Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Form Questions /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SearchForm, pagination and CSRF problem...

Go to End

2 Posts   1083 Views


Community Member, 19 Posts

5 October 2011 at 3:29am

Edited: 05/10/2011 7:42am

I have a search form like this:

    function SForm() {
        $action = $this->request->param('Action');
        $context = singleton('Message')->getCustomSearchContext();
        $fields = $context->getSearchFields();
        $fields->push(new HiddenField('SearchType','',$action));           
        $searchText = isset($this->Query) ? $this->Query : 'Search';
        $actions = new FieldSet(
            new FormAction('searchResults', 'Go')

Results are rendered like this:

    public function searchResults($data,Form $form)
        $data = Convert::raw2sql($data);
        $start = ($this->request->getVar('start')) ? (int)$this->request->getVar('start') : 0;
        $limit = 2;        
        $fields = singleton('Message')->searchableFields();
        $context = singleton('Message')->getCustomSearchContext();

        $query = $context->getQuery($data, null, array('start'=>$start,'limit'=>$limit));
        $records = $context->getResults($data, null, array('start'=>$start,'limit'=>$limit));

        if($records) {
            $records->setPageLimits($start, $limit, $query->unlimitedRowCount());

        return $this->customise(array(
            'MyResults' => $records

In template results are show like this:

Now everything works fine untill I want to click page MessageController/SForm?start=4

When silverstripe protests and shows

Security token doesn't match, possible CSRF attack.

First I can't force silverstripe to use template and it shows on MessageController, so I have some ifs and then is ok, but I don't think I should render it on main template.

Next I can't figure out how to make it work so SS won't display error message but second page of search form.

I read every page I could, any help would be very appreciated.


Community Member, 19 Posts

5 October 2011 at 7:43am


        $form = new Form($this, "SForm", $fields, $actions);
        return $form;

and done