Marjin, I used the sfFrom class before the introduction of the secret in the settings.yml, And to make thing works fine I have to use this bit of code :
Note : I have only used propel form generated by the command line abstract class BaseFormPropel extends sfFormPropel { public function setup() { sfForm::enableCSRFProtection(); $this->addCSRFProtection('my secret'); } } I get a valid csrf token value, and a correct token validation Thomas On Thu, Apr 10, 2008 at 4:32 PM, Marijn <[EMAIL PROTECTED]> wrote: > > Hi Fabien, > > The output of the version that I have installed on my server from the > symfony CLI: > symfony version 1.1.0-BETA2 (/var/www/vhosts/example.org/sf_core/ > lib) > > I installed the framework via SVN from this location: > http://svn.symfony-project.com/tags/RELEASE_1_1_0_BETA2 > > I made some modifications to the view but haven't touched any Form > classes. In the view I only altered the wrapping HTML and not the > rendering of the forms. To be completele sure I tested by creating > another module with a new model definition. I generated the model, > generated the module, generated the crud actions all from the symfony > CLI. When I try to add content via the web interface generated I still > have the problems with the csfr token is required. It occurs on both > the development and production environment. > > Would you like me to email the generated code? > > Thanks for your help and a great framework, > > Marijn > > > On Apr 10, 3:28 pm, Fabien POTENCIER <[EMAIL PROTECTED] > > > project.com> wrote: > > Do you use the 1.1 beta 2 or /branches/1.1? > > > > Do you use the code generated by the generate-crud CLI or have you > > modified something? > > > > It will easier to help you out if you can post the generated code as > > I've just tested the generate-crud on a brand new project and it works > > for me. > > > > Thanks, > > Fabien > > > > Marijn wrote: > > > Hi everybody, > > > > > pretty indecent of me to bump my thread but I'm really in need of a > > > solution :-( > > > > > For the sake of clarity: > > > - have installed the latest symfony 1.1 beta > > > - created my model > > > - generated crud actions with the symfony CLI > > > - set the csfr_secret value in settings.yml > all > .settings > > > - cleared the cache a 1000 times > > > - assured that my view renders a hidden csfr_token input field (which > > > only has a name and an ID, not a value) > > > - still get an error message the a csfr token is required > > > > > Any thoughts? Help is very much appreciated :-) > > > > > Marijn > > > > > On Apr 9, 2:07 am, Marijn <[EMAIL PROTECTED]> wrote: > > >> Thanks Dustin, > > > > >> I didn't make myself clear enough. I don't want to use a hash sign in > > >> the value. The problem is that even with the csfr_secret value defined > > >> in my settings.yml my forms still don't work. If I try to add > > >> something to my database with the crud actions that were generated by > > >> symfony I still get the csfr required error. > > > > >> Do you have any thoughts on that? > > > > >> Thanks, > > > > >> Marijn > > > > >> On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]> > > >> wrote: > > > > >>> Marijn, > > >>> In symfony yaml files #app_my_setting# will be replace with the > equivalent > > >>> of sfConfig::get('app_my_setting'). If you want to use # as a value, > wrap it > > >>> in single quotes. csrf_secret: 'my_crazy_#_value'. > > >>> - Dustin > > >>> On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote: > > >>>> On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > > >>>>> in yml # symbol is used to comment text .... :) > > >>>> Yeah, I love that symbol :-D > > >>>> I just wasn't sure if it's meaning were the same if it came in two > > >>>> pairs wrapped around a ##value## > > >>>> Unfortunately that means the problem isn't solved yet... The code > > >>>> generated by your example is the following: > > >>>> <input type="hidden" name="$module_name$[_csrf_token]" > id="$module_name > > >>>> $__csrf_token" /> > > >>>> Any thoughts..? Thanks, > > >>>> Marijn > > >>>>> csrf_secret: my super token > > >>>>> Thomas > > >>>>> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote: > > >>>>>> Hi Thomas, > > >>>>>> Thanks for your quick reply. > > >>>>>> in my view there was the following line of code for my csrf_token: > > >>>>>> <?php echo $form['_csrf_token'] ?> > > >>>>>> If I use that or the code you gave me the hidden input tag is > created > > >>>>>> but it has no value assigned to it. > > >>>>>> Should the scfr_secret value in my config be wrapped in hash signs > or > > >>>>>> can I just use some arbitrary string..? > > >>>>>> Thanks, > > >>>>>> Marijn > > >>>>>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > > >>>>>> > I am not 100% sure about that but you sould add a csrf secret > in your > > >>>>>> > settings.yml > > >>>>>> > all: > > >>>>>> > .settings: > > >>>>>> > # Form security secret (CSRF protection) > > >>>>>> > csrf_secret: ##CSRF_SECRET## # Unique secret to > enable > > >>>>>> > CSRF protection or false to disable > > >>>>>> > In the view, check that field csrf is present, if not add > > >>>>>> > <?= $form[$form->getCSRFFieldName()]->render() ?> > > >>>>>> > Thomas > > >>>>>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]> > > >>>>>>> wrote: > > >>>>>> > > Hi everybody, > > >>>>>> > > I am having trouble finding documentation about csrf support > in > > >>>>>> > > symfony 1.1. When I generate crud actions for a Model and try > to > > >>>>>> > > populate it with data by using the create web interface it > says that > > >>>>>> > > csrf_token is required. > > >>>>>> > > Anybody here who knows this problem or who can tell me what I > am doing > > >>>>>> > > wrong? I haven't changed a thing after generating the crud > actions. > > >>>>>> > > Thanks, > > >>>>>> > > Marijn > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---