ZenphotoCMS Forum
"theme" Cross Site Request Forgery blocked. - Printable Version

+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: "theme" Cross Site Request Forgery blocked. (/thread-7478.html)



"theme" Cross Site Request Forgery blocked. - gothick - 2010-08-14

I just upgraded to 1.3.1. I'm trying to duplicate an existing theme as a starting point for my own theme, but I'm getting an error.

I press the "duplicate" button, beside the "Zenpage" theme. I leave the default options of "My Theme" and "my_theme" for the name and directory. The theme doesn't get duplicated; instead I'm dumped on the Overview page with a red warning box that says:

"theme" Cross Site Request Forgery blocked.

...and then just fades away.

Any ideas what I could be doing wrong?

Thanks,

Matt




"theme" Cross Site Request Forgery blocked. - gothick - 2010-08-14

On further investigation, I think this may be a bug in admin-themes.php -- the jQuery to launch the theme copy says:

launchScript('',['action=copytheme&ampXSRFToken=','source='+encodeURIComponent(source),'target='+encodeURIComponent(targetdir),'name='+encodeURIComponent(targetname)]);

...which seems to be causing the XSRFToken parameter actually to be received under the name amp;XSRFToken.

Is this maybe because it would need to be entity-encoded in HTML, but not in the JavaScript? Copy-and-paste error, maybe?

Not too sure I'm right, though, but I'm going to keep fiddling.

Cheers,

Matt




"theme" Cross Site Request Forgery blocked. - acrylian - 2010-08-14

This might be a bug with the recent introduced XSRF security enhancements. Best you open a ticket with your description of this issue.




"theme" Cross Site Request Forgery blocked. - gothick - 2010-08-14

Cheers. Done. http://www.zenphoto.org/trac/ticket/1581