Cakephp’s Security component is evry useful for protecting our applications from some Cross Site Request Forgery – amd stopping malicious users froma altering our forms fields and hidden values. If the fields or hidden values are changed after the rendering of the form, the request is blackHoled. The browser displays a blank page (the “white screen of oblivion?”).
All this is clearly documented in the book.
So, what’s the problem? A less known detail may save you some time. I had -as an example- this “Event” form with the option for the user to
1) select the Organization (main organizer) from an existing list;
2) add a new Organization and the needed details (and relate it to the submitted event on success).
(the same for the Place and other related models)
$this->Security->disabledFields = array(‘Event.organization_id’, ‘Organization.name’, ‘Organization.email’,[..]);
in my EventController’s beforeFilter method.
But the request was blackHoled, no matter what i did.
You might have already noticed the catch: the “ignored” fields are from different models -Event is the current controller’s Model, the others are related to Event.
Just moving the above line to AppController fixed the issue.
(Maybe adding the required models through EventController’s $uses property would work -I did not try, and its not optimal)
That’s all, if you get an unexpected Security component black hole, check the ingnored fields array first.