Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't use CSRF on standalone forms in ProcessWire #214

Closed
BernhardBaumrock opened this issue Mar 10, 2019 · 3 comments
Closed

Can't use CSRF on standalone forms in ProcessWire #214

BernhardBaumrock opened this issue Mar 10, 2019 · 3 comments

Comments

@BernhardBaumrock
Copy link

@BernhardBaumrock BernhardBaumrock commented Mar 10, 2019

Hi everybody!
Version: 3.0.0

Bug Description

I want to use Nette Forms with ProcessWire and get the following error as soon as I add $form->addProtection('Security token has expired, please submit the form again'); to the form:

User Error

Exception: Unable to set 'session.use_strict_mode' to value '1' when session has been started by session.auto_start or session_start(). (in C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php line 386)

#0 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php(80): Nette\Http\Session->configure(Array)
#1 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\SessionSection.php(51): Nette\Http\Session->start()
#2 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\SessionSection.php(103): Nette\Http\SessionSection->start()
#3 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(67): Nette\Http\SessionSection->__isset('token')
#4 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(79): Nette\Forms\Controls\CsrfProtection->getToken()
#5 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(88): Nette\Forms\Controls\CsrfProtection->generateToken()
#6 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Rendering\DefaultFormRenderer.php(197): Nette\Forms\Controls\CsrfProtection->getControl()
#7 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Rendering\DefaultFormRenderer.php(151): Nette\Forms\Rendering\DefaultFormRenderer->renderEnd()
#8 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Form.php(607): Nette\Forms\Rendering\DefaultFormRenderer->render(Object(Nette\Forms\Form))
#9 C:\www\maletschek\site\modules\RockCommerce\tpl\uikit2\contact.php(19): Nette\Forms\Form->render()
#10 C:\www\maletschek\wire\core\TemplateFile.php(287): require('C:\\www\\maletsch...')
#11 C:\www\maletschek\wire\core\Wire.php(380): ProcessWire\TemplateFile->___render()
#12 C:\www\maletschek\wire\core\WireHooks.php(723): ProcessWire\Wire->_callMethod('___render', Array)
#13 C:\www\maletschek\wire\core\Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\TemplateFile), 'render', Array)
#14 C:\www\maletschek\wire\core\WireFileTools.php(926): ProcessWire\Wire->__call('render', Array)

Steps To Reproduce

Maybe the error message is already enough to fix this? Otherwise I'll provide a PW installation to show the error.

Thx in advance!

@dg
Copy link
Member

@dg dg commented Mar 11, 2019

Can you enable session.use_strict_mode = 1 in PHP config? Or set it via ini_set('session.use_strict_mode', '1') at the beginning of the whole script?

@BernhardBaumrock
Copy link
Author

@BernhardBaumrock BernhardBaumrock commented Mar 11, 2019

Yes, thank you, but then I get

Exception: Unable to set 'session.gc_maxlifetime' to value '10800' when session has been started by session.auto_start or session_start(). (in C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php line 386)

@dg dg closed this in 4362c6f Mar 11, 2019
dg added a commit to nette/http that referenced this issue Mar 11, 2019
…cooperation with the session started outside nette [Closes nette/forms#214]
@BernhardBaumrock
Copy link
Author

@BernhardBaumrock BernhardBaumrock commented Mar 11, 2019

Thank you very much, this was very fast! And it works 👍

dg added a commit to nette/http that referenced this issue Mar 11, 2019
…cooperation with the session started outside nette [Closes nette/forms#214]
dg added a commit to nette/http that referenced this issue Mar 11, 2019
…cooperation with the session started outside nette [Closes nette/forms#214]
dg added a commit to nette/http that referenced this issue Mar 11, 2019
…cooperation with the session started outside nette [Closes nette/forms#214]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants