Security cakephp的安全组件限制表单提交_Security_Cakephp_Cakephp 1.3_Form Submit

Security cakephp的安全组件限制表单提交

security cakephp

Security cakephp的安全组件限制表单提交,security,cakephp,cakephp-1.3,form-submit,Security,Cakephp,Cakephp 1.3,Form Submit,我在安全组件方面面临一个奇怪的问题我有一个表单，其中包含以下字段： First Name (firstname) Last Name (lastname) Primary Email (primaryemail) Password (password) Retype Password Secondary Email (secondaryemail) Residence Address (address) State City (city_id) Location (location_id) D

我在安全组件方面面临一个奇怪的问题

我有一个表单，其中包含以下字段：

First Name (firstname)
Last Name (lastname)
Primary Email (primaryemail)
Password (password)
Retype Password
Secondary Email (secondaryemail)
Residence Address (address)
State
City (city_id)
Location (location_id)
Designation (employeetype_id)
Pincode (pincode)
Residence Phone (residencephone)
Mobile Phone (mobilephone)
Office Phone 1 (officephone1)
Office Phone 2 (officephone2)
Department (department_id)

上面提到的所有在括号中有次要名称的字段都是数据库表中存在的文件和数据库表中不存在的文件

i、 e。我已经添加了状态，在表单中重新键入密码作为额外信息

主要问题是“安全”组件阻止向数据库表添加新记录

我已经将上述两个字段添加到忽略列表数组中，但它仍然没有提交并且生成一个黑洞请求
控制器添加方式代码如下：

function add() { if( !empty($this->data) ) { $this->Employee->create(); if( $this->Employee->save($this->data) ) { $this->Session->setFlash(__('The employee has been saved', true), 'success'); $this->redirect(array('action' => 'index')); } else { $this->Session->setFlash(__('The employee could not be saved. Please, try again.', true), 'error'); } } $states = $this->Employee->City->State->find('list', array( 'order' => array('name ASC') )); $employeetypes = $this->Employee->Employeetype->find('list', array( 'conditions' => array('Employeetype.id <> ' => '1'), 'order' => array('name ASC') )); $departments = $this->Employee->Department->find('list', array( 'order' => array('name ASC') )); $locations = $this->Employee->Location->find('list', array( 'order' => array('name ASC') )); $this->set(compact('states', 'employeetypes', 'departments', 'locations')); }

<?php echo $this->Html->script('jquery.validate.min'); echo $this->Html->script('common'); echo $this->Html->script('jquery.typewatch'); ?> <script type="text/javascript"> $(document).ready(function(){ $("form").validate({ errorClass: "jqueryError", errorElement: 'label', debug: false, submitHandler: function(form) { $(':submit', form).attr('disabled', 'disabled').addClass('inactive'); form.submit(); } }); $('#EmployeeStateId').change(function() { if($('#EmployeeStateId').val() != "") { populateSelectBox('EmployeeCityId', 'get', '<?php echo $this->Html->url(array('controller' => 'cities', 'action' => 'getCities', 'admin' => false)); ?>', {stateId: $(this).val()}); } else { $('#EmployeeCityId').empty(); } }); $('#EmployeePrimaryemail').typeWatch(750, function(){ var $email = $('#EmployeePrimaryemail'); var $response = $('#response'); var $btnSubmit = $('submit'); var re = new RegExp("^([0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$"); if($email.val() != '' && re.test($email.val()) ) { $.ajax({ type: 'get', url: '<?php echo $this->Html->url(array('controller' => 'employees', 'action' => 'checkEmail', 'admin' => false)); ?>', data: { email: $email.val() }, dataType: 'text', success: function(data) { if(data == '1') { $response.attr('style', '') .attr('style', "color:red;") .html('Email already registered please enter a different email.'); $btnSubmit.attr('disabled',true); } else if(data == '0') { $response.attr('style', '') .attr('style', "color:green;") .html('Available'); $btnSubmit.attr('disabled',false); } else { $response.attr('style', '') .attr('style', "color:red;") .html('Error occured while attempting to connect with the server. Please try again after some time.'); $btnSubmit.attr('disabled',true); } }, beforeSend: function(){ $email.addClass('show_loading_in_right') }, complete: function(){ $email.removeClass('show_loading_in_right') } }); } else { $response.attr('style', '') .attr('style', "display:none;") .html(""); } }); }); </script> <?php echo $this->Form->input('firstname', array( 'label' => 'First Name', 'class' => 'required', 'between' => $this->Html->tag('span', '(Only letters and numbers, atleast 2 characters)', array('class' => 'description')) )); echo $this->Form->input('lastname', array( 'label' => 'Last Name', 'between' => $this->Html->tag('span', '(Atleast 3 characters)', array('class' => 'description')) )); echo $this->Form->input('primaryemail', array( 'label' => 'Primary Email', 'class' => 'required email', 'between' => $this->Html->tag('span', '(This will be your username)', array('class' => 'description')) )); echo $this->Html->div('', '', array( 'id' => 'response', 'style' => 'display:none' )); echo $this->Form->input('password', array( 'label' => 'Password', 'class' => 'required', 'between' => $this->Html->tag('span', '(Atleast 4 characters long)', array('class' => 'description')) )); echo $this->Form->input('retypePassword', array( 'label' => 'Retype Password', 'type' => 'password', 'equalto' => '#EmployeePassword', 'class' => 'required', 'secure' => false, 'between' => $this->Html->tag('span', '(Should be exactly same as password entered above)', array('class' => 'description')) )); echo $this->Form->input('secondaryemail', array( 'label' => 'Secondary Email', 'between' => $this->Html->tag('span', '(Enter your secondary email, if any)', array('class' => 'description')) )); echo $this->Form->input('state_id', array( 'type' => 'select', 'secure' => false, 'options' => $states, 'empty' => 'Select', 'label' => 'State', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your state)', array('class' => 'description')) )); echo $this->Form->input('city_id', array( 'label' => 'City', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your city)', array('class' => 'description')) )); echo $this->Form->input('address', array( 'label' => 'Residence Address', 'between' => $this->Html->tag('span', '(Enter your address)', array('class' => 'description')) )); echo $this->Form->input('pincode', array( 'label' => 'Pincode', 'between' => $this->Html->tag('span', '(Enter pincode)', array('class' => 'description')) )); echo $this->Form->input('residencephone', array( 'class' => 'required', 'label' => 'Residence Phone', 'between' => $this->Html->tag('span', '(Enter your phone number, if any)', array('class' => 'description')) )); echo $this->Form->input('mobilephone', array( 'label' => 'Mobile Phone', 'between' => $this->Html->tag('span', '(Enter your mobile number, if any)', array('class' => 'description')) )); echo $this->Form->input('location_id', array( 'label' => 'Location', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your work location)', array('class' => 'description')) )); echo $this->Form->input('employeetype_id', array( 'class' => 'required', 'label' => 'Your Profile', 'type' => 'select', 'options' => $employeetypes, 'between' => $this->Html->tag('span', '(Select your company profile or role)', array('class' => 'description')) )); echo $this->Form->input('officephone1', array( 'class' => 'required', 'label' => 'Office Phone 1', 'between' => $this->Html->tag('span', '(Enter your office\'s number 1, if any)', array('class' => 'description')) )); echo $this->Form->input('officephone2', array( 'label' => 'Office Phone 2', 'between' => $this->Html->tag('span', '(Enter your office\'s number 2, if any)', array('class' => 'description')) )); echo $this->Form->input('department_id', array( 'type' => 'select', 'options' => $departments, 'label' => 'Department', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your department)', array('class' => 'description')) )); ?>

函数添加（） { 如果（！empty（$this->data）） { $this->Employee->create（）；如果（$this->Employee->save（$this->data）） { $this->Session->setFlash（_u（'员工已保存'，true），'成功'）； $this->redirect（数组（'action'=>'index'））； } 其他的 { $this->Session->setFlash（_uu（'无法保存员工。请重试'，true），'错误'）； } } $states=$this->Employee->City->State->find（'list'，数组( 'order'=>数组（'name ASC'） )); $employeetypes=$this->Employee->Employeetype->find（'list'，数组( “条件”=>array（'Employeetype.id'=>'1'）， 'order'=>数组（'name ASC'） )); $departments=$this->Employee->Department->find（'list'，数组( 'order'=>数组（'name ASC'） )); $locations=$this->Employee->Location->find（'list'，数组( 'order'=>数组（'name ASC'） )); $this->set（压缩（'states'，'employeetypes'，'departments'，'locations'）； }
视图文件add.ctp具有以下代码：

<div class="employees form"> <?php echo $this->Form->create('Employee');?> <fieldset> <legend><?php __('New Employee'); ?></legend> <?php echo $this->element('employee_form'); ?> </fieldset> <?php echo $this->Form->end(__('Submit', true));?> </div>

