Re: Euromark function guaranteeFields($requiredFields, $data = null) {
Yeah, at first i didn't really relise what this was about.. But Euromark is right. Just make another function, to which normal users have access, and change the way it inputs fields. You can read from DB to see the old values and place them to be sure they haven't change, and only allowed ones to put from the form. But interesting topic, until you asked I really didn't think of this in cake.. There is also another way that came across my mind for doing this. It's a little odd, but in odd situations odd solutions can be ok. If you have like 50 fileds in db which user shouldn't be able to change and 50 more which he should (raelly aqward situation but let's just say this is it for conversation purposes..), you could make 2 DB tables. First one is consisted of 50 allowed fields + 1 not allowed to change and the other is made of 50 forbiden fields. Logicaly, you have one on one or many on one relation from allowed to notallowd and that is the that +1 field. So you can set up function which changes those 50 allowed plus 1 not allowed fields , and check for only that one which is a connection to forbiden fields. So it is kinda boring, but at least you do not need to check for these 50 fields in your controller... I hope it helps a bit, and that you will make success in your project ! All the best ! Milos On Apr 3, 12:32 pm, euromark wrote: > i disagree with Milos in some points > but yes, the crucial point is that the main focus should be the server > side as far as security is concerned > > but besides that he proposes hacks that will not only make the code > less readable, it also opens the door for many > bugs and errors as well as bloating the model unnecessarily´. > > "if you didn't input required value > (if you even specified what types of character can be used), there is > no way you'll pass submitting" > actually, you will. what if the validation is only checking if the ID > is valid. you still could use the ID of any other user on the site. > and the security component will not be able to do anything against it. > > thats why all fields, that are not intended to be changed should be > excluded from being passed on to the model. > this way you can ensure that no harm can be done to them. > its easy, its short (compared to other solutions like milos), its > clean. > > On 3 Apr., 10:57, Miloš Vučinić wrote: > > > I just read smth. So one more comment :) Hope I am not borring you. If > > you are worried about primary key injection etc, you can always make > > rights to do stuff. You can have several functions for doing stuff. > > You can grab data in controller and see if somebody tried to enter a > > parameter which is not allowed for this kind of users. Like role_id > > etc, and if they are not null, you blok the save functions. > > > Eg. > > I have user controller, and I have 2 edit functions and by that 2 > > different forms. First one is for admins, and second one for users. In > > users function I check the data before calling model ($this->save($data)) > > and I see what is in that data. If I find smth I don't > > > want there I would not call the save data function... > > > I can't remember if I actually done that, but I think it is quite > > doable, because you have access to data var before calling the model.. > > > all the best :) > > > On Apr 3, 10:51 am, Miloš Vučinić wrote: > > > > And if you hate programming so many fields, just bake the add form for > > > the database table and change it the way you want.. baking takes like > > > a minute to finish . > > > :) > > > > I am no baking everything I can :) > > > > all the best > > > Milos > > > > On Apr 2, 9:26 pm, "Krissy Masters" > > > wrote: > > > > > Right on. Was only curious since Security create a hash based on the > > > > fields > > > > I figured there must be some way to do the same thing and use it for > > > > whatever reason. > > > > > Thanks for the info all the same. > > > > > K > > > > > -Original Message- > > > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On > > > > Behalf > > > > > Of euromark > > > > Sent: Saturday, April 02, 2011 10:43 PM > > > > To: CakePHP > > > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > > > null) { > > > > > it is not possible > > > > > the controller has no direct link to the form helper > > > > especially not after a post (and therefore BEFORE the form is rendered
Re: Euromark function guaranteeFields($requiredFields, $data = null) {
i disagree with Milos in some points but yes, the crucial point is that the main focus should be the server side as far as security is concerned but besides that he proposes hacks that will not only make the code less readable, it also opens the door for many bugs and errors as well as bloating the model unnecessarily´. "if you didn't input required value (if you even specified what types of character can be used), there is no way you'll pass submitting" actually, you will. what if the validation is only checking if the ID is valid. you still could use the ID of any other user on the site. and the security component will not be able to do anything against it. thats why all fields, that are not intended to be changed should be excluded from being passed on to the model. this way you can ensure that no harm can be done to them. its easy, its short (compared to other solutions like milos), its clean. On 3 Apr., 10:57, Miloš Vučinić wrote: > I just read smth. So one more comment :) Hope I am not borring you. If > you are worried about primary key injection etc, you can always make > rights to do stuff. You