Hello,
I have been using multiple actions to build some pages by offloading
common code to their own actions. Works great in most circumstances.
However, I have come across a "security" issue where when I include an
action that could reveal sensitive information depending on the conditions
passed.
If I use $this->_getParam('showDeleted', false); in the common action, so
that I can pass showDeleted=true in the _forward or actionstack, it can also
be included in the URL for any action that references the same common
action.
I guess each action that uses a specific common action should specifically
set such values, but its a hassle if you've got a huge number of params
you're sending through.
So, any suggestions? I'd really love to see a way of better communicating
between actions without relying on the request object, but I've got no idea
how it would be done, nor how to implement such a beast. (I also remember
someone from Zend saying that it currently cant be done, but surely some of
you are doing something similar! :-))
Thanks
Tim
