Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#2274 closed defect (fixed)

Wysiwig - inserting links applies infinite csrf tokens to node placeholders

Reported by: markusliechti Owned by: comvation
Priority: normal Milestone: Contrexx 4.0
Component: other(specify) Version: 3.2
Severity: normal Keywords: Wysiwig, Mediadir, knownledge


Check all modules with wysiwig input fields for the described error.

  • (fixed) was allready fixed in mediadir wysiwyg field #2232
  • (open) also knowledege module

Solution @see also #2232

Change History (5)

comment:1 Changed 7 years ago by robin.glauser

  • Resolution set to fixed
  • Status changed from new to closed

Fix for this problem:

Add the following code to the end of the backend array in the LegacyComponentHandler?: 'preFinalize' => array(

'Csrf' => function() {

global $objTemplate; This is a ugly hack. $objTemplate->_variablesADMIN_CONTENT? = preg_replace('/(&)csrf=[a-zA-Z0-9]+/i', ,

preg_replace('/\?csrf=[a-zA-Z0-9]+/i', ,

preg_replace('/\?csrf=[a-zA-Z0-9]+(&amp\;|&)/i', '?', $objTemplate->_variablesADMIN_CONTENT?)));



comment:2 Changed 7 years ago by robin.glauser


'preFinalize' => array(
                    'Csrf' => function() {
                        global $objTemplate;
                        //This is a ugly hack.
                        $objTemplate->_variables['ADMIN_CONTENT'] = preg_replace('/(&)csrf=[a-zA-Z0-9__]+/i', '',
                            preg_replace('/\?csrf=[a-zA-Z0-9__]+/i', '',
                                preg_replace('/\?csrf=[a-zA-Z0-9__]+(&amp\;|&)/i', '?', $objTemplate->_variables['ADMIN_CONTENT'])));

comment:4 Changed 7 years ago by michael.ritter

  • Milestone changed from unknown to Contrexx 3.2 SP1

comment:5 Changed 6 years ago by michael.ritter

  • Milestone changed from Contrexx 3.2 SP1 to Contrexx 4.0
Note: See TracTickets for help on using tickets.