operation disallowed old hash vs new has

Spillo89 commented 4 years ago

Prerequisites

[ x] I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
[ x] The issue still exists against the latest master branch of yii2-tree-manager.
[ ] This is not an usage question. I confirm having gone through and read the documentation and demos.
[ ] This is not a general programming / coding question. (Those should be directed to the webtips Q & A forum).
[ x] I have attempted to find the simplest possible steps to reproduce the issue.
[ ] I have included a failing test as a pull request (Optional).

Steps to reproduce the issue

fresh installation
load a document
click on him

Expected behavior and actual behavior

OLD HASH: dc52e6cc24986238949dd53f1c1e4df86de2bac6f58cf185fcd8126fdf222564common\models\Tree111/hrm/backend/web/@backend/views/gestione-bacheca/_formw0-nodesel{"id":"w0-nodeform"}{"1":"","2":"","3":"","4":"","5":""}[]{"depth":"","glue":" » ","activeCss":"kv-crumb-active","untitled":"Senza titolo"} NEW HASH: f6ffa8be49dc8ef54e65f7daa85336b711c4af81a0210a0eb8570ce9eddbe70dcommon\models\Tree111/hrm/backend/web/@backend/views/gestione-bacheca/_formw0-nodesel{"id":"w0-nodeform"}{"1":"","2":"","3":"","4":"","5":""}""{"depth":"","glue":" » ","activeCss":"kv-crumb-active","untitled":"Senza titolo"

When I follow those steps, I see...

I was expecting...

Environment

Browsers

[x ] Google Chrome
[x ] Mozilla Firefox
[ ] Internet Explorer
[ ] Safari

Operating System

[ x] Windows
[ ] Mac OS X
[x ] Linux
[ ] Mobile

Libraries

jQuery version: jquery-3.4.1.min.js (tried jquery-2.2.4.min.js same problem)
yii2-tree-manager version: "kartik-v/yii2-tree-manager": "@dev"

Isolating the problem

[ ] This bug happens on the demos page
[ x] The bug happens consistently across all tested browsers
[ x] This bug happens when using yii2-tree-manager without other plugins.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/82816642-operation-disallowed-old-hash-vs-new-has?utm_campaign=plugin&utm_content=tracker%2F10339775&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F10339775&utm_medium=issues&utm_source=github).

BillHeaton commented 4 years ago

You left out the first line of the error message but I recognize it from some debugging. I suspect that you've been adding field(s) to the management screen.

The widget uses a technique for detecting injection attacks. In your case, the string [] is present just before {"depth" and that is enough to throw the checksum off.

You'll want to look at your _$POST parameters using request tab in the yii debugger and see what's being added. Compare them against the NEW HASH ignoring the hex string at the start.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

kartik-v / yii2-tree-manager