function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Issues with Authorization Required page when validation rule fires and inputfile is used

We have a public site that mimics the web2lead functionality but also includes the ability to upload a file (using inputFile). If a small file is attached and a validation error occurs, the page correctly displays the error messages and stops the processing. However, if a large ( > 1MB ) file is attached, when the Submit button is pressed, the system appears to be actually uploading the file before the validation errors occur. When this happens, the default sites Authorization Required page is displayed instead of the form. This is 100% reproducible. I've included the custom controller below. Any suggestions?

The site form is actually inside an iframe -- but I can reproduce the error by just bringing up the site page directly as well.


public class QprizeFormControllerExtension
Purpose: This class is the controller for the VF page QprizeForm
public Lead NewLead {get; set;}
public Blob Businessfile {get; set;}
public String ContentType {get; set;}
public String FileName {get; set;}
public Integer Filesize {get; set;}
public boolean ValidationError{get; set;}

public QprizeFormControllerExtension()
NewLead = new Lead();

public pagereference SaveLeadnUploadFile()
ValidationError = false;
if(Businessfile == null || NewLead.Phone==null || NewLead.Competition_Rules_Regulations_Read__c == false || NewLead.General_Requirements_Read__c == false || NewLead.Company == '' || NewLead.CompanyLocation__c == null || NewLead.Street=='' || NewLead.City =='' || NewLead.PostalCode == null || NewLead.Company_Country__c == '' || NewLead.YearFounded__c == '' || NewLead.NumberOfEmployees == 0 || NewLead.BusinessSector__c == null || NewLead.Firstname == '' || NewLead.Lastname == '' || NewLead.Title =='' || NewLead.Email =='' || NewLead.BusinessDescription__c =='')
Businessfile = null;
ValidationError = true;
return null;
NewLead.LeadSource = 'Q-Prize 2009';

// Select the Active Lead Assignment Rule. There can only be 1 active rule
string id =[Select Name, Id From AssignmentRule where Active=true].id;
database.DMLOptions dmo = new database.DMLOptions();
dmo.AssignmentRuleHeader.useDefaultRule= false;
dmo.EmailHeader.triggerUserEmail = true;
dmo.EmailHeader.triggerAutoResponseEmail = true;

insert NewLead;
System.debug('--Lead is created with ID: '+ Newlead.Id);

System.debug('****Businessfile '+ Businessfile);
if (Businessfile != null)
Attachment attach = new Attachment();
attach.Body = Businessfile;
attach.Name = FileName;
attach.ContentType = ContentType;
attach.ParentId =;
System.debug('--Attachment is created with ID: '+ attach.Id);

} catch(System.DMLException e)
return null;

PageReference ConfirmationPage = new PageReference('');

return ConfirmationPage;

//-------------------------Test Methods-------------------------------------------
public static testmethod void TestQprizecontroller()
Lead TestNewLead = new Lead();
TestNewLead.General_Requirements_Read__c = true;
TestNewLead.LeadSource = 'Q-Prize 2009'; = ''; = 'Qualcomm';
TestNewLead.Competition_Rules_Regulations_Read__c = true;
TestNewLead.General_Requirements_Read__c = true;
TestNewLead.Company = 'Qualcomm';
TestNewLead.CompanyLocation__c = 'San Diego';
TestNewLead.Street='Scranton Rd';
TestNewLead.City ='SD';
TestNewLead.PostalCode = '92121';
TestNewLead.Company_Country__c = 'USA';
TestNewLead.YearFounded__c = '1980';
TestNewLead.NumberOfEmployees = 9000;
TestNewLead.BusinessSector__c = 'Telecom';
TestNewLead.Firstname = 'Bob';
TestNewLead.Lastname = 'Smith';
TestNewLead.Title ='Mr';
testNewlead.Phone = '858-555-5555';
TestNewLead.Email ='';
TestNewLead.BusinessDescription__c ='Test Desc';

QprizeFormControllerExtension Controller = new QprizeFormControllerExtension();
Blob NewFile = [Select body from Attachment limit 1].Body;
Controller.Businessfile = NewFile;
System.debug('****Controller.Businessfile '+ Controller.Businessfile);
Controller.FileName= 'TestFilename';
Controller.ContentType = 'ppt';
Controller.NewLead = TestNewLead;
PageReference SaveMethod = Controller.SaveLeadnUploadFile();





public sites displays authorization page when an exception happens. Can you try the same form when you are logged in to your salesforce org and send us the the error you will get? That'll be helpful for us to identify the issue


Here you go.


Maximum view state size limit (128K) exceeded. Actual viewstate size for this page was 140.453K


Please take a look at this Visualforce post.  

It says "You need to clear out doc.body (e.g. add in doc.body = null; at the end of doAttach()) 

to insure that the blob is not included automatically in the serialized image of 

the standard controller."


We have made a few changes to the controller that has allowed us to avoid most of the errors, but not all. We also changed the blob to a Transient Blob, and that seems to have helped somewhat.


We're still struggling with having standard validation rules or data type issues (entering an alpha character in a numeric field) that cause issues when combined with the the inputFile controller and a somewhat large attachment. We have disabled our internal validation rules for now and added some basic validation code directly in the controller.


I've moved this post from the sites board to here as it appears to not be sites-specific.


Mark, can you add your page or a snippet thereof that exhibits the problem you are still having and confirm what you mean by standard validation rules? It sounds like you mean data type validation but then you mention that you disabled them which implies custom (formula) validations.