元素“employee_form”的代码如下：

function add() { if( !empty($this->data) ) { $this->Employee->create(); if( $this->Employee->save($this->data) ) { $this->Session->setFlash(__('The employee has been saved', true), 'success'); $this->redirect(array('action' => 'index')); } else { $this->Session->setFlash(__('The employee could not be saved. Please, try again.', true), 'error'); } } $states = $this->Employee->City->State->find('list', array( 'order' => array('name ASC') )); $employeetypes = $this->Employee->Employeetype->find('list', array( 'conditions' => array('Employeetype.id <> ' => '1'), 'order' => array('name ASC') )); $departments = $this->Employee->Department->find('list', array( 'order' => array('name ASC') )); $locations = $this->Employee->Location->find('list', array( 'order' => array('name ASC') )); $this->set(compact('states', 'employeetypes', 'departments', 'locations')); }

<?php echo $this->Html->script('jquery.validate.min'); echo $this->Html->script('common'); echo $this->Html->script('jquery.typewatch'); ?> <script type="text/javascript"> $(document).ready(function(){ $("form").validate({ errorClass: "jqueryError", errorElement: 'label', debug: false, submitHandler: function(form) { $(':submit', form).attr('disabled', 'disabled').addClass('inactive'); form.submit(); } }); $('#EmployeeStateId').change(function() { if($('#EmployeeStateId').val() != "") { populateSelectBox('EmployeeCityId', 'get', '<?php echo $this->Html->url(array('controller' => 'cities', 'action' => 'getCities', 'admin' => false)); ?>', {stateId: $(this).val()}); } else { $('#EmployeeCityId').empty(); } }); $('#EmployeePrimaryemail').typeWatch(750, function(){ var $email = $('#EmployeePrimaryemail'); var $response = $('#response'); var $btnSubmit = $('submit'); var re = new RegExp("^([0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$"); if($email.val() != '' && re.test($email.val()) ) { $.ajax({ type: 'get', url: '<?php echo $this->Html->url(array('controller' => 'employees', 'action' => 'checkEmail', 'admin' => false)); ?>', data: { email: $email.val() }, dataType: 'text', success: function(data) { if(data == '1') { $response.attr('style', '') .attr('style', "color:red;") .html('Email already registered please enter a different email.'); $btnSubmit.attr('disabled',true); } else if(data == '0') { $response.attr('style', '') .attr('style', "color:green;") .html('Available'); $btnSubmit.attr('disabled',false); } else { $response.attr('style', '') .attr('style', "color:red;") .html('Error occured while attempting to connect with the server. Please try again after some time.'); $btnSubmit.attr('disabled',true); } }, beforeSend: function(){ $email.addClass('show_loading_in_right') }, complete: function(){ $email.removeClass('show_loading_in_right') } }); } else { $response.attr('style', '') .attr('style', "display:none;") .html(""); } }); }); </script> <?php echo $this->Form->input('firstname', array( 'label' => 'First Name', 'class' => 'required', 'between' => $this->Html->tag('span', '(Only letters and numbers, atleast 2 characters)', array('class' => 'description')) )); echo $this->Form->input('lastname', array( 'label' => 'Last Name', 'between' => $this->Html->tag('span', '(Atleast 3 characters)', array('class' => 'description')) )); echo $this->Form->input('primaryemail', array( 'label' => 'Primary Email', 'class' => 'required email', 'between' => $this->Html->tag('span', '(This will be your username)', array('class' => 'description')) )); echo $this->Html->div('', '', array( 'id' => 'response', 'style' => 'display:none' )); echo $this->Form->input('password', array( 'label' => 'Password', 'class' => 'required', 'between' => $this->Html->tag('span', '(Atleast 4 characters long)', array('class' => 'description')) )); echo $this->Form->input('retypePassword', array( 'label' => 'Retype Password', 'type' => 'password', 'equalto' => '#EmployeePassword', 'class' => 'required', 'secure' => false, 'between' => $this->Html->tag('span', '(Should be exactly same as password entered above)', array('class' => 'description')) )); echo $this->Form->input('secondaryemail', array( 'label' => 'Secondary Email', 'between' => $this->Html->tag('span', '(Enter your secondary email, if any)', array('class' => 'description')) )); echo $this->Form->input('state_id', array( 'type' => 'select', 'secure' => false, 'options' => $states, 'empty' => 'Select', 'label' => 'State', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your state)', array('class' => 'description')) )); echo $this->Form->input('city_id', array( 'label' => 'City', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your city)', array('class' => 'description')) )); echo $this->Form->input('address', array( 'label' => 'Residence Address', 'between' => $this->Html->tag('span', '(Enter your address)', array('class' => 'description')) )); echo $this->Form->input('pincode', array( 'label' => 'Pincode', 'between' => $this->Html->tag('span', '(Enter pincode)', array('class' => 'description')) )); echo $this->Form->input('residencephone', array( 'class' => 'required', 'label' => 'Residence Phone', 'between' => $this->Html->tag('span', '(Enter your phone number, if any)', array('class' => 'description')) )); echo $this->Form->input('mobilephone', array( 'label' => 'Mobile Phone', 'between' => $this->Html->tag('span', '(Enter your mobile number, if any)', array('class' => 'description')) )); echo $this->Form->input('location_id', array( 'label' => 'Location', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your work location)', array('class' => 'description')) )); echo $this->Form->input('employeetype_id', array( 'class' => 'required', 'label' => 'Your Profile', 'type' => 'select', 'options' => $employeetypes, 'between' => $this->Html->tag('span', '(Select your company profile or role)', array('class' => 'description')) )); echo $this->Form->input('officephone1', array( 'class' => 'required', 'label' => 'Office Phone 1', 'between' => $this->Html->tag('span', '(Enter your office\'s number 1, if any)', array('class' => 'description')) )); echo $this->Form->input('officephone2', array( 'label' => 'Office Phone 2', 'between' => $this->Html->tag('span', '(Enter your office\'s number 2, if any)', array('class' => 'description')) )); echo $this->Form->input('department_id', array( 'type' => 'select', 'options' => $departments, 'label' => 'Department', 'class' => 'required', 'between' => $this->Html->tag('span', '(Choose your department)', array('class' => 'description')) )); ?>

