Privatizing Form Validation callback functions? |
[eluser]inktri[/eluser]
For example: Code: username_check($str) from http://www.codeignitor.com/user_guide/li...ation.html can be accessed by "/form/username_check" right? How would you prevent that? I tried adding an underscore in front of username_check and calling callback__username_check with the validation rules with no luck
[eluser]onejaguar[/eluser]
You can put your callbacks in an extend validation library (My_validation). They can be used by any controller that loads the validation library but can't be accessed via URL. Or you can just leave it as-is. I don’t think it is a serious security risk; you should always assume people can put horrible things into a POST requests and you should write your callbacks accordingly; and a callback called directly will either return nothing or an error message about un-found objects, AND a person would have to know the name of your callback… |
Welcome Guest, Not a member yet? Register Sign In |