Tuesday, March 5, 2013

Re: Pattern Matching for Security->unlockedFields

I have not tested this. ymmv

function beforeFilter()
{
parent::beforeFilter();

// second test is optional
if ($this->request->is('post') && $this->action == 'whatever')
{
// only want the keys here
$dynamic_fields = array_keys(preg_grep('/^Cat[0-9]+name$/',
$this->request->data['YourModel']));

// array_merge will leave duplicates for arrays with numeric indices
$this->Security->unlockedFields = array_unique(
array_merge(
$this->Security->unlockedFields,
$dynamic_fields
)
);
}
}

On Mon, Mar 4, 2013 at 7:48 PM, #2Will <willjbarker@gmail.com> wrote:
> I'm dynamicly adding fields for hasMany relation in my form, with JS. Thats
> obviously messing with the Security components form tampering detection -
> and blackholing the request
>
> U can get it to not blackhole by doing this in the beforeFilter:
>
> $this->Security->unlockedFields = array( 'Cat0name');
>
> I guess i could add Cat1name, Cat2name, cat3name etc etc to the array. But
> it makes me feel sad. Is there a better way? Can I get it to pattern match
> somehow? Iv'e got in my head ideas like "regex" - is that at all possible?
>
> I must admit, i read the code for the _validatePost function that uses the
> unlockedFields setting, and I didn't really fully understand it.
>
> Thanks for any pointers
>
> Will
>
>
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cake-php+unsubscribe@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

posted by twitter @ 5:55 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate