Yii Framework Forum: Scenario Enforcement - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Scenario Enforcement Rate Topic: -----

#1 User is offline   Kfir Gollan 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 05-November 10
  • Location:Israel

Posted 28 September 2012 - 03:23 PM

Hello,
Currently one could set the scenario attribute of CModel to any value that he wants.
This may lead to dangerous security bugs.
Lets say I support the scenario "login" in my model and I have a typo and I set "logun" as my wanted scenario. The result will be that I the validation rules that I wanted to be performed might not be performed.
I suggest that we will add a list of supported scenarios to CModel and that the given scenario value (through the constructor or $model->scenario) will be verified.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users