Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » RADICORE development » Framework » CSRF check failed (CAN´T EXECUTE MULTI4 TRANSACTION)
CSRF check failed [message #7144] Mon, 28 May 2018 12:46 Go to next message
edortizq is currently offline  edortizq
Messages: 81
Registered: August 2008
Location: Ecuador
Member

I have a Multi4 transaction, when I change a child field and then press submit+next button (directly) then radicore returns to login screen with a CSRF check failed message.
You can see an image attached.
Re: CSRF check failed [message #7146 is a reply to message #7144] Tue, 29 May 2018 04:44 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2105
Registered: April 2006
Location: Surrey, UK
Senior Member
Which version are you using? I cannot reproduce this problem with 2.09.0

Re: CSRF check failed [message #7183 is a reply to message #7146] Mon, 30 July 2018 09:34 Go to previous messageGo to next message
edortizq is currently offline  edortizq
Messages: 81
Registered: August 2008
Location: Ecuador
Member

Hi Tony, it seemed the problem was solved by itself, but now it has come again, when it is supossed the message should appear?
Re: CSRF check failed [message #7184 is a reply to message #7183] Tue, 31 July 2018 05:09 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2105
Registered: April 2006
Location: Surrey, UK
Senior Member
I have two MULTI4 tasks in the Dictionary subsystem - Update Child Relationship and Update Parent Relationship - and both of these work OK, so I cannot reproduce your problem.

I am just about to upload the next release, version 2.10.0, so you might want to try that.


Re: CSRF check failed [message #7186 is a reply to message #7184] Tue, 31 July 2018 19:31 Go to previous messageGo to next message
edortizq is currently offline  edortizq
Messages: 81
Registered: August 2008
Location: Ecuador
Member

Thanks for your answer, I'd like to know under which circunstances Radicore returns to the login screen with the "CSRF check failed" message? could you please help me with this issue?
Re: CSRF check failed [message #7187 is a reply to message #7186] Wed, 01 August 2018 04:30 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2105
Registered: April 2006
Location: Surrey, UK
Senior Member
The CSRF values are created in include.xml.php5.inc when the HTML output is generated. See lines 1026, 1964 and 2002.

These values are verified in include.session.inc during the initsession() processing. See lines 969 and 1024. A new value is also generated in the scriptNext() function at line 2685 and the scriptPrevious() function at line 2856.


Re: CSRF check failed [message #7189 is a reply to message #7187] Wed, 01 August 2018 21:50 Go to previous messageGo to next message
edortizq is currently offline  edortizq
Messages: 81
Registered: August 2008
Location: Ecuador
Member

Thanks!
Re: CSRF check failed [message #7190 is a reply to message #7187] Thu, 02 August 2018 16:52 Go to previous messageGo to next message
edortizq is currently offline  edortizq
Messages: 81
Registered: August 2008
Location: Ecuador
Member

I have commented the code about CSRF and it seems to be right by now.
It seems there is a bug when execute scriptNext() function, analyzing my code the errors appears with this lines:

if (isset($_POST['submitnext']) || isset($_POST['submitstay'])) {
$_SESSION['idcliente'] = $rowdata['idcliente'];
$next['task_id'] = 'buzz_venta(add4)';
append2ScriptSequence($next);
}

and ....

if ($GLOBALS['task_id'] == 'buzz_venta(add2)' || $GLOBALS['task_id'] == 'buzz_venta(add4)'){
$idventa = $rowdata['idventa'];
$_SESSION['idventa'] = $rowdata['idventa'];
$next['task_id'] = 'buzz_detalleventa(multi4)';
append2ScriptSequence($next);
}

Re: CSRF check failed [message #7191 is a reply to message #7190] Fri, 03 August 2018 04:27 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2105
Registered: April 2006
Location: Surrey, UK
Senior Member
When is the scriptNext() function being used in that task? All you said in your initial error report is that you filled in the form and pressed a SUBMIT button, but this does not use scriptNext(), only scriptPrevious().

Re: CSRF check failed [message #7192 is a reply to message #7191] Mon, 06 August 2018 12:14 Go to previous message
AJM is currently offline  AJM
Messages: 2105
Registered: April 2006
Location: Surrey, UK
Senior Member
I have tried putting in a call to append2ScriptSequence() in one of my MULTI4 tasks, and it works exactly as it should. I cannot reproduce this error.

Previous Topic: Empty Folder name anomaly
Next Topic: Introduction to the Radicore framework
Goto Forum:
  


Current Time: Wed Jan 23 05:29:37 EST 2019

Total time taken to generate the page: 0.03209 seconds