|
Sanitize::clean on AfterFind on AppModel
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Sanitize::clean on AfterFind on AppModel
by Lucas Costa-2
::
Rate this Message:
Hello fellows,
what do you think about putting an Sanitize::clean on the AfterFind of every Model? Wouldn't that ensure same security and a lot less code? What would be the down side? Regards... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@... To unsubscribe from this group, send email to cake-php+unsubscribe@... For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Sanitize::clean on AfterFind on AppModel
by Miles J
::
Rate this Message:
Dont you mean beforeSave()? Why would you sanitize after grabbing data? http://www.milesj.me/blog/read/47/Automatically-Sanitizing-Data-With-BeforeSave http://www.milesj.me/blog/read/49/Stripping-HTML-Automatically-From-Your-Data On Oct 23, 1:56 pm, Lucas Costa <lucasrco...@...> wrote: > Hello fellows, > > what do you think about putting an Sanitize::clean on the AfterFind of every > Model? > > Wouldn't that ensure same security and a lot less code? > > What would be the down side? > > Regards... You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@... To unsubscribe from this group, send email to cake-php+unsubscribe@... For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Sanitize::clean on AfterFind on AppModel
by Lucas Costa-2
::
Rate this Message:
That's really nice. I was confused by a conversation a had on IRC but now I see that it was about HTML entries... Now if you would mind, I have some questions about your code: Why do you have escape = false? Why do you have a specific function for the HTML stripping? Wouldn't encode = true be the same? Thank you. On 23 out, 19:52, Miles J <mileswjohn...@...> wrote: > Dont you mean beforeSave()? Why would you sanitize after grabbing > data? > > http://www.milesj.me/blog/read/47/Automatically-Sanitizing-Data-With-...http://www.milesj.me/blog/read/49/Stripping-HTML-Automatically-From-Y... > > On Oct 23, 1:56 pm, Lucas Costa <lucasrco...@...> wrote: > > > Hello fellows, > > > what do you think about putting an Sanitize::clean on the AfterFind of every > > Model? > > > Wouldn't that ensure same security and a lot less code? > > > What would be the down side? > > > Regards... You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@... To unsubscribe from this group, send email to cake-php+unsubscribe@... For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Sanitize::clean on AfterFind on AppModel
by Lucas Costa-2
::
Rate this Message:
Oh, I get the part about the HTML stripping, clean with enconde = true does not actually strip it, right? escape = false still bugs me though... On 6 nov, 10:20, Lucas Costa <lucasrco...@...> wrote: > That's really nice. I was confused by a conversation a had on IRC but > now I see that it was about HTML entries... > > Now if you would mind, I have some questions about your code: > > Why do you have escape = false? > > Why do you have a specific function for the HTML stripping? Wouldn't > encode = true be the same? > > Thank you. > > On 23 out, 19:52, Miles J <mileswjohn...@...> wrote: > > > Dont you mean beforeSave()? Why would you sanitize after grabbing > > data? > > >http://www.milesj.me/blog/read/47/Automatically-Sanitizing-Data-With-...... > > > On Oct 23, 1:56 pm, Lucas Costa <lucasrco...@...> wrote: > > > > Hello fellows, > > > > what do you think about putting an Sanitize::clean on the AfterFind of every > > > Model? > > > > Wouldn't that ensure same security and a lot less code? > > > > What would be the down side? > > > > Regards... You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@... To unsubscribe from this group, send email to cake-php+unsubscribe@... For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Sanitize::clean on AfterFind on AppModel
by Lucas Costa-2
::
Rate this Message:
Humm.. allows charactets such as '-'.... Anyone following this? Hope you learned too. On 6 nov, 10:23, Lucas Costa <lucasrco...@...> wrote: > Oh, I get the part about the HTML stripping, clean with enconde = true > does not actually strip it, right? > > escape = false still bugs me though... > > On 6 nov, 10:20, Lucas Costa <lucasrco...@...> wrote: > > > That's really nice. I was confused by a conversation a had on IRC but > > now I see that it was about HTML entries... > > > Now if you would mind, I have some questions about your code: > > > Why do you have escape = false? > > > Why do you have a specific function for the HTML stripping? Wouldn't > > encode = true be the same? > > > Thank you. > > > On 23 out, 19:52, Miles J <mileswjohn...@...> wrote: > > > > Dont you mean beforeSave()? Why would you sanitize after grabbing > > > data? > > > >http://www.milesj.me/blog/read/47/Automatically-Sanitizing-Data-With-...... > > > > On Oct 23, 1:56 pm, Lucas Costa <lucasrco...@...> wrote: > > > > > Hello fellows, > > > > > what do you think about putting an Sanitize::clean on the AfterFind of every > > > > Model? > > > > > Wouldn't that ensure same security and a lot less code? > > > > > What would be the down side? > > > > > Regards... You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@... To unsubscribe from this group, send email to cake-php+unsubscribe@... For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~--- |
| Free embeddable forum powered by Nabble | Forum Help |
