You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know that Modern theme is not officialy supported, and several fixes I've posted last year were not accepted (Garcia told me he does not generally accept pull requests), so I think there is no point in posting another one, but I just wish to clarify this.
All modern-theme based themes I've tested (for example, Twitter theme from official Osclass site and many other user-spawned ones) insert CSRF tokens into search from the main page, for e.g.:
But, in Bender theme the same URL looks like this:
/index.php?page=search&sPattern=test&sCategory=
My quick investigation of CSRF reveiled that they should not be present in get method (which is used for search), so this has to be a theme-related issue.
To solve this, just put into the search form another class:
class="nocsrf"
and now the search URL will look exactly as in Bender theme (and more meaningfull and user-friendly, btw).
I just need a confirmation from the devs that this is the right way.
Thanks
I know that Modern theme is not officialy supported, and several fixes I've posted last year were not accepted (Garcia told me he does not generally accept pull requests), so I think there is no point in posting another one, but I just wish to clarify this.
All modern-theme based themes I've tested (for example, Twitter theme from official Osclass site and many other user-spawned ones) insert CSRF tokens into search from the main page, for e.g.:
Modern Theme search url from main page:
/index.php?CSRFName=CSRF837685821_1893338073&CSRFToken=a83b40c5aacc60a1d0ceda9fb40ed75d7e66edcf351be8abe0fc6f8d9baf49e8abe2b76d09bfeda837b675a0c8d49c8926ce18258b137af36e9ed3164f702ab3&page=search&sPattern=test&sCategory=
But, in Bender theme the same URL looks like this:
/index.php?page=search&sPattern=test&sCategory=
My quick investigation of CSRF reveiled that they should not be present in get method (which is used for search), so this has to be a theme-related issue.
To solve this, just put into the search form another class:
class="nocsrf"
and now the search URL will look exactly as in Bender theme (and more meaningfull and user-friendly, btw).
I just need a confirmation from the devs that this is the right way.
Thanks
Original issue here : osclass/Osclass#1481
The text was updated successfully, but these errors were encountered: