Re: making controller methods private?
> The ability to call base class methods directly has already been > removed. Just grab the latest Cake version. Does that include methods of AppController? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
On 10/18/06, nate <[EMAIL PROTECTED]> wrote: > > Just to clarify: > > Chris, yes you're right, using an underscore is just a convention, and > while we can't disable access to object methods that begin with an > underscore from being accessed by you within your own application code, > it is baked into the Dispatcher to disallow calling controller methods > that are prefixed with an underscore. > Nate, Thanks for clearing that up. Still, it's a nice bit of programming to make the Dispatcher enforce those rules. Yet another reason to prefer PHP 5 or PHP 4 maybe, in that you can declare those methods private without code trickery. -- Chris Hartjes "The greatest inefficiencies come from solving problems you will never have." -- Rasmus Lerdorf @TheBallpark - http://www.littlehart.net/attheballpark @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
Just to clarify: Chris, yes you're right, using an underscore is just a convention, and while we can't disable access to object methods that begin with an underscore from being accessed by you within your own application code, it is baked into the Dispatcher to disallow calling controller methods that are prefixed with an underscore. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: Re: Re: making controller methods private?
yea try it On 10/17/06, Chris Hartjes <[EMAIL PROTECTED]> wrote: > > On 10/17/06, Samuel DeVore <[EMAIL PROTECTED]> wrote: > > > > no but it does make it private 'like' in cakephp in that it can not be > > called with the /controller/method from the browser. > > Hey Sam, > > Is this actually a feature in CakePHP that it won't let object methods > that start with an underscore be accessed directly? If so, that's a > neat bit of coding! > > -- > Chris Hartjes > > "The greatest inefficiencies come from solving problems you will never have." > -- Rasmus Lerdorf > > @TheBallpark - http://www.littlehart.net/attheballpark > @TheKeyboard - http://www.littlehart.net/atthekeyboard > > > > -- == S. DeVore (the old fart) the advice is free, the lack of crankiness will cost you --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: Re: making controller methods private?
On 10/17/06, Samuel DeVore <[EMAIL PROTECTED]> wrote: > > no but it does make it private 'like' in cakephp in that it can not be > called with the /controller/method from the browser. Hey Sam, Is this actually a feature in CakePHP that it won't let object methods that start with an underscore be accessed directly? If so, that's a neat bit of coding! -- Chris Hartjes "The greatest inefficiencies come from solving problems you will never have." -- Rasmus Lerdorf @TheBallpark - http://www.littlehart.net/attheballpark @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: Re: making controller methods private?
no but it does make it private 'like' in cakephp in that it can not be called with the /controller/method from the browser. On 10/17/06, Chris Hartjes <[EMAIL PROTECTED]> wrote: > > On 10/15/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > Just preceed the function name with a underscore. > > > > /me counts to five before replying to avoid getting labeled as angry or > uncaring > > Please note, the following rant is based on PHP, not Cake > > Adding an underscore to a function name DOES NOT MAKE A FUNCTION > PRIVATE. That is a commonly-used convention in PHP though, to make it > easier to figure out with functions SHOULD be private if your language > does not support making private methods of an object. > > Ahem. > > In PHP 5 you can declare a function private so that code that uses > your object cannot access that function directly. I take it from > Nate's comments that it has been done already for Cake 1.2. > > (There, that wasn't so bad...or angry) > > -- > Chris Hartjes > > "The greatest inefficiencies come from solving problems you will never have." > -- Rasmus Lerdorf > > @TheBallpark - http://www.littlehart.net/attheballpark > @TheKeyboard - http://www.littlehart.net/atthekeyboard > > > > -- == S. DeVore (the old fart) the advice is free, the lack of crankiness will cost you --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
On 10/15/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Just preceed the function name with a underscore. > /me counts to five before replying to avoid getting labeled as angry or uncaring Please note, the following rant is based on PHP, not Cake Adding an underscore to a function name DOES NOT MAKE A FUNCTION PRIVATE. That is a commonly-used convention in PHP though, to make it easier to figure out with functions SHOULD be private if your language does not support making private methods of an object. Ahem. In PHP 5 you can declare a function private so that code that uses your object cannot access that function directly. I take it from Nate's comments that it has been done already for Cake 1.2. (There, that wasn't so bad...or angry) -- Chris Hartjes "The greatest inefficiencies come from solving problems you will never have." -- Rasmus Lerdorf @TheBallpark - http://www.littlehart.net/attheballpark @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
The ability to call base class methods directly has already been removed. Just grab the latest Cake version. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
Dave wrote: > > Also, check out the MySecurity component which prevents calling methods > > of the controller base > > class:http://rossoft.wordpress.com/2006/08/23/mysecurity-component/ > > Otherwise, users can call methods of the controller base class? What > degree of security problem does that create? You could call things like /accounts/render/update or whatever and thereby executing code used in the view. I'm not familiar with all available methods in the base class but there's bound to be one or more the could pose a security threat if called directly. If not now, than maybe in a future Cake version. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
> Just preceed the function name with a underscore. That's beautiful. I had already done that just by convention. :-) > Also, check out the MySecurity component which prevents calling methods > of the controller base > class:http://rossoft.wordpress.com/2006/08/23/mysecurity-component/ Otherwise, users can call methods of the controller base class? What degree of security problem does that create? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: making controller methods private?
Just preceed the function name with a underscore. Also, check out the MySecurity component which prevents calling methods of the controller base class: http://rossoft.wordpress.com/2006/08/23/mysecurity-component/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---