The parameters for yii2-grid export seem to be tampered. Please retry!

[SSiwek]

Hi

it has worked before. With one update ( I ususally do a "composer update" ) it broke. I modified my composer settings to => "kartik-v/yii2-grid": "3.1.3" this does work. Version 3.1.4 does not work.

In the request there is a param export_hash. But it is empty.

I searched the whole sourcecode. I can't find any place where this param is initialized and set

The parameters for yii2-grid export seem to be tampered. Please retry! Old Hash: New Hash:6e801c52bd466c54d9971e927f57f4ae9a0a77e07d5db183598959acd1a75b2bgrid-exportutf-81

[kartik-v]

Your client is loading OLD STALE assets and OLD javascript.

Ensure you clean up your web assets / runtime directory on Yii and clean up browser cache and restart and retry.

[ntesic]

Got this error with latest composer update today. Above solution didn't worked. Version: kartik-v/yii2-grid v3.1.5

[ejoo]

@kartik-v that isn't a solution. It worked for the first time and after few pdf exports I am getting same error. My client is frustrated due to this. Not sure how to solve it.

[kartik-v]

Since export transfers content between client and server -this feature was introduced to prevent tampering of data when it is sent from server to client and then back to server from a security perspective. So to answer your issue - you need to code your app and view file appropriately to maintain the same date and time stamp every time the gridview is refreshed for your situation.

However if you want to disable hashing and validation of export config (this will however REDUCE YOUR DATA SECURITY) - then you can set the new GridView::hashExportConfig property to false. This is a new enhancement in the yet to be released v3.3.0 of the extension as per #874 (so to use this you must update to the code from dev-master).

[atrifyllis]

@kartik-v

Hello, sorry to resurrect a closed issue but
the hash that is created form the plugin contains a timestamp: GridView.php: pdfHeader = [ 'L' => [ 'content' => Yii::t('kvgrid', 'Yii2 Grid Export (PDF)'), 'font-size' => 8, 'color' => '#333333', ], 'C' => [ 'content' => $title, 'font-size' => 16, 'color' => '#333333', ], 'R' => [ 'content' => Yii::t('kvgrid', 'Generated') . ': ' . date('D, d-M-Y g:i a T'), 'font-size' => 8, 'color' => '#333333', ], ];

This means that if the old with the new hash differ by a minute the exception is thrown.

So I don't understand how I can "code your app and view file appropriately to maintain the same date and time stamp every time the gridview is refreshed for your situation.", since this is code that comes from the plugin.

Is there a way to avoid this timesamp in the hash without disabling hashing?

[kartik-v]

You can remove the time part from the date - which should work in most cases - else pass a constant for the entire session via a session variable instead of using the PHP date function which will change with passing time.

[atrifyllis]

Thank you for the immediate feedback @kartik-v !

I am not sure I understand, the file GridView.php is in yii2-grid, how can I change this? It is not my code.

[atrifyllis]

@kartik-v

Please let me know if there is a workaround without disabling caching

[kartik-v]

@atrifyllis

• Firstly it seems you are running an outdated version of the extension. So, update to the latest release of the extension via composer. The default value for that code section is as shown below:

https://github.com/kartik-v/yii2-grid/blob/master/src/GridView.php#L1542-L1546

• Secondly you can override and configure that through exportConfig property within GridView.... to be precise you need to override GridView::exportConfig[GridView::PDF].

[atrifyllis]

@kartik-v

Again thank you for the feedback! Indeed I am running an older version and this is a production system and I am not comfortable to update the version right now. Overwriting the config indeed works! Thanks a lot!

[razorsharpshady]

I had extended the Kartik grid and overriden the renderExport() of the kartik\grid\GridView class, on updating the the kartik grid version I didn't adapt to the new hashing(technique) part of the renderExport() in the extended class which caused this issue.