[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[jfw] Cant get getFormToken() to work



I asked this on Stack Exchange but haven't got any answers so I'm re-asking this here.

I have used the methods described on this page in Joomla many times before:

http://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms

Now I want to implement the same mechanism using the Joomla Framework and the Framework App. So I have tried this:

$token = $this->app->getFormToken();

But this causes the application to exit. I have stepped through the code and the problem starts in the getFormToken function here:

return md5($this->get('secret') . $userId . $this->session->getToken($forceNew));

$this->get('secret') returns here because there is no dot in 'secret':

if (!strpos($path, '.'))
{
    return (isset($this->data->$path) && $this->data->$path !== null && $this->data->$path !== '') ? $this->data->$path : $default;
}

Then this function runs from Symfony:

public function write($sessionId, $data)
{
    return (bool) $this->handler->write($sessionId, $data);
}

And finally this function runs:

public function close()
{
    $this->active = false;

    return (bool) $this->handler->close();
}

Which exits the application.

What am I doing wrong? Do I need to add a 'secret' somewhere? How should I generate a form token which I then check when the form is submitted?

Thanks for any help you can give.

--
Framework source code: https://github.com/joomla/joomla-framework
Visit http://developer.joomla.org for more information about developing with Joomla!
---
You received this message because you are subscribed to the Google Groups "Joomla! Framework Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-framework+unsubscribe AT googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-framework.