Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Form Questions /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SearchForm, pagination and CSRF problem...


Go to End


2 Posts   1389 Views

Avatar
mishell

Community Member, 19 Posts

5 October 2011 at 3:29am

Edited: 05/10/2011 7:42am

I have a search form like this:


    function SForm() {
        Requirements::javascript('mysite/javascript/message.js');
        $action = $this->request->param('Action');
        
        $context = singleton('Message')->getCustomSearchContext();
        $fields = $context->getSearchFields();
        
        $fields->push(new HiddenField('SearchType','',$action));           
        
        $searchText = isset($this->Query) ? $this->Query : 'Search';
        
        $actions = new FieldSet(
            new FormAction('searchResults', 'Go')
        );

Results are rendered like this:


    public function searchResults($data,Form $form)
    {
        $data = Convert::raw2sql($data);
        
        $start = ($this->request->getVar('start')) ? (int)$this->request->getVar('start') : 0;
        $limit = 2;        
        
        $fields = singleton('Message')->searchableFields();
        $context = singleton('Message')->getCustomSearchContext();

        $query = $context->getQuery($data, null, array('start'=>$start,'limit'=>$limit));
        $records = $context->getResults($data, null, array('start'=>$start,'limit'=>$limit));

        if($records) {
            $records->setPageLimits($start, $limit, $query->unlimitedRowCount());
        }        

        return $this->customise(array(
            'MyResults' => $records
        ));
    }    

In template results are show like this:

Now everything works fine untill I want to click page MessageController/SForm?start=4

When silverstripe protests and shows

Security token doesn't match, possible CSRF attack.

First I can't force silverstripe to use template MessageController_searchResults.ss and it shows on MessageController, so I have some ifs and then is ok, but I don't think I should render it on main template.

Next I can't figure out how to make it work so SS won't display error message but second page of search form.

I read every page I could, any help would be very appreciated.

Avatar
mishell

Community Member, 19 Posts

5 October 2011 at 7:43am

 

        $form = new Form($this, "SForm", $fields, $actions);
        $form->setFormMethod('get');
        return $form;

and done