The problem started when i used Auth component in my current CakePHP project. Everything seemed working fine until i created an html form, submitted it and tried to retrieve this form’s data in controller action. I tried to print $this->data in controller action but it showed nothing and ended on a blank white page (which is called “blackHole” in Security component’s language). After trying hard enough and googleing a lot over the issue, i found that my in-complete knowledge about the Security component had been the real source of entire pain. Here’s how it came:
Normally, this is what happens when Security component is in use.
Having Security component in use when you use $form->create(), it places a security Token in a hidden form field near the <form> tag. Now when the form is submitted, while loading the Security component class, its (Security component’s) “startup” method tries to validate the POST request. This happens well before reaching the actual controller action to which form is posted. In case of incorrect Token or non existence of this Token field the process would die without showing any error message (known as “blackHole”). In my case, for some reason i had been placing a custom <form> tag and had not been building it with the help of $from->create() method so no Token there, and this is where the entire problems started.
As the Security validation process (for submitted data) happens within start up function of Security component and is called when dispatcher loads controller and corresponding components, it proved to be a real hair-puller to be traced.
So, it was right time to learn some good things about Security component and here is the simple fix which would have saved me of all sufferings so far:
$this->Security->validatePost = false;
I placed above line of code in my controller’s beforeFilter function and i was no more a worried man. Fyi, setting “$this->Security->validatePost” equal to “false” would skip the Security check altogether. Otherwise, use the $form->create() to build your form tag.
After looking at the Security component later i get an idea that there is a “blackHole” method in Security component which is called in case of Security check failure. If you define $this->Security->blackHoleCallback property the “blackHole” method would further call this callback function(in which you could set error message or redirects etc.) otherwise you get into the “black hole” (there is second argument to blackHole function but that too was failing i.e. returning null). In my case i had defined neither $this->Security->validatePost nor $this->Security->blackHoleCallback so it kept me in real Black Hole for considerable amount of time :)