Error Storing Data From Textarea


I got a form with several fields and a TextArea.

When I send a form with html content in the TextArea, for perform an action (update or create), the system shows an Forbidden 403 page.

Of course, i got all the access rules well configurated, I have verified this first.

If I send plain text from the same textarea, the action is succesfull.

I have done several test with and without ajax validation. With and without "multipart form data" property in the form.

Even I has cleared all the code in the create or update action.

There are only two test that have worked well:

  1. Delete the TextArea :wink:

  2. Send Plain Text.

I think this could be an Json issue or an mod_security restriction in the server side.

Can someone help me?



This is the POST DATA that the form is sending.



Content-Disposition: form-data; name="Noticias[titular ]"\r\n\r\nThis tex area works\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[subtitular]"\r\n\r\nThis works too\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[fecha]"\r\n\r\n2012-10-01\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[imagen]"\r\n\r\n\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[imagen]"; filename=""\r\nContent-Type: application/octet-stream\r\n\r\n\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[imagen_hidden]"\r\n\r\nn1349178333.jpg\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[pie]"\r\n\r\nWorks!\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[cuerpo]"\r\n\r\n<p>This textarea fails</p>\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="yt0"\r\n\r\nActualizar\r\n-----------------------------128321039315762–\r\n

I noticed that the data, are not received in the action of the controller, I think that the post data is corrupted in the sending process.

Could be related to some element of the assets folder? Sometimes i have got problems with these folders (chmod, chown, etc)

Is this being submitted using a standard page request?

Is the behavior being exhibited in every browser?

Multipart form data is only necessary if you’re uploading a file, it should have no influence on HTML content. Either the data that’s being sent isn’t being properly encoded (my suspicion), or you have some sort of security system that’s preventing HTML tags in any request.


Looking into it a little further, I suspect that the ‘<’ and ‘>’ characters are not valid and should be URL encoded.

Thanks a lot. ;)

If you have a link to the page that exhibits the problem, I’ll see if I can spot any obvious issues.

Unfortunatelly I can’t, but I think you got the reason.

I’ve tried to convert the code in the beforeSave() method, but this method is not being calling after the send event.

I wonder if it’s possible to call an action before sending the form (when i click the sending button).

Thanks again.

I Close the thread because I has found the problem. mod_security is active and doesn’t permit send html code in the querys. Now I need to study the log error and I’ll activate the necessary exceptions.

Thanks friend :wink: