This includes getting bob to look at a page, with an img tag that
links to the site, such as
img src=http://www.mysite.com/index.php/posts/delete/bobsPostID;
width=0 height =0 border =0
could even tinyurl it!
On 18/09/2007, beetlecube [EMAIL PROTECTED] wrote:
Thanks for the replies, very
I have used something like this :
http://bakery.cakephp.org/articles/view/secureget-component
On Sep 23, 4:02 pm, Mike Green [EMAIL PROTECTED] wrote:
This includes getting bob to look at a page, with an img tag that
links to the site, such as
img
You could use ACL to prevent that action from being executed (from
anyone other than admins).
Another thing is that you should use POST requests for anything that
affects the database and GET requests for passive actions. That way
you have a little more assurance that the db changing requests
On Sep 17, 6:45 am, beetlecube [EMAIL PROTECTED] wrote:
I realized humorously, that my delete links for the posts on my mini-
discussion board were clearly showing in the status bar:
www.mysite.com/index.php/posts/delete/45.
So of course even though the delete link only shows up only for
Thanks for the replies, very helpful.
On Sep 17, 1:31 am, AD7six [EMAIL PROTECTED] wrote:
On Sep 17, 6:45 am, beetlecube [EMAIL PROTECTED] wrote:
I realized humorously, that my delete links for the posts on my mini-
discussion board were clearly showing in the status bar:
I realized humorously, that my delete links for the posts on my mini-
discussion board were clearly showing in the status bar:
www.mysite.com/index.php/posts/delete/45.
So of course even though the delete link only shows up only for posts
where post.userid = session[userid], if you are a user