Using CakePHP 2.1 I have the following code
public function getForm($id=null){
$this->loadModel('DynamicFormResponse');
/**
* Check if form exists
*/
$this->form_schema= $this->DynamicForm->isValidForm($id);
if($this->form_schema == false){
$this->flash("Invalid form", $this->referer(
array('controller'=>"pages", 'action' => 'display')
));
}
...
...
the problem I am facing is that, the call to $this->flash() renders the flash page but also continues the execution of the controller.
So Unless I do something like
if($this->form_schema == false){
$this->flash("Invalid form", $this->referer(
array('controller'=>"pages", 'action' => 'display')
));
return;
}
the controller does not terminate .
The main problem arises when a _crsf_error method is called
function _csrf_error() {
$this->flash("csrf Error", $this->referer(
array('controller'=>"pages", 'action' => 'display')
));
}
Since the flash method does not redirect It offers no csrf protection at all.
Using return; after $this->flash() in the _crsf_error method does not work.
PS: Full code available here
