未注册的操作(通过自定义模块)导致XSRF Attack Detected错误 [英] Unregistered action (via custom module) leads to XSRF Attack Detected error
问题描述
在SugarCRM 8.0.1中,我试图使一个未注册的新动作生效。
In SugarCRM 8.0.1, I am trying to make a new, unregistered action work.
该动作是一种表单,已添加到我的自定义模块中。我正在尝试通过以下方式从自身获取信息,以便在提交表单时,将表单数据发送回自身(又名 action
链接返回到表单在同一页面上)
The action is a form and has been added to my custom module. I am trying to reach it from itself in the following manner so that on form submission, the form-data is sent back to itself (aka, the action
link leads back to the same page the form is on):
<form method="POST" name="ConfigureSettings" action="#bwc/index.php?module=CustomModule&action=newAction">
基于 SugarCRM支持的跨站点伪造消息疑难解答 ,添加其他操作的方式如下:
Based on SugarCRM Support's Troubleshooting Cross-Site Forgery Messages, the way to add an additional action is as follows:
要将未注册的操作添加为允许的操作(例如,自定义
模块),请将以下代码行添加到config_override.php
文件:
$sugar_config['http_referer']['actions'] =array( 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'bad_action' );
单独执行此操作无效,并尝试保存我的更改或取消编辑我的表单仍会导致相同的错误:
Doing this alone does not work, and trying to save my changes or cancel editing my form will still lead to the same error:
Cross Site Request Forgery (XSRF) Attack Detected
Form authentication failure (CustomModule -> newAction). Contact your administrator.
在 $ sugar_config $ c中是否需要编辑某些内容? $ c>使其与我的特定操作相关?我尝试将
bad_action
更改为 newAction
,但无济于事。
Is there something I have to edit in the $sugar_config
to relate it to my specific action? I tried changing bad_action
to newAction
, but to no avail.
找到了变通方法此处,该日志只会记录错误,而不是中止操作,这证明我的表单可以正常工作,在该表单中,我被带回到同一页面并且表单已更新。
Found a workaround here which will just log the error rather than abort the action, and it proves that my form is working correctly in which I am led back to the same page and the form has been updated.
不幸的是,这并不是解决我的问题的方法,因为这对于生产实例来说是不安全的,而且我仍然不确定为什么首先会出现错误,因为我没有重定向到实例之外的网站。
Unfortunately, this is not a solution to my problem because this is unsafe for a production instance, and I am still not sure why I'm getting the error in the first place as I am not redirecting to a site outside of the instance.
推荐答案
结果是,需要使用Template文件和Smarty标签替换HTML表单的实例,从而将HTML表单与PHP文件分开。 PHP在模板文件中。
Turns out that the HTML form needs to be separated from the PHP file by using a Template file and Smarty tags to replace the instances of PHP in the Template file.
进行了上述操作,然后包括了
Did the above, then included the {sugar_csrf_form_token}
mentioned here in the Template file, and its working correctly now.
这篇关于未注册的操作(通过自定义模块)导致XSRF Attack Detected错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!