Loading...
 
Skip to main content

Custom Share Module 0.1dev

Features / Usability

Features / Usability

Forum List Topic List

Forums » Features / Usability » Deleting multiple Tracker items throws security ticket error
 
Thread actions
Print this page
  • Print all pages

    • Deleting multiple Tracker items throws security ticket error

    Posted by Chris posts: 15 Germany

    Hello,

    whenever i want to delete multiple items at once in the trackers default list view, it does not work but throws a security check error.
    Clipboard 202108110942 Xytvf
    Clipboard 202108110942 B1yjy

    in Apache log in found:

    Copy to clipboard
    [Wed Aug 11 17:45:42.040311 2021] [proxy_fcgi:error] [pid 1395:tid
139697527432960] [client **ip_address**:44012] AH01071: Got error 'PHP message:
**** Start CSRF error fromlocalhost *****
There was no security ticket submitted with the request.
site_security_timeoutpreference:1440seconds(24 minutes)
SCRIPT_NAME: /tiki-view_tracker.php
REQUEST_URI: /tracker2
HTTP_ORIGIN: https://localhost:8443
HTTP_REFERER: https://localhost:8443/tracker2
REQUEST_METHOD: POST
PHP message:
$_GET: {
"trackerId": "2"
}
Press [Enter] to continue:
$_POST: {
"action": [
"220",
"221"
],
"batchaction": "delete",
"trackerId": "2",
"act": "OK"
}
**** End CSRF error fromlocalhost *****', referer:
https://localhost:8443/tracker2
    Reads: 909
    Posted by Chris posts: 15 Germany

    No idea? 😑

    This seems like a mayor bug for me.

    Posted by Bernard Sfez / Tiki Specialist posts: 8643 France
    Chris wrote:

    No idea? 😑

    This seems like a mayor bug for me.


    We are aware of false positive with "CSRF" and some developers are working on it to avoid such false errors. However you should be able to refresh and pass this error... unless there is something else somewhere in your tracker or Tiki.

    I don't see this bug on my Tikis.


    Posted by Chris posts: 15 Germany

    {QUOTE}However you should be able to refresh and pass this error{QUOTE}

    Sorry, no. No way to bypass that error.