Closed Dinchar closed 11 years ago
Hi,
as the title says, when the CSRF protection is enabled, the blog search generates
An Error Was Encountered The action you have requested is not allowed.
Suggested fix: Add the following code just before the closing form tag in the file fuel/modules/blog/views/themes/{THE_THEME_NAME}/_blocks/search.php
<?php if ($this->config->item('csrf_protection')) { $this->security->csrf_set_cookie(); ?> <input type="hidden" name="<?php echo $this->security->get_csrf_token_name();?>" value="<?php echo $this->security->get_csrf_hash();?>"/> <?php } ?>
I am not sure whether the same could not be achieved if the whole search form is generated by fuel's form builder, as it takes care of the CSRF. :-?
Thanks for the bug report and the fix. I've posted a change for that.
Hi,
as the title says, when the CSRF protection is enabled, the blog search generates
Suggested fix: Add the following code just before the closing form tag in the file fuel/modules/blog/views/themes/{THE_THEME_NAME}/_blocks/search.php
I am not sure whether the same could not be achieved if the whole search form is generated by fuel's form builder, as it takes care of the CSRF. :-?