Operation Disallowed nvalid request signature detected during tree data manage action! Please refresh the page and retry.

[Sonit90]

Prerequisites

• [ ] I have searched for similar issues in both open and closed tickets and cannot find a duplicate.

Duplicate to https://github.com/kartik-v/yii2-tree-manager/issues/207

• [x] The issue still exists against the latest master branch of yii2-tree-manager.
• [x] This is not an usage question. I confirm having gone through and read the documentation and demos.
• [ ] This is not a general programming / coding question. (Those should be directed to the webtips Q & A forum).
• [x] I have attempted to find the simplest possible steps to reproduce the issue.
• [ ] I have included a failing test as a pull request (Optional).

Steps to reproduce the issue

Follow the steps from guide

1. Execute SQL script to create a db
2. Setup Model
3. Setup Module
4. Paste widget into view

Expected behavior and actual behavior

When I follow those steps, I was expecting extension to work properly, but i ecounter following errors: With version 1.0.8 i get this error:

Operation Disallowed
Invalid request signature detected during tree data manage action! Please refresh the page and retry.
OLD HASH:

NEW HASH:
8129b562eff233313c2aa8032073bcfe2c93b335ed83323fa2fab233c76ecb8eapp\models\Category1111/category/index@kvtree/views/_formw0-nodesel{"id":"w0-nodeform"}{"1":"","2":"","3":"","4":"","5":""}"text"{"depth":"","glue":" » ","activeCss":"kv-crumb-active","untitled":"Без названия"}

With version @dev i got this error:
Operation Disallowed
Invalid request signature detected during tree data manage action! Please refresh the page and retry.
OLD HASH:

NEW HASH:
2c16c8eb0403c6d1026e6f0e146aa9a04a77e425832c3dda7cc93a03dbc06118app\models\Categorybtn-default/treemanager/node/save/category/index@kvtree/views/_formw0-nodeselЭлементЭлементов111111{"id":"w0-nodeform"}{"1":"","2":"","3":"","4":"","5":""}{"submit":"","reset":""}[]"text"{"depth":"","glue":" » ","activeCss":"kv-crumb-active","untitled":"Без названия"}

Using Chrome 69, cleared assets folder, reset the browser cache, nothing seems to work.

If i copy-pasted your example, then i got the next error:

OLD HASH:
be6ce5ec1926bb360df5e149e3e1c8091038a2e69c6024f6ae964726fb868873app\models\Productbtn-default/treemanager/node/save/product/index@kvtree/views/_formw0-nodeselЭлементЭлементов
Нет доступных для отображения. Используйте тулбар для добавлния новых
11111{"id":"w0-nodeform"}{"1":"","2":"","3":"","4":"","5":""}{"submit":"","reset":""}[]"text"{"depth":"","glue":" » ","activeCss":"kv-crumb-active","untitled":"Без названия"}
NEW HASH:
b651a9e37d3f6460173fb9636f7f8f99a43021cd1e98b9b933358cf272709203app\models\Productbtn-default/treemanager/node/save/product/index@kvtree/views/_formw0-nodeselЭлементЭлементов11111{"id":"w0-nodeform"}{"1":"","2":"","3":"","4":"","5":""}{"submit":"","reset":""}[]"text"{"depth":"","glue":" » ","activeCss":"kv-crumb-active","untitled":"Без названия"}

Btw, i had to add namespace app\controllers; to the controller.

Versions 1.0.8 and 1.0.9 doesn't work either.

Environment

Browsers

• [x] Google Chrome 69
• [x] Mozilla Firefox
• [ ] Internet Explorer
• [ ] Safari

Operating System

• [x] Windows
• [ ] Mac OS X
• [ ] Linux
• [ ] Mobile

Libraries

• jQuery version: 3.2.1
• yii2-tree-manager version: @dev

Isolating the problem

• [ ] This bug happens on the demos page
• [x] The bug happens consistently across all tested browsers
• [x] This bug happens when using yii2-tree-manager without other plugins.

[Sonit90]

Ok, so module does work, if you prevent hash checking, in line 272 of NodeController and also if you update kartik-v/yii2-widget-activeform (v1.5.5 => v1.5.6): and manually create root element in database. After i created some elements, i can switch hash checking back, and it begin to work.

TreeSecurity::checkSignature('manage', $oldHash, $newHash); 
**into** 
 **TreeSecurity::checkSignature('manage', $newHash, $newHash);**

I think, that problem persist, because hash is wrongly parsed, because in post data i see this:

treeManageHash=

'b9bb6105ca8787f27ec8346e572cfc8c4dcb8cc5cc5aaeb1f4ab60874915652aapp\\models\\Productbtn-default/treemanager/node/save/product/index@kvtree/views/_formw0-nodeselЭлементЭлементов<div class=\"kv-node-message\">Нет доступных для отображения. Используйте тулбар для добавлния новых </div>111111{\"id\":\"w0-nodeform\"}{\"1\":\"\",\"2\":\"\",\"3\":\"\",\"4\":\"\",\"5\":\"\"}{\"submit\":\"<i class=\\\"glyphicon glyphicon-floppy-disk\\\"></i>\",\"reset\":\"<i class=\\\"glyphicon glyphicon-repeat\\\"></i>\"}[]\"text\"{\"depth\":\"\",\"glue\":\" &raquo; \",\"activeCss\":\"kv-crumb-active\",\"untitled\":\"Без названия\"}'

EDITED You don't have to edit hash checking, just add root element to the table.

[kartik-v]

Check your oldHash data and newHash data - something is getting changed between the two (e,g. this typically could happen if you are using something like date time stamp). Preventing hashing is not a right solution. The solution is actually fix that issue and prevent data getting tampered by a rogue user.

[jackp10]

Hi @kartik-v I am having the exact same issue. I have copie the manage action into my own controller and altered it a little bit to accomodate my need. Basically, I am trying to pass a DataProvider to nodeViewParams, which when I refresh the page, it works perfectly. I can see the GridView. The problem start when I change node, which give me that "Operation Disallowed" message. Without changing anything from the actual actionManage method, if I remove the dataProvider from the controller and also removing the GridView from the view, changing the node works again.

So that lead me to believe it is not something written in the actionManage method.

The thing is that I will have to add a new dataProvider inside the actionManage, as when the user click on a different node, I need to be able to show different data from different tables, but so far I can't even reach that point because I can't seems to be able to fix this initial issue.

I hope you can help, Alessandro