$（文档）.ready（函数（）{ $（“表格”）。验证({ errorClass:“jqueryError”， errorElement:'标签'，调试：错误， submitHandler:函数（表单）{ $（'：submit'，form）.attr（'disabled'，'disabled'）.addClass（'inactive'）；表单提交（）； } }); $（'#EmployeeStateId'）.change（function（）{ 如果（$（'#EmployeeStateId'）.val（）！=“”） { populateSelectBox（'EmployeeCityId'，'get'，''，{stateId:$（this.val（）}）； } 其他的 { $（'#EmployeeCityId'）.empty（）； } }); $（“#EmployeePrimaryemail”）.typeWatch（750，function（）{ var$email=$（'employeeprimaryeemail'）； var$response=$（“#response”）； var$btnSubmit=$（'submit'）； var re=new RegExp（“^（[0-9a-zA-Z]（[-.\\w]*[0-9a-zA-Z]）*@（[0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\）+[a-zA-Z]{2,9}）$”；如果（$email.val（）！=''&&re.test（$email.val（））） { $.ajax({ 键入：“get”， url:“”，数据：{ 电子邮件：$email.val（） }, 数据类型：“文本”，成功：功能（数据） { 如果（数据='1'） { $response.attr（'style'，''） .attr（'style'，'color:red；'）） .html（'已注册的电子邮件，请输入其他电子邮件'）； $btnSubmit.attr（'disabled'，true）； } else if（数据='0'） { $response.attr（'style'，''） .attr（'style'，'color:green；'）） .html（“可用”）； $btnSubmit.attr（'disabled'，false）； } 其他的 { $response.attr（'style'，''） .attr（'style'，'color:red；'）） .html（'尝试连接服务器时出错。请稍后再试'）； $btnSubmit.attr（'disabled'，true）； } }, beforeSend:function（）{ $email.addClass（'show_loading_in_right'） }, 完成：函数（）{ $email.removeClass（'show_loading_in_right'） } }); } 其他的 { $response.attr（'style'，''） .attr（'style'，'display:none；'）） .html（“”）； } }); });
有什么问题吗？我不想禁用控制器中的validatePost属性
非常感谢您的帮助。我使用的是cakephp的最新版本（1.3.3）

根据“动态更改POST请求中提交的字段（例如，通过JavaScript禁用、删除或创建新字段）可能会触发请求的黑洞”的说法，感谢您。我认为您的问题是由JavaScript造成的。尝试在不使用javascript的情况下创建表单，看看它是如何工作的。
是否使用FormHelper创建这些字段？仅供参考，SecurityComponent不关心这些字段是否是模型的一部分，只关心它们是否为原始格式。@deceze:是的，我正在使用FormHelper创建这些字段？提到了额外添加的字段，以给出问题的完整场景。您是否更改了提交的post请求？表单中是否有禁用的字段？您是否使用javascript更改任何表单字段？如果您发布您的安全组件配置，这将非常有用