Comments on: CakePHP 1.2 RC2 + Security Component http://blog.awpny.com/2008/07/cakephp-12-rc2-security-component/ "The frog can show you how to grow by making intelligent use of whatever opportunity is available." - medicine wheel Mon, 01 Feb 2010 14:52:19 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: archF6 http://blog.awpny.com/2008/07/cakephp-12-rc2-security-component/comment-page-1/#comment-9762 archF6 Wed, 31 Dec 2008 01:48:32 +0000 http://blog.awpny.com/?p=308#comment-9762 I was having terrible blackhole problem for hours -- every AJAX form submission was being invalidated. Your post saved me (using echo $form->end(); to end the form!). So thanks. A lot. I was having terrible blackhole problem for hours — every AJAX form submission was being invalidated. Your post saved me (using echo $form->end(); to end the form!). So thanks. A lot.

]]> By: Kjell http://blog.awpny.com/2008/07/cakephp-12-rc2-security-component/comment-page-1/#comment-6769 Kjell Fri, 29 Aug 2008 09:11:44 +0000 http://blog.awpny.com/?p=308#comment-6769 I can confirm this bug. Took me a while till i found the reason (this post) and by debugging it manually (what a pain). But i have to report that the fix posted here doesn't work. In my revision and in the CakePHP trunk the md5() function isn't called. So nothing to remove. I was unable to fix it myself and so i am too hoping that the mentioned ticket is closed soon. This issue makes the whole Component useless. :( BTW. i encountered this problem because i had radio buttons in my form. Probably really "just" a traversing issue. I can confirm this bug.

Took me a while till i found the reason (this post) and by debugging it manually (what a pain).

But i have to report that the fix posted here doesn’t work. In my revision and in the CakePHP trunk the md5() function isn’t called. So nothing to remove.

I was unable to fix it myself and so i am too hoping that the mentioned ticket is closed soon. This issue makes the whole Component useless. :(

BTW. i encountered this problem because i had radio buttons in my form. Probably really “just” a traversing issue.

]]> By: Zach Wilson http://blog.awpny.com/2008/07/cakephp-12-rc2-security-component/comment-page-1/#comment-6423 Zach Wilson Tue, 12 Aug 2008 01:44:30 +0000 http://blog.awpny.com/?p=308#comment-6423 Casey, I'm having a similar issue, however, the trigger now seems to be using the form helpers input on multiple checkbox's. My best guess is that the hash isn't taking into account fields that are using the data[Model][fieldname][] syntax. Unfortunately, I haven't been able to _fix_ this yet. There does seem to be a bug for this: https://trac.cakephp.org/ticket/5129#comment:description I hope this gets fixed very soon. It's kill me for an element of a project i'm working on. If you have any more insights, i'd be happy to hear. Casey,

I’m having a similar issue, however, the trigger now seems to be using the form helpers input on multiple checkbox’s. My best guess is that the hash isn’t taking into account fields that are using the data[Model][fieldname][] syntax. Unfortunately, I haven’t been able to _fix_ this yet.

There does seem to be a bug for this:
https://trac.cakephp.org/ticket/5129#comment:description

I hope this gets fixed very soon. It’s kill me for an element of a project i’m working on.

If you have any more insights, i’d be happy to hear.

]]> By: casey http://blog.awpny.com/2008/07/cakephp-12-rc2-security-component/comment-page-1/#comment-6116 casey Mon, 21 Jul 2008 17:36:53 +0000 http://blog.awpny.com/?p=308#comment-6116 One thing you can do to try to trac down this problem is checking that the data submitted your controller is the same as the data seen by your form helper. Also, make sure that you're not using $form->secure(), even though you think you would use it. You should only have one [__Token] and one [__key] field in your HTML. At this point, though, I've thought about copying the Security Component from the cake core into my app/controllers/components, and removing the whole amount of code dedicated to the posted data check. That way I can get the benefits of all the other stuff (like forcing SSL) without that annoying check. One thing you can do to try to trac down this problem is checking that the data submitted your controller is the same as the data seen by your form helper.

Also, make sure that you’re not using $form->secure(), even though you think you would use it. You should only have one [__Token] and one [__key] field in your HTML.

At this point, though, I’ve thought about copying the Security Component from the cake core into my app/controllers/components, and removing the whole amount of code dedicated to the posted data check. That way I can get the benefits of all the other stuff (like forcing SSL) without that annoying check.

]]> By: Jeremy Hicks http://blog.awpny.com/2008/07/cakephp-12-rc2-security-component/comment-page-1/#comment-6079 Jeremy Hicks Fri, 18 Jul 2008 20:10:12 +0000 http://blog.awpny.com/?p=308#comment-6079 I've got this same problem. As soon as I add Security to the component array, I get the blank page back when trying to add or update. I'm doing this in my AppController. I want to use requireSecure so that all my pages have to use SSL. I'm using a newer version of Cake and I verified that the line of code you specified has the required change and yet I still have this problem. I’ve got this same problem. As soon as I add Security to the component array, I get the blank page back when trying to add or update. I’m doing this in my AppController. I want to use requireSecure so that all my pages have to use SSL. I’m using a newer version of Cake and I verified that the line of code you specified has the required change and yet I still have this problem.

]]>