Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

cakephp secure link using html helper link method

Tags:

php

cakephp

What's the best way in cakephp to extend the html->link function so that I can tell it to output a secure(https) link? Right now, I've added my own secure_link function to app_helpers that's basically a copy of the link function but adding a https to the beginning. But it seems like there should be a better way of overriding the html->link method so that I can specify a secure option.

http://groups.google.com/group/cake-php/browse_thread/thread/e801b31cd3db809a I also started a thread on the google groups and someone suggested doing something like

$html->link('my account', array('base' => 'https://', 'controller' => 'users')); 

but I couldn't get that working.

Just to add, this is what is outputted when I have the above code.

<a href="/users/index/base:https:/">my account</a>

I think there's a bug in the cake/libs/router.php on line 850. There's a keyword 'bare' and I think it should be 'base' Though changing it to base doesn't seem to fix it. From what I gather, it's telling it to exclude those keys that are passed in so that they don't get included as parameters. But I'm puzzled as to why it's a 'bare' keyword and the only reason I can come up with is that it's a type.


2 Answers

Simply linking to the secure version of a page doesn't fully prevent access to the non-secure version, therefore a better approach might be to implement automatic https switching for the actions needed.

<?php
class UsersController extends AppController {

    var $components = array('Security');

    function beforeFilter() {
        $this->Security->blackHoleCallback = '_forceSecure';
        $this->Security->requireSecure();
        /**
         * It is very common to require invocation 
         * of the parent beforeFilter().
         * Your usage may have the invocation 
         * at the top instead of at the bottom.
         */
        parent::beforeFilter();
    }

    function _forceSecure() {
        $this->redirect( 'https://'.env('SERVER_NAME').env('REQUEST_URI') );
    }
}
?>

Using this technique you can choose which controllers/actions need secured without having to worry about prepending https:// to every single link.

like image 166
deizel Avatar answered Feb 23 '26 22:02

deizel


If you want to override the base you have to specify also server name not just the protocol.

If the link you want to create should be https://example.com/mysite/users/action then https://example.com/mysite/ is your base.

Try running this code:

$html->link('my account', 
    array('base' => 'https://example.com/mysite/', 'controller' => 'users'));
like image 31
RaYell Avatar answered Feb 23 '26 20:02

RaYell



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!