can have several functions for doing stuff. > You can grab data in controller and see if somebody tried to enter a > parameter which is not allowed for this kind of users. Like role_id > etc, and if they are not null, you blok the save functions. > > Eg. > I have user controller, and I have 2 edit functions and by that 2 > different forms. First one is for admins, and second one for users. In > users function I check the data before calling model ($this->save($data)) and > I see what is in that data. If I find smth I don't > > want there I would not call the save data function... > > I can't remember if I actually done that, but I think it is quite > doable, because you have access to data var before calling the model.. > > all the best :) > > On Apr 3, 10:51 am, Miloš Vučinić wrote: > > > > > > > > > And if you hate programming so many fields, just bake the add form for > > the database table and change it the way you want.. baking takes like > > a minute to finish . > > :) > > > I am no baking everything I can :) > > > all the best > > Milos > > > On Apr 2, 9:26 pm, "Krissy Masters" > > wrote: > > > > Right on. Was only curious since Security create a hash based on the > > > fields > > > I figured there must be some way to do the same thing and use it for > > > whatever reason. > > > > Thanks for the info all the same. > > > > K > > > > -Original Message----- > > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On > > > Behalf > > > > Of euromark > > > Sent: Saturday, April 02, 2011 10:43 PM > > > To: CakePHP > > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > > null) { > > > > it is not possible > > > > the controller has no direct link to the form helper > > > especially not after a post (and therefore BEFORE the form is rendered > > > again). > > > controller + model are finished before the view even starts to render. > > > > you would need to embed the keys as a hidden field in the form itself > > > (+ hash etc to disallow any modifications). > > > but then you could just as well use the security component and you > > > would be already done. > > > > so i dont see a point in that. > > > i agree that it can be a pain in the but. > > > in some rare occasions you could use blacklisting (especially if you > > > only want to forbid 1 field of 50 allowed fields). > > > in other occasions you would store those field names in a (long?) > > > array in the model and simply use it in the controller > > > $this->Model->allowedFieldsForEdit > > > etc > > > > either way linking the form helper / form inputs to the model logic > > > can probably do more harm than good. > > > i would think about which fields are allowed and manually pass them to > > > the set/save methods. using the model arrays to store the fields will > > > also ensure that after an update of the schema you got all field names > > > in a single place. less likely you will forget to add/delete fields. > > > > On 3 Apr., 00:51, "Krissy Masters" wrote: > > > > Sorry I think you missed my point. > > > > Example: > > > > I have a form with 50 fields. I would have to manually type out all 50 > > > > if > > > > they have to be in the form = pain > > &g
Re: Euromark function guaranteeFields($requiredFields, $data = null) {
I just read smth. So one more comment :) Hope I am not borring you. If you are worried about primary key injection etc, you can always make rights to do stuff. You can have several functions for doing stuff. You can grab data in controller and see if somebody tried to enter a parameter which is not allowed for this kind of users. Like role_id etc, and if they are not null, you blok the save functions. Eg. I have user controller, and I have 2 edit functions and by that 2 different forms. First one is for admins, and second one for users. In users function I check the data before calling model ($this- >save($data)) and I see what is in that data. If I find smth I don't want there I would not call the save data function... I can't remember if I actually done that, but I think it is quite doable, because you have access to data var before calling the model.. all the best :) On Apr 3, 10:51 am, Miloš Vučinić wrote: > And if you hate programming so many fields, just bake the add form for > the database table and change it the way you want.. baking takes like > a minute to finish . > :) > > I am no baking everything I can :) > > all the best > Milos > > On Apr 2, 9:26 pm, "Krissy Masters" > wrote: > > > Right on. Was only curious since Security create a hash based on the fields > > I figured there must be some way to do the same thing and use it for > > whatever reason. > > > Thanks for the info all the same. > > > K > > > -Original Message- > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf > > > Of euromark > > Sent: Saturday, April 02, 2011 10:43 PM > > To: CakePHP > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > null) { > > > it is not possible > > > the controller has no direct link to the form helper > > especially not after a post (and therefore BEFORE the form is rendered > > again). > > controller + model are finished before the view even starts to render. > > > you would need to embed the keys as a hidden field in the form itself > > (+ hash etc to disallow any modifications). > > but then you could just as well use the security component and you > > would be already done. > > > so i dont see a point in that. > > i agree that it can be a pain in the but. > > in some rare occasions you could use blacklisting (especially if you > > only want to forbid 1 field of 50 allowed fields). > > in other occasions you would store those field names in a (long?) > > array in the model and simply use it in the controller > > $this->Model->allowedFieldsForEdit > > etc > > > either way linking the form helper / form inputs to the model logic > > can probably do more harm than good. > > i would think about which fields are allowed and manually pass them to > > the set/save methods. using the model arrays to store the fields will > > also ensure that after an update of the schema you got all field names > > in a single place. less likely you will forget to add/delete fields. > > > On 3 Apr., 00:51, "Krissy Masters" wrote: > > > Sorry I think you missed my point. > > > Example: > > > I have a form with 50 fields. I would have to manually type out all 50 if > > > they have to be in the form = pain > > > Im interested in grabbing all the field names the form has before its > > > rendered. Then use that in the function before saving > > > > beforeRender() / beforeFilter(){ > > > grab all the fields your form has before rendering it > > > > $form_fields = ??? somefunction to grab all your fields > > > > Then use an array / !in_array / arrys_keys to keep / exclude ones that > > are > > > required to be there > > > > $required_fields = array_diff( array('optional', 'fields', 'here' > > > ),$form_fields); //something like that so you type out a few not all type > > > thing > > > > } > > > > That's what I am wondering, if anyone knows how you could grab a list of > > > fields in the form. > > > > Thanks, > > > > K > > > > -Original Message- > > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On > > Behalf > > > > Of cricket > > > Sent: Saturday, April 02, 2011 7:45 PM > > > To: cake-php@googlegroups.com > > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > > null) { > > > > On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters > > > wrote: > > >
Re: Euromark function guaranteeFields($requiredFields, $data = null) {
And if you hate programming so many fields, just bake the add form for the database table and change it the way you want.. baking takes like a minute to finish . :) I am no baking everything I can :) all the best Milos On Apr 2, 9:26 pm, "Krissy Masters" wrote: > Right on. Was only curious since Security create a hash based on the fields > I figured there must be some way to do the same thing and use it for > whatever reason. > > Thanks for the info all the same. > > K > > -Original Message- > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf > > Of euromark > Sent: Saturday, April 02, 2011 10:43 PM > To: CakePHP > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > null) { > > it is not possible > > the controller has no direct link to the form helper > especially not after a post (and therefore BEFORE the form is rendered > again). > controller + model are finished before the view even starts to render. > > you would need to embed the keys as a hidden field in the form itself > (+ hash etc to disallow any modifications). > but then you could just as well use the security component and you > would be already done. > > so i dont see a point in that. > i agree that it can be a pain in the but. > in some rare occasions you could use blacklisting (especially if you > only want to forbid 1 field of 50 allowed fields). > in other occasions you would store those field names in a (long?) > array in the model and simply use it in the controller > $this->Model->allowedFieldsForEdit > etc > > either way linking the form helper / form inputs to the model logic > can probably do more harm than good. > i would think about which fields are allowed and manually pass them to > the set/save methods. using the model arrays to store the fields will > also ensure that after an update of the schema you got all field names > in a single place. less likely you will forget to add/delete fields. > > On 3 Apr., 00:51, "Krissy Masters" wrote: > > Sorry I think you missed my point. > > Example: > > I have a form with 50 fields. I would have to manually type out all 50 if > > they have to be in the form = pain > > Im interested in grabbing all the field names the form has before its > > rendered. Then use that in the function before saving > > > beforeRender() / beforeFilter(){ > > grab all the fields your form has before rendering it > > > $form_fields = ??? somefunction to grab all your fields > > > Then use an array / !in_array / arrys_keys to keep / exclude ones that > are > > required to be there > > > $required_fields = array_diff( array('optional', 'fields', 'here' > > ),$form_fields); //something like that so you type out a few not all type > > thing > > > } > > > That's what I am wondering, if anyone knows how you could grab a list of > > fields in the form. > > > Thanks, > > > K > > > -Original Message- > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On > Behalf > > > Of cricket > > Sent: Saturday, April 02, 2011 7:45 PM > > To: cake-php@googlegroups.com > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > null) { > > > On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters > > wrote: > > > Reading the bit about making fields required in a form so a user can not > > > firebug them out and thought is there a way to manually grab the names > of > > > the fields in a form being rendered in the controller? > > > Form might have 50 fields and you need them all, writing out all of that > > > would be trauma. (but writing the names and updating the model in the > > > future, spellingso on) > > > > Security component does something with all the names to makes it hash > no? > > > > Anyone have any ideas? Here is a link to his excellent idea incase > anyone > > > wants to read up on it. > > > >http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ > > > > secion => Protection against missing fields > > > I think it would be best to use a class var in the model. > > > $this->Model->set( > > $this->data, > > null, > > $this->Model->required_fields > > ); > > > You could even have separate field lists for different actions: > > > $this->Model->set( > > $this->data, > > null, > > $this->Model->required_fields['edit'] >
