Re: GET or POST
Thanks Andras, I decided to do what you suggested with the condition. It
works. If a manager of one company is editing one of their employees and
decides to change the (id) in the address bar and the (id) belongs to an
employee of a different company, a blank edit form will appear. If they
fill out the form it simply adds another employee to their company roster.
I'm still amazed there isn't something in cakephp that solves it with a
post.
Thanks for youe help.
Steve Thomas
On Friday, August 8, 2014 6:16:52 PM UTC-4, Andras Kende wrote:
You could add a condition like
'conditions' = array(
‘Employee.company_id’ = $this-Auth-user(‘company_id’)
)
So when changing the id in the url the application still only allows fetch
data which belongs to the same company..
The same applies for delete, just check before if current user has access
to the record to be deleted…
If you need to hide id, then one option is to use uuid() as primary key.
Andras
On Aug 8, 2014, at 1:33 PM, Steve Thomas smt...@gmail.com javascript:
wrote:
Thanks Mark,
I am using ACL. So for example, if a role such as a manager can list all
the employees of that company, it also adds the Action links (add) (edit)
(delete). If this manager clicks to edit one of the employee (users), this
is sent to the EDIT view via GET with the user id in the address bar
- controller/method/id. All the manager would have to do is change the id
in the address bar to access another user. Possibly a user from a different
company which they shouldn't be able to access.
It's generally not acceptable programming to send account id via GET
because of this security breach. It should always be sent POST. However,
the EDIT form submits to its self and therefore conflicts with other posts.
I was hoping this is such a basic and common flaw that there would be an
easy fix.
I hope that cleared up what I'm trying to accomplish.
Another example is the DELETE link on the same Action with EDIT and ADD
uses postLink() to avoid the id being sent via GET in the address bar.
However, the delete page doesn't have any other POST or self submissions
and no conflicts.
Thanks
Steve
On Friday, August 8, 2014 3:03:57 PM UTC-4, euromark wrote:
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those
forms and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database (view, index, add/edit for display
of form)
POST to alter the database (add/edit upon save, delete)
mark
Am Freitag, 8. August 2014 17:55:10 UTC+2 schrieb Steve Thomas:
I'm wondering what everyone is doing about the default links. I'm
setting up an application that has multiple companies with multiple
employees. One company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can simply change the id in the address bar to pull up
any arbitrary employee from their company or any other company.
If I use a postLink, then the edit page opens blank because
the setFlash(__('The user could not be saved. Please, try again.) is
triggered before the find('list') can fill out the form.
I'm only a couple weeks new to cakephp and am under the impression
cakephp won't allow a is() to validate a particular post name so I can
create actions based on which post is being submitted; self or a view.
I tried to leave the link as GET and encrypt/decrypt, but that continued
to fail.
Please, any suggestions would be great. I can't imagine this security
hole doesn't have an easy fix. I just haven't seen it yet.
Thanks
Steve
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cake-php+u...@googlegroups.com javascript:.
To post to this group, send email to cake...@googlegroups.com
javascript:.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Re: GET or POST
Stave,
To keep things simple as possible I would :
Edit with a changed id should not save as new record, there is add() for that
action..
Manipulating the id in the url should either redirect to index with a flash
warning message or throw an error..
Andras
On Aug 8, 2014, at 5:21 PM, Steve Thomas smt9...@gmail.com wrote:
Thanks Andras, I decided to do what you suggested with the condition. It
works. If a manager of one company is editing one of their employees and
decides to change the (id) in the address bar and the (id) belongs to an
employee of a different company, a blank edit form will appear. If they fill
out the form it simply adds another employee to their company roster.
I'm still amazed there isn't something in cakephp that solves it with a post.
Thanks for youe help.
Steve Thomas
On Friday, August 8, 2014 6:16:52 PM UTC-4, Andras Kende wrote:
You could add a condition like
'conditions' = array(
'Employee.company_id' = $this-Auth-user('company_id')
)
So when changing the id in the url the application still only allows fetch
data which belongs to the same company..
The same applies for delete, just check before if current user has access to
the record to be deleted...
If you need to hide id, then one option is to use uuid() as primary key.
Andras
On Aug 8, 2014, at 1:33 PM, Steve Thomas smt...@gmail.com wrote:
Thanks Mark,
I am using ACL. So for example, if a role such as a manager can list all the
employees of that company, it also adds the Action links (add) (edit)
(delete). If this manager clicks to edit one of the employee (users), this
is sent to the EDIT view via GET with the user id in the address bar -
controller/method/id. All the manager would have to do is change the id in
the address bar to access another user. Possibly a user from a different
company which they shouldn't be able to access.
