Hi Trongate team,

As this is my first time contacting you, I'd like to take the opportunity to congratulate you on all the excellent work you've done and continue to do!

The reason I'm getting in touch is I believe there is a bug in the latest release.

I apologize in advance if this is a false alarm, but I think the following is happening:

In engine/tg_helpers/validation_helper.php on line 649, is causing the following issue:

Forms with two or more fields will always trigger the logic in csrf_block_request() as the CSRF token will always be unset after the first successful check.

To reproduce:

Create a module and add only one property using the properties builder.
From the /manage page, create a new record.
This should work fine.

Then, to compare, create a second module but add two or more properties.
When you try to create a new record for the module with 2+ properties, you'll be redirected to BASE_URL per the logic in csrf_block_request().

If you comment out the line mentioned above and repeat the test for the multi-property module, the record should be created OK.

Thank you! I'll investigate on Sunday as a priority (I'm currently away from my desk).

I had spotted a potential security flaw with the previous version. So, instead of rolling back I will look into what you've said as a priority.

More soon. Thanks again!

I know HTML,CSS very well but I am learning PHP and using Trongate to do so , but something I did notice while trying to track this down is when I comment out the

on line 651 it seems to allow all the code to run.

So I then changed the

to

and


It allows multi field forms to run (specifically) the tg-admin login page, and members/manage

I am unsure if this helps, but I hope it does.

Okay. That should be fixed now.

Many thanks for your help with that and I have to say, it was brilliantly described, which is really super helpful.

I have given you both a word of thanks on the commit history.

Cheers!

Perfect! Thank you both! I tested again with the new version and the issue is resolved.