Single Image Uploader in V. 1.3.3048
2 years ago
2 years ago
#1
Hello everyone, The single image upload function does not work anymore in version 1.3.3048. I have tried both: Downloading the latest version from Git Hub and creating a new app with the TG Desktop App. Adding a single image uploader does not work, whereas the multi-image uploader works fine. It takes me to the homepage after uploading an image. Strange enough, there is no error in the logs. I thought it might be the in the controller, but that value is correct. The folders for the image are created within the /assets folder, but are empty. Does anyone have an idea? Cheers, Michael
2 years ago
#2
Hi michidesign,
The redirect seems to be with the csrf_token not matching when the upload form is posted and fails the validation_helper.php check at line 87 when it callsIt is not obvious to me why this is happening, as other forms using the form_close() method are working fine - I'll have to get back to you soon.
Also, the folders are created in the show() method of your app before this call. That's why you see empty folders even though you haven't uploaded anything.
The redirect seems to be with the csrf_token not matching when the upload form is posted and fails the validation_helper.php check at line 87 when it callsIt is not obvious to me why this is happening, as other forms using the form_close() method are working fine - I'll have to get back to you soon.
Also, the folders are created in the show() method of your app before this call. That's why you see empty folders even though you haven't uploaded anything.
2 years ago
#3
It appears that the newer version of form_helper.php is generating a new CSRF token each time form_close() is called. This could be the reason for the issue we are facing, as a new token might be generated before the form is submitted, leading to a mismatch during validation. Therefore the fix would be to only generate a CSRF token once per session:Try this fix and let me know if it works for you, if so, I'll ask DC to look over this too and if it is cool, I'll send up a pull request.
Cheers,
Si
Cheers,
Si
2 years ago
#4
That's it! It works. Thank you.
2 years ago
#5
Thanks for this, Simon.
I had a security expert look at the token system a couple of months ago and... this is the result.
Anyway, many thanks for that fix. If you want to make a pull request then you'll be doing us all a huge favour.
Cheers!
I had a security expert look at the token system a couple of months ago and... this is the result.
Anyway, many thanks for that fix. If you want to make a pull request then you'll be doing us all a huge favour.
Cheers!
2 years ago
#6
Thanks Simon & DaFa,
It Works..
It Works..