Skip to content

Problem with SecurityComponent and fancy file control #123

New issue
New issue
Closed
#127
Closed
Problem with SecurityComponent and fancy file control#123
#127
Labels
bugconfirmedform-helper
@ypnos-web

Description

@ypnos-web
ypnos-web
opened on May 9, 2017

Hello,

With CakePHP 3.4.x I get the error:

Unexpected field 'filename-text' in POST data, Unexpected field 'filename.error' in POST data, Unexpected field 'filename.name' in POST data, Unexpected field 'filename.size' in POST data, Unexpected field 'filename.tmp_name' in POST data, Unexpected field 'filename.type' in POST data, Missing field 'filename' in POST data
Cake\Controller\Exception\AuthSecurityException

See https://book.cakephp.org/3.0/en/controllers/components/security.html#form-tampering-prevention

I did not have this problem with Cake 3.3.X. It also works as expected with useCustomFile set to false.

My form is very simple:

$formOptions = [
    'horizontal' => true,
    'type' => 'file',
    'url' => ['action' => 'create_attachment', $owner->id],
];

?>
<div class="well">
    <?= $this->Form->create($data, $formOptions) ?>

    <fieldset>
        <legend><?= __("Add new attachment") ?></legend>
        <?php
        echo $this->Form->control('filename', [
            'type' => 'file',
            'preview' => true,
            'label' => __('File'),
        ]);
        echo $this->Form->control('caption', [
            'label' => __('Caption'),
            'rows' => 3
        ]);
        ?>
    </fieldset>
    <?= $this->Form->submit('i:check '.__('Save')) ?>
    <?= $this->Form->end() ?>
</div>

The Entity ($data) is also very simple:

object(App\Model\Entity\File) {

	'for_model' => 'materials',
	'model_id' => (int) 17550,
	'[new]' => true,
	'[accessible]' => [
		'*' => false,
		'filename' => true,
		'type' => true,
		'size' => true,
		'caption' => true
	],
	'[dirty]' => [
		'for_model' => true,
		'model_id' => true
	],
	'[original]' => [],
	'[virtual]' => [],
	'[errors]' => [],
	'[invalid]' => [],
	'[repository]' => 'Files'

}

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugconfirmedform-helper

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions