[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [jfw] Cant get getFormToken() to work



The one under the root should get picked up.  If you var_dump $this->config in the application class, you should see it set as part of the object.

On Tuesday, June 24, 2014, Joe Palmer <plantonight AT gmail.com> wrote:
Thanks Michael. I though this might be the case so I added a secret into system and at the root of /App/Config/config.json like this:

{
	"database" : {
		"driver"  : "mysqli",
		"host"    : "localhost",
		"user"    : "user",
		"password": "password",
		"name"    : "name",
		"prefix"  : "app_"
	},
	"renderer" : {
		"type": "twig"
	},
	"system"   : {
		"list_limit": "20",
		"gzip"      : "0",
		"offset"    : "UTC",
		"secret"    : "SeCrEt123"
	},
	"languages": [
		"en-GB"
	],
	"secret"   : "SeCrEt123"
}

But I cant seem to access it from my model with $this->get('secret'), $this->app->get('secret') or $this->config->get('secret'). What is the correct way to access values from config.json in a model? Is this the correct place to set the secret so it is recognised by Joomla and used in getFormToken()?

Many thanks

On Tuesday, June 24, 2014 3:24:55 PM UTC+1, Michael Babker wrote:
There should be a 'secret' set in your application's config either by having it in a config file (in the CMS, it's the $secret var in the configuration.php file) or by setting it somewhere in your startup routine (just call $this->set('secret', 'value'); sometime after $this->config has been set).


On Tue, Jun 24, 2014 at 8:22 AM, Joe Palmer <plant... AT gmail.com> wrote:
I asked this on Stack Exchange but haven't got any answers so I'm re-asking this here.

I have used the methods described on this page in Joomla many times before:

http://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms

Now I want to implement the same mechanism using the Joomla Framework and the Framework App. So I have tried this:

$token = $this->app->getFormToken();

But this causes the application to exit. I have stepped through the code and the problem starts in the getFormToken function here:

return md5($this->get('secret') . $userId . $this->session->getToken($forceNew));

$this->get('secret') returns here because there is no dot in 'secret':

if (!strpos($path, '.'))
{
    return (isset($this->data->$path) && $this->data->$path !== null && $this->data->$path !== '') ? $this->data->$path : $default;
}

Then this function runs from Symfony:

public function write($sessionId, $data)
{
    return (bool) $this->handler->write($sessionId, $data);
}

And finally this function runs:

public function close()
{
    $this->active = false;

    return (bool) $this->handler->close();
}

Which exits the application.

What am I doing wrong? Do I need to add a 'secret' somewhere? How should I generate a form token which I then check when the form is submitted?

Thanks for any help you can give.

--
Framework source code: https://github.com/joomla/joomla-framework
Visit http://developer.joomla.org for more information about developing with Joomla!
---
You received this message because you are subscribed to the Google Groups "Joomla! Framework Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-framework+unsubscribe AT googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-framework.

--
Framework source code: https://github.com/joomla/joomla-framework
Visit http://developer.joomla.org for more information about developing with Joomla!
---
You received this message because you are subscribed to the Google Groups "Joomla! Framework Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-framework+unsubscribe AT googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-framework.


--
- Michael

Please pardon any errors, this message was sent from my iPhone.

--
Framework source code: https://github.com/joomla/joomla-framework
Visit http://developer.joomla.org for more information about developing with Joomla!
---
You received this message because you are subscribed to the Google Groups "Joomla! Framework Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-framework+unsubscribe AT googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-framework.