That's right, I got YOU to delete the article. If your session on your own site doesn't time out and the code looks similar to the above you'll see a friendly "Article 22 deleted" flash message on whatever is the next page you view.
At this point I'll point out that changing GET requests to POST request for actions such as delete will prevent accidental deletions and very-basic CSRF attacks from occurring - but as you probably know it is relatively trivial job to achieve the same via a POST request so that in itself is not a defence against malicious intentions.
Delete is the most obvious example, but if a controller action only requires the parameters in the URL to execute, the law of lazy-development means that more than likely the code is written such that it executes if the parameters are present and correct.
The short answer is to make use of the security component. What is needed is a means of forcing potentially destructive actions to be actioned only via post (using the security component's requirePost mechanism) and ensure the request is genuine (which the security component takes care of for you).
Compare the generic app controller from before with the following:
There are a few of my own best practices included which I'll point out first: the admin_delete method is defined only once in the app controller - as it is the same for all controllers and will be inherited by all; In beforeRender the variable $data is set to the contents of $this->data if it isn't already assigned.
So now a little explanation; All this code does is the following:
The generic (and rather simple) confirmation view looks like this:
Ta da! That's it.
If there are any other methods in the controller which require only URL parameters to execute (publish, make_favorite, rate, report_spam etc.), these can be added by modifying/overriding the controller $postActions parameter and they will then have a confirmation form before execution.
Security should be everyone's concern. Presented here is a solution to add capability-based security to actions which can execute with only url parameters such that they cannot be executed either accidentally or maliciously and thus removing the risk of CSRF attack. If you use a similar technique, can think of an improvement to this technique, love it or even if you think it's awful please leave a comment.