Prev   

Hiding info from url 

http://www.symfony-project.org/forum/index.php?t=msg&th=5477

I built an admin gen interface to allow users to modify their own profiles.

It works, but the url shows

staff.php/profile/edit/id/2

which has a big loophole so that "smart" users can changes others profile (or even password) as well, by manually changing the last id number on url.

So I thought of using a forward, which is "internal to the application and transparent to the user. As far as the user is concerned, the displayed URL is the same as the one requested."

However, currently forward in symfony doesn't take any additional parameters other than the module and action name.

So is there any away so that I can make this a little hack-proof?

documented on: 2007.03.09

query string on redirects and forwards 

http://www.symfony-project.org/forum/index.php?t=msg&goto=33219#msg_33219

> In the book it shows you how to force a parameter to appear as the query
> string when using the link_to etc helpers.
> http://www.symfony-project.org/book/trunk/09-Links-and-the-Routing-System#Forcing%20Request%20Parameters%20As%20GET%20Variables[]
>
> Is it possible to do that with the action methods $this->redirect and
> $this->forward, and if so what is the syntax for this?

  1. for forward: set request parameter(s) before forward, ie: 

    $this->getRequest()->setParameter('parameter_name', parameter_value);
$this->forward('module_name', 'action_name');

  2. for redirect: redirect accepts parameters just like link_to(), ie: 

    $this->redirect('module_name/action_name?parameter_name=parameter_value');

11 August 2007, pezetgee

redirect strips data out 

http://www.symfony-project.org/forum/index.php?t=msg&goto=32472#msg_32472

I am having issue with $this->redirect. It's stripping part of the URL I am passing as a parameter.

For example, this redirect request parameter

/browse/article/id/my_article

leading to

$this->redirect('/browse/article/id/my_article');

becomes

/browse/article

in the browser.

and results in a 404.

How can I do such a redirect?

redirect strips data out 

> have you tried:
>
> $this->redirect('/browse/article?id=my_article');

cokker is correct: if you do not specify an absolute url (i.e beginning by http://), symfony assumes a sf url, so use the routing (and so you must specify your parameters after the ? and the routing will rewrite your url)

30 July 2007, cblin

redirect strips data out 

> Thanks. I used the referer instead and then it's fine because it's absolute.

be aware that some firewall (ex: symantec) do not send the referer to the server.

01 August 2007, cblin


SourceForge.net LogoXpt.SourceForge.netCreative Commons Attribution-ShareAlike License Del.icio.us digg FURL blinklist reddit Feed Me Links Technorati Stumble Upon Google Bookmarks Yahoo My Web Newsvine Socializer Ma.gnolia RawSugar Squidoo Spurl BlinkBits Netvouz Rojo Blogmarks Shadows Simpy Co.mments Scuttle Bloglines Tailrank Wists FARK smarking Segnalo
Single file version available here.
Last updated on 2008-05-28.
To discuss, comment here.
Prev   
 Home