Question

我在POST中获得了一个图像，我的想法是禁用此功能中的安全性。

有可能吗？有什么想法吗？

public function admin_addImage($id = null){
    $this->Hotel->id = $id;
    if (!$this->Hotel->exists())
        throw new NotFoundException(__('Invalid Hotel'));
    $image = $_FILES['uploadImage'];
    ClassRegistry::init('HotelImage')->create();
    if ($image['name']) {
        $imageName = md5(Security::generateAuthKey());
        $result = $this->uploadFiles('files/hotels/images', array($image), $imageName, null, 'I',array('width' => 300, 'height' => 300));
        if (!empty($result['errors'][0])) {
            $this->Session->setError(__('Invalid file format'));
            $this->redirect($this->referer());
            }
        if($result['urls'][0]){
            ClassRegistry::init('HotelImage')->save(array('hotel_id'=>$id));
            ClassRegistry::init('HotelImage')->saveField('image', md5($imageName).'.'.basicsLix::getExtension($image['name']));
        }
    } 
$this->redirect($this->referer());
}

解决方案：

if(isset($this->Security) && $this->RequestHandler->isPost() && $this->action == 'admin_addImage'){
            $this->Security->validatePost = false;
            $this->Security->enabled = false;
            $this->Security->csrfCheck = false;
    }

Answer 1

本书特别回答：

http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#disabling-security-component-for-specific-actions

在某些情况下，您可能希望禁用所有安全检查一个动作（例如AJAX请求）。您可以通过“解锁”这些操作将它们列在您的beforeFilter中的$ this-＆gt; Security-＆gt; unlockedActions中。

在功能中禁用安全性

1 个答案: