Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

DataObjectManager Module /

Discuss the DataObjectManager module, and the related ImageGallery module.

Moderators: martimiz, UncleCheese, Sean, biapar, Willr, Ingo, swaiba, simon_w

Bug Reports


Go to End
Reply


297 Posts   52314 Views

Avatar
Ben Gribaudo

Community Member, 181 Posts

31 October 2009 at 4:55am

Re my "SecurityID doesn't match, possible CRSF attack" post of 10/28:

Some sleuthing revealed that this problem appeared in revision 223 of DOM. Tthe constructor of DataObjectManager_Popup (in DataObjectManager.php) contains an if statement that determines whether or not a number of Requirements should be set. In revision 222, the if statement used the following expression:

$this->controller->hasNested


In revision 223, this changed to:

$this->hasNestedDOM()

There is something about hasNestedDom()'s call to $this->Fields() that causes this error.

Got to run for an appointment...when I have time, hopefully I can dig more on this problem.

Avatar
keeny

Community Member, 48 Posts

2 November 2009 at 2:44pm

Hiya wmk,

Thanks for that. I have SWFUpload installed, so would that be affected by changeset r77012 mentioned in [url]http://open.silverstripe.org/ticket/2862[/url]?

I also stepped through FileDataObjectManager_Controller::handleswfupload() with a die() statement. It seems if I comment out line 641...

else {
            $ownerID = $_POST['parentIDName'];
            //$file->$ownerID = $_POST['controllerID'];
            $file->write();
            echo $file->ID;
         }

The file uploads to the right place but the DOM doesn't refresh. I have to manually refresh the File & Images area to see the newly uploaded file. Also I don't really know what the consequence of commenting this line out is.

Any more ideas?

Cheers,

Keeny.

Avatar
UncleCheese

Forum Moderator, 4096 Posts

2 November 2009 at 3:11pm

$_POST['parentIDName'];
$_POST['controllerID'];

One of those fields is not coming through. If you have SWFUpload in debug mode, you can see in the debug window what the post params are. Something is coming through null.

Avatar
keeny

Community Member, 48 Posts

2 November 2009 at 4:20pm

Hiya Uncle,

I get this....

DEBUG: Post Params:
SWF DEBUG: fileClassName=File
SWF DEBUG: hasDataObject=0
SWF DEBUG: parentIDName=ParentID
SWF DEBUG: dataObjectFieldName=
SWF DEBUG: dataObjectClassName=File
SWF DEBUG: OverrideUploadFolder=assets/Palmerston-North/Home/
SWF DEBUG: controllerID=13
SWF DEBUG: fileFieldName=Files

I'm totally lost with this. BTW it works fine on my local Wamp machine. The problem is on our production server.

Avatar
Howard

Community Member, 215 Posts

2 November 2009 at 4:58pm

Hi UncleCheese,

Trivial bug here, in the nested popup popup the close image was not showing when SS was installed in a subfolder but it was just a case of changing the reference to the image in dataobject_manager.css line 153 from:

a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('/dataobject_manager/images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}


to

a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('../images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}

I *really* like this feature btw!

Cheers :)

Avatar
UncleCheese

Forum Moderator, 4096 Posts

3 November 2009 at 2:33am

SWF DEBUG: dataObjectFieldName=

There's your null value. Make sure you're defining everything correctly in your constructor.

Avatar
UncleCheese

Forum Moderator, 4096 Posts

3 November 2009 at 2:41am

Thanks for that. Make sure you're on the latest version. I believe someone put in this patch several weeks ago.

Avatar
Ben Gribaudo

Community Member, 181 Posts

3 November 2009 at 4:08am

Edited: 03/11/2009 4:13am

Re my "SecurityID doesn't match, possible CRSF attack" posts of 10/28 and 10/31:

More on what's going on:
When the DataObjectManager_popup window is initialized for the first time, class Form's loadDataFrom method is called. The form knows it should have a SecurityID field (from the call to $this->fields->dataFields() on http://open.silverstripe.org/browser/modules/sapphire/trunk/forms/Form.php?rev=90075#L919). However, when loadDataFrom() iterates through $data, setting field values, it sets that SecurityID field's value to NULL because $data doesn't contain a SecurityID value (see http://open.silverstripe.org/browser/modules/sapphire/trunk/forms/Form.php?rev=90075#L950).

Can someone help me resolve this?

Ben

Go to Top