It's generally not acceptable programming to send account id via GET because
of this security breach. It should always be sent POST. However, the EDIT
form submits to its self and therefore conflicts with other posts.
I was hoping this is such a basic and common flaw that there would be an
easy fix.
I hope that cleared up what I'm trying to accomplish.
Another example is the DELETE link on the same Action with EDIT and ADD uses
postLink() to avoid the id being sent via GET in the address bar. However,
the delete page doesn't have any other POST or self submissions and no
conflicts.
Thanks
Steve
On Friday, August 8, 2014 3:03:57 PM UTC-4, euromark wrote:
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those forms
and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database (view, index, add/edit for display of
form)
POST to alter the database (add/edit upon save, delete)
mark
Am Freitag, 8. August 2014 17:55:10 UTC+2 schrieb Steve Thomas:
I'm wondering what everyone is doing about the default links. I'm setting up
an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can simply change the id in the address bar to pull up
any arbitrary employee from their company or any other company.
If I use a postLink, then the edit page opens blank because the
setFlash(__('The user could not be saved. Please, try again.) is triggered
before the find('list') can fill out the form.
I'm only a couple weeks new to cakephp and am under the impression cakephp
won't allow a is() to validate a particular post name so I can create
actions based on which post is being submitted; self or a view.
I tried to leave the link as GET and encrypt/decrypt, but that continued to
fail.
Please, any suggestions would be great. I can't imagine this security hole
doesn't have an easy fix. I just haven't seen it yet.
Thanks
Steve
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cake-php+u...@googlegroups.com.
To post to this group, send email to cake...@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cake-php+unsubscr...@googlegroups.com
GET or POST
I'm wondering what everyone is doing about the default links. I'm setting
up an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can simply change the id in the address bar to pull up
any arbitrary employee from their company or any other company.
If I use a postLink, then the edit page opens blank because
the setFlash(__('The user could not be saved. Please, try again.) is
triggered before the find('list') can fill out the form.
I'm only a couple weeks new to cakephp and am under the impression cakephp
won't allow a is() to validate a particular post name so I can create
actions based on which post is being submitted; self or a view.
I tried to leave the link as GET and encrypt/decrypt, but that continued to
fail.
Please, any suggestions would be great. I can't imagine this security hole
doesn't have an easy fix. I just haven't seen it yet.
Thanks
Steve
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Re: GET or POST
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those forms
and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database (view, index, add/edit for display of
form)
POST to alter the database (add/edit upon save, delete)
mark
Am Freitag, 8. August 2014 17:55:10 UTC+2 schrieb Steve Thomas:
I'm wondering what everyone is doing about the default links. I'm setting
up an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can simply change the id in the address bar to pull up
any arbitrary employee from their company or any other company.
If I use a postLink, then the edit page opens blank because
the setFlash(__('The user could not be saved. Please, try again.) is
triggered before the find('list') can fill out the form.
I'm only a couple weeks new to cakephp and am under the impression cakephp
won't allow a is() to validate a particular post name so I can create
actions based on which post is being submitted; self or a view.
I tried to leave the link as GET and encrypt/decrypt, but that continued
to fail.
Please, any suggestions would be great. I can't imagine this security hole
doesn't have an easy fix. I just haven't seen it yet.
Thanks
Steve
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Re: GET or POST
Thanks Mark,
I am using ACL. So for example, if a role such as a manager can list all
the employees of that company, it also adds the Action links (add) (edit)
(delete). If this manager clicks to edit one of the employee (users), this
is sent to the EDIT view via GET with the user id in the address bar
- controller/method/id. All the manager would have to do is change the id
in the address bar to access another user. Possibly a user from a different
company which they shouldn't be able to access.
It's generally not acceptable programming to send account id via GET
because of this security breach. It should always be sent POST. However,
the EDIT form submits to its self and therefore conflicts with other posts.
I was hoping this is such a basic and common flaw that there would be an
easy fix.
I hope that cleared up what I'm trying to accomplish.
Another example is the DELETE link on the same Action with EDIT and ADD
uses postLink() to avoid the id being sent via GET in the address bar.
However, the delete page doesn't have any other POST or self submissions
and no conflicts.
