Marjin,
I used the sfFrom class before the introduction of the secret in the
settings.yml, And to make thing works fine I have to use this bit of
code :
Note : I have only used propel form generated by the command line
abstract class BaseFormPropel extends sfFormPropel
{
public function setup()
{
sfForm::enableCSRFProtection();
$this->addCSRFProtection('my secret');
}
}
I get a valid csrf token value, and a correct token validation
Thomas
On Thu, Apr 10, 2008 at 4:32 PM, Marijn <[EMAIL PROTECTED]> wrote:
>
> Hi Fabien,
>
> The output of the version that I have installed on my server from the
> symfony CLI:
> symfony version 1.1.0-BETA2 (/var/www/vhosts/example.org/sf_core/
> lib)
>
> I installed the framework via SVN from this location:
> http://svn.symfony-project.com/tags/RELEASE_1_1_0_BETA2
>
> I made some modifications to the view but haven't touched any Form
> classes. In the view I only altered the wrapping HTML and not the
> rendering of the forms. To be completele sure I tested by creating
> another module with a new model definition. I generated the model,
> generated the module, generated the crud actions all from the symfony
> CLI. When I try to add content via the web interface generated I still
> have the problems with the csfr token is required. It occurs on both
> the development and production environment.
>
> Would you like me to email the generated code?
>
> Thanks for your help and a great framework,
>
> Marijn
>
>
> On Apr 10, 3:28 pm, Fabien POTENCIER <[EMAIL PROTECTED]
>
>
> project.com> wrote:
> > Do you use the 1.1 beta 2 or /branches/1.1?
> >
> > Do you use the code generated by the generate-crud CLI or have you
> > modified something?
> >
> > It will easier to help you out if you can post the generated code as
> > I've just tested the generate-crud on a brand new project and it works
> > for me.
> >
> > Thanks,
> > Fabien
> >
> > Marijn wrote:
> > > Hi everybody,
> >
> > > pretty indecent of me to bump my thread but I'm really in need of a
> > > solution :-(
> >
> > > For the sake of clarity:
> > > - have installed the latest symfony 1.1 beta
> > > - created my model
> > > - generated crud actions with the symfony CLI
> > > - set the csfr_secret value in settings.yml > all > .settings
> > > - cleared the cache a 1000 times
> > > - assured that my view renders a hidden csfr_token input field (which
> > > only has a name and an ID, not a value)
> > > - still get an error message the a csfr token is required
> >
> > > Any thoughts? Help is very much appreciated :-)
> >
> > > Marijn
> >
> > > On Apr 9, 2:07 am, Marijn <[EMAIL PROTECTED]> wrote:
> > >> Thanks Dustin,
> >
> > >> I didn't make myself clear enough. I don't want to use a hash sign in
> > >> the value. The problem is that even with the csfr_secret value defined
> > >> in my settings.yml my forms still don't work. If I try to add
> > >> something to my database with the crud actions that were generated by
> > >> symfony I still get the csfr required error.
> >
> > >> Do you have any thoughts on that?
> >
> > >> Thanks,
> >
> > >> Marijn
> >
> > >> On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]>
> > >> wrote:
> >
> > >>> Marijn,
> > >>> In symfony yaml files #app_my_setting# will be replace with the
> equivalent
> > >>> of sfConfig::get('app_my_setting'). If you want to use # as a value,
> wrap it
> > >>> in single quotes. csrf_secret: 'my_crazy_#_value'.
> > >>> - Dustin
> > >>> On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote:
> > >>>> On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> > >>>>> in yml # symbol is used to comment text .... :)
> > >>>> Yeah, I love that symbol :-D
> > >>>> I just wasn't sure if it's meaning were the same if it came in two
> > >>>> pairs wrapped around a ##value##
> > >>>> Unfortunately that means the problem isn't solved yet... The code
> > >>>> generated by your example is the following:
> > >>>> <input type="hidden" name="$module_name$[_csrf_token]"
> id="$module_name
> > >>>> $__csrf_token" />
> > >>>> Any thoughts..? Thanks,
> > >>>> Marijn
> > >>>>> csrf_secret: my super token
> > >>>>> Thomas
> > >>>>> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote:
> > >>>>>> Hi Thomas,
> > >>>>>> Thanks for your quick reply.
> > >>>>>> in my view there was the following line of code for my csrf_token:
> > >>>>>> <?php echo $form['_csrf_token'] ?>
> > >>>>>> If I use that or the code you gave me the hidden input tag is
> created
> > >>>>>> but it has no value assigned to it.
> > >>>>>> Should the scfr_secret value in my config be wrapped in hash signs
> or
> > >>>>>> can I just use some arbitrary string..?
> > >>>>>> Thanks,
> > >>>>>> Marijn
> > >>>>>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> > >>>>>> > I am not 100% sure about that but you sould add a csrf secret
> in your
> > >>>>>> > settings.yml
> > >>>>>> > all:
> > >>>>>> > .settings:
> > >>>>>> > # Form security secret (CSRF protection)
> > >>>>>> > csrf_secret: ##CSRF_SECRET## # Unique secret to
> enable
> > >>>>>> > CSRF protection or false to disable
> > >>>>>> > In the view, check that field csrf is present, if not add
> > >>>>>> > <?= $form[$form->getCSRFFieldName()]->render() ?>
> > >>>>>> > Thomas
> > >>>>>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]>
> > >>>>>>> wrote:
> > >>>>>> > > Hi everybody,
> > >>>>>> > > I am having trouble finding documentation about csrf support
> in
> > >>>>>> > > symfony 1.1. When I generate crud actions for a Model and try
> to
> > >>>>>> > > populate it with data by using the create web interface it
> says that
> > >>>>>> > > csrf_token is required.
> > >>>>>> > > Anybody here who knows this problem or who can tell me what I
> am doing
> > >>>>>> > > wrong? I haven't changed a thing after generating the crud
> actions.
> > >>>>>> > > Thanks,
> > >>>>>> > > Marijn
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
