Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork CakePHP How to 'unlock' a field in a CakePHP form when it is part of a hasMany association

Thread Rating:
  • 444 Vote(s) - 3.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
How to 'unlock' a field in a CakePHP form when it is part of a hasMany association

Offline relimitation385725


The Phonix
********
The Phonix
Posts: 1
Threads: 1
Joined: May 2021
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#1
08-06-2023, 04:54 PM
I have a form that represents a `RewardModifier` table in our database. That `RewardModifier` `hasMany` `RewardOption`.

My form is structured like this (image):


![enter image description here][1]


[1]:


So, the `RewardModifier` can have many elements on the page, each with many `RewardOption` items.

**The Problem**

The problem is, that users can delete sections of this form using Javascript, which essentially removes it from the DOM. When they do that, it breaks the security component, because the POST'ed fields do not match the token supplied when the page was generated.

Now, I have been using `unlockedFields` to handle this before:

$this->Security->disabledFields = array(
'PrjRewardModifier.reward_id',
'PrjRewardModifier.title',
'PrjRewardModifier.option_type',
'PrjRewardOption.description',
'PrjRewardOption.modifier',
'PrjRewardOption.amount'
);


I know that `disabledFields` is deprecated, but we are using that for the time being.

When I debug the posted form data in the `SecurityComponent`, I see the following:

(int) 8 => 'PrjRewardModifier.0.reward_id',
(int) 9 => 'PrjRewardModifier.0.title',
(int) 10 => 'PrjRewardModifier.0.option_type',
(int) 11 => 'PrjRewardModifier.0.PrjRewardOption.0.description',
(int) 12 => 'PrjRewardModifier.0.PrjRewardOption.0.modifier',
(int) 13 => 'PrjRewardModifier.0.PrjRewardOption.0.amount'

I need to know how to edit the data being passed to `unlockedFields` so that it can disregard these fields that are keyed for hasMany relationships.

Thanks.
Reply

Offline allegraawgeltpslz


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Nov 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
08-06-2023, 05:06 PM
I had a similar problem. I found adding (the equivalent of) this to the RewardModifier controller did the trick:

public function beforeFilter(){
$this->Security->unlockedFields = array('RewardOption');
}
Reply

Offline Mrboldface2


Member
*
Member
Posts: 1
Threads: 1
Joined: Dec 2022
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#3
08-06-2023, 05:06 PM
Adding the following to the form code worked for me

$this->Form->unlockField('User.id');

Unlocking the fields from within the view files also helps declutter the controller's `beforeFilter()`.

Source: [/core-libraries/helpers/form.html#FormHelper::unlockField](

[To see links please register here]

)
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through