Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

DataObjectManager Module

Discuss the DataObjectManager module, and the related ImageGallery module.

Moderators: martimiz, UncleCheese, Sean, biapar, Willr, Ingo, swaiba, simon_w

Bug Reports


Reply

297 Posts   49791 Views

Avatar
Ben Gribaudo

31 October 2009 at 4:55am Community Member, 181 Posts

Re my "SecurityID doesn't match, possible CRSF attack" post of 10/28:

Some sleuthing revealed that this problem appeared in revision 223 of DOM. Tthe constructor of DataObjectManager_Popup (in DataObjectManager.php) contains an if statement that determines whether or not a number of Requirements should be set. In revision 222, the if statement used the following expression:

$this->controller->hasNested


In revision 223, this changed to:

$this->hasNestedDOM()

There is something about hasNestedDom()'s call to $this->Fields() that causes this error.

Got to run for an appointment...when I have time, hopefully I can dig more on this problem.

Avatar
keeny

2 November 2009 at 2:44pm Community Member, 48 Posts

Hiya wmk,

Thanks for that. I have SWFUpload installed, so would that be affected by changeset r77012 mentioned in [url]http://open.silverstripe.org/ticket/2862[/url]?

I also stepped through FileDataObjectManager_Controller::handleswfupload() with a die() statement. It seems if I comment out line 641...

else {
            $ownerID = $_POST['parentIDName'];
            //$file->$ownerID = $_POST['controllerID'];
            $file->write();
            echo $file->ID;
         }

The file uploads to the right place but the DOM doesn't refresh. I have to manually refresh the File & Images area to see the newly uploaded file. Also I don't really know what the consequence of commenting this line out is.

Any more ideas?

Cheers,

Keeny.

Avatar
UncleCheese

2 November 2009 at 3:11pm 4085 Posts

$_POST['parentIDName'];
$_POST['controllerID'];

One of those fields is not coming through. If you have SWFUpload in debug mode, you can see in the debug window what the post params are. Something is coming through null.

Avatar
keeny

2 November 2009 at 4:20pm Community Member, 48 Posts

Hiya Uncle,

I get this....

DEBUG: Post Params:
SWF DEBUG: fileClassName=File
SWF DEBUG: hasDataObject=0
SWF DEBUG: parentIDName=ParentID
SWF DEBUG: dataObjectFieldName=
SWF DEBUG: dataObjectClassName=File
SWF DEBUG: OverrideUploadFolder=assets/Palmerston-North/Home/
SWF DEBUG: controllerID=13
SWF DEBUG: fileFieldName=Files

I'm totally lost with this. BTW it works fine on my local Wamp machine. The problem is on our production server.

Avatar
Howard

2 November 2009 at 4:58pm Community Member, 215 Posts

Hi UncleCheese,

Trivial bug here, in the nested popup popup the close image was not showing when SS was installed in a subfolder but it was just a case of changing the reference to the image in dataobject_manager.css line 153 from:

a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('/dataobject_manager/images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}


to

a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('../images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}

I *really* like this feature btw!

Cheers :)

Avatar
UncleCheese

3 November 2009 at 2:33am 4085 Posts

SWF DEBUG: dataObjectFieldName=

There's your null value. Make sure you're defining everything correctly in your constructor.

Avatar
UncleCheese

3 November 2009 at 2:41am 4085 Posts

Thanks for that. Make sure you're on the latest version. I believe someone put in this patch several weeks ago.

Avatar
Ben Gribaudo

3 November 2009 at 4:08am (Last edited: 3 November 2009 4:13am), Community Member, 181 Posts

Re my "SecurityID doesn't match, possible CRSF attack" posts of 10/28 and 10/31:

More on what's going on:
When the DataObjectManager_popup window is initialized for the first time, class Form's loadDataFrom method is called. The form knows it should have a SecurityID field (from the call to $this->fields->dataFields() on http://open.silverstripe.org/browser/modules/sapphire/trunk/forms/Form.php?rev=90075#L919). However, when loadDataFrom() iterates through $data, setting field values, it sets that SecurityID field's value to NULL because $data doesn't contain a SecurityID value (see http://open.silverstripe.org/browser/modules/sapphire/trunk/forms/Form.php?rev=90075#L950).

Can someone help me resolve this?

Ben