Are you by any chance using sfAdminThemejRollerPlugin? I recently
noticed a bug in the auto-generated templates for that jRoller admin
generator plugin. If you look in _list_batch_actions.php (in your
cache, under the module's templates folder), for the standard Symfony
admin generator, it creates the CSRF hidden field for the batch
actions form like this:
<?php $form = new BaseForm(); if ($form->isCSRFProtected()): ?>
<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?
>" value="<?php echo $form->getCSRFToken() ?>" />
<?php endif; ?>
However, in the jRoller admin generator, it does this:
<?php $form = new sfForm(); if ($form->isCSRFProtected()): ?>
<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?
>" value="<?php echo $form->getCSRFToken() ?>" />
<?php endif; ?>
The only difference is that jRoller creates an "sfForm" whereas the
Symfony admin generator creates a "BaseForm". If you override the
auto-generated template (copy it from the cache into your module's
templates folder) and change "sfForm" to "BaseForm" it gets rid of
that CSRF error.
I don't know why, but it works....
-david
On Feb 4, 5:52 am, HAUSa <[email protected]>
wrote:
> For some reason, I _always_ get a CSRF attack error message when I use
> the admin generator and want to execute a batch action. I can't fix it
> as well, I don't know where that error is coming from.
> Is there anyone who ran into the same problem or can help me?
--
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en.