Thanks
Steve
On Friday, August 8, 2014 3:03:57 PM UTC-4, euromark wrote:
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those forms
and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database (view, index, add/edit for display
of form)
POST to alter the database (add/edit upon save, delete)
mark
Am Freitag, 8. August 2014 17:55:10 UTC+2 schrieb Steve Thomas:
I'm wondering what everyone is doing about the default links. I'm setting
up an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can simply change the id in the address bar to pull up
any arbitrary employee from their company or any other company.
If I use a postLink, then the edit page opens blank because
the setFlash(__('The user could not be saved. Please, try again.) is
triggered before the find('list') can fill out the form.
I'm only a couple weeks new to cakephp and am under the impression
cakephp won't allow a is() to validate a particular post name so I can
create actions based on which post is being submitted; self or a view.
I tried to leave the link as GET and encrypt/decrypt, but that continued
to fail.
Please, any suggestions would be great. I can't imagine this security
hole doesn't have an easy fix. I just haven't seen it yet.
Thanks
Steve
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Re: GET or POST
You should check the ACL in the edit controller action before actually doing anything /thomas On 08 Aug 2014, at 22:33, Steve Thomas smt9...@gmail.com wrote: All the manager would have to do is change the id in the address bar to access another user. Possibly a user from a different company which they shouldn't be able to access. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
Re: GET or POST
You could add a condition like
'conditions' = array(
'Employee.company_id' = $this-Auth-user('company_id')
)
So when changing the id in the url the application still only allows fetch data
which belongs to the same company..
The same applies for delete, just check before if current user has access to
the record to be deleted...
If you need to hide id, then one option is to use uuid() as primary key.
Andras
On Aug 8, 2014, at 1:33 PM, Steve Thomas smt9...@gmail.com wrote:
Thanks Mark,
I am using ACL. So for example, if a role such as a manager can list all the
employees of that company, it also adds the Action links (add) (edit)
(delete). If this manager clicks to edit one of the employee (users), this is
sent to the EDIT view via GET with the user id in the address bar -
controller/method/id. All the manager would have to do is change the id in
the address bar to access another user. Possibly a user from a different
company which they shouldn't be able to access.
It's generally not acceptable programming to send account id via GET because
of this security breach. It should always be sent POST. However, the EDIT
form submits to its self and therefore conflicts with other posts.
I was hoping this is such a basic and common flaw that there would be an easy
fix.
I hope that cleared up what I'm trying to accomplish.
Another example is the DELETE link on the same Action with EDIT and ADD uses
postLink() to avoid the id being sent via GET in the address bar. However,
the delete page doesn't have any other POST or self submissions and no
conflicts.
Thanks
Steve
On Friday, August 8, 2014 3:03:57 PM UTC-4, euromark wrote:
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those forms
and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database (view, index, add/edit for display of
form)
POST to alter the database (add/edit upon save, delete)
mark
Am Freitag, 8. August 2014 17:55:10 UTC+2 schrieb Steve Thomas:
I'm wondering what everyone is doing about the default links. I'm setting up
an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit them
via GET, they can simply change the id in the address bar to pull up any
arbitrary employee from their company or any other company.
If I use a postLink, then the edit page opens blank because the
setFlash(__('The user could not be saved. Please, try again.) is triggered
before the find('list') can fill out the form.
I'm only a couple weeks new to cakephp and am under the impression cakephp
won't allow a is() to validate a particular post name so I can create actions
based on which post is being submitted; self or a view.
I tried to leave the link as GET and encrypt/decrypt, but that continued to
fail.
Please, any suggestions would be great. I can't imagine this security hole
doesn't have an easy fix. I just haven't seen it yet.
