Hello,
I have just encountered this problem.
I'm trying to post the form via ajax.
I just can't seem to get around the problem.
I used form-create together with ajax-submit or plain HTML form tag
with ajax-submit or ajax-form all of them fail in the security
component.
What combination should I
OK - just an update.
The problem is not with the form-create + ajax-submit but rather
with the form-XXX_Control.
When producing the security token at least form-textarea is not
hashed correctly.
To get around it I found I can produce a text area using:
echo $form-input('message',array('label' =
Hey Larry,
It was more that I developed the site with 1.2 while it was still
changing a lot so I decided to keep the forms pure. I will have a
look at converting them to helper calls and see how well it works with
what I have already.
One comment though is that you really should make the
Hey Larry,
Could you maybe explain the process if we use hand-written forms as I
do not use the Forms helper at all.
Thanks
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group,
Mika,
If you are using hand-written forms you will need to follow the example
here: https://trac.cakephp.org/changeset/4978 to remove any fields that are
added by hand.
Note when the security component is used you should still use the
$form-create(); and the $form-submit(); if not your forms
Larry E. Masters aka PhpNut wrote:
Any ideas why three Tokens are generated and why two of them have
different hashes?
Marcus
I would need to see the view code related to that output.
Ok, here comes the view code in a better form ... ;)
http://bin.cakephp.org/saved/18415
dericknwq wrote:
I remember asking PhpNut about this and he says it was for security.
Right now, in the startup() of the Security component __validatePost
is called for each request that is POSTed. And __validatePost requires
a Token in your POST, so I presume that's that.
Marcus, one of them is the token key as shown on the name attribute
while the other is a token to verify that all fields from your form
are receive on the controller end.
On May 4, 2:37 pm, Marcus T. Jaschen [EMAIL PROTECTED] wrote:
dericknwq wrote:
I remember asking PhpNut about this and he
Any ideas why three Tokens are generated and why two of them have
different hashes?
Marcus
I would need to see the view code related to that output.
--
/**
* @author Larry E. Masters
* @var string $userName
* @param string $realName
* @returns string aka PhpNut
* @access public
*/
Larry E. Masters aka PhpNut wrote:
Any ideas why three Tokens are generated and why two of them have
different hashes?
Marcus
I would need to see the view code related to that output.
Ok, here we go:
This is the View code for the edit form:
?php
next time please post code in the paste bin http://bin.cakephp.org/
this has a couple of advantages.
1. it retains formatting (code pasted in email looks like poop) which
makes it easier to read and easier for human parsing.
2. It allows people who want to help you a way to make changes with
Hi there,
in the last days the SecurityComponent was refactored (rev 4972)
After updating to the latest SVN version of CakePHP every Form I submit
(AJAX oder classic POST-Request) gets blackholed by the SecurityComponent.
I've inlcuded the SecurityComponent in the controllers with
var
What are you using to create your forms?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
I have had this same problem.
On May 3, 9:25 am, Marcus T. Jaschen [EMAIL PROTECTED] wrote:
Hi there,
in the last days the SecurityComponent was refactored (rev 4972)
After updating to the latest SVN version of CakePHP every Form I submit
(AJAX oder classic POST-Request) gets blackholed by
... even when using the form helper to create forms.
On May 3, 3:16 pm, Aaron Shafovaloff [EMAIL PROTECTED] wrote:
I have had this same problem.
On May 3, 9:25 am, Marcus T. Jaschen [EMAIL PROTECTED] wrote:
Hi there,
in the last days the SecurityComponent was refactored (rev 4972)
I remember asking PhpNut about this and he says it was for security.
Right now, in the startup() of the Security component __validatePost
is called for each request that is POSTed. And __validatePost requires
a Token in your POST, so I presume that's that.
16 matches
Mail list logo
