The request has been black-holed

Hi ,
I have CSRF Protection on in my project .
I am getting error : The request has been black-holed .
I do not want to bypass CSRF with : $this->Security->unlockedActions .
I do not have any clues , why some form are being black-holed .
Any help will be highly appreciated . Thanks in advance .

Hi siddharth,

please post your (view-)code; otherwise it’s hard to help :slight_smile:

regards,

hi dmuenstermann ,
Please check the below code . It is the view code .


  • <?php $this->Html->addCrumb('Tender List', array('controller' => 'adminls', 'action' => 'tenderlist')); $this->Html->addCrumb($legend, array('controller' => 'adminls', 'action' => 'tenderadd')); echo $this->Html->getCrumbs(' / ', array('text' => 'Dashboard', 'url' => array('controller' => 'adminls', 'action' => 'home'))); ?>

<?php echo $legend; ?>

<?php echo $this->Html->link('', 'javascript:void(0)', array('class' => 'btn btn-minimize btn-round', 'escape' => false)); ?>
    <span id="status_msg"><?php echo $this->Session->flash(); ?></span>
    <?php 
    //echo $this->Form->create('Tender', array('action' => 'tenderedit','type' => 'file', 'inputDefaults' => array('label' => false,'div' => false)));
    
    echo $this->Form->create('Tender', array('class' => 'form-horizontal', 'type' => 'file', 'inputDefaults' => array('label' => false,'div' => false))); 
    ?>
      <fieldset>
        <div class="control-group">
          <label class="control-label" for="TenderTypeId">Tender Type <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php if(isset($edit)) { echo $this->Form->input('userid', array('type' => 'hidden', 'class' => 'input-xlarge', 'value' => $this->data['Tender']['userid'])); } else { echo $this->Form->input('userid', array('type' => 'hidden', 'class' => 'input-xlarge', 'value' => $this->Session->read('usertype.adminID'))); } ?>
            <?php if(isset($edit)) { echo $this->Form->input('type_id', array('type' => 'select', 'options' => $SelectType, 'selected' => $this->data['Tender']['type_id'], 'class' => 'input-xlarge', 'empty' => ' ---- Select Tender Type ----')); } else { echo $this->Form->input('type_id', array('type' => 'select', 'options' => $SelectType, 'class' => 'input-xlarge', 'empty' => ' ---- Select Tender Type ----')); } ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderTypeId">Tender Category <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php if(isset($edit)) { echo $this->Form->input('cat_id', array('type' => 'select', 'options' => $SelectCat, 'selected' => $this->data['Tender']['cat_id'], 'class' => 'input-xlarge', 'empty' => ' ---- Select Tender Category ----')); } else { echo $this->Form->input('cat_id', array('type' => 'select', 'options' => $SelectCat, 'class' => 'input-xlarge', 'empty' => ' ---- Select Tender Category ----')); } ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderSbuId">Select SBU <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php if(isset($edit)) { echo $this->Form->input('sbu_id', array('type' => 'select', 'options' => $SelectSbu, 'selected' => $this->data['Tender']['sbu_id'], 'class' => 'input-xlarge', 'empty' => ' ---- Select SBU ----')); } else { echo $this->Form->input('sbu_id', array('type' => 'select', 'options' => $SelectSbu, 'class' => 'input-xlarge', 'empty' => ' ---- Select SBU ----')); } ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderAddressId">Select Address</label>
          <div class="controls">
            <?php if(isset($edit)) { echo $this->Form->input('address_id', array('type' => 'select', 'options' => $SelectAddress, 'selected' => $this->data['Tender']['address_id'], 'class' => 'input-xlarge', 'empty' => ' ---- Select Address ----')); } else { echo $this->Form->input('address_id', array('type' => 'select', 'class' => 'input-xlarge', 'empty' => ' ---- Select SBU ----')); } ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label">SBU Address</label>
          <div class="controls">
            <p class="help-block" id="sbu_location" style="margin-top:5px;"><?php if(isset($edit)) { echo $address; } else { echo "Select SBU"; } ?></p>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderTitle">Title <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('title', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderDescription">Description <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('description', array('type' => 'textarea', 'class' => 'input-xlarge', 'style' => 'resize:none')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderRefNo">Tender Reference Number <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('ref_no', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderAnnounceDate">Tender Announcement Date <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('announce_date', array('type' => 'text', 'class' => 'input-xlarge timepicker')); ?>
            <span class="help-inline">(Must be in YYYY-MM-DD HH:MM:SS)</span>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderTenderDate">Tender Date <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('tender_date', array('type' => 'text', 'class' => 'input-xlarge timepicker')); ?>
            <span class="help-inline">(Must be in YYYY-MM-DD HH:MM:SS)</span>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderDocDate">Last Date of Doc Collection <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('doc_date', array('type' => 'text', 'class' => 'input-xlarge timepicker')); ?>
            <span class="help-inline">(Must be in YYYY-MM-DD HH:MM:SS)</span>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderDueDate">Tender Due Date <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('due_date', array('type' => 'text', 'class' => 'input-xlarge timepicker')); ?>
            <span class="help-inline">(Must be in YYYY-MM-DD HH:MM:SS)</span>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderOpeningDate">Tender Opening Date <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('opening_date', array('type' => 'text', 'class' => 'input-xlarge timepicker')); ?>
            <span class="help-inline">(Must be in YYYY-MM-DD HH:MM:SS)</span>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderMeetDate">Pre Bid Meet Date</label>
          <div class="controls">
            <?php echo $this->Form->input('meet_date', array('type' => 'text', 'class' => 'input-xlarge timepicker')); ?>
            <span class="help-inline">(Must be in YYYY-MM-DD HH:MM:SS)</span>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderAreaId">Tender Area <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php if(isset($edit)) { echo $this->Form->input('area_id', array('type' => 'select', 'options' => $SelectArea, 'selected' => $this->data['Tender']['area_id'], 'class' => 'input-xlarge', 'empty' => ' ---- Select Tender Area ----')); } else { echo $this->Form->input('area_id', array('type' => 'select', 'options' => $SelectArea, 'class' => 'input-xlarge', 'empty' => ' ---- Select Tender Area ----')); } ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderSubArea">Tender Sub Area</label>
          <div class="controls">
            <?php echo $this->Form->input('sub_area', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderCity">Originating City</label>
          <div class="controls">
            <?php echo $this->Form->input('city', array('type' => 'text',  'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderSector">Sector</label>
          <div class="controls">
            <?php echo $this->Form->input('sector', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderCost">Tender Cost</label>
          <div class="controls">
            <?php echo $this->Form->input('cost', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderEmd">EMD</label>
          <div class="controls">
            <?php echo $this->Form->input('emd', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderDocument">Tender Document <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('document.', array('type' => 'file', 'multiple')); ?>
          </div>
        </div>
        <?php if(isset($edit)) { ?>
        <div class="control-group">
          <label class="control-label">Files</label>
          <div class="controls">
            <p class="help-block" id="sbu_location" style="margin-top:5px;">
            <?php
            if(!empty($this->data['Tender']['document']))
            {
                $explode_doc = explode("{{_}}", $this->data['Tender']['document']);
                
