@Thomas: I have added the secret key in the settings.yml file with no success.
Your patch didn't work for me.
What is strange, is that I have only the bug if i call the setValidators()
function in the configure() function of my form.
@Marijn: Dont' be sorry, it's normal to have questions about the 1.1 :)
COil
----- Message d'origine ----
De : Marijn <[EMAIL PROTECTED]>
À : symfony users <symfony-users@googlegroups.com>
Envoyé le : Jeudi, 10 Avril 2008, 20h07mn 15s
Objet : [symfony-users] Re: csrf_token required
It seems to get worse and worse. I altered the BaseFormPropel class as
you said and now I keep getting require errors like this:
Warning: require_once(propel/Propel.php) [function.require-once]:
failed to open stream: No such file or directory in /$path_to_symfony$/
lib/plugins/sfPropelPlugin/lib/propel/sfPropelAutoload.php on line 17
Fatal error: require_once() [function.require]: Failed opening
required 'propel/Propel.php' (include_path='.:') in /$path_to_symfony$/
sf_core/lib/plugins/sfPropelPlugin/lib/propel/sfPropelAutoload.php on
line 17
Even when I revert the code to what it was originally. Clearing the
cache doesn't solve anything...
Ehm...:S Sorry for all these questions..
Marijn
On Apr 10, 6:53 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> Marjin,
>
> I used the sfFrom class before the introduction of the secret in the
> settings.yml, And to make thing works fine I have to use this bit of
> code :
>
> Note : I have only used propel form generated by the command line
>
> abstract class BaseFormPropel extends sfFormPropel
> {
> public function setup()
> {
> sfForm::enableCSRFProtection();
> $this->addCSRFProtection('my secret');
> }
>
> }
>
> I get a valid csrf token value, and a correct token validation
>
> Thomas
>
> On Thu, Apr 10, 2008 at 4:32 PM, Marijn <[EMAIL PROTECTED]> wrote:
>
> > Hi Fabien,
>
> > The output of the version that I have installed on my server from the
> > symfony CLI:
> > symfony version 1.1.0-BETA2 (/var/www/vhosts/example.org/sf_core/
> > lib)
>
> > I installed the framework via SVN from this location:
> > http://svn.symfony-project.com/tags/RELEASE_1_1_0_BETA2
>
> > I made some modifications to the view but haven't touched any Form
> > classes. In the view I only altered the wrapping HTML and not the
> > rendering of the forms. To be completele sure I tested by creating
> > another module with a new model definition. I generated the model,
> > generated the module, generated the crud actions all from the symfony
> > CLI. When I try to add content via the web interface generated I still
> > have the problems with the csfr token is required. It occurs on both
> > the development and production environment.
>
> > Would you like me to email the generated code?
>
> > Thanks for your help and a great framework,
>
> > Marijn
>
> > On Apr 10, 3:28 pm, Fabien POTENCIER <[EMAIL PROTECTED]
>
> > project.com> wrote:
> > > Do you use the 1.1 beta 2 or /branches/1.1?
>
> > > Do you use the code generated by the generate-crud CLI or have you
> > > modified something?
>
> > > It will easier to help you out if you can post the generated code as
> > > I've just tested the generate-crud on a brand new project and it works
> > > for me.
>
> > > Thanks,
> > > Fabien
>
> > > Marijn wrote:
> > > > Hi everybody,
>
> > > > pretty indecent of me to bump my thread but I'm really in need of a
> > > > solution :-(
>
> > > > For the sake of clarity:
> > > > - have installed the latest symfony 1.1 beta
> > > > - created my model
> > > > - generated crud actions with the symfony CLI
> > > > - set the csfr_secret value in settings.yml > all > .settings
> > > > - cleared the cache a 1000 times
> > > > - assured that my view renders a hidden csfr_token input field (which
> > > > only has a name and an ID, not a value)
> > > > - still get an error message the a csfr token is required
>
> > > > Any thoughts? Help is very much appreciated :-)
>
> > > > Marijn
>
> > > > On Apr 9, 2:07 am, Marijn <[EMAIL PROTECTED]> wrote:
> > > >> Thanks Dustin,
>
> > > >> I didn't make myself clear enough. I don't want to use a hash sign in
> > > >> the value. The problem is that even with the csfr_secret value defined
> > > >> in my settings.yml my forms still don't work. If I try to add
> > > >> something to my database with the crud actions that were generated by
> > > >> symfony I still get the csfr required error.
>
> > > >> Do you have any thoughts on that?
>
> > > >> Thanks,
>
> > > >> Marijn
>
> > > >> On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]>
> > > >> wrote:
>
> > > >>> Marijn,
> > > >>> In symfony yaml files #app_my_setting# will be replace with the
> > equivalent
> > > >>> of sfConfig::get('app_my_setting'). If you want to use # as a value,
> > wrap it
> > > >>> in single quotes. csrf_secret: 'my_crazy_#_value'.
> > > >>> - Dustin
> > > >>> On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote:
> > > >>>> On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> > > >>>>> in yml # symbol is used to comment text .... :)
> > > >>>> Yeah, I love that symbol :-D
> > > >>>> I just wasn't sure if it's meaning were the same if it came in two
> > > >>>> pairs wrapped around a ##value##
> > > >>>> Unfortunately that means the problem isn't solved yet... The code
> > > >>>> generated by your example is the following:
> > > >>>> <input type="hidden" name="$module_name$[_csrf_token]"
> > id="$module_name
> > > >>>> $__csrf_token" />
> > > >>>> Any thoughts..? Thanks,
> > > >>>> Marijn
> > > >>>>> csrf_secret: my super token
> > > >>>>> Thomas
> > > >>>>> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> wrote:
> > > >>>>>> Hi Thomas,
> > > >>>>>> Thanks for your quick reply.
> > > >>>>>> in my view there was the following line of code for my
> > csrf_token:
> > > >>>>>> <?php echo $form['_csrf_token'] ?>
> > > >>>>>> If I use that or the code you gave me the hidden input tag is
> > created
> > > >>>>>> but it has no value assigned to it.
> > > >>>>>> Should the scfr_secret value in my config be wrapped in hash
> > signs or
> > > >>>>>> can I just use some arbitrary string..?
> > > >>>>>> Thanks,
> > > >>>>>> Marijn
> > > >>>>>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote:
> > > >>>>>> > I am not 100% sure about that but you sould add a csrf secret
> > in your
> > > >>>>>> > settings.yml
> > > >>>>>> > all:
> > > >>>>>> > .settings:
> > > >>>>>> > # Form security secret (CSRF protection)
> > > >>>>>> > csrf_secret: ##CSRF_SECRET## # Unique secret to
> > enable
> > > >>>>>> > CSRF protection or false to disable
> > > >>>>>> > In the view, check that field csrf is present, if not add
> > > >>>>>> > <?= $form[$form->getCSRFFieldName()]->render() ?>
> > > >>>>>> > Thomas
> > > >>>>>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]>
> > > >>>>>>> wrote:
> > > >>>>>> > > Hi everybody,
> > > >>>>>> > > I am having trouble finding documentation about csrf
> > support in
> > > >>>>>> > > symfony 1.1. When I generate crud actions for a Model and
> > try to
> > > >>>>>> > > populate it with data by using the create web interface it
> > says that
> > > >>>>>> > > csrf_token is required.
> > > >>>>>> > > Anybody here who knows this problem or who can tell me what
> > I am doing
> > > >>>>>> > > wrong? I haven't changed a thing after generating the crud
> > actions.
> > > >>>>>> > > Thanks,
> > > >>>>>> > > Marijn
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
