在功能中禁用安全

Question

我在POST中獲得圖像，我的想法是禁用此功能中的安全性。

可能嗎？任何想法？

public function admin_addImage($id = null){ 
    $this->Hotel->id = $id; 
    if (!$this->Hotel->exists()) 
     throw new NotFoundException(__('Invalid Hotel')); 
    $image = $_FILES['uploadImage']; 
    ClassRegistry::init('HotelImage')->create(); 
    if ($image['name']) { 
     $imageName = md5(Security::generateAuthKey()); 
     $result = $this->uploadFiles('files/hotels/images', array($image), $imageName, null, 'I',array('width' => 300, 'height' => 300)); 
     if (!empty($result['errors'][0])) { 
      $this->Session->setError(__('Invalid file format')); 
      $this->redirect($this->referer()); 
      } 
     if($result['urls'][0]){ 
      ClassRegistry::init('HotelImage')->save(array('hotel_id'=>$id)); 
      ClassRegistry::init('HotelImage')->saveField('image', md5($imageName).'.'.basicsLix::getExtension($image['name'])); 
     } 
    } 
$this->redirect($this->referer()); 
} 

解決方案：

if(isset($this->Security) && $this->RequestHandler->isPost() && $this->action == 'admin_addImage'){ 
      $this->Security->validatePost = false; 
      $this->Security->enabled = false; 
      $this->Security->csrfCheck = false; 
    } 

Answer 1

這是在書中明確回答：

http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#disabling-security-component-for-specific-actions

有可能的情況下要關掉所有的安全檢查 的動作（例如AJAX請求）。您可以通過 「解鎖」這些動作，將它們列在beforeFilter中的$ this-> Security-> unlockedActions中。