Re: is $id already secure inside a function?

2009-03-17 Thread Aurelius 

is it been validated in the Model, e.g. when this us called:
$whatever = $this-User-read( null, $id);

Is that enought so I can be sure that its an int?
if( bccomp($id, intval($id), 3) != 0 ) die( __ ( We couldn't find
this Shop.,true) );

thx
Aurelius
On 16 Mrz., 05:36, Dr. Loboto drlob...@gmail.com wrote:
 No one checked your $id. It is insecure. Anyone can call your action
 ashttp://domain.com/controller/editorhttp://domain.com/controller/edit/013
 orhttp://domain.com/controller/edit/kill%20your%20app

 On Mar 16, 1:04 am, Aurelius aurel...@temporaryinbox.com wrote:

  Hi!

  When I have a function like
  function edit($id = null) { ... }
  is the $id already checked against hacking and can only be a integer
  or is it unsecure?

  thx
  Aurelius
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---

is $id already secure inside a function?

2009-03-15 Thread Aurelius 

Hi!

When I have a function like
function edit($id = null) { ... }
is the $id already checked against hacking and can only be a integer
or is it unsecure?

thx
Aurelius
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---

Re: is $id already secure inside a function?

2009-03-15 Thread Dr. Loboto 

No one checked your $id. It is insecure. Anyone can call your action
as http://domain.com/controller/edit or http://domain.com/controller/edit/013
or http://domain.com/controller/edit/kill%20your%20app

On Mar 16, 1:04 am, Aurelius aurel...@temporaryinbox.com wrote:
 Hi!

 When I have a function like
 function edit($id = null) { ... }
 is the $id already checked against hacking and can only be a integer
 or is it unsecure?

 thx
 Aurelius
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---