Re: Euromark function guaranteeFields($requiredFields, $data = null) {
In risk of looking a little bit stupid, I'll ask this. If you need a field to be required, you can set that in model, so why bother with other stuff ? doI it that way. You can either use predefined rules of cake or make your own using regular expressions.. You can firebug all you want but when you click save, if you didn't input required value (if you even specified what types of character can be used), there is no way you'll pass submitting, and user will not even be redirected from the page.. And if you really need to make something very tricky , you can always use ajax . This component of cake is beautiful. It even flashes messages next to the fields if there is an error with them.. Also one more comment. I do not see much point of protecting your form from being firebuged... Because, if somebody tries to hack a form on the client side (smth that is already loaded in his browser) you can't really stop them. When they receive a form it is kinda their now and they can change it or do whatever they want with it, because you have no control over data on his computer. But, in order to make sure no hacks are gonna happen, just made the same security on the server side of app and there you have it. The security you put on client side is for clients. So that it would make their lives easier, when filling forms etc. But for those evil clients who wish to ruin your work, you put security on server side and you have done all you needed to do. Hope i didn't miss the subject :) All the best, Milos On Apr 2, 9:26 pm, "Krissy Masters" wrote: > Right on. Was only curious since Security create a hash based on the fields > I figured there must be some way to do the same thing and use it for > whatever reason. > > Thanks for the info all the same. > > K > > -Original Message- > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf > > Of euromark > Sent: Saturday, April 02, 2011 10:43 PM > To: CakePHP > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > null) { > > it is not possible > > the controller has no direct link to the form helper > especially not after a post (and therefore BEFORE the form is rendered > again). > controller + model are finished before the view even starts to render. > > you would need to embed the keys as a hidden field in the form itself > (+ hash etc to disallow any modifications). > but then you could just as well use the security component and you > would be already done. > > so i dont see a point in that. > i agree that it can be a pain in the but. > in some rare occasions you could use blacklisting (especially if you > only want to forbid 1 field of 50 allowed fields). > in other occasions you would store those field names in a (long?) > array in the model and simply use it in the controller > $this->Model->allowedFieldsForEdit > etc > > either way linking the form helper / form inputs to the model logic > can probably do more harm than good. > i would think about which fields are allowed and manually pass them to > the set/save methods. using the model arrays to store the fields will > also ensure that after an update of the schema you got all field names > in a single place. less likely you will forget to add/delete fields. > > On 3 Apr., 00:51, "Krissy Masters" wrote: > > Sorry I think you missed my point. > > Example: > > I have a form with 50 fields. I would have to manually type out all 50 if > > they have to be in the form = pain > > Im interested in grabbing all the field names the form has before its > > rendered. Then use that in the function before saving > > > beforeRender() / beforeFilter(){ > > grab all the fields your form has before rendering it > > > $form_fields = ??? somefunction to grab all your fields > > > Then use an array / !in_array / arrys_keys to keep / exclude ones that > are > > required to be there > > > $required_fields = array_diff( array('optional', 'fields', 'here' > > ),$form_fields); //something like that so you type out a few not all type > > thing > > > } > > > That's what I am wondering, if anyone knows how you could grab a list of > > fields in the form. > > > Thanks, > > > K > > > -Original Message- > > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On > Behalf > > > Of cricket > > Sent: Saturday, April 02, 2011 7:45 PM > > To: cake-php@googlegroups.com > > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > > null) { > > > On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters > > wrote: > > > Reading the bi
RE: Euromark function guaranteeFields($requiredFields, $data = null) {
