smoothcoder
(Smooth Traveller)
February 5, 2010, 1:56pm
1
I used to have a user update from my blog model in 1.0.11 with :
public function actionUpdate()
{ $model=$this->loadUser();
if(isset($_POST['User']))
{
$model->attributes=$_POST['User'];
This worked well when a user makes an update action (in 1.0.11). I Just tested it on DiscardedTeenz.com which still is on Yii framework 1.0.11.
However, I am testing a migration from the blog model to 1.1.0 with the just new dev.discardedteenz.com
(because I intend to release later this blog snippets and code when it’s clean enough.)
The problem is, in Yii framework yii-1.1.0.r1700. I can’t update anymore with the above code.
I inserted :
var_dump($_POST['User']);echo "<br/>";
var_dump($model->attributes);echo "<br/>";
This is what I see:
array(9) { ["username"]=> string(4) "demo" ["password"]=> string(0) "" ["email"]=> string(14) "demo@gmail.com " ["url"]=> string(0) "" ["status"]=> string(1) "1" ["banned"]=> string(1) "0" ["avatar"]=> string(0) "" ["about"]=> string(16) "I am a demo user " ["newsletter"]=> string(1) "0" }
array(14) { ["id"]=> string(1) "2" ["username"]=> string(4) "demo" ["password"]=> string(0) "" ["email"]=> string(14) "demo@gmail.com " ["url"]=> string(0) "" ["status"]=> string(1) "1" ["banned"]=> string(1) "0" ["avatar"]=> string(0) "" ["newsletter"]=> string(1) "0" ["passwordLost"]=> NULL ["confirmRegistration"]=> NULL ["about"]=> string(15) "I wrote Moira . " ["created"]=> string(1) "0" ["lastlogin"]=> string(1) "0" }
The first array is $_POST[‘User’]. I have the new about: I am a demo user
The second array is $model->attributes, after
$model->attributes=$_POST['User']
the array dimensions shows the affectation didn’t happen well, and the about is the old one : I wrote Moira .
Is this broken in 1.1.0.r1700 ? Maybe I got wrong somewhere ??
How to bypass this cleanly ?
attribute "about" is "safe"
[i]In version 1.1, an attribute is considered safe if it appears in a validationrule that is applicable in the given scenario.
edit
http://www.yiiframework.com/doc/guide/form.model#securing-attribute-assignments
[/i]
smoothcoder
(Smooth Traveller)
February 5, 2010, 2:24pm
3
Muchas gracias for the link.
Good to remind a few things.
In fact im my model I have :
public function safeAttributes()
{
return array('username','password','status', 'banned','about','email',
'url','password_repeat','verifyCode','usernameoremail','created','lastlogin','newsletter','_lang');
}
May-be that’s not enough ?
smoothcoder:
Muchas gracias for the link.
Good to remind a few things.
In fact im my model I have :
public function safeAttributes()
{
return array('username','password','status', 'banned','about','email',
'url','password_repeat','verifyCode','usernameoremail','created','lastlogin','newsletter','_lang');
}
May-be that’s not enough ?
nop
put
public function rules()
{
return array(
...
array('about','safe'),
....
);
}
smoothcoder
(Smooth Traveller)
February 5, 2010, 2:43pm
5
YYEEESSSS !
It works.
From your link :
[b]In version 1.1, an attribute is considered safe if it appears in a validation rule that is applicable in the given scenario. For example,
[/b]
That’s true. The other attributes from the user were mentioned in rules except for my “about”. So it worked when I added
array('about','safe'),
Reading :
I am wondering if the public function safeAttributes() is still of any use in 1.1 ?
andy_s
(Arekandrei)
February 5, 2010, 2:51pm
6
There is no safeAttributes() method in 1.1. anymore. There is only safeAttributesNames(), which returns names of attributes you declared "safe" in rules().