Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Zend Form - multiple forms in one page and (CSRF) token validations

Tags:

php

zend-form

I use Zend-Form to generate my forms in my project.

First: How do you handle multiple forms on the same page, and only post the form that is submitted?

Second: When I have two forms on the same page the token will only validate the topmost rendered form in the HTML. The second form with get a "Token does not match" error, thus making the form unable to post. How do you give each form a unique token that does not conflict with the others?

Sincerely, Why

like image 716
why Avatar asked Jan 19 '23 12:01

why


2 Answers

When I have two forms on the same page the token will only validate the topmost rendered form in the HTML. The second form with get a "Token does not match" error, thus making the form unable to post. How do you give each form a unique token that does not conflict with the others?

Tokens on multiple forms are not possible with the current implementation (see initCsrfValidator).

I suggest you generate your own token, store it in the session (with the form ID) and validate it yourself.

like image 84
cweiske Avatar answered Feb 22 '23 09:02

cweiske


I found this question while trying to have two forms on the same page using Zend_Form_Element_Hash. There are two ways to accomplish this, and both are mentioned in the documentation:

The name of the hash element should be unique. We recommend using the salt option for the element- two hashes with same names and different salts would not collide

So...

  1. Use a unique name for each Hash element
  2. Use a unique salt value for each Hash element
like image 26
Sonny Avatar answered Feb 22 '23 10:02

Sonny