带有Joomla自定义组件的令牌无效 [英] Invalid token with Joomla custom component
问题描述
我正在构建一个自定义的Joomla组件,并将其添加到我的模板(default.php)文件(它使用HTTP POST)中的表单中:
I'm building a custom Joomla component and I added this to my form in my template (default.php) file (it is using a HTTP POST):
echo JHTML::_( 'form.token' ); //add hidden token field to prevent CSRF vulnerability
然后我使用以下命令检查控制器中的令牌:
Then I check the token in my controller with:
JRequest::checkToken() or die( 'Invalid Token' );
但是无论我做什么我都会得到一个无效的令牌.我已经验证了在HTML页面上查看源代码时,是否在表单中创建了带有令牌的隐藏类型.我还验证了控制器中令牌的值是否相同:
But no matter what I do I get an Invalid Token. I have verified that a hidden type with a token is created in my form when I view sources on the html page. I also verified, in the controller, the value of the token is the same:
print_r(JUtility::getToken());
因此,如果令牌具有相同的值,那么为什么它会以无效的令牌消息退出?
So if the token is the same value, why on earth is it exiting with an Invalid Token message?
编辑:我没有提到一个关键内容.我的表单是使用jquery ajax在单独的js文件中处理的,该文件添加到我的view.html.php中.这就是ajax POST的样子:
There is a key piece I failed to mention. My form is processed with jquery ajax in a separate js file that is added in my view.html.php. This is what the ajax POST looks like:
jQuery.ajax({
type: 'POST',
url: 'index.php?option=com_recordings&task=deletevideos&format=raw',
data: {checkedarray:checked},
success: function(data){
//delete row
}
});
控制器对此进行处理:
function deletevideos()
{
$video_list = JRequest::getVar('checkedarray', 0, 'post', 'array');
//print_r(JUtility::getToken());
JRequest::checkToken() or jexit( 'Invalid Token' );
$model = &$this->getModel();
return $model->setDeleteVideos($video_list);
}
然后转到进行数据库更新的模型.我看到了这个古老的帖子可能是相关的.我不清楚我如何/在何处生成令牌以及在何处/如何验证令牌.该帖子似乎涉及很多,因为它还会对用户进行检查,对于我而言,我认为这不是必需的.还是我误会了?
This then goes to the model that does the DB update. I saw this old post that might be relevant. It is not clear to me how/where I generate the token and where/how I validate that token. The post seems quite involved as it checks against users as well which I don't think is needed in my case. Or maybe I misunderstand?
编辑#2
好的,因此令牌丢失了,我需要将其传递到我的js文件中.所以我想我可以将其添加到我的view.html.php:
Okay so the token is missing and I need to pass it into my js file. So I thought I could add this to my view.html.php:
$addtoken = JUtility::getToken();
$addtokenjs = 'jQuery(function() {
var token="'.$addtoken.'";
});';
$doc->addScriptDeclaration( $addtokenjs );
$doc->addScript(JURI::base()."components/com_recordings/js/recordings.js");
我必须将其放在文档就绪函数中,因为显然addScriptDeclaration不会在我的recordings.js文件之前放置任何内容.然后将令牌传递到ajax调用中:
I have to put this in the document ready function because apparently addScriptDeclaration does not put anything ahead of my recordings.js file. Then pass the token into the ajax call:
jQuery.ajax({
type: 'POST',
url: 'index.php?option=com_recordings&task=deletevideos&format=raw'+token+'=1',
data: {checkedarray:checked},
success: function(data){
//delete row
}
});
显然我没有正确执行此操作,因为出现此错误:ReferenceError: token is not defined.
Apparently I'm not doing this right as I get this error: ReferenceError: token is not defined.
推荐答案
似乎没有在ajax请求中传递令牌值.这就是为什么会出现此错误的原因.
It does not seem that you are passing token value in the ajax request.And that's why you are getting this error.
您可以- 1)像这样将令牌附加到网址中
You can - 1) append token to the url like this
url: 'index.php?option=com_recordings&task=deletevideos&format=raw&'. JUtility::getToken() .'=1'
2)或使用序列化发送整个表格.
2) Or send the whole form using Serialize.
- 您可以像这样创建一个名为getToken的函数-
EDIT 2:- You can create a function called getToken like this-
$addtokenjs = 'function getToken() {
var token="'.$addtoken.'";
return token;
};';
在url中,您可以调用getToken()
And in url instead of calling token you can call getToken()
url: 'index.php?option=com_recordings&task=deletevideos&format=raw'+getToken()+'=1'
希望这会起作用.
这篇关于带有Joomla自定义组件的令牌无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
