Skip to main content

Show Posts

This section allows you to view all Show Posts made by this member. Note that you can only see Show Posts made in areas you currently have access to.

Messages - vvlada

1
Bugs / Re: Import CSV, version 2.7.2
OK, to be able to use Import Data modal dialog, all you need is to change html helper, Html.php by adding following line into form:

<input type="hidden" name="csrf_token" value="<?php echo Csrf::$token; ?>" />

for example lines from 373 to 391 should look like this:

Code: [Select]
<form method="post" action="<?php print_link($form_path) ?>" enctype="multipart/form-data" id="-import-data" class="modal fade" role="dialog" tabindex="-1" data-backdrop="false" role="dialog" aria-labelledby="myModalLabel">
<div class="modal-dialog modal-dialog-centered modal-sm">
<div class="modal-content">
<div class="modal-header">
<h4 class="modal-title">Import Data</h4>
<button type="button" class="close" data-dismiss="modal">&times;</button>
</div>
<div class="modal-body">
<label>Select a file to import <input required="required" class="form-control form-control-sm" type="file" name="file" /> </label>
<small class="text-muted">Supported file types(csv , json)</small>
<input type="hidden" name="csrf_token" value="<?php echo Csrf::$token; ?>" />
</div>
<div class="modal-footer">
<button type="reset" class="btn btn-secondary" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-primary">Import Data</button>
</div>
</div>
</div>
</form>

Line 383 is added into form.

Vladimir
3
General Discussion / Release notes?
Hi,

Do you have page with Release Notes? Forum topic?

I just found that there is a new version 2.7.3 of PHPRad Classic, but I can not find what is new in this release?

Vladimir
5
Bugs / Re: Import CSV, version 2.7.1
OK, tested a couple of projects, it is same thing everywhere.

Problem is html.php and import_form() function that does not pass csrf_token.

Could you please fix this!!!
6
Bugs / Re: Import CSV, version 2.7.1
csrf.php exits in checking request token:

/**
    *  Csrf - Verify if the request is coming from our origin
    * @category  Security
    */
   public static function cross_check()
   {
      $current_token = get_session('csrf_token');

      $req_token = "";
      if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
         $req_token = $_SERVER['HTTP_X_CSRF_TOKEN'];
      } elseif (!empty($_REQUEST['csrf_token'])) {
         $req_token = $_REQUEST['csrf_token'];
      }

      if ($req_token != $current_token) {
         render_error("Cross-Site request Forgery Detected. Please Contact The System Administrator For More Information", 403);
         exit;
      }


      return null;
   }
}
7
Bugs / Re: Import CSV, version 2.7.1
OK, I manage to debug code and it exits on this line:

if(is_post_request()){
   Csrf::cross_check();

Looks like some issue with CSRF?
8
Bugs / Re: Import CSV, version 2.7.1
I tested it on xampp, wamp and also on a hosting server same error on all of them. Nothing goes to error log. In the access log I have only 403 error on post. Nothing else. Any help would be welcome.
9
Bugs / Import CSV, version 2.7.2
Hi,

I just created simple page that list table with 4 columns (id, racun, email, prilog). I enabled Import CSV option on the page but when I try importing csv file I got following error:

Access to phprad was denied
You don't have authorization to view this page.
HTTP ERROR 403

I did not create any authorization, it is just simple page with table list? I checked all columns are there - I tried both options with and without id, I got the same error.

Any idea where to find problem?

Vladimir