Are you by any chance using sfAdminThemejRollerPlugin? I recently noticed a bug in the auto-generated templates for that jRoller admin generator plugin. If you look in _list_batch_actions.php (in your cache, under the module's templates folder), for the standard Symfony admin generator, it creates the CSRF hidden field for the batch actions form like this:
<?php $form = new BaseForm(); if ($form->isCSRFProtected()): ?> <input type="hidden" name="<?php echo $form->getCSRFFieldName() ? >" value="<?php echo $form->getCSRFToken() ?>" /> <?php endif; ?> However, in the jRoller admin generator, it does this: <?php $form = new sfForm(); if ($form->isCSRFProtected()): ?> <input type="hidden" name="<?php echo $form->getCSRFFieldName() ? >" value="<?php echo $form->getCSRFToken() ?>" /> <?php endif; ?> The only difference is that jRoller creates an "sfForm" whereas the Symfony admin generator creates a "BaseForm". If you override the auto-generated template (copy it from the cache into your module's templates folder) and change "sfForm" to "BaseForm" it gets rid of that CSRF error. I don't know why, but it works.... -david On Feb 4, 5:52 am, HAUSa <jeroen_heeft_behoefte_aan_r...@hotmail.com> wrote: > For some reason, I _always_ get a CSRF attack error message when I use > the admin generator and want to execute a batch action. I can't fix it > as well, I don't know where that error is coming from. > Is there anyone who ran into the same problem or can help me? -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.