Right on. Was only curious since Security create a hash based on the fields I figured there must be some way to do the same thing and use it for whatever reason. Thanks for the info all the same. K -Original Message- From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of euromark Sent: Saturday, April 02, 2011 10:43 PM To: CakePHP Subject: Re: Euromark function guaranteeFields($requiredFields, $data = null) { it is not possible the controller has no direct link to the form helper especially not after a post (and therefore BEFORE the form is rendered again). controller + model are finished before the view even starts to render. you would need to embed the keys as a hidden field in the form itself (+ hash etc to disallow any modifications). but then you could just as well use the security component and you would be already done. so i dont see a point in that. i agree that it can be a pain in the but. in some rare occasions you could use blacklisting (especially if you only want to forbid 1 field of 50 allowed fields). in other occasions you would store those field names in a (long?) array in the model and simply use it in the controller $this->Model->allowedFieldsForEdit etc either way linking the form helper / form inputs to the model logic can probably do more harm than good. i would think about which fields are allowed and manually pass them to the set/save methods. using the model arrays to store the fields will also ensure that after an update of the schema you got all field names in a single place. less likely you will forget to add/delete fields. On 3 Apr., 00:51, "Krissy Masters" wrote: > Sorry I think you missed my point. > Example: > I have a form with 50 fields. I would have to manually type out all 50 if > they have to be in the form = pain > Im interested in grabbing all the field names the form has before its > rendered. Then use that in the function before saving > > beforeRender() / beforeFilter(){ > grab all the fields your form has before rendering it > > $form_fields = ??? somefunction to grab all your fields > > Then use an array / !in_array / arrys_keys to keep / exclude ones that are > required to be there > > $required_fields = array_diff( array('optional', 'fields', 'here' > ),$form_fields); //something like that so you type out a few not all type > thing > > } > > That's what I am wondering, if anyone knows how you could grab a list of > fields in the form. > > Thanks, > > K > > > > > > > > -Original Message- > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf > > Of cricket > Sent: Saturday, April 02, 2011 7:45 PM > To: cake-php@googlegroups.com > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > null) { > > On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters > wrote: > > Reading the bit about making fields required in a form so a user can not > > firebug them out and thought is there a way to manually grab the names of > > the fields in a form being rendered in the controller? > > Form might have 50 fields and you need them all, writing out all of that > > would be trauma. (but writing the names and updating the model in the > > future, spellingso on) > > > Security component does something with all the names to makes it hash no? > > > Anyone have any ideas? Here is a link to his excellent idea incase anyone > > wants to read up on it. > > >http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ > > > secion => Protection against missing fields > > I think it would be best to use a class var in the model. > > $this->Model->set( > $this->data, > null, > $this->Model->required_fields > ); > > You could even have separate field lists for different actions: > > $this->Model->set( > $this->data, > null, > $this->Model->required_fields['edit'] > ); > > -- > Our newest site for the community: CakePHP Video Tutorialshttp://tv.cakephp.org > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > others with their CakePHP related questions. > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group
Re: Euromark function guaranteeFields($requiredFields, $data = null) {
it is not possible the controller has no direct link to the form helper especially not after a post (and therefore BEFORE the form is rendered again). controller + model are finished before the view even starts to render. you would need to embed the keys as a hidden field in the form itself (+ hash etc to disallow any modifications). but then you could just as well use the security component and you would be already done. so i dont see a point in that. i agree that it can be a pain in the but. in some rare occasions you could use blacklisting (especially if you only want to forbid 1 field of 50 allowed fields). in other occasions you would store those field names in a (long?) array in the model and simply use it in the controller $this->Model->allowedFieldsForEdit etc either way linking the form helper / form inputs to the model logic can probably do more harm than good. i would think about which fields are allowed and manually pass them to the set/save methods. using the model arrays to store the fields will also ensure that after an update of the schema you got all field names in a single place. less likely you will forget to add/delete fields. On 3 Apr., 00:51, "Krissy Masters" wrote: > Sorry I think you missed my point. > Example: > I have a form with 50 fields. I would have to manually type out all 50 if > they have to be in the form = pain > Im interested in grabbing all the field names the form has before its > rendered. Then use that in the function before saving > > beforeRender() / beforeFilter(){ > grab all the fields your form has before rendering it > > $form_fields = ??? somefunction to grab all your fields > > Then use an array / !in_array / arrys_keys to keep / exclude ones that are > required to be there > > $required_fields = array_diff( array('optional', 'fields', 'here' > ),$form_fields); //something like that so you type out a few not all type > thing > > } > > That's what I am wondering, if anyone knows how you could grab a list of > fields in the form. > > Thanks, > > K > > > > > > > > -Original Message- > From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf > > Of cricket > Sent: Saturday, April 02, 2011 7:45 PM > To: cake-php@googlegroups.com > Subject: Re: Euromark function guaranteeFields($requiredFields, $data = > null) { > > On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters > wrote: > > Reading the bit about making fields required in a form so a user can not > > firebug them out and thought is there a way to manually grab the names of > > the fields in a form being rendered in the controller? > > Form might have 50 fields and you need them all, writing out all of that > > would be trauma. (but writing the names and updating the model in the > > future, spellingso on) > > > Security component does something with all the names to makes it hash no? > > > Anyone have any ideas? Here is a link to his excellent idea incase anyone > > wants to read up on it. > > >http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ > > > secion => Protection against missing fields > > I think it would be best to use a class var in the model. > > $this->Model->set( > $this->data, > null, > $this->Model->required_fields > ); > > You could even have separate field lists for different actions: > > $this->Model->set( > $this->data, > null, > $this->Model->required_fields['edit'] > ); > > -- > Our newest site for the community: CakePHP Video > Tutorialshttp://tv.cakephp.org > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > others with their CakePHP related questions. > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > athttp://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
RE: Euromark function guaranteeFields($requiredFields, $data = null) {
Sorry I think you missed my point. Example: I have a form with 50 fields. I would have to manually type out all 50 if they have to be in the form = pain Im interested in grabbing all the field names the form has before its rendered. Then use that in the function before saving beforeRender() / beforeFilter(){ grab all the fields your form has before rendering it $form_fields = ??? somefunction to grab all your fields Then use an array / !in_array / arrys_keys to keep / exclude ones that are required to be there $required_fields = array_diff( array('optional', 'fields', 'here' ),$form_fields); //something like that so you type out a few not all type thing } That's what I am wondering, if anyone knows how you could grab a list of fields in the form. Thanks, K -Original Message- From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of cricket Sent: Saturday, April 02, 2011 7:45 PM To: cake-php@googlegroups.com Subject: Re: Euromark function guaranteeFields($requiredFields, $data = null) { On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters wrote: > Reading the bit about making fields required in a form so a user can not > firebug them out and thought is there a way to manually grab the names of > the fields in a form being rendered in the controller? > Form might have 50 fields and you need them all, writing out all of that > would be trauma. (but writing the names and updating the model in the > future, spellingso on) > > Security component does something with all the names to makes it hash no? > > Anyone have any ideas? Here is a link to his excellent idea incase anyone > wants to read up on it. > > http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ > > secion => Protection against missing fields I think it would be best to use a class var in the model. $this->Model->set( $this->data, null, $this->Model->required_fields ); You could even have separate field lists for different actions: $this->Model->set( $this->data, null, $this->Model->required_fields['edit'] ); -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Euromark function guaranteeFields($requiredFields, $data = null) {
On Sat, Apr 2, 2011 at 3:10 PM, Krissy Masters wrote: > Reading the bit about making fields required in a form so a user can not > firebug them out and thought is there a way to manually grab the names of > the fields in a form being rendered in the controller? > Form might have 50 fields and you need them all, writing out all of that > would be trauma. (but writing the names and updating the model in the > future, spellingso on) > > Security component does something with all the names to makes it hash no? > > Anyone have any ideas? Here is a link to his excellent idea incase anyone > wants to read up on it. > > http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ > > secion => Protection against missing fields I think it would be best to use a class var in the model. $this->Model->set( $this->data, null, $this->Model->required_fields ); You could even have separate field lists for different actions: $this->Model->set( $this->data, null, $this->Model->required_fields['edit'] ); -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Euromark function guaranteeFields($requiredFields, $data = null) {
Reading the bit about making fields required in a form so a user can not firebug them out and thought is there a way to manually grab the names of the fields in a form being rendered in the controller? Form might have 50 fields and you need them all, writing out all of that would be trauma. (but writing the names and updating the model in the future, spellingso on) Security component does something with all the names to makes it hash no? Anyone have any ideas? Here is a link to his excellent idea incase anyone wants to read up on it. http://www.dereuromark.de/2010/09/21/saving-model-data-and-security/ secion => Protection against missing fields Thanks, K -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php