Thanks
Steve
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Re: Using GET not POST returns empty $this-data
First rule of security . never trust the user! You really need to watch Pierre Spring's (http://twitter.com/#!/shvi) CakeFest talk on security when it is uploaded, it will scare the be-jeesus out of you! Keep an eye out for that on tv.cakephp.org when @phpNut recovers from his flight home, edits the talks and uploads them. The problem is, the only way a user communicates with your app is via HTTP requests and your server does not know if that request has come from an evil hacker or an angelic genuine user. Therefore you must ensure that any data posted to your app is only ever sent from a form you created, that is served from within your app*. Same thing with delete requests, you should only ever accept these from POST - how easy is it to type '/users/delete/1', '/users/ delete/2', 'users/delete/3' etc.. With GET requests anyone can type variable names and values direct into the parameters string and add or update any field for any record in your database without ever being on your site. Ok, you can do some authenticate and authorisation checks after recieving the request to see if they own the record, but what if the user has managed to compromise a user's account? (again Pierre Spring's talk will show how easy this is if not protected with simple but effective methods that CakePHP provide if used correctly). * The only time you should accept POST requests from an external server is if you've written an API, but then you need to operate on HTTPS and have Keys and Tokens etc. to authorise requests. HTH, Paul @phpMagpie On Sep 6, 2:26 am, Ryan Schmidt google-2...@ryandesign.com wrote: On Sep 5, 2011, at 05:55, WebbedIT wrote: It is a VERY bad idea to accept data via GET that you are going to write into your database. Please do not do it, you should only accept POST data Why, by the way? It is no more difficult for a user (web browser, JavaScript, curl, etc.) to send POST data than it is to send GET data. Either you trust the user to supply data to your application or you don't. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Using GET not POST returns empty $this-data
Thomas,
It is a VERY bad idea to accept data via GET that you are going to
write into your database. Please do not do it, you should only accept
POST data and as such your function should go back to the standard:
if(!empty($this-data)) {
} else {
}
CakePHP has built in security and takes anything submitted via POST
and transfers it into $this-data for you so the above code
essentially says only save data if submitted by a form. If you use
the form helper it creates the data array in exactly the right format
so you can simply call $this-Model-save(); Ideally you should also
enable the security component which will insert a token into your
forms too ensure your forms are being submitted from your site and not
being tampered with before submission.
The main thing to learn is, if you are going to use CakePHP, stick to
it's conventions. Those conventions were created by a bunch of very
clever people, as soon as you try doing things differently you are
making your life sooo much harder and most probably weakening various
aspects of your application.
HTH, Paul
@phpMagpie
On Sep 3, 4:01 pm, Thomas thomas...@gmail.com wrote:
I found that just created a post when I clicked Add without giving a
screen to create it. :(
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Using GET not POST returns empty $this-data
On Sep 5, 2011, at 05:55, WebbedIT wrote: It is a VERY bad idea to accept data via GET that you are going to write into your database. Please do not do it, you should only accept POST data Why, by the way? It is no more difficult for a user (web browser, JavaScript, curl, etc.) to send POST data than it is to send GET data. Either you trust the user to supply data to your application or you don't. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Using GET not POST returns empty $this-data
I am new to this. Does this mean that I go to the controller and
change the
$this-data
to
$this-params['url']
?
So my edit post would be
function add() {
if (!empty($this-params['url'])) {
$this-Post-create();
if ($this-Post-save($this-params['url'])) {
$this-Session-setFlash(__('The post has been
saved', true));
$this-redirect(array('action' = 'index'));
} else {
$this-Session-setFlash(__('The post could not
be saved. Please,
try again.', true));
}
}
$users = $this-Post-User-find('list');
$this-set(compact('users'));
}
? I'll go and try it...
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Using GET not POST returns empty $this-data
I found that just created a post when I clicked Add without giving a screen to create it. :( -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Using GET not POST returns empty $this-data
I am trying to make a very simple link up between an android app
(appinventor) and a standard cake app. I have created the blog tutorial and
it all works great. I can make my app link to another web site with a URL
and return XML (a simple API request) so I know it works, I just want to do
the same with cake.
I can't work out the syntax of a the POST to send with appinventor, but I
can make the 'add' form use GET with
*echo $this-Form-create('Post', array('type' = 'get'));*
When I use this form I see the correct parameters in the URL, but *
$this-data* appears empty and nothing is saved - the add page just comes
straight back.
I have scoured this group, the Bakery and the internet for an hour now and
am demoralised. I know it must be something simple in the *
posts_controller.php* but I can't find it.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Using GET not POST returns empty $this-data
With GET request your data goes to $this-params['url']
On 31 авг, 21:11, Thomas thomas...@gmail.com wrote:
I am trying to make a very simple link up between an android app
(appinventor) and a standard cake app. I have created the blog tutorial and
it all works great. I can make my app link to another web site with a URL
and return XML (a simple API request) so I know it works, I just want to do
the same with cake.
I can't work out the syntax of a the POST to send with appinventor, but I
can make the 'add' form use GET with
*echo $this-Form-create('Post', array('type' = 'get'));*
When I use this form I see the correct parameters in the URL, but *
$this-data* appears empty and nothing is saved - the add page just comes
straight back.
I have scoured this group, the Bakery and the internet for an hour now and
am demoralised. I know it must be something simple in the *
posts_controller.php* but I can't find it.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
