Prefix action methods in controllers

Registered by Alwin Garside on 2009-02-01

Directly calling methods from the controller using a value from post has potential security risks. Filtering the possible methods with a FrontController would be too much work. The easiest way is to just prefix methods like this:

public function action_insert($id)
{
    etc();
}

Blueprint information

Status:
Not started
Approver:
Alwin Garside
Priority:
High
Drafter:
Alwin Garside
Direction:
Approved
Assignee:
Alwin Garside
Definition:
Approved
Series goal:
Accepted for 0.2
Implementation:
Not started
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.