Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

cakephp secure link using html helper link method

Tags:

php

cakephp

What's the best way in cakephp to extend the html->link function so that I can tell it to output a secure(https) link? Right now, I've added my own secure_link function to app_helpers that's basically a copy of the link function but adding a https to the beginning. But it seems like there should be a better way of overriding the html->link method so that I can specify a secure option.

http://groups.google.com/group/cake-php/browse_thread/thread/e801b31cd3db809a I also started a thread on the google groups and someone suggested doing something like 

$html->link('my account', array('base' => 'https://', 'controller' => 'users'));

but I couldn't get that working.

Just to add, this is what is outputted when I have the above code.

<a href="/users/index/base:https:/">my account</a>

I think there's a bug in the cake/libs/router.php on line 850. There's a keyword 'bare' and I think it should be 'base' Though changing it to base doesn't seem to fix it. From what I gather, it's telling it to exclude those keys that are passed in so that they don't get included as parameters. But I'm puzzled as to why it's a 'bare' keyword and the only reason I can come up with is that it's a type.

2 Answers

Simply linking to the secure version of a page doesn't fully prevent access to the non-secure version, therefore a better approach might be to implement automatic https switching for the actions needed.

<?php
class UsersController extends AppController {

    var $components = array('Security');

    function beforeFilter() {
        $this->Security->blackHoleCallback = '_forceSecure';
        $this->Security->requireSecure();
        /**
         * It is very common to require invocation 
         * of the parent beforeFilter().
         * Your usage may have the invocation 
         * at the top instead of at the bottom.
         */
        parent::beforeFilter();
    }

    function _forceSecure() {
        $this->redirect( 'https://'.env('SERVER_NAME').env('REQUEST_URI') );
    }
}
?>

Using this technique you can choose which controllers/actions need secured without having to worry about prepending https:// to every single link.

like image 166
deizel Avatar answered Feb 23 '26 22:02

deizel

If you want to override the base you have to specify also server name not just the protocol.

If the link you want to create should be https://example.com/mysite/users/action then https://example.com/mysite/ is your base.

Try running this code:

$html->link('my account', 
    array('base' => 'https://example.com/mysite/', 'controller' => 'users'));
like image 31
RaYell Avatar answered Feb 23 '26 20:02

RaYell
Sign in to Comment

Related questions

What's the time complexity of adding an element to an array?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!