Quickie: SecurityComponent, Ajax and input.disabled

Don’t mess wit teh formz.
I thought it’s cool to disable a field simply by using the disabled Element property. Being distracted by other parts in the app i just applied it and left it alone – “How can this be bad, right?”. After some more time i did test the form again and found myself being blackholed all of a sudden – whaaa? – Took me some time to find out what the problem was (grrr).
Here’s the reason
If you disable a field using Javascript, the field name and its value never reaches the server. This of course invalidates the Security Token and thus leads to a blackhole.
I must admit that this was kinda stupid but that’s how things can go after some hours in CakePHP-land. :-)
Some “validation scripts” also apply disable. So look out for that too. Just don’t mess around with the fields (..much), and avoid prefilled values using array('value' => 'bla') if plan to change the value with Javascript. A good workaround to that is to set the “initial value” on page load using Javascript. SecurityComponent and Ajax then shouldn’t be a problem at all.