CSRF Token Expired Expired causes a crash in GridField Item Requests

[UndefinedOffset]

In 3.6.1(and I'm assuming previous 3.x chain) if the CSRF token expires (or does not match) the page will crash rather than displaying the CSRF expired message. The crash is caused in the Form class on line 383 where it calls controller redirectback. I think a potential fix would be to simply define redirectBack in GridFieldDetailForm_ItemRequest wrapping the top level controller's redirect back.

Full Error:

[Error] Uncaught Exception: Object->__call(): the method 'redirectback' does not exist on 'GridFieldDetailForm_ItemRequest', or the method is not public.
framework/core/Object.php:780

• Object->__call(redirectBack,Array)
  Form.php:383
• ResourceGridField_ItemRequest->redirectBack()
  Form.php:383
• Form->httpSubmission(SS_HTTPRequest)
  RequestHandler.php:288
• RequestHandler->handleAction(SS_HTTPRequest,httpSubmission)
  RequestHandler.php:200
• RequestHandler->handleRequest(SS_HTTPRequest,DataModel)
  RequestHandler.php:222
• RequestHandler->handleRequest(SS_HTTPRequest,DataModel)
  GridFieldDetailForm.php:102
• GridFieldDetailForm->handleItem(GridField,SS_HTTPRequest)
  GridField.php:981
• GridField->handleRequest(SS_HTTPRequest,DataModel)
  RequestHandler.php:222
• RequestHandler->handleRequest(SS_HTTPRequest,DataModel)
  RequestHandler.php:222
• RequestHandler->handleRequest(SS_HTTPRequest,DataModel)
  Controller.php:158
• Controller->handleRequest(SS_HTTPRequest,DataModel)
  LeftAndMain.php:464
• LeftAndMain->handleRequest(SS_HTTPRequest,DataModel)
  AdminRootController.php:92
• AdminRootController->handleRequest(SS_HTTPRequest,DataModel)
  Director.php:385
• Director::handleRequest(SS_HTTPRequest,Session,DataModel)
  Director.php:149
• Director::direct(/admin/my-model-admin/MyModel/EditForm/field/MyModel/item/422/ItemEditForm,DataModel)
  main.php:191

[jchenevey]

+1

We've been seeing this issue on one of our sites for a little while, but have been unable to pinpoint the exact cause.

[UndefinedOffset]

It's the call to redirectBack() in Form, the only fix I can think of would be to define a wrapper in GridFieldDetailForm_ItemRequest that calls the top level contoller's redirect back.

[jchenevey]

Makes total sense. It's been a pain to troubleshoot, since we have thus far been unable to reliably reproduce. Glad to see a well-known name in the SS community reporting this issue.

[dhensby]

the fundamental issue is really that the ItemRequest is passed to a form as the controller when it is not a controller.

this is a duplicate of #3760

[jchenevey]

#3760 was a bug for the v4 series, though, and has already been fixed. This bug affects the v3 series, and is still an issue. Therefore, I don't think this bug should've been closed.

[dhensby]

@jchenevey that issue was reported in 2015, long before the real development of 4 started. It's been closed because the issue is fixed in 4 (there are a lot of issues in 3 which are being closed as fixed in 4 because the effort vs reward of fixing in 3 isn't there).

If someone wishes to move redirectBack onto RequestHandler instead of Controller and allow Forms to work with RequestHanlder objects instead of Controllers then that would no doubt be accepted into the 3 branch.

[dhensby]

see #3760 (comment)