Re: is $id already secure inside a function?
is it been validated in the Model, e.g. when this us called: $whatever = $this-User-read( null, $id); Is that enought so I can be sure that its an int? if( bccomp($id, intval($id), 3) != 0 ) die( __ ( We couldn't find this Shop.,true) ); thx Aurelius On 16 Mrz., 05:36, Dr. Loboto drlob...@gmail.com wrote: No one checked your $id. It is insecure. Anyone can call your action ashttp://domain.com/controller/editorhttp://domain.com/controller/edit/013 orhttp://domain.com/controller/edit/kill%20your%20app On Mar 16, 1:04 am, Aurelius aurel...@temporaryinbox.com wrote: Hi! When I have a function like function edit($id = null) { ... } is the $id already checked against hacking and can only be a integer or is it unsecure? thx Aurelius --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
is $id already secure inside a function?
Hi! When I have a function like function edit($id = null) { ... } is the $id already checked against hacking and can only be a integer or is it unsecure? thx Aurelius --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: is $id already secure inside a function?
No one checked your $id. It is insecure. Anyone can call your action as http://domain.com/controller/edit or http://domain.com/controller/edit/013 or http://domain.com/controller/edit/kill%20your%20app On Mar 16, 1:04 am, Aurelius aurel...@temporaryinbox.com wrote: Hi! When I have a function like function edit($id = null) { ... } is the $id already checked against hacking and can only be a integer or is it unsecure? thx Aurelius --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---