Menu
I have several forms that use the CSRF input. For example, in the constructor of my form, it looks like this:
$this->add(array (
'name' => 'csrf',
'type' => 'Csrf',
'attributes' => array(
'id' => 'csrf'
)
));
Just for kicks, I tried using Firebug to change the token value of the CSRF input and submitting the form, just to see what would happen. The result: it still validated. I even dumped the $_POST data to confirm that the invalid token was being submitted. What's more, I tried setting the timeout to 10 seconds, and the same thing happened: the form seemed to be ignoring the CSRF input and validating the form whether it was OK or not. The code is as follows:
$this->add(array (
'name' => 'csrf',
'type' => 'Csrf',
'attributes' => array(
'id' => 'csrf'
),
'options' => array(
'csrf_options' => array(
'timeout' => 10
)
)
));
I even tried adding a filter for the CSRF element to the form's input filter, but again, it still passed when it bloody well shouldn't have.
Is there something else I should be doing here that I'm not? I don't want to add this to my form if it's not going to actually do anything.
EDIT: Here's a link to the code for my form and my controller action. Note that, while the form's method getInputFilter has validators for csrf, sex, and role, the result is the same without them.
588
After reading the documentation a bit nore, I somehow stumbled across something that made me think. So I tried adding the following code to the getInputFilter method:
$inputFilter->add($factory->createInput(
array(
'name' => 'csrf',
'validators' => array (
array(
'name' => 'csrf'
)
)
)));
Call me crazy, but does this mean that the getInputFilter method clears out the pre-existing validators on elements like csrf, select, and radio?
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With