Wednesday, October 13, 2010

_csrf_token [CSRF attack detected.] error using sfAdminThemejRollerPlugin

If you try to do a batch delete with the Choose an option form, you can get a CSRF attack detection error using the sfAdminThemejRollerPlugin 0.2.0beta plugin.


Solution:
  1.  Edit plugins/sfAdminThemejRollerPlugin/data/generator/sfDoctrineModule/jroller/template/templates/_list_batch_actions.php and change line 9 from:

    [?php $form = new sfForm(); if ($form->isCSRFProtected()): ?]

    to:

    [?php $form = new BaseForm(); if ($form->isCSRFProtected()): ?]
  2. Edit plugins/sfAdminThemejRollerPlugin/data/generator/sfDoctrineModule/jroller/parts/batchAction.php and change line 29 from:

    $validator = new sfValidatorDoctrineChoice(array('model' => '<?php echo $this->getModelClass() ?>'));

    to:

    $validator = new sfValidatorDoctrineChoice(array('multiple' => true, 'model' => '<?php echo $this->getModelClass() ?>'));
  3. Type symfony cc to clear the cache.
Posted by Laszlo Dobos at 4:56 AM
Labels: , ,

3 comments:

  1. Stephan ErdmannDecember 21, 2010 at 1:03 AM

    Thanks for the post. The second part isn't shown properly because of some escaping. It must be

    $validator = new sfValidatorDoctrineChoice(array('multiple' => true, 'model' => '<?php echo $this->getModelClass() ?>'));

    ReplyDelete
  2. Laszlo DobosDecember 24, 2010 at 7:37 AM

    Indeed, thank you! :)

    ReplyDelete
  3. AnonymousJanuary 14, 2011 at 2:37 PM

    Awesome. This was a big help. Thanks!

    ReplyDelete

Subscribe to: Post Comments (Atom)