CMS MADE SIMPLE FORGE

Frontend Users

 

[#11786] Sample login template doesn't contain {cge_form_csrf} tag

avatar
Created By: Tristan (tristan)
Date Submitted: Tue Apr 03 05:01:53 -0400 2018

Assigned To: Robert Campbell (calguy1000)
Version: 2.9
CMSMS Version: 2.2.7
Severity: Major
Resolution: Invalid
State: Closed
Summary:
Sample login template doesn't contain {cge_form_csrf} tag
Detailed Description:
Sample login form template doesn't contain the {cge_form_csrf} tag after
{$startform} so sample login form will always result in a:

"Invalid form submission (some security data is missing or invalid)"

Maybe the necessity of the {cge_form_csrf} tag could be added to the help
documentation and a bit better documented at the about page of this module?


History

Comments
avatar
Date: 2018-05-10 13:35
Posted By: Robert Campbell (calguy1000)

None of my modules will modify the prototype templates on upgrade.   They are
user editable, and therefore are user considered user templates.   You must do
that yourself within the design manager.
      
avatar
Date: 2018-05-11 06:52
Posted By: Tristan (tristan)

Seems way more logical to overwrite prototype templates, for me at least they're
part of the documentation of your modules, is there any way you could reconsider
this decision?
      
avatar
Date: 2018-05-23 11:17
Posted By: cyrcle (cyrcle)

Hello, I just had the same problem and I could have lost a lot of time if I had
not seen this report.
I have CMSMS 2.2.7 with FEU 2.10.
This is a CMSMS 2.2.5 installation that has been updated to 2.2.7.
I would have to test it on a fresh installation in 2.2.7.

It's curious that when creating a new login form template, there is no mention
of the need for the {cge_form_csrf} tag. And in the end, we have a starting
template that does not work.
I also think there is an improvement to do.
However, thanks for this good module.
      
avatar
Date: 2018-05-28 18:57
Posted By: Robert Campbell (calguy1000)

The intent of the 'prototype' template functionality is that users can adjust
them, and then when they create a new template of a certain type their
customizations are automatically included.   This is an obscure, but useful
feature for many sites.

However,  that makes the 'prototype' template a user template, and therefore it
is never modified on upgrade.   Users are responsible for updating it
themselves.     There is a 'reset to factory defaults' button when editing a
prototype template to aide in this process.
      
Updates

Updated: 2018-06-23 10:45
state: Open => Closed

Updated: 2018-05-10 13:35
resolution_id: => 9