Thank you John. I love the internet. Here I have requested help on a problem I encountered and it came from halfway around the world!
I have discovered the source of the issue finally: Amazingly, if you are using the security component and have a disabled a field on a form, the data submission will be blackholed. I figured this out by re-reading the manual on the security component, because after I followed your advice and commented out the stuff in the app_controller, I concluded the problem with the form submission was due to the security component. Upon reading the manual for the security component, I came across a warning I don't recall seeing back when I first started using this component a while back: "When using the Security Component you must use the FormHelper to create your forms. The Security Component looks for certain indicators that are created and managed by the FormHelper (especially those created in create() and end()). Dynamically altering the fields that are submitted in a POST request (e.g. disabling, deleting or creating new fields via JavaScript) is likely to trigger a black-holing of the request. See the $validatePost or $disabledFields configuration parameters." If you then go to read about validatePost and disabled fields, you learn that validatePost can be set to false to prevent the security behavior described, or to set disabledFields to a list of fields you wish to ignore as part of the behavior described. So with the symptoms I was experiencing, where the form data would just vanish completely, strongly suggested this was my problem. After a lot of trial and error trying to understand what could possibly be wrong with my form or controller used to define the form, I finally ended up just commenting out everything except one field and adding things back in one by one. The form submitted successfully finally, and kept doing so all the way until I added back in my field that I wanted to display as 'disabled' so that the end user can see the field but not edit it. THIS attribute caused the security component to overreact and reject the entire form. How this is possible I have no idea. As far I thought, the disabled="disabled" attribute was simply that, an attribute that kept the field on the page as far as the browser and server were concerned, but which simply made it uneditable by the user. The solution of course is for me to either set $validatePost to false, or to include this "disabled" field in my disabledFields array (ironically, there is no relation between disabledFields and the disabled html form field attribute, sorry for any confusion this may cause to readers). However, I would like to hear from the cake developers just why setting the disabled attribute should cause the security component to throw out the entire form submission! It makes no sense to me. If there is no persuasive reason for this behavior, then I would say it is a bug. On that note, another message to cake devs: if you're going to blackhole a form (or any request really) then PLEASE, make it obvious to the developer that this is what has happened. When things just stop working and there is no discernible reason we waste soooo much time chasing our tails trying to figure it out. In this case, simply changing the value of $this->data to include something like $this- >data['CakeSecurityERROR']['status']='Security component ON; Form validation: ON', $this->data['CakeSecurityERROR']['msg]='The form submission was malformed and black holed to prevent form tampering. Please read about the Security component in the CakePHP manual for more information' And IMHO, that information would be perfectly acceptable to display even without my having to pr or debug($this->data) if I have debug level set to 1 or 2. On Feb 16, 1:00 pm, John Andersen <j.andersen...@gmail.com> wrote: > Have you tried a debug($this->data) in the beforeFilter method? > Anyway, I hope you find a solution, wish you good night here from > Latvia :) > John > > On Feb 16, 10:09 pm, calzone <calz...@gmail.com> wrote:> Your assumption is > correct. Basically, all login and admin functions > > should be managed over ssl and I want to turn off ssl when it's not > > necessary. > > > I could try commenting out the redirect stuff to really rule it out, > > but considering all my other admin and non-admin, ssl and non ssl > > controllers work fine, I'm skeptical it is the problem. > > > I use $this->here because I want to make sure no matter what url > > params there are, the form always submits to the exact same place. I > > also use this successfully in another controller in my ssl/admin area. > > [snip] Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
