You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've seen this occur on both 8.5.2 and the develop branch. I've tried tracking down the source of the error but couldn't find where or how the errant ccm_token is being added.
To reproduce, install concrete5 (latest version or develop branch). After install, you'll be immediately logged into the CMS. navigate to /index.php/account/avatar
Try uploading an avatar. Click the little green checkmark. You'll see the endpoint response is a 404 error:
I've tracked down why it's happening, but not the root cause. Two ccm_token values are being submitted with the request:
When the ccm_token value for the form is validated, it fails, because the form data token is overriding the query string ccm_token, which is the one we want to validate against.
The query string ccm_token is added here: web/concrete/single_pages/account/avatar.php, but I couldn't find where the other token is coming from. The token is being validated here: web/concrete/controllers/single_page/account/avatar.php
The text was updated successfully, but these errors were encountered:
I've seen this occur on both 8.5.2 and the develop branch. I've tried tracking down the source of the error but couldn't find where or how the errant ccm_token is being added.
To reproduce, install concrete5 (latest version or develop branch). After install, you'll be immediately logged into the CMS. navigate to
/index.php/account/avatar
Try uploading an avatar. Click the little green checkmark. You'll see the endpoint response is a 404 error:
I've tracked down why it's happening, but not the root cause. Two ccm_token values are being submitted with the request:
When the ccm_token value for the form is validated, it fails, because the form data token is overriding the query string ccm_token, which is the one we want to validate against.
The query string ccm_token is added here:
web/concrete/single_pages/account/avatar.php
, but I couldn't find where the other token is coming from. The token is being validated here:web/concrete/controllers/single_page/account/avatar.php
The text was updated successfully, but these errors were encountered: