setvar lost when using dispatcher forward

when i have error i want to repopulate my form (actually i use the $brand object). even if i use setVar, after the forward, my variable is lost.

    public function createAction()
    {
      $request = $this->request;

      if (!$request->isPost()) { return $this->forward("brands/index"); }

      $brand = new Brand();
      if (!$brand->save($_POST["Brand"], array("name","description","tags"))) {
        foreach ($brand->getMessages() as $message) {
          $this->flashSession->error((string) $message);
        }
        $this->view->setVar("brand", $brand);
        return $this->dispatcher->forward(array("action" => "new"));
      } else {
        $this->flash->success("brand was created successfully");
        return $this->dispatcher->forward(array("action" => "index"));
      }
    }

How can i keep my variable ?



4.5k
edited Mar '14

I resolve my problem like this :

    public function newAction()
    {
      if ($this->request->isPost()) {
        $brand = new Brand();
        $brand->assign($_POST["Brand"]);
        $this->view->setVar("brand", $brand);
      }else{
        $this->view->setVar("brand", new Brand);
      }
    }

Is there another solution ?



83.4k
edited Mar '14

Mass assignment could lead to important security problems, you may want to add a whitelist to assign every allowed field separately. Without precautions mass assignment could allow attackers to set any database column’s value. Only use this feature if you want to permit a user to insert/update every column in the model, even if those fields are not in the submitted form.



4.5k

Yes, I use it, on the save method :

if (!$brand->save($_POST["Brand"], array("name","description","tags"))) {