Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

DataObjectManager Module /

Discuss the DataObjectManager module, and the related ImageGallery module.

Moderators: martimiz, UncleCheese, Sean, Ed, biapar, Willr, Ingo, swaiba

Bug Reports

Go to End

297 Posts   73906 Views

Ben Gribaudo

Community Member, 181 Posts

31 October 2009 at 4:55am

Re my "SecurityID doesn't match, possible CRSF attack" post of 10/28:

Some sleuthing revealed that this problem appeared in revision 223 of DOM. Tthe constructor of DataObjectManager_Popup (in DataObjectManager.php) contains an if statement that determines whether or not a number of Requirements should be set. In revision 222, the if statement used the following expression:


In revision 223, this changed to:

There is something about hasNestedDom()'s call to $this->Fields() that causes this error.

Got to run for an appointment...when I have time, hopefully I can dig more on this problem.


Community Member, 48 Posts

2 November 2009 at 2:44pm

Hiya wmk,

Thanks for that. I have SWFUpload installed, so would that be affected by changeset r77012 mentioned in

I also stepped through FileDataObjectManager_Controller::handleswfupload() with a die() statement. It seems if I comment out line 641...

else {
				$ownerID = $_POST['parentIDName'];
				//$file->$ownerID = $_POST['controllerID'];
				echo $file->ID;

The file uploads to the right place but the DOM doesn't refresh. I have to manually refresh the File & Images area to see the newly uploaded file. Also I don't really know what the consequence of commenting this line out is.

Any more ideas?




Forum Moderator, 4102 Posts

2 November 2009 at 3:11pm


One of those fields is not coming through. If you have SWFUpload in debug mode, you can see in the debug window what the post params are. Something is coming through null.


Community Member, 48 Posts

2 November 2009 at 4:20pm

Hiya Uncle,

I get this....

DEBUG: Post Params:
SWF DEBUG:                         fileClassName=File
SWF DEBUG:                         hasDataObject=0
SWF DEBUG:                         parentIDName=ParentID
SWF DEBUG:                         dataObjectFieldName=
SWF DEBUG:                         dataObjectClassName=File
SWF DEBUG:                         OverrideUploadFolder=assets/Palmerston-North/Home/
SWF DEBUG:                         controllerID=13
SWF DEBUG:                         fileFieldName=Files

I'm totally lost with this. BTW it works fine on my local Wamp machine. The problem is on our production server.


Community Member, 215 Posts

2 November 2009 at 4:58pm

Hi UncleCheese,

Trivial bug here, in the nested popup popup the close image was not showing when SS was installed in a subfolder but it was just a case of changing the reference to the image in dataobject_manager.css line 153 from:

a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('/dataobject_manager/images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}

a.nested-close {display:block;text-indent:-9999em;width:30px;height:30px;background: url('../images/closebox.png') no-repeat top left;position:absolute;top:-15px;right:-15px;}

I *really* like this feature btw!

Cheers :)


Forum Moderator, 4102 Posts

3 November 2009 at 2:33am

SWF DEBUG: dataObjectFieldName=

There's your null value. Make sure you're defining everything correctly in your constructor.


Forum Moderator, 4102 Posts

3 November 2009 at 2:41am

Thanks for that. Make sure you're on the latest version. I believe someone put in this patch several weeks ago.

Ben Gribaudo

Community Member, 181 Posts

3 November 2009 at 4:08am

Edited: 03/11/2009 4:13am

Re my "SecurityID doesn't match, possible CRSF attack" posts of 10/28 and 10/31:

More on what's going on:
When the DataObjectManager_popup window is initialized for the first time, class Form's loadDataFrom method is called. The form knows it should have a SecurityID field (from the call to $this->fields->dataFields() on However, when loadDataFrom() iterates through $data, setting field values, it sets that SecurityID field's value to NULL because $data doesn't contain a SecurityID value (see

Can someone help me resolve this?


Go to Top