Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Bugreport: Newsletter mailinglist import fails with security token error.


Go to End


4 Posts   2305 Views

Avatar
Henk Poley

30 Posts

24 December 2010 at 4:46am

Edited: 24/12/2010 5:43am

Since the mysql server on http://open.silverstripe.org/ seems to go down more often than a hooker from Ciranus IV:

Importing a CSV file into a mailinglist in the newsletter 0.4.0-rc1 module fails with: "Security token doesn't match, possible CSRF attack."

Steps to reproduce:

1. Go to <yoursite>/admin/newsletter/
2. Click Mailing List
3. Click tab 'Import'
4. Enter a (simple) CVS file with FirstName, SurName, Email columns
5. Click 'Show contents' button
6. Click 'Confirm' button

What happens:

The message "Security token doesn't match, possible CSRF attack." is shown.

What is the expected output:

CSV file is imported.

It could be that I am doing something wrong. But I'm using pretty much stock Silverstripe and newsletter.

[Edit] Apparently the ticket was still posted: http://open.silverstripe.org/ticket/6295

Avatar
_Vince

Community Member, 165 Posts

17 January 2011 at 2:44pm

*bounce* Anybody?

Avatar
hive.net.au

Community Member, 40 Posts

26 March 2011 at 4:31am

There is an issue with the template and the form for submitting the import. my work around is as below. I also updated the above ticket. (http://open.silverstripe.org/ticket/6295)

My work around was to add the following to the Newsletter_RecipientImportField_Table.ss template file, so the security ID is passed on through. I agree that a more elegant way may be needed but this should get some people out of trouble.

<input class="hidden" type="hidden" id="RecipientImportField_UploadForm_UploadForm_SecurityID" name="SecurityID" value="$SecurityID" />

Needs to be inserted in to the form around line 20 of the template file.

Hope this is of some help.

Avatar
leonquiroga

Community Member, 3 Posts

21 April 2011 at 4:36pm

It works perfect to me.

Thanks a lot.

L.