@Loic : the settings.yml stuff is not a patch is come from the settings.yml in the skeleton AS I said I do not use this feature at it was introduce after I build the my form.
I have pastebin my code : http://pastebin.com/m3adc4e23. Please do not look to my isValid method as it is not a sf valid way to add error. Hope it can help ! Thomas On Thu, Apr 10, 2008 at 8:13 PM, Loïc Vernet <[EMAIL PROTECTED]> wrote: > > @Thomas: I have added the secret key in the settings.yml file with no > success. > Your patch didn't work for me. > > What is strange, is that I have only the bug if i call the setValidators() > function in the configure() function of my form. > > > @Marijn: Dont' be sorry, it's normal to have questions about the 1.1 :) > > > COil > > > ----- Message d'origine ---- > De : Marijn <[EMAIL PROTECTED]> > À : symfony users <symfony-users@googlegroups.com> > Envoyé le : Jeudi, 10 Avril 2008, 20h07mn 15s > > Objet : [symfony-users] Re: csrf_token required > > > > > It seems to get worse and worse. I altered the BaseFormPropel class as > you said and now I keep getting require errors like this: > Warning: require_once(propel/Propel.php) [function.require-once]: > failed to open stream: No such file or directory in /$path_to_symfony$/ > lib/plugins/sfPropelPlugin/lib/propel/sfPropelAutoload.php on line 17 > > Fatal error: require_once() [function.require]: Failed opening > required 'propel/Propel.php' (include_path='.:') in /$path_to_symfony$/ > sf_core/lib/plugins/sfPropelPlugin/lib/propel/sfPropelAutoload.php on > line 17 > > Even when I revert the code to what it was originally. Clearing the > cache doesn't solve anything... > > Ehm...:S Sorry for all these questions.. > > Marijn > > On Apr 10, 6:53 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > > Marjin, > > > > I used the sfFrom class before the introduction of the secret in the > > settings.yml, And to make thing works fine I have to use this bit of > > code : > > > > Note : I have only used propel form generated by the command line > > > > abstract class BaseFormPropel extends sfFormPropel > > { > > public function setup() > > { > > sfForm::enableCSRFProtection(); > > $this->addCSRFProtection('my secret'); > > } > > > > } > > > > I get a valid csrf token value, and a correct token validation > > > > Thomas > > > > On Thu, Apr 10, 2008 at 4:32 PM, Marijn <[EMAIL PROTECTED]> wrote: > > > > > Hi Fabien, > > > > > The output of the version that I have installed on my server from the > > > symfony CLI: > > > symfony version 1.1.0-BETA2 (/var/www/vhosts/example.org/sf_core/ > > > lib) > > > > > I installed the framework via SVN from this location: > > > http://svn.symfony-project.com/tags/RELEASE_1_1_0_BETA2 > > > > > I made some modifications to the view but haven't touched any Form > > > classes. In the view I only altered the wrapping HTML and not the > > > rendering of the forms. To be completele sure I tested by creating > > > another module with a new model definition. I generated the model, > > > generated the module, generated the crud actions all from the symfony > > > CLI. When I try to add content via the web interface generated I still > > > have the problems with the csfr token is required. It occurs on both > > > the development and production environment. > > > > > Would you like me to email the generated code? > > > > > Thanks for your help and a great framework, > > > > > Marijn > > > > > On Apr 10, 3:28 pm, Fabien POTENCIER <[EMAIL PROTECTED] > > > > > project.com> wrote: > > > > Do you use the 1.1 beta 2 or /branches/1.1? > > > > > > Do you use the code generated by the generate-crud CLI or have you > > > > modified something? > > > > > > It will easier to help you out if you can post the generated code as > > > > I've just tested the generate-crud on a brand new project and it works > > > > for me. > > > > > > Thanks, > > > > Fabien > > > > > > Marijn wrote: > > > > > Hi everybody, > > > > > > > pretty indecent of me to bump my thread but I'm really in need of a > > > > > solution :-( > > > > > > > For the sake of clarity: > > > > > - have installed the latest symfony 1.1 beta > > > > > - created my model > > > > > - generated crud actions with the symfony CLI > > > > > - set the csfr_secret value in settings.yml > all > .settings > > > > > - cleared the cache a 1000 times > > > > > - assured that my view renders a hidden csfr_token input field > (which > > > > > only has a name and an ID, not a value) > > > > > - still get an error message the a csfr token is required > > > > > > > Any thoughts? Help is very much appreciated :-) > > > > > > > Marijn > > > > > > > On Apr 9, 2:07 am, Marijn <[EMAIL PROTECTED]> wrote: > > > > >> Thanks Dustin, > > > > > > >> I didn't make myself clear enough. I don't want to use a hash sign > in > > > > >> the value. The problem is that even with the csfr_secret value > defined > > > > >> in my settings.yml my forms still don't work. If I try to add > > > > >> something to my database with the crud actions that were generated > by > > > > >> symfony I still get the csfr required error. > > > > > > >> Do you have any thoughts on that? > > > > > > >> Thanks, > > > > > > >> Marijn > > > > > > >> On Apr 9, 1:12 am, Dustin Whittle <[EMAIL PROTECTED]> > > > > >> wrote: > > > > > > >>> Marijn, > > > > >>> In symfony yaml files #app_my_setting# will be replace with the > equivalent > > > > >>> of sfConfig::get('app_my_setting'). If you want to use # as a > value, wrap it > > > > >>> in single quotes. csrf_secret: 'my_crazy_#_value'. > > > > >>> - Dustin > > > > >>> On 4/8/08 3:55 PM, "Marijn" <[EMAIL PROTECTED]> wrote: > > > > >>>> On Apr 8, 5:55 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > > > > >>>>> in yml # symbol is used to comment text .... :) > > > > >>>> Yeah, I love that symbol :-D > > > > >>>> I just wasn't sure if it's meaning were the same if it came in > two > > > > >>>> pairs wrapped around a ##value## > > > > >>>> Unfortunately that means the problem isn't solved yet... The code > > > > >>>> generated by your example is the following: > > > > >>>> <input type="hidden" name="$module_name$[_csrf_token]" > id="$module_name > > > > >>>> $__csrf_token" /> > > > > >>>> Any thoughts..? Thanks, > > > > >>>> Marijn > > > > >>>>> csrf_secret: my super token > > > > >>>>> Thomas > > > > >>>>> On Tue, Apr 8, 2008 at 5:44 PM, Marijn <[EMAIL PROTECTED]> > wrote: > > > > >>>>>> Hi Thomas, > > > > >>>>>> Thanks for your quick reply. > > > > >>>>>> in my view there was the following line of code for my > csrf_token: > > > > >>>>>> <?php echo $form['_csrf_token'] ?> > > > > >>>>>> If I use that or the code you gave me the hidden input tag is > created > > > > >>>>>> but it has no value assigned to it. > > > > >>>>>> Should the scfr_secret value in my config be wrapped in hash > signs or > > > > >>>>>> can I just use some arbitrary string..? > > > > >>>>>> Thanks, > > > > >>>>>> Marijn > > > > >>>>>> On Apr 8, 5:18 pm, "Thomas Rabaix" <[EMAIL PROTECTED]> wrote: > > > > >>>>>> > I am not 100% sure about that but you sould add a csrf > secret in your > > > > >>>>>> > settings.yml > > > > >>>>>> > all: > > > > >>>>>> > .settings: > > > > >>>>>> > # Form security secret (CSRF protection) > > > > >>>>>> > csrf_secret: ##CSRF_SECRET## # Unique secret > to enable > > > > >>>>>> > CSRF protection or false to disable > > > > >>>>>> > In the view, check that field csrf is present, if not add > > > > >>>>>> > <?= $form[$form->getCSRFFieldName()]->render() ?> > > > > >>>>>> > Thomas > > > > >>>>>>> On Tue, Apr 8, 2008 at 5:10 PM, Marijn <[EMAIL PROTECTED]> > > > > >>>>>>> wrote: > > > > >>>>>> > > Hi everybody, > > > > >>>>>> > > I am having trouble finding documentation about csrf > support in > > > > >>>>>> > > symfony 1.1. When I generate crud actions for a Model > and try to > > > > >>>>>> > > populate it with data by using the create web interface > it says that > > > > >>>>>> > > csrf_token is required. > > > > >>>>>> > > Anybody here who knows this problem or who can tell me > what I am doing > > > > >>>>>> > > wrong? I haven't changed a thing after generating the > crud actions. > > > > >>>>>> > > Thanks, > > > > >>>>>> > > Marijn > > > > > > > > > _____________________________________________________________________________ > Envoyez avec Yahoo! Mail. Une boite mail plus intelligente > http://mail.yahoo.fr > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
