Error Storing Data From Textarea

aruims · October 17, 2012, 9:32pm

Hi,

I got a form with several fields and a TextArea.

When I send a form with html content in the TextArea, for perform an action (update or create), the system shows an Forbidden 403 page.

Of course, i got all the access rules well configurated, I have verified this first.

If I send plain text from the same textarea, the action is succesfull.

I have done several test with and without ajax validation. With and without "multipart form data" property in the form.

Even I has cleared all the code in the create or update action.

There are only two test that have worked well:

Delete the TextArea
Send Plain Text.

I think this could be an Json issue or an mod_security restriction in the server side.

Can someone help me?

Thanks.

UPDATE INFORMATION

This is the POST DATA that the form is sending.

POST DATA

-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[titular ]"\r\n\r\nThis tex area works\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[subtitular]"\r\n\r\nThis works too\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[fecha]"\r\n\r\n2012-10-01\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[imagen]"\r\n\r\n\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[imagen]"; filename=""\r\nContent-Type: application/octet-stream\r\n\r\n\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[imagen_hidden]"\r\n\r\nn1349178333.jpg\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[pie]"\r\n\r\nWorks!\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="Noticias[cuerpo]"\r\n\r\n<p>This textarea fails</p>\r\n-----------------------------128321039315762\r\n

Content-Disposition: form-data; name="yt0"\r\n\r\nActualizar\r\n-----------------------------128321039315762–\r\n

I noticed that the data, are not received in the action of the controller, I think that the post data is corrupted in the sending process.

Could be related to some element of the assets folder? Sometimes i have got problems with these folders (chmod, chown, etc)

Keith · October 18, 2012, 7:56am

Is this being submitted using a standard page request?

Is the behavior being exhibited in every browser?

Multipart form data is only necessary if you’re uploading a file, it should have no influence on HTML content. Either the data that’s being sent isn’t being properly encoded (my suspicion), or you have some sort of security system that’s preventing HTML tags in any request.

EDIT:

Looking into it a little further, I suspect that the ‘<’ and ‘>’ characters are not valid and should be URL encoded.

aruims · October 18, 2012, 2:45pm

Thanks a lot.

Keith · October 18, 2012, 2:48pm

If you have a link to the page that exhibits the problem, I’ll see if I can spot any obvious issues.

aruims · October 18, 2012, 9:10pm

Unfortunatelly I can’t, but I think you got the reason.

I’ve tried to convert the code in the beforeSave() method, but this method is not being calling after the send event.

I wonder if it’s possible to call an action before sending the form (when i click the sending button).

Thanks again.

aruims · October 19, 2012, 9:23am

I Close the thread because I has found the problem. mod_security is active and doesn’t permit send html code in the querys. Now I need to study the log error and I’ll activate the necessary exceptions.

Thanks friend