Cakephp secure link using html helper link method

Question

Cakephp secure link using html helper link method

What's the best way in cakephp to extend the html-> link function so that I can say to display a secure link (https)? Right now, I added my own secure_link function to app_helpers, which is basically a copy of the link function, but adding https to the beginning. But it seems like there should be a better way to override the html-> link method so that I can specify a safe parameter.

http://groups.google.com/group/cake-php/browse_thread/thread/e801b31cd3db809a I also started a topic in google groups and someone suggested something like

$html->link('my account', array('base' => 'https://', 'controller' => 'users'));

but I could not get this to work.

Just to add, this is what gets output when I have the code above.

<a href="/users/index/base:https:/">my account</a>

I think there is an error in the /libs/router.php cake on line 850. There the keyword is "naked", and I think it should be "basic". Although its change to the base does not seem to fix it. From what I collect, he tells him to exclude those keys that are passed so that they are not included as parameters. But I am puzzled by why this keyword is “naked,” and the only reason I can come up with is type.

+3

php cakephp

user174120 Sep 16 '09 at 5:36

source share

4 answers

deizel · Answer 1 · 2009-09-16T13:40:37+0000

Simply linking to a secure version of a page does not completely prevent access to an unprotected version, so it’s better to use https auto-switching for the necessary actions.

<?php
class UsersController extends AppController {

    var $components = array('Security');

    function beforeFilter() {
        $this->Security->blackHoleCallback = '_forceSecure';
        $this->Security->requireSecure();
        /**
         * It is very common to require invocation 
         * of the parent beforeFilter().
         * Your usage may have the invocation 
         * at the top instead of at the bottom.
         */
        parent::beforeFilter();
    }

    function _forceSecure() {
        $this->redirect( 'https://'.env('SERVER_NAME').env('REQUEST_URI') );
    }
}
?>

, , / , https:// .

RaYell · Answer 2 · 2009-09-16T06:01:46+0000

, , .

, , https://example.com/mysite/users/action, https://example.com/mysite/ .

:

$html->link('my account', 
    array('base' => 'https://example.com/mysite/', 'controller' => 'users'));

Ludolphus · Answer 3 · 2009-10-27T09:01:28+0000

In _forceSecure (), it would be better to use this line for redirection:

$this->redirect('https://'.env('SERVER_NAME').env('REQUEST_URI'));

Otherwise, you will lose any parameters specified in the GET request.

Plm · Answer 4 · 2014-05-21T13:26:41+0000

The best I could come up with is the following:

$html->link('my account', str_replace('http://', 'https://', $html->url('/users', true)));

Works great.

Cakephp secure link using html helper link method

More articles: