setvar lost when using dispatcher forward

Question

setvar lost when using dispatcher forward

kpitn Mar '14

Created Mar '14	Last Reply Mar '14	Replies 1	Views 828	Votes 0

kpitn 7.9k

Mar '14

when i have error i want to repopulate my form (actually i use the $brand object). even if i use setVar, after the forward, my variable is lost.

    public function createAction()
    {
      $request = $this->request;

      if (!$request->isPost()) { return $this->forward("brands/index"); }

      $brand = new Brand();
      if (!$brand->save($_POST["Brand"], array("name","description","tags"))) {
        foreach ($brand->getMessages() as $message) {
          $this->flashSession->error((string) $message);
        }
        $this->view->setVar("brand", $brand);
        return $this->dispatcher->forward(array("action" => "new"));
      } else {
        $this->flash->success("brand was created successfully");
        return $this->dispatcher->forward(array("action" => "index"));
      }
    }

How can i keep my variable ?

kpitn · Answer 1 · 2014-03-31T03:10:05-07:00

I resolve my problem like this :

    public function newAction()
    {
      if ($this->request->isPost()) {
        $brand = new Brand();
        $brand->assign($_POST["Brand"]);
        $this->view->setVar("brand", $brand);
      }else{
        $this->view->setVar("brand", new Brand);
      }
    }

Is there another solution ?

Phalcon · Answer 2 · 2014-03-31T15:17:13-07:00

Mass assignment could lead to important security problems, you may want to add a whitelist to assign every allowed field separately. Without precautions mass assignment could allow attackers to set any database column’s value. Only use this feature if you want to permit a user to insert/update every column in the model, even if those fields are not in the submitted form.

kpitn · Answer 3 · 2014-04-01T01:12:37-07:00

Yes, I use it, on the save method :

if (!$brand->save($_POST["Brand"], array("name","description","tags"))) {