Hi Fabien, The output of the version that I have installed on my server from the symfony CLI: symfony version 1.1.0-BETA2 (/var/www/vhosts/example.org/sf_core/ lib)
I installed the framework via SVN from this location: http://svn.symfony-project.com/tags/RELEASE_1_1_0_BETA2 I made some modifications to the view but haven't touched any Form classes. In the view I only altered the wrapping HTML and not the rendering of the forms. To be completele sure I tested by creating another module with a new model definition. I generated the model, generated the module, generated the crud actions all from the symfony CLI. When I try to add content via the web interface generated I still have the problems with the csfr token is required. It occurs on both the development and production environment. Would you like me to email the generated code? Thanks for your help and a great framework, Marijn On Apr 10, 3:28 pm, Fabien POTENCIER <[EMAIL PROTECTED] project.com> wrote: > Do you use the 1.1 beta 2 or /branches/1.1? > > Do you use the code generated by the generate-crud CLI or have you > modified something? > > It will easier to help you out if you can post the generated code as > I've just tested the generate-crud on a brand new project and it works > for me. > > Thanks, > Fabien > > Marijn wrote: > > Hi everybody, > > > pretty indecent of me to bump my thread but I'm really in need of a > > solution :-( > > > For the sake of clarity: > > - have installed the latest symfony 1.1 beta > > - created my model > > - generated crud actions with the symfony CLI > > - set the csfr_secret value in settings.yml > all > .settings > > - cleared the cache a 1000 times > > - assured that my view renders a hidden csfr_token input field (which > > only has a name and an ID, not a value) > > - still get an error message the a csfr token is required > > > Any thoughts? Help is very much appreciated :-) > > > Marijn > > > On Apr 9, 2:07 am, Marijn <[EMAIL PROTECTED]> wrote: > >> Thanks Dustin, > > >> I didn't make myself clear enough. I don't want to use a hash sign in > >> the value. The problem is that even with the csfr_secret value defined > >> in my settings.yml my forms still don't work. If I try to add > >> something to my database with the crud actions that were generated by > >> symfony I still get the csfr required error. > > >> Do you have any thoughts on that? > > >> Thanks, > > >> Marijn > > >> On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]> > >> wrote: > > >>> Marijn, > >>> In symfony yaml files #app_my_setting# will be replace with the equivalent > >>> of sfConfig::get('app_my_setting'). If you want to use # as a value, wrap > >>> it > >>> in single quotes. csrf_secret: 'my_crazy_#_value'. > >>> - Dustin > >>> On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote: > >>>> On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > >>>>> in yml # symbol is used to comment text .... :) > >>>> Yeah, I love that symbol :-D > >>>> I just wasn't sure if it's meaning were the same if it came in two > >>>> pairs wrapped around a ##value## > >>>> Unfortunately that means the problem isn't solved yet... The code > >>>> generated by your example is the following: > >>>> <input type="hidden" name="$module_name$[_csrf_token]" id="$module_name > >>>> $__csrf_token" /> > >>>> Any thoughts..? Thanks, > >>>> Marijn > >>>>> csrf_secret: my super token > >>>>> Thomas > >>>>> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote: > >>>>>> Hi Thomas, > >>>>>> Thanks for your quick reply. > >>>>>> in my view there was the following line of code for my csrf_token: > >>>>>> <?php echo $form['_csrf_token'] ?> > >>>>>> If I use that or the code you gave me the hidden input tag is created > >>>>>> but it has no value assigned to it. > >>>>>> Should the scfr_secret value in my config be wrapped in hash signs or > >>>>>> can I just use some arbitrary string..? > >>>>>> Thanks, > >>>>>> Marijn > >>>>>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > >>>>>> > I am not 100% sure about that but you sould add a csrf secret in > >>>>>> your > >>>>>> > settings.yml > >>>>>> > all: > >>>>>> > .settings: > >>>>>> > # Form security secret (CSRF protection) > >>>>>> > csrf_secret: ##CSRF_SECRET## # Unique secret to enable > >>>>>> > CSRF protection or false to disable > >>>>>> > In the view, check that field csrf is present, if not add > >>>>>> > <?= $form[$form->getCSRFFieldName()]->render() ?> > >>>>>> > Thomas > >>>>>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]> > >>>>>>> wrote: > >>>>>> > > Hi everybody, > >>>>>> > > I am having trouble finding documentation about csrf support in > >>>>>> > > symfony 1.1. When I generate crud actions for a Model and try to > >>>>>> > > populate it with data by using the create web interface it says > >>>>>> that > >>>>>> > > csrf_token is required. > >>>>>> > > Anybody here who knows this problem or who can tell me what I am > >>>>>> doing > >>>>>> > > wrong? I haven't changed a thing after generating the crud > >>>>>> actions. > >>>>>> > > Thanks, > >>>>>> > > Marijn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
