalid arguments
passed [CORE/cake/libs/view/helper.php, line 598]
When I remove the public $uses = array('User'); from my controller,
there are no errors, and the fields show up properly. But then of
course, I can't do any validation or saving of the data.
Any ideas?
Thanks
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
