New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Search URLs to be Sharable #3831

Closed
shefik opened this Issue Oct 24, 2017 · 4 comments

Comments

Projects
None yet
2 participants
@shefik
Copy link
Contributor

shefik commented Oct 24, 2017

Q A
Zikula Version 1.5.x
PHP Version 5.6

Expected behavior

The result of the search URL should be able to be shared. A user should be able to copy and paste a URL and have it directly return results from the GET request.

Actual behavior

The result of the search returns a URL contains the parameter zikulasearchmodule_search[_token], which means that it is only valid for the current user. Therefore, the token via GET request should not be required in the form validation.

Steps to reproduce

Search any queries.

@Guite

This comment has been minimized.

Copy link
Member

Guite commented Oct 24, 2017

This can be achieved by setting csrf_protection to false in the search form options like described at the bottom of http://symfony.com/doc/current/form/csrf_protection.html .
Could you please submit a PR for this?

@shefik

This comment has been minimized.

Copy link
Contributor

shefik commented Oct 24, 2017

Where are the search form options located?

shefik added a commit to shefik/core that referenced this issue Oct 24, 2017

@shefik shefik referenced this issue Oct 24, 2017

Closed

Disabling CSRF Protection #3832

0 of 3 tasks complete

@Guite Guite added this to the 1.5.3 milestone Oct 25, 2017

@Guite Guite modified the milestones: 1.5.3, 1.5.4 Nov 4, 2017

shefik added a commit to shefik/core that referenced this issue Nov 7, 2017

shefik added a commit to shefik/core that referenced this issue Nov 7, 2017

Merge branch 'search_disable_csrf' of https://github.com/shefik/core
…into search_disable_csrf

* 'search_disable_csrf' of https://github.com/shefik/core:
  Removing array parameter.
  Updating CHANGELOG.
  Disabling CSRF protection. Fixes zikula#3831

shefik added a commit to shefik/core that referenced this issue Nov 7, 2017

shefik added a commit to shefik/core that referenced this issue Nov 7, 2017

Merge branch 'search_disable_csrf' of https://github.com/shefik/core
…into search_disable_csrf

* 'search_disable_csrf' of https://github.com/shefik/core:
  Removing array parameter.
  Updating CHANGELOG.
  Disabling CSRF protection. Fixes zikula#3831
  Removing array parameter.
  Updating CHANGELOG.
  Disabling CSRF protection. Fixes zikula#3831

shefik added a commit to shefik/core that referenced this issue Nov 7, 2017

@shefik shefik referenced this issue Nov 7, 2017

Closed

Disabling CSRF Protection #3845

0 of 3 tasks complete

Guite added a commit that referenced this issue Nov 16, 2017

@Guite Guite referenced this issue Nov 16, 2017

Merged

fixed #3831 #3854

@Guite

This comment has been minimized.

Copy link
Member

Guite commented Nov 16, 2017

Added new PR in #3854

Guite added a commit that referenced this issue Nov 16, 2017

@Guite Guite closed this Nov 16, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment