requestAction issue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

requestAction issue

Shalanga

Hello all, i would like to know if there is a way to make
requestAction() only accept call from inside?

I use requestAction to fill <select> tag with <option> element from
ajax, but it is possible to look in the source code and discovery
javascript call: updater(/my_controller/my_options)

If the person copy and paste the url, he/she can call it.

Some of my controller method are protected with permisson, but there
are some that are not, because they have public access in the *create
new login* area.

Thanks in advanced.


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: requestAction issue

fr33dom

morning Ismael,

I think this was brought up a while back in quite a lengthy
discussion, an interesting one mind you.

Basically, any function of your controller that you do not want
publicly available via the browser should be pre-cursed with an
underscore:

function _myOptions() {

}

I think the gist of the discussion is that in php 4 these wouldn't be
entirely private, but cake's dispatcher wouldn't supply it to the
browser if requested directly. In php 5 i believe you can define
private methods. stuck with an employer entrenched in php 4 i haven't
had the time to play with this yet... something to look forward to.

cheers,
mikee

On 06/11/06, Ismael S. Kafeltz <[hidden email]> wrote:

>
> Hello all, i would like to know if there is a way to make
> requestAction() only accept call from inside?
>
> I use requestAction to fill <select> tag with <option> element from
> ajax, but it is possible to look in the source code and discovery
> javascript call: updater(/my_controller/my_options)
>
> If the person copy and paste the url, he/she can call it.
>
> Some of my controller method are protected with permisson, but there
> are some that are not, because they have public access in the *create
> new login* area.
>
> Thanks in advanced.
>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: requestAction issue

Shalanga

Thank you and sorry, i did not make a good explanation, i know
underline is to private method.

But i need to make it public because i need it to be called, but i want
that function is only called from within my application and never be
used from other people.

for example, you could use my function in your site
http://blablabla.com/return_some_list/     <- this is a controller
function!

but i want to be sure that this function is only called via *mine*
requestAction()

Thanks


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: requestAction issue

Larry E. Masters
if($this->params['requested'] === true){
// do your thing here
}

--
/**
* @author Larry E. Masters
* @var string $userName
* @param string $realName
* @returns string aka PhpNut
* @access  public
*/
--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: requestAction issue

Shalanga

Thank you!!!


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---