Difference between #2 and #3 of
Understanding "Safe" Validation Rules

Revision #3 has been created by Steve Friedl on Apr 1, 2011, 2:17:49 AM with the memo:

Minor formatting fixes
« previous (#2) next (#4) »


Title unchanged

Understanding "Safe" Validation Rules

Category unchanged


Yii version unchanged

Tags unchanged

Forms, Validation, Safe, Massive Assignment

Content changed

1. Some models have attributes that are legitimate (in general), but not in a specific form. For instance, a change-your-password form for a user should accept the `password` and `passwordRepeat` attributes, but not the `isAdmin` attribute that makes him an administrator of the application. For a changePassword scenario, isAdmin should be marked expilicity `'unsafe'`.

2. All model objects based on [CActiveRecord] have internal housekeeping attributes that are subject to shenanigans if the bad guy were able to make assignments to them. Some of these include:

`$model->isnewrecord` * `$model->dbcriteria` * `$model->primarykey` * `$model->tablealias` * `$model->scenario`

and perhaps others. It's rather scary to think what could happen if the bad guy were able to manipulate these with malicious input, but because they are not mentioned in any validation rule - `'safe'` or otherwise - they are protected.

Yii takes the conservative approach that attributes are assumed to be unsafe unless the developer explicitly makes them so (a "default deny" paradigm), rather than the easier but more dangerous "default allow".
72 0
Viewed: 130 113 times
Version: 1.1
Category: FAQs
Written by: Steve Friedl
Last updated by: Gismo
Created on: Mar 22, 2011
Last updated: 5 years ago
Update Article


View all history