You should be checking your inputs, and HtmlHelper::image() will help
escape your output. The helper will encode any entities in the
attribute values. You should still check that things that are
supposed to be images are in-fact images, and you should always be
careful with letting people add
As with anything from any user it should never be trusted.
I would say whatever anyone submits you validate so if they are submitting a
link, so submit an image I am guessing its being uploaded so make sure its
an image thru validation of the field / data
Is that what you mean?
K
No, the image is not to be uploaded. Rather, it is to be linked. I mean, say
the image is hosted at some other website at say,
http://url.com/image/cheese.jpg
. This link will be submitted but the user and will be stored in the db. On
the profile page(assume it's a sig or an avatar), it is
No it does not, if you look at the html helper in the cake library it
does no validation for this. Primarily it assumes you already have
done the proper checking when saving the url into the database and
confirmed that it is an image
The proper location for this would be to write your own
Thanks.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
On Sat, Apr 16, 2011 at 11:06 AM, goluhaque afzal...@gmail.com wrote:
No, the image is not to be uploaded. Rather, it is to be linked. I mean, say
the image is hosted at some other website at say,
http://url.com/image/cheese.jpg . This link will be submitted but the user
and will be stored in