                foreach($explode_doc as $doc){
                    if(!empty($doc) && file_exists(WWW_ROOT."files/uploads/".$doc)) {
                        echo $this->Html->link('View Document', '/files/uploads/'.$doc, array('target' => '_blank'));
                        ?>
                        <span class="add-on"><?php echo $this->Html->link('<i class="icon-trash"></i>', array('action' => 'docdelete', $this->data['Tender']['id'], $doc), array('escape' => false), "Are you sure want to delete this document"); ?></span>
                        <div class="clear"></div>
                        <?php
                    }
                }
            }
            ?>
            </p>
          </div>
        </div>
        <?php } ?>
        <div class="control-group">
          <label class="control-label" for="TenderName">Contact Name <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('name', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderDesignation">Designation <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('designation', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderPhone">Contact Phone <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('phone', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderFax">Contact Fax <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('fax', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderEmail">Contact Email <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('email', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderAddress1">Address Line 1 <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('address1', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderAddress2">Address Line 2</label>
          <div class="controls">
            <?php echo $this->Form->input('address2', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderContactCity">City <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('contact_city', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderState">State <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php if(isset($edit)) { echo $this->Form->input('state', array('type' => 'select', 'options' => $SelectState, 'selected' => $this->data['Tender']['state'], 'class' => 'input-xlarge', 'empty' => ' ---- Select State ----')); } else { echo $this->Form->input('state', array('type' => 'select', 'options' => $SelectState, 'class' => 'input-xlarge', 'empty' => ' ---- Select State ----')); } ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderCountry">Country <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('country', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="control-group">
          <label class="control-label" for="TenderZip">Post Code <span style="color:#F00">*</span></label>
          <div class="controls">
            <?php echo $this->Form->input('zip', array('type' => 'text', 'class' => 'input-xlarge')); ?>
          </div>
        </div>
        <div class="form-actions">
          <?php echo $this->Form->button('Save', array('class' => 'btn btn-primary', 'id' => 'btn_submit')); ?>
          <?php echo $this->Html->link($this->Form->button('Cancel', array('type' => 'button', 'class' => 'btn')), array('action' => 'tenderlist'), array('escape' => false)); ?>
        </div>
      </fieldset>
    <?php echo $this->Form->end(); ?>
    <div class="clearfix"></div>
  </div>
</div>

I believe this line

<?php if(isset($edit)) { echo $this->Form->input('userid', array('type' => 'hidden', 'class' => 'input-xlarge', 'value' => $this->data['Tender']['userid'])); } else { echo $this->Form->input('userid', array('type' => 'hidden', 'class' => 'input-xlarge', 'value' => $this->Session->read('usertype.adminID'))); } ?>

is the reaseon for your error. Could you try to move that content to your controller?

Thanks for the reply …
I put a static value in the input box you mentioned for testing .
i.e.
echo $this->Form->input(‘userid’, array(‘type’ => ‘hidden’, ‘class’ => ‘input-xlarge’, ‘value’ =>‘52’));

But it did not work …

I’m wondering why you set the form-type to “file”

echo $this->Form->create(‘Tender’, array(‘class’ => ‘form-horizontal’, ‘type’ => ‘file’, ‘inputDefaults’ => array(‘label’ => false,‘div’ => false)));

is this for a specific reason? Why not simply leaving it out (defaulting to post afaik)?

Just a question :wink:
Not sure if this has something to do with the “black hole”…

Also: does the error happen when you call the page or when you submit the form?

hi …
Actually there is file uploading from this form … so i had to set the type => file as for cakephp guidelines .
Still I have removed the type => file property … still has the same problem …

Secondly, the error happens at the time of form - submission .
If I pass the this function name in : $this->Security->unlockedActions , Then there is no error and it is working fine but in that case the form is vulnerable to CSRF attack .
So i had to OFF : $this->Security->unlockedActions
Surprisingly , the request does not reach the controller . So there must be something in the view !!!

1 Like