 How does $allowedFields protect against mass assignment vulnerabilities? |
|
09-03-2024, 08:06 AM
(This post was last modified: 09-03-2024, 08:10 AM by libsys. Edit Reason: style )
I thought I understood $allowedFields until recently, when I tried to insert a field not listed by assigning it manually to my entity.
Turns out that it is discarded, even though I assigned it manually, ej: PHP Code: $obj->protectedField = 'value'; and then PHP Code: $objModel->insert($obj); It seems that I can't set any field unless it's on the $allowedFields list. This will only protect fields that are automatically handled by the database or inserted bypassing $allowedFields. Could you please clarify whether I've misunderstood or if there's something I'm missing? |
| Messages In This Thread |
|
How does $allowedFields protect against mass assignment vulnerabilities? - by libsys - 09-03-2024, 08:06 AM
RE: How does $allowedFields protect against mass assignment vulnerabilities? - by Renta Ardhana - 09-04-2024, 08:52 AM
RE: How does $allowedFields protect against mass assignment vulnerabilities? - by kenjis - 09-04-2024, 11:59 PM
RE: How does $allowedFields protect against mass assignment vulnerabilities? - by libsys - 09-05-2024, 11:05 PM
RE: How does $allowedFields protect against mass assignment vulnerabilities? - by kenjis - 09-06-2024, 04:56 PM
RE: How does $allowedFields protect against mass assignment vulnerabilities? - by libsys - 09-09-2024, 08:57 AM
|
