search

wasimshaikh / php-calendar

Automatically exported from code.google.com/p/php-calendar
1 stars 0 forks source link

Possible request forgery. #104

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.open calendar in browser
2.use as usual
3. leave inactive for extended period, possibly overnight
4.click "+" on month view to add new event
5. enter new event data
6. click submit, get error msg:

Error

Possible request forgery.
Backtrace

#0 
/home/xxx/public_html/phpCalendar/php-calendar-2.0-beta9/includes/event_submit.p
hp(68): soft_error('Possible reques...')
#1 
/home/xxx/public_html/phpCalendar/php-calendar-2.0-beta9/includes/calendar.php(6
24) : eval()'d code(1): event_submit()
#2 
/home/xxx/public_html/phpCalendar/php-calendar-2.0-beta9/includes/calendar.php(6
24): eval()
#3 
/home/xxx/public_html/phpCalendar/php-calendar-2.0-beta9/includes/calendar.php(5
92): do_action()
#4 /home/xxx/public_html/phpCalendar/php-calendar-2.0-beta9/index.php(75): 
display_phpc()
#5 {main}

entered data is lost

What is the expected output? What do you see instead?
the error msg indicated soft error, yet all (often detailed) input is lost.
notice of the 'possible forgery' should happen before data entry.

What version of the product are you using? On what operating system?
2.0-beta9 on firefox on linux

Please provide any additional information below.
it would be enormously helpful if the app indicated a 'req forgery' before 
allowing input of data, not afterward (causing loss of input).

it may be that the timeout is due to php GC timeout - perhaps there is some way 
to cause the timeout (and, hence, the error msg) when the data entry page loads 
rather than waiting for submit of that page.

this happens whether logged in or not.

Original issue reported on code.google.com by wmil...@mail.com on 11 Oct 2012 at 5:40

GoogleCodeExporter commented 9 years ago 
I can't tell that it's a possible forgery until you submit the form. The login 
sessions have been improved since beta9. We'll have a new version out shortly 
that has a lot of improvements. I'm closing this for now. If you're still 
experiencing it, please open a new issue on github. 
https://github.com/sproctor/php-calendar/issues/new

Original comment by sproctor@gmail.com on 22 Apr 2013 at 9:46

GoogleCodeExporter commented 9 years ago

Original comment by sproctor@gmail.com on 22 Apr 2013 at 9:46