Hi,
I'm creating my own admin generator with heavy use of AJAX. Every CRUD
action works fine, except with the batch actions. I've tried to use the same
code that is used on the original admin generator but it keeps throwing
"CSRF attack detected". I have a form that wraps a table, with each row
having a checkbox named "ids[]" and, at the end, a select with my batch
actions, named "batch_action". The form points to the route
"myObject_collection" with a parameter "action" with the value "batch". I
add the token with:
<?php $form = new BaseForm() ?>
<?php if ( $form->isCSRFProtected() ): ?>
<input type="hidden" name="<?php echo $form->getCSRFFieldname() ?>"
value="<?php echo $form->getCSRFToken() ?>" />
<?php endif; ?>
I mean, it's all just like it is on the admin generator. I then receive on
my executeBatch action the request and I use:
$request->checkCSRFProtection();
And it throws the CSRF attack error. If I disable the CSRF protection, the
form works fine. The other forms works OK with CSRF protection. The problem
is only with the batch. What am I missing here?
Thanks!
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
