Well silly me... The reason that the hidden fields created blackhole was simple: I was modifying the contents of the fields when the user changed other data on the form! From the documentation:
Form tampering prevention By default the SecurityComponent prevents users from tampering with forms in specific ways. The SecurityComponent will prevent the following things: - Unknown fields cannot be added to the form. - Fields cannot be removed from the form. - Values in hidden inputs cannot be modified. So my hidden div solves that issue. Duh! But still need to find out when the SecurityComponent calculates its hash? On Friday, November 7, 2014 11:26:33 AM UTC-7, glk wrote: > > When looking at the Security I find the following: > > Controller creates data array. > View is rendered. > 1) In the view I create an input for a field NOT already defined in the > data array... blackhole > 2) I create an input for a field NOT already defined in the data array > (type=hidden) I also get.. blackhole > *3) If an input is created <div style="display:none"> input </div> NO > blackhole* > 4) If the input is created <div style="display:none"> input with > type=hidden </div> YES to the blackhole > > I don't think Security should allow #3, but as of 2.5.4 it does! > > My original question concerning adding data fields to every edit and add > method with beforeRender was to get around points 1 & 2; to keep from doing > it in each and every controller, and to keep from using lock/unlock > security settings. > > So my question now becomes: When does Security calculate its _Token for > an edit or add form... Before the beforeRender() or after? > > Thanks, > Greg > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
