I have used the methods described on this page in Joomla many times before:
http://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms
Now I want to implement the same mechanism using the Joomla Framework and the Framework App. So I have tried this:
$token = $this->app->getFormToken();
But this causes the application to exit. I have stepped through the code and the problem starts in the getFormToken function here:
return md5($this->get('secret') . $userId . $this->session->getToken($forceNew));
$this->get('secret') returns here because there is no dot in 'secret':
if (!strpos($path, '.'))
{
return (isset($this->data->$path) && $this->data->$path !== null && $this->data->$path !== '') ? $this->data->$path : $default;
}
Then this function runs from Symfony:
public function write($sessionId, $data)
{
return (bool) $this->handler->write($sessionId, $data);
}
And finally this function runs:
public function close()
{
$this->active = false;
return (bool) $this->handler->close();
}
Which exits the application.
What am I doing wrong? Do I need to add a 'secret' somewhere? How should I generate a form token which I then check when the form is submitted?
Thanks for any help you can give.
--
Framework source code: https://github.com/joomla/joomla-framework
Visit http://developer.joomla.org for more information about developing with Joomla!
---
You received this message because you are subscribed to the Google Groups "Joomla! Framework Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-frame...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-framework.
{ "database" : { "driver" : "mysqli", "host" : "localhost", "user" : "user", "password": "password", "name" : "name", "prefix" : "app_" }, "renderer" : { "type": "twig" }, "system" : { "list_limit": "20", "gzip" : "0", "offset" : "UTC", "secret" : "SeCrEt123" }, "languages": [ "en-GB" ], "secret" : "SeCrEt123" }
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-framework+unsub...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-frame...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-framework.
Please pardon any errors, this message was sent from my iPhone.
Thanks Michael, I got it working.
The bit I was missing was creating the session and associating it with the app.