Re: Decode GWT post into $_POST
you dont need to sanitize. I can see the beforeFilter being about 4 lines of code max. Seems pretty painless to me --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
you dont need to sanitize. I can see the beforeFilter being about 4 lines of code max. Seems pretty painless to me 1) Why don't I need to sanitize. I don't trust this data as it is coming from a form. 2) Would you mind posting these 4 lines of code or pseudo code? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
Data is escaped properly when it is inserted into the db which
prevents sql injection. You then escape output so to remove unexpected/
malicious output.
1. function beforeFilter() {
2. if(isset($this-params['form']['json'])) {
3. $this-data = json_decode($this-params['form']
['json']);
4. }
5. }
Ok turns out to be five lines. $this-params['form']['json']
represents the packaged posted json data from GWT.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
Data is escaped properly when it is inserted into the db which
prevents sql injection. You then escape output so to remove unexpected/
malicious output.
Is there any chance of malicious PHP code inserted as input that would
get executed during the massaging of data to get it into $this-data
array?
1. function beforeFilter() {
2. if(isset($this-params['form']['json'])) {
3. $this-data = json_decode($this-params['form']
['json']);
4. }
5. }
Ok turns out to be five lines. $this-params['form']['json']
represents the packaged posted json data from GWT.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
No.
http://us.php.net/json_decode
On Jun 27, 2:54 pm, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Data is escaped properly when it is inserted into the db which
prevents sql injection. You then escape output so to remove unexpected/
malicious output.
Is there any chance of malicious PHP code inserted as input that would
get executed during the massaging of data to get it into $this-data
array?
1. function beforeFilter() {
2. if(isset($this-params['form']['json'])) {
3. $this-data = json_decode($this-params['form']
['json']);
4. }
5. }
Ok turns out to be five lines. $this-params['form']['json']
represents the packaged posted json data from GWT.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
