Skip to main content
This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Since the mysql server on http://open.silverstripe.org/ seems to go down more often than a hooker from Ciranus IV:
Importing a CSV file into a mailinglist in the newsletter 0.4.0-rc1 module fails with: "Security token doesn't match, possible CSRF attack."
Steps to reproduce:
1. Go to <yoursite>/admin/newsletter/
2. Click Mailing List
3. Click tab 'Import'
4. Enter a (simple) CVS file with FirstName, SurName, Email columns
5. Click 'Show contents' button
6. Click 'Confirm' button
The message "Security token doesn't match, possible CSRF attack." is shown.
What is the expected output:
CSV file is imported.
It could be that I am doing something wrong. But I'm using pretty much stock Silverstripe and newsletter.
[Edit] Apparently the ticket was still posted: http://open.silverstripe.org/ticket/6295
There is an issue with the template and the form for submitting the import. my work around is as below. I also updated the above ticket. (http://open.silverstripe.org/ticket/6295)
My work around was to add the following to the Newsletter_RecipientImportField_Table.ss template file, so the security ID is passed on through. I agree that a more elegant way may be needed but this should get some people out of trouble.
<input class="hidden" type="hidden" id="RecipientImportField_UploadForm_UploadForm_SecurityID" name="SecurityID" value="$SecurityID" />
Needs to be inserted in to the form around line 20 of the template file.
Hope this is of some help.
It works perfect to me.
Thanks a lot.