Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Form Questions /

SearchForm, pagination and CSRF problem...


Reply


2 Posts   672 Views

Avatar
mishell

Community Member, 19 Posts

5 October 2011 at 3:29am

Edited: 05/10/2011 7:42am

I have a search form like this:

function SForm() {
Requirements::javascript('mysite/javascript/message.js');
$action = $this->request->param('Action');

$context = singleton('Message')->getCustomSearchContext();
$fields = $context->getSearchFields();

$fields->push(new HiddenField('SearchType','',$action));

$searchText = isset($this->Query) ? $this->Query : 'Search';

$actions = new FieldSet(
new FormAction('searchResults', 'Go')
);

Results are rendered like this:

public function searchResults($data,Form $form)
{
$data = Convert::raw2sql($data);

$start = ($this->request->getVar('start')) ? (int)$this->request->getVar('start') : 0;
$limit = 2;

$fields = singleton('Message')->searchableFields();
$context = singleton('Message')->getCustomSearchContext();

$query = $context->getQuery($data, null, array('start'=>$start,'limit'=>$limit));
$records = $context->getResults($data, null, array('start'=>$start,'limit'=>$limit));

if($records) {
$records->setPageLimits($start, $limit, $query->unlimitedRowCount());
}

return $this->customise(array(
'MyResults' => $records
));
}

In template results are show like this:

Now everything works fine untill I want to click page MessageController/SForm?start=4

When silverstripe protests and shows

Security token doesn't match, possible CSRF attack.

First I can't force silverstripe to use template MessageController_searchResults.ss and it shows on MessageController, so I have some ifs and then is ok, but I don't think I should render it on main template.

Next I can't figure out how to make it work so SS won't display error message but second page of search form.

I read every page I could, any help would be very appreciated.

Avatar
mishell

Community Member, 19 Posts

5 October 2011 at 7:43am

$form = new Form($this, "SForm", $fields, $actions);
$form->setFormMethod('get');
return $form;

and done