Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't use CSRF on standalone forms in ProcessWire #214

Closed
BernhardBaumrock opened this issue Mar 10, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@BernhardBaumrock
Copy link

commented Mar 10, 2019

Hi everybody!
Version: 3.0.0

Bug Description

I want to use Nette Forms with ProcessWire and get the following error as soon as I add $form->addProtection('Security token has expired, please submit the form again'); to the form:

User Error

Exception: Unable to set 'session.use_strict_mode' to value '1' when session has been started by session.auto_start or session_start(). (in C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php line 386)

#0 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php(80): Nette\Http\Session->configure(Array)
#1 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\SessionSection.php(51): Nette\Http\Session->start()
#2 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\SessionSection.php(103): Nette\Http\SessionSection->start()
#3 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(67): Nette\Http\SessionSection->__isset('token')
#4 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(79): Nette\Forms\Controls\CsrfProtection->getToken()
#5 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(88): Nette\Forms\Controls\CsrfProtection->generateToken()
#6 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Rendering\DefaultFormRenderer.php(197): Nette\Forms\Controls\CsrfProtection->getControl()
#7 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Rendering\DefaultFormRenderer.php(151): Nette\Forms\Rendering\DefaultFormRenderer->renderEnd()
#8 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Form.php(607): Nette\Forms\Rendering\DefaultFormRenderer->render(Object(Nette\Forms\Form))
#9 C:\www\maletschek\site\modules\RockCommerce\tpl\uikit2\contact.php(19): Nette\Forms\Form->render()
#10 C:\www\maletschek\wire\core\TemplateFile.php(287): require('C:\\www\\maletsch...')
#11 C:\www\maletschek\wire\core\Wire.php(380): ProcessWire\TemplateFile->___render()
#12 C:\www\maletschek\wire\core\WireHooks.php(723): ProcessWire\Wire->_callMethod('___render', Array)
#13 C:\www\maletschek\wire\core\Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\TemplateFile), 'render', Array)
#14 C:\www\maletschek\wire\core\WireFileTools.php(926): ProcessWire\Wire->__call('render', Array)

Steps To Reproduce

Maybe the error message is already enough to fix this? Otherwise I'll provide a PW installation to show the error.

Thx in advance!

@dg

This comment has been minimized.

Copy link
Member

commented Mar 11, 2019

Can you enable session.use_strict_mode = 1 in PHP config? Or set it via ini_set('session.use_strict_mode', '1') at the beginning of the whole script?

@BernhardBaumrock

This comment has been minimized.

Copy link
Author

commented Mar 11, 2019

Yes, thank you, but then I get

Exception: Unable to set 'session.gc_maxlifetime' to value '10800' when session has been started by session.auto_start or session_start(). (in C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php line 386)

dg added a commit to nette/http that referenced this issue Mar 11, 2019

Session: $started replaced with checking session_status() for better …
…cooperation with the session started outside nette [Closes nette/forms#214]
@BernhardBaumrock

This comment has been minimized.

Copy link
Author

commented Mar 11, 2019

Thank you very much, this was very fast! And it works 👍

dg added a commit to nette/http that referenced this issue Mar 11, 2019

Session: $started replaced with checking session_status() for better …
…cooperation with the session started outside nette [Closes nette/forms#214]

dg added a commit to nette/http that referenced this issue Mar 11, 2019

Session: $started replaced with checking session_status() for better …
…cooperation with the session started outside nette [Closes nette/forms#214]

dg added a commit to nette/http that referenced this issue Mar 11, 2019

Session: $started replaced with checking session_status() for better …
…cooperation with the session started outside nette [Closes nette/forms#214]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.