我面临着安全组件的一个奇怪问题。
我有一个包含以下字段的表单:
First Name (firstname)
Last Name (lastname)
Primary Email (primaryemail)
Password (password)
Retype Password
Secondary Email (secondaryemail)
Residence Address (address)
State
City (city_id)
Location (location_id)
Designation (employeetype_id)
Pincode (pincode)
Residence Phone (residencephone)
Mobile Phone (mobilephone)
Office Phone 1 (officephone1)
Office Phone 2 (officephone2)
Department (department_id)
上面提到的括号中带有辅助名称的所有字段都是数据库表中存在的文件,而数据库表中没有的文件是。
即。 我添加了状态,在表单中重新输入密码。
主要问题是“安全”组件阻止向数据库表添加新记录。
我已将上述两个字段添加到已忽略的列表数组中,但仍未提交,会生成黑洞请求。
控制器添加方法的代码如下:
function add()
{
if( !empty($this->data) )
{
$this->Employee->create();
if( $this->Employee->save($this->data) )
{
$this->Session->setFlash(__('The employee has been saved', true), 'success');
$this->redirect(array('action' => 'index'));
}
else
{
$this->Session->setFlash(__('The employee could not be saved. Please, try again.', true), 'error');
}
}
$states = $this->Employee->City->State->find('list', array(
'order' => array('name ASC')
));
$employeetypes = $this->Employee->Employeetype->find('list', array(
'conditions' => array('Employeetype.id <> ' => '1'),
'order' => array('name ASC')
));
$departments = $this->Employee->Department->find('list', array(
'order' => array('name ASC')
));
$locations = $this->Employee->Location->find('list', array(
'order' => array('name ASC')
));
$this->set(compact('states', 'employeetypes', 'departments', 'locations'));
}
查看文件add.ctp具有以下代码:
<div class="employees form">
<?php echo $this->Form->create('Employee');?>
<fieldset>
<legend><?php __('New Employee'); ?></legend>
<?php
echo $this->element('employee_form');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
</div>
元素“employee_form”的代码如下:
<?php
echo $this->Html->script('jquery.validate.min');
echo $this->Html->script('common');
echo $this->Html->script('jquery.typewatch');
?>
<script type="text/javascript">
$(document).ready(function(){
$("form").validate({
errorClass: "jqueryError",
errorElement: 'label',
debug: false,
submitHandler: function(form) {
$(':submit', form).attr('disabled', 'disabled').addClass('inactive');
form.submit();
}
});
$('#EmployeeStateId').change(function() {
if($('#EmployeeStateId').val() != "")
{
populateSelectBox('EmployeeCityId', 'get', '<?php echo $this->Html->url(array('controller' => 'cities', 'action' => 'getCities', 'admin' => false)); ?>', {stateId: $(this).val()});
}
else
{
$('#EmployeeCityId').empty();
}
});
$('#EmployeePrimaryemail').typeWatch(750, function(){
var $email = $('#EmployeePrimaryemail');
var $response = $('#response');
var $btnSubmit = $('submit');
var re = new RegExp("^([0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$");
if($email.val() != '' && re.test($email.val()) )
{
$.ajax({
type: 'get',
url: '<?php echo $this->Html->url(array('controller' => 'employees', 'action' => 'checkEmail', 'admin' => false)); ?>',
data: {
email: $email.val()
},
dataType: 'text',
success: function(data)
{
if(data == '1')
{
$response.attr('style', '')
.attr('style', "color:red;")
.html('Email already registered please enter a different email.');
$btnSubmit.attr('disabled',true);
}
else if(data == '0')
{
$response.attr('style', '')
.attr('style', "color:green;")
.html('Available');
$btnSubmit.attr('disabled',false);
}
else
{
$response.attr('style', '')
.attr('style', "color:red;")
.html('Error occured while attempting to connect with the server. Please try again after some time.');
$btnSubmit.attr('disabled',true);
}
},
beforeSend: function(){
$email.addClass('show_loading_in_right')
},
complete: function(){
$email.removeClass('show_loading_in_right')
}
});
}
else
{
$response.attr('style', '')
.attr('style', "display:none;")
.html("");
}
});
});
</script>
<?php
echo $this->Form->input('firstname', array(
'label' => 'First Name',
'class' => 'required',
'between' => $this->Html->tag('span', '(Only letters and numbers, atleast 2 characters)', array('class' => 'description'))
));
echo $this->Form->input('lastname', array(
'label' => 'Last Name',
'between' => $this->Html->tag('span', '(Atleast 3 characters)', array('class' => 'description'))
));
echo $this->Form->input('primaryemail', array(
'label' => 'Primary Email',
'class' => 'required email',
'between' => $this->Html->tag('span', '(This will be your username)', array('class' => 'description'))
));
echo $this->Html->div('', '', array(
'id' => 'response', 'style' => 'display:none'
));
echo $this->Form->input('password', array(
'label' => 'Password',
'class' => 'required',
'between' => $this->Html->tag('span', '(Atleast 4 characters long)', array('class' => 'description'))
));
echo $this->Form->input('retypePassword', array(
'label' => 'Retype Password',
'type' => 'password',
'equalto' => '#EmployeePassword',
'class' => 'required',
'secure' => false,
'between' => $this->Html->tag('span', '(Should be exactly same as password entered above)', array('class' => 'description'))
));
echo $this->Form->input('secondaryemail', array(
'label' => 'Secondary Email',
'between' => $this->Html->tag('span', '(Enter your secondary email, if any)', array('class' => 'description'))
));
echo $this->Form->input('state_id', array(
'type' => 'select',
'secure' => false,
'options' => $states,
'empty' => 'Select',
'label' => 'State',
'class' => 'required',
'between' => $this->Html->tag('span', '(Choose your state)', array('class' => 'description'))
));
echo $this->Form->input('city_id', array(
'label' => 'City',
'class' => 'required',
'between' => $this->Html->tag('span', '(Choose your city)', array('class' => 'description'))
));
echo $this->Form->input('address', array(
'label' => 'Residence Address',
'between' => $this->Html->tag('span', '(Enter your address)', array('class' => 'description'))
));
echo $this->Form->input('pincode', array(
'label' => 'Pincode',
'between' => $this->Html->tag('span', '(Enter pincode)', array('class' => 'description'))
));
echo $this->Form->input('residencephone', array(
'class' => 'required',
'label' => 'Residence Phone',
'between' => $this->Html->tag('span', '(Enter your phone number, if any)', array('class' => 'description'))
));
echo $this->Form->input('mobilephone', array(
'label' => 'Mobile Phone',
'between' => $this->Html->tag('span', '(Enter your mobile number, if any)', array('class' => 'description'))
));
echo $this->Form->input('location_id', array(
'label' => 'Location',
'class' => 'required',
'between' => $this->Html->tag('span', '(Choose your work location)', array('class' => 'description'))
));
echo $this->Form->input('employeetype_id', array(
'class' => 'required',
'label' => 'Your Profile',
'type' => 'select',
'options' => $employeetypes,
'between' => $this->Html->tag('span', '(Select your company profile or role)', array('class' => 'description'))
));
echo $this->Form->input('officephone1', array(
'class' => 'required',
'label' => 'Office Phone 1',
'between' => $this->Html->tag('span', '(Enter your office\'s number 1, if any)', array('class' => 'description'))
));
echo $this->Form->input('officephone2', array(
'label' => 'Office Phone 2',
'between' => $this->Html->tag('span', '(Enter your office\'s number 2, if any)', array('class' => 'description'))
));
echo $this->Form->input('department_id', array(
'type' => 'select',
'options' => $departments,
'label' => 'Department',
'class' => 'required',
'between' => $this->Html->tag('span', '(Choose your department)', array('class' => 'description'))
));
?>
可能是什么问题?我不想在控制器中禁用validatePost属性。
非常感谢任何帮助。我使用的是最新版本的cakephp(1.3.3)
由于
答案 0 :(得分:0)
根据cookbook“动态更改POST请求中提交的字段(例如,通过JavaScript禁用,删除或创建新字段)可能会触发请求的黑洞。”我认为你的问题是由javascript引起的。尝试在没有javascript的情况下创建表单,看看它是如何工作的。