tags:

views:

21

answers:

1
Q: 

Symfony 1.2: question about a line in an action

Hi,

this action is generated in symfony 1.2 when you create a module:

public function executeUpdate(sfWebRequest $request) {
    $this->forward404Unless($request->isMethod('post') || $request->isMethod('put'));
    $this->forward404Unless($usuario = Doctrine::getTable('Usuario')->find(array($request->getParameter('id'))), sprintf('Object usuario does not exist (%s).', $request->getParameter('id')));
    $this->form = new UsuarioForm($usuario);

    $this->processForm($request, $this->form);

    $this->setTemplate('edit');
}

Can some explain the line?:

$this->forward404Unless($request->isMethod('post') || $request->isMethod('put'));

I don't know the reason why it is there.

Regards

Javi

+1  A: 

The line says if the user just clicked "submit" on the form and a POST request was made.

Without it, people can browse to that action without sending any data.

I would recommend you remove the || $request->isMethod('put') part though -- nobody uses PUT.

Coronatus  2010-04-07 16:32:13
Correct answer, apart from the last sentence - people use PUT as part of a RESTful architecture quite frequently: http://en.wikipedia.org/wiki/Representational_State_Transfer#Public_implementations
Raise  2010-04-07 16:44:21
Thanks, so with that line the rest of the code below in the action will be executed only if user clicked "submit". So is it a way to avoid a malicious user executes the action directly ? or what is the target?
 2010-04-07 18:11:20

related questions

How to set different template layout for different modules in Symfony
Symfony 1.2: Error when adding/editing entry in admin module
custom 500 error page in symfony 1.1
Multiple database transaction
How to create a dynamic menu in Symfony
How to format an external URL in Symfony?
Encoding issue with symfony framework, using Postgres as the database
Symfony Propel criteria
How to deny foreign alphabets in utf-8 in PHP 5.x (symfony)?
Does moving to Symfony 1.1/1.2 make sense?
Is Symfony a better choice than Zend for a web development shop (10+) because it is a full stack framework?
Outer Join using Propel 1.2?
Using PHP variables in your CSS file in Symfony
Symfony Action Security - How to forward after successful authentication?
many-to-many lookup
Is there an OpenID 2.0 plugin for Symfony?
How to use MySQL functions in Propel
How do you check and see if a propel object has an i18n record?
PHP Framework Decision - Analysis paralysis!
Symfony app - how to add calculated fields to Propel objects?
What is the best free PHP framework working on shared hosting and why?
Which PHP-based CMS or framework has the best documentation?
MVC frameworks on hosted servers
How do I generate a friendly URL in Symfony PHP?
How to prevent session timeout in Symfony 1.0?