Skip to main content
Topic: Import CSV, version 2.7.2 (Read 3076 times) previous topic - next topic

Import CSV, version 2.7.2

Hi,

I just created simple page that list table with 4 columns (id, racun, email, prilog). I enabled Import CSV option on the page but when I try importing csv file I got following error:

Access to phprad was denied
You don't have authorization to view this page.
HTTP ERROR 403

I did not create any authorization, it is just simple page with table list? I checked all columns are there - I tried both options with and without id, I got the same error.

Any idea where to find problem?

Vladimir

Re: Import CSV, version 2.7.1

Reply #1
I tested it on xampp, wamp and also on a hosting server same error on all of them. Nothing goes to error log. In the access log I have only 403 error on post. Nothing else. Any help would be welcome.

Re: Import CSV, version 2.7.1

Reply #2
OK, I manage to debug code and it exits on this line:

if(is_post_request()){
   Csrf::cross_check();

Looks like some issue with CSRF?

Re: Import CSV, version 2.7.1

Reply #3
csrf.php exits in checking request token:

/**
    *  Csrf - Verify if the request is coming from our origin
    * @category  Security
    */
   public static function cross_check()
   {
      $current_token = get_session('csrf_token');

      $req_token = "";
      if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
         $req_token = $_SERVER['HTTP_X_CSRF_TOKEN'];
      } elseif (!empty($_REQUEST['csrf_token'])) {
         $req_token = $_REQUEST['csrf_token'];
      }

      if ($req_token != $current_token) {
         render_error("Cross-Site request Forgery Detected. Please Contact The System Administrator For More Information", 403);
         exit;
      }

      return null;
   }
}

Re: Import CSV, version 2.7.1

Reply #4
OK, tested a couple of projects, it is same thing everywhere.

Problem is html.php and import_form() function that does not pass csrf_token.

Could you please fix this!!!

Re: Import CSV, version 2.7.2

Reply #6
Any updates from developer? Can we fix this by some code fix, where?

Re: Import CSV, version 2.7.2

Reply #7
OK, to be able to use Import Data modal dialog, all you need is to change html helper, Html.php by adding following line into form:

<input type="hidden" name="csrf_token" value="<?php echo Csrf::$token; ?>" />

for example lines from 373 to 391 should look like this:

Code: [Select]
<form method="post" action="<?php print_link($form_path) ?>" enctype="multipart/form-data" id="-import-data" class="modal fade" role="dialog" tabindex="-1" data-backdrop="false" role="dialog" aria-labelledby="myModalLabel">
			<div class="modal-dialog modal-dialog-centered modal-sm">
				<div class="modal-content">
					<div class="modal-header">
						<h4 class="modal-title">Import Data</h4>
						<button type="button" class="close" data-dismiss="modal">&times;</button>
					</div>
					<div class="modal-body">
						<label>Select a file to import <input required="required" class="form-control form-control-sm" type="file" name="file" /> </label>
						<small class="text-muted">Supported file types(csv , json)</small>
						<input type="hidden" name="csrf_token" value="<?php echo Csrf::$token; ?>" />
					</div>
					<div class="modal-footer">
						<button type="reset" class="btn btn-secondary" data-dismiss="modal">Close</button>
						<button type="submit" class="btn btn-primary">Import Data</button>
					</div>
				</div>
			</div>
		</form>

Line 383 is added into form.

Vladimir

Re: Import CSV, version 2.7.2

Reply #8
regards.
Any answer regarding the subject of: Vvlada?
I also have the same problem, I want to load massive data, but the error comes out: 403, then it became the change that Vvlada suggested, and now the error 500 comes out:

https://www.4shared.com/s/f6JrI3dPwea

I appreciate the valuable management, for this help.

Re: Import CSV, version 2.7.2

Reply #9
@jhonedwardvasquez‍  this might be an issue with your CSV format. phprad seems to be detecting several columns as a single column. to get the proper format please export your page as CSV and Reddit the content, but make sure the first role matches the field name in that database table. When saving the file and you are asked to change the format it is saved on, please say no to maintain the format used by phprad, thanks.