All geek questions in one place

Disable CakePHP form protection

Can I enable all CakePHP security features for only one specific form in a view? Therefore, I do not receive any hidden fields (tokens) in this form.

Thanks,

Bart

+6
source share
2 answers

You can disable it for this action with:

public function beforeFilter() { parent::beforeFilter(); if ($this->request->params['action'] == 'action') { $this->Security->validatePost = false; } }
+3
source

To remove the annoying hidden inputs _Token.key and fields from your form (for example, to clear up the query string when using the GET method), you need to do the following things in beforeRender in addition to beforeFilter from tigrang answer :

 function beforeRender() { parent::beforeRender(); unset($this->params["_Token"]); }

(This is true, at least for CakePHP 1.3)

0
source

Source: https://habr.com/ru/post/917911/

More articles:


All Articles