developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.
Opened 9 years ago
Closed 9 years ago
#1465 closed bug (fixed)
jForms: issue with refcount and CSRF token
Reported by: | michelma | Owned by: | laurentj |
---|---|---|---|
Priority: | normal | Milestone: | Jelix 1.2.9 |
Component: | jelix:forms | Version: | 1.3.1 |
Severity: | normal | Keywords: | jforms |
Cc: | Blocked By: | ||
Blocking: | Documentation needed: | no | |
Hosting Provider: | Php version: |
Description
jForms::create($selector[, $id])
When creating form using an $id as a string, we should not get refCount >= 1. Line 63, jForms.class.php :
self::DEFAULT_ID = 0; ... ... if ($formId == self::DEFAULT_ID) { $dc->refcount = 1; }
This condition is always true when using a string because of type comparison and conversion in PHP https://bugs.php.net/bug.php?id=54625&edit=1
Don't know if this was intentionnal for jForms. If not we should use "===" operator.
Change History (4)
comment:1 Changed 9 years ago by foxmask
comment:2 Changed 9 years ago by laurentj
- Summary changed from jForms to jForms: issue with refcount and CSRF token
Comment from Michel on the pull request:
In fact refcount is not the problem, it is just a part of. When creating a form with a string as an Id, we always got refCount == 1, and the behavior makes that the CSRF token stay unchanged. When using an integer, refCount == 0 then the token changes every time the form is get. But i just discovered that the new token must be generated in jFormsBuilder. I wanted to not generate a new one to allow user to have multiple tab and keep the form working.
comment:3 Changed 9 years ago by laurentj
- Milestone changed from Jelix 1.3.3 to Jelix 1.2.9
- Owner set to laurentj
- Status changed from new to assigned
I fixed the issue with the token generated every time.
https://github.com/jelix/jelix/commit/4ea644db179e94eb7cf677282b4b3f55887d12cf
comment:4 Changed 9 years ago by laurentj
- Resolution set to fixed
- Status changed from assigned to closed
Fixed also the difference in behavior, between numerical id and non numerical ids.
https://github.com/jelix/jelix/commit/eb8df7b9f82e3e21b69e344fc5d7ff84ffd8b7b0
Hi,
If you could submit a pull request on github of your patch it will be very usefull and welcome :)
Thanks.