Loading...
 
Features / Usability

Features / Usability


Deleting multiple Tracker items throws security ticket error

posts: 15 Germany

Hello,

whenever i want to delete multiple items at once in the trackers default list view, it does not work but throws a security check error.
Clipboard 202108110942 Xytvf
Clipboard 202108110942 B1yjy

in Apache log in found:

[Wed Aug 11 17:45:42.040311 2021] [proxy_fcgi:error] [pid 1395:tid
139697527432960] [client **ip_address**:44012] AH01071: Got error 'PHP message:
**** Start CSRF error fromlocalhost *****
There was no security ticket submitted with the request.
site_security_timeoutpreference:1440seconds(24 minutes)
SCRIPT_NAME: /tiki-view_tracker.php
REQUEST_URI: /tracker2
HTTP_ORIGIN: https://localhost:8443
HTTP_REFERER: https://localhost:8443/tracker2
REQUEST_METHOD: POST
PHP message:
$_GET: {
"trackerId": "2"
}
Press [Enter] to continue:
$_POST: {
"action": [
"220",
"221"
],
"batchaction": "delete",
"trackerId": "2",
"act": "OK"
}
**** End CSRF error fromlocalhost *****', referer:
https://localhost:8443/tracker2
posts: 15 Germany

No idea? :-(

This seems like a mayor bug for me.

posts: 8437 Israel
Chris wrote:

No idea? :-(

This seems like a mayor bug for me.


We are aware of false positive with "CSRF" and some developers are working on it to avoid such false errors. However you should be able to refresh and pass this error... unless there is something else somewhere in your tracker or Tiki.

I don't see this bug on my Tikis.


posts: 15 Germany

{QUOTE}However you should be able to refresh and pass this error{QUOTE}

Sorry, no. No way to bypass that error.