Larry E. Masters aka PhpNut wrote:
>
> Any ideas why three Tokens are generated and why two of them have
> different hashes?
>
> Marcus
>
>
> I would need to see the view code related to that output.
Ok, here we go:
This is the View code for the edit form:
<?php echo($form->create('CmsArticle', array('action' => 'edit'))); ?>
<?php echo($form->input('id', array('value' =>
$this->data['CmsArticle']['id']))); ?>
<?php echo($this->renderElement('cms_articles/_form')); ?>
<?php echo($form->end()); ?>
The included Element contains all form stuff which is the same for add
and edit:
<?php echo($form->input('user_id', array('type' => 'hidden', 'value' =>
$session->read('User.id')))); ?>
<?php echo($form->input('cms_layout_id', array('options' =>
$cmsLayouts))); ?>
<?php echo($form->input('cms_icon_id', array('options' => $cmsIcons))); ?>
<?php echo($form->input('title', array('class' => 'title'))); ?>
<?php echo($form->input('teaser')); ?>
<?php echo($form->input('content')); ?>
<?php echo($form->input('published', array('label' => 'Publish
Article?'))); ?>
<?php echo($form->input('publish_start_active', array('label' =>
'publish date activated?'))); ?>
<?php echo($form->input('publish_end_active', array('label' =>
'unpublish date activated?'))); ?>
<div class="input">
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_start_date-dd" name="publish_start_date-dd" maxlength="2"
value="<?php echo($publish_start_date_dd); ?>" /> .
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_start_date-mm" name="publish_start_date-mm" maxlength="2"
value="<?php echo($publish_start_date_mm); ?>" /> .
<input type="text" class="w4em textfield aligncenter datepicker
highlight-days-67 split-date" id="publish_start_date"
name="publish_start_date" maxlength="4" value="<?php
echo($publish_start_date); ?>" />
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_start_time-hh" name="publish_start_time-hh" maxlength="2"
value="<?php echo($publish_start_time_hh); ?>" /> :
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_start_time-mm" name="publish_start_time-mm" maxlength="2"
value="<?php echo($publish_start_time_mm); ?>" />
</div>
<div class="input">
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_end_date-dd" name="publish_end_date-dd" maxlength="2"
value="<?php echo($publish_end_date_dd); ?>" /> .
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_end_date-mm" name="publish_end_date-mm" maxlength="2"
value="<?php echo($publish_end_date_mm); ?>" /> .
<input type="text" class="w4em textfield aligncenter datepicker
highlight-days-67 split-date" id="publish_end_date"
name="publish_end_date" maxlength="4" value="<?php
echo($publish_end_date); ?>" />
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_end_time-hh" name="publish_end_time-hh" maxlength="2"
value="<?php echo($publish_end_time_hh); ?>" /> :
<input type="text" class="w2em textfield aligncenter datepicker"
id="publish_end_time-mm" name="publish_end_time-mm" maxlength="2"
value="<?php echo($publish_end_time_mm); ?>" />
</div>
<?php echo($form->input('publish_to_parent')); ?>
<?php echo($form->input('publish_to_homepage')); ?>
<?php echo($form->input('permissions')); ?>
<?php echo($form->submit('Save')); ?>
I assumed that the manually entered form fields (for a Javascript
Datepicker) could cause the blackholing but after removing this fields
the POST gets blackholed too.
I played around with xdebug and found the lines in security.php where we
run into trouble:
security.php:514
$check = urlencode(Security::hash(serialize($field) . CAKE_SESSION_STRING));
if($form !== $check) {
if(!$this->blackHole($controller, 'auth')) {
return null;
}
The hash which is generated for $check is different from the value in
$form and the black hole eats us ...
Marcus
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
