Nice ... i would say ...
it was undocumented for cake1.1
i checked it in core file now ..
function save($data = null, $validate = true, $fieldList = array()) {
Thanks.
On May 4, 3:04 pm, BeroFX ber...@gmail.com wrote:
Well, first of all, you need to validate the data before saving it.
I was checking tihs tutorial ...
http://book.cakephp.org/view/326/The-Cake-Blog-Tutorial
Here I see a big security flaw ... and I think this practice is used
throughout the framework.
# function add()
# {
# if (!empty($this-data))
# {
# if ($this-Post-save($this-data))
# {
# $this-flash('Your
Well, first of all, you need to validate the data before saving it.
http://book.cakephp.org/view/125/Data-Validation
Then, you might consider sanitizating the submited data
http://book.cakephp.org/view/153/Data-Sanitization
And then, you can even go ahead and allow only certain fields to be
