+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: "theme" Cross Site Request Forgery blocked. (/thread-7478.html)
"theme" Cross Site Request Forgery blocked. - gothick - 2010-08-14
I just upgraded to 1.3.1. I'm trying to duplicate an existing theme as a starting point for my own theme, but I'm getting an error.
I press the "duplicate" button, beside the "Zenpage" theme. I leave the default options of "My Theme" and "my_theme" for the name and directory. The theme doesn't get duplicated; instead I'm dumped on the Overview page with a red warning box that says:
"theme" Cross Site Request Forgery blocked.
...and then just fades away.
Any ideas what I could be doing wrong?
Thanks,
Matt
"theme" Cross Site Request Forgery blocked. - gothick - 2010-08-14
On further investigation, I think this may be a bug in admin-themes.php -- the jQuery to launch the theme copy says:
launchScript('',['action=copytheme&XSRFToken=','source='+encodeURIComponent(source),'target='+encodeURIComponent(targetdir),'name='+encodeURIComponent(targetname)]);
...which seems to be causing the XSRFToken parameter actually to be received under the name amp;XSRFToken.
Is this maybe because it would need to be entity-encoded in HTML, but not in the JavaScript? Copy-and-paste error, maybe?
Not too sure I'm right, though, but I'm going to keep fiddling.
Cheers,
Matt
"theme" Cross Site Request Forgery blocked. - acrylian - 2010-08-14
This might be a bug with the recent introduced XSRF security enhancements. Best you open a ticket with your description of this issue.
"theme" Cross Site Request Forgery blocked. - gothick - 2010-08-14
Cheers. Done. http://www.zenphoto.org/trac/ticket/1581