Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix EZP-22643 "Missing form token from Request " when creating an object after clearing cache #858

Merged
merged 2 commits into from May 14, 2014

Conversation

2 participants
@lolautruche
Copy link
Contributor

lolautruche commented May 13, 2014

Depends on ezsystems/ezpublish-legacy#963

Fixes

This is actually a regression from EZP-22414 and EZP-22531, combined with EZP-22210 (CommentsBundle).
Rendering subrequests from a legacy template with the help of ngsymfonytools triggers a kernel.response Symfony event, which triggers the template collection from DebugBundle (only in dev). The problem here was that ezxFormToken was deactivated, and not reactivated after. So this ended up to a legitimate "missing form token" exception when submitting a form.

It was impossible to reproduce on master because ngsymfonytools extension failed to be installed due to a typo in composer.json of ngsymfonytools-bundle, while the extension was present in builds (and on @bdunogier's machine :-P)

@@ -69,7 +69,6 @@ public function onSiteAccessMatch( PostSiteAccessMatchEvent $event )
!(
$event->getRequestType() === HttpKernelInterface::MASTER_REQUEST
&& isset( $this->session )

This comment has been minimized.

Copy link
@andrerom

andrerom May 13, 2014

Member

This line above can be removed now probably, but be aware that code below does not check if session property is set. ref $this->session->getName();

@andrerom

This comment has been minimized.

Copy link
Member

andrerom commented May 13, 2014

+1 besides the comment.

PS: If anyone sees reports about token mismatches as well, then there is at least a possible issue that the following probably is not triggered anymore as session is in Sf stack:

Listeners[]=session/regenerate@ezxFormToken::reset

Also, now that we generate token in partial output, any legacy form output generated before the session reset will have invalid token.

Possible fix is to do the whole token replacement logic in symfony response events instead in sf + legacy setup where we detect legacy have been booted.

But this is a different but highly related issue.

lolautruche pushed a commit to ezsystems/ezpublish-legacy that referenced this pull request May 14, 2014

Jérôme Vieilledent
EZP-22643: "Missing form token from Request " when creating an object
after clearing cache

https://jira.ez.no/browse/EZP-22643

This patch adds a `ezxFormToken::isEnabled()`, to be used in
ezsystems/ezpublish-kernel#858
@lolautruche

This comment has been minimized.

Copy link
Contributor Author

lolautruche commented May 14, 2014

OK, finally reproduced the issue and found the origin of the problem. Patch is completely different and relies on ezsystems/ezpublish-legacy#963

Review ping @bdunogier @dpobel @yannickroger @andrerom @pspanja

// Checking on ezxFormToken existence since might not be loadable if eZ is not yet installed
// (ezp_extension.php not yet generated in legacy).
if ( class_exists( 'ezxFormToken' ) )
if ( class_exists( 'ezxFormToken' ) && $formTokenWasEnabled = ezxFormToken::isEnabled() )

This comment has been minimized.

Copy link
@andrerom

andrerom May 14, 2014

Member

For clarity it should be (not a must here, but would be if the check was !negative):

&& ( $formTokenWasEnabled = ezxFormToken::isEnabled() ) )

This comment has been minimized.

Copy link
@lolautruche

lolautruche May 14, 2014

Author Contributor

Fixed

@andrerom

This comment has been minimized.

Copy link
Member

andrerom commented May 14, 2014

+1 (but now there is a bit of form_token code to remove in website toolbar controller or?)

Fix EZP-22643: "Missing form token from Request " when creating an ob…
…ject after clearing cache

Should also fix EZP-22589: "Missing form token from Request" when trying to vote a poll from a block poll with a logged user.

Was a regression from combination of:

* https://jira.ez.no/browse/EZP-22414
* https://jira.ez.no/browse/EZP-22531
* https://jira.ez.no/browse/EZP-22210
@lolautruche

This comment has been minimized.

Copy link
Contributor Author

lolautruche commented May 14, 2014

Why is that @andrerom ?

@andrerom

This comment has been minimized.

Copy link
Member

andrerom commented May 14, 2014

ignore, you gave me the reason to keep it offline. 🚢 it :)

lolautruche added a commit that referenced this pull request May 14, 2014

Merge pull request #858 from ezsystems/fix_EZP-22643_missingFormToken
Fix EZP-22643 "Missing form token from Request " when creating an object after clearing cache

@lolautruche lolautruche merged commit 21897c6 into master May 14, 2014

1 check was pending

continuous-integration/travis-ci The Travis CI build is in progress
Details

@lolautruche lolautruche deleted the fix_EZP-22643_missingFormToken branch May 14, 2014

jeromegamez pushed a commit to jeromegamez/ezpublish-legacy that referenced this pull request May 26, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.