7913 Posts in 1355 Topics by 930 members
DataObjectManager Module
SilverStripe Forums » DataObjectManager Module » Bug Reports
Discuss the DataObjectManager module, and the related ImageGallery module.
Moderators: martimiz, UncleCheese, Howard, Sean, Ryan M., biapar, Willr, Ingo, swaiba, simon_w
| Go to End | Next > | |
| Author | Topic: | 37778 Views |
-
Re: Bug Reports
28 October 2009 at 4:10am Last edited: 28 October 2009 4:11am
Hit another issue:
When using DAO to upload an image, "SecurityID doesn't match, possible CRSF attack." is displayed after uploading the image then clicking "finish" on the extra data page. This appears to be caused by the fact that the extra data page's SecurityID field has a blank value:
<input type="hidden" id="FileDataObjectManager_Popup_EditUploadedForm_SecurityID" name="SecurityID" value="" />
If I check the value of Session::get('SecurityID') (used by Form.php on line 434 to populate SecurityID's value), it is set correctly.In general, the SecurityID field seems to be populated correctly. The initial DAO popup window has a SecurityID field with a value (as it should):
<input type="hidden" id="FileDataObjectManager_Popup_UploadForm_SecurityID" name="SecurityID" value="15856" />
Any ideas?
Ben
-
Re: Bug Reports
29 October 2009 at 10:46am
Hi again Uncle,
I'm still having the problem where if I upload an image in 'Files & Images' to a subfolder, the files go straight into the root of the assets folder and not into the folder I want them to.
I'm not getting any errors. Where do you think is the best place to put some debug statements so I can see what's going on?
(I'm also using subsites & cmsworkflow modules although don't know if that would affect uploads or not.)
Any help much appreciated!
-
Re: Bug Reports
30 October 2009 at 6:13am
Hi Keeny,
i also stumbled over this odd behaviour, which is well known in SS bug tracker:
http://open.silverstripe.org/ticket/3914
http://open.silverstripe.org/ticket/2862seems to be fixed in trunk but it unfortunately didn't get it into the 2.3 branch
hth
wmk
-
Re: Bug Reports
31 October 2009 at 4:55am
Re my "SecurityID doesn't match, possible CRSF attack" post of 10/28:
Some sleuthing revealed that this problem appeared in revision 223 of DOM. Tthe constructor of DataObjectManager_Popup (in DataObjectManager.php) contains an if statement that determines whether or not a number of Requirements should be set. In revision 222, the if statement used the following expression:
$this->controller->hasNested
In revision 223, this changed to:$this->hasNestedDOM()
There is something about hasNestedDom()'s call to $this->Fields() that causes this error.
Got to run for an appointment...when I have time, hopefully I can dig more on this problem.
-
Re: Bug Reports
2 November 2009 at 2:44pm
Hiya wmk,
Thanks for that. I have SWFUpload installed, so would that be affected by changeset r77012 mentioned in http://open.silverstripe.org/ticket/2862?
I also stepped through FileDataObjectManager_Controller::handleswfupload() with a die() statement. It seems if I comment out line 641...
else {
$ownerID = $_POST['parentIDName'];
//$file->$ownerID = $_POST['controllerID'];
$file->write();
echo $file->ID;
}The file uploads to the right place but the DOM doesn't refresh. I have to manually refresh the File & Images area to see the newly uploaded file. Also I don't really know what the consequence of commenting this line out is.
Any more ideas?
Cheers,
Keeny.
-
Re: Bug Reports
2 November 2009 at 3:11pm
$_POST['parentIDName'];
$_POST['controllerID'];One of those fields is not coming through. If you have SWFUpload in debug mode, you can see in the debug window what the post params are. Something is coming through null.
-
Re: Bug Reports
2 November 2009 at 4:20pm
Hiya Uncle,
I get this....
DEBUG: Post Params:
SWF DEBUG: fileClassName=File
SWF DEBUG: hasDataObject=0
SWF DEBUG: parentIDName=ParentID
SWF DEBUG: dataObjectFieldName=
SWF DEBUG: dataObjectClassName=File
SWF DEBUG: OverrideUploadFolder=assets/Palmerston-North/Home/
SWF DEBUG: controllerID=13
SWF DEBUG: fileFieldName=FilesI'm totally lost with this. BTW it works fine on my local Wamp machine. The problem is on our production server.
-
Re: Bug Reports
2 November 2009 at 4:58pm
Hi UncleCheese,
Trivial bug here, in the nested popup popup the close image was not showing when SS was installed in a subfolder but it was just a case of changing the reference to the image in dataobject_manager.css line 153 from:
a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('/dataobject_manager/images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}
toa.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('../images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}
I *really* like this feature btw!
Cheers
| 37778 Views | ||
| Go to Top | Next > |
