Ich habe folgendes Problem:
Das CSRF verhindert bei mir die Validierung der Webseite.
In der csrf_utils.php findet man folgenden Eintrag:
function csrf_ob_handler($buffer, $flags) {
if (preg_match('/<html/i', $buffer)) {
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . csrf_form_input(), $buffer);
}
return $buffer;
}
function csrf_form_input() {
global $csrf_protection_name, $csrf_protection_xhtml;
$token = csrf_token();
$endslash = $csrf_protection_xhtml ? ' /' : '';
return "<input type=\"hidden\" name=\"$csrf_protection_name\" value=\"$token\"$endslash>\n";
}
Das bedeutet, dass das "Input- Feld" direkt in der "<form ..." geschrieben wird. Das ist genau mein Problem, das darf in diesem Fall nicht passieren.
In diesem Fall betrifft es nur die Suche.
Meine Suche ist so aufgebaut:
<div id="header">
<div id="search">
<form method="post" action="{url_search}">
<div class="searchContainer">
<input type="text" tabindex="1" id="searchInput" class="inputText" name="search_keywords" value="Suchbegriffe eingeben" />
<script type="text/javascript">
//<![CDATA[
document.getElementById('searchInput').setAttribute('autocomplete', 'off');
document.getElementById('searchInput').onfocus = function() { if (this.value == 'Suchbegriffe eingeben') this.value=''; };
document.getElementById('searchInput').onblur = function() { if (this.value == '') this.value = 'Suchbegriffe eingeben'; };
document.getElementById('searchSubmit').ondblclick = function() { window.location = 'index.php?form=Search'; };
popupMenuList.register("searchInput");
//]]>
</script>
<div class="searchInputMenu">
In diesem Fall muss das csrf- input unter diesem <div> angebracht werden:
<div class="searchContainer">
Ich nutze XHTML 1.1
Wie kann ich das Problem beheben?
----
I have the following problem:
The CSRF prevents me from validating the website.
In csrf_utils.php find the following entry:
function csrf_ob_handler($buffer, $flags) {
if (preg_match('/<html/i', $buffer)) {
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . csrf_form_input(), $buffer);
}
return $buffer;
}
function csrf_form_input() {
global $csrf_protection_name, $csrf_protection_xhtml;
$token = csrf_token();
$endslash = $csrf_protection_xhtml ? ' /' : '';
return "<input type=\"hidden\" name=\"$csrf_protection_name\" value=\"$token\"$endslash>\n";
}
This means that the "input field" directly into the "<form ..." is written. That is exactly my problem, which may not happen in this case.
In this case, it only affects the search
My search is structured as follows
<div id="header">
<div id="search">
<form method="post" action="{url_search}">
<div class="searchContainer">
<input type="text" tabindex="1" id="searchInput" class="inputText" name="search_keywords" value="Suchbegriffe eingeben" />
<script type="text/javascript">
//<![CDATA[
document.getElementById('searchInput').setAttribute('autocomplete', 'off');
document.getElementById('searchInput').onfocus = function() { if (this.value == 'Suchbegriffe eingeben') this.value=''; };
document.getElementById('searchInput').onblur = function() { if (this.value == '') this.value = 'Suchbegriffe eingeben'; };
document.getElementById('searchSubmit').ondblclick = function() { window.location = 'index.php?form=Search'; };
popupMenuList.register("searchInput");
//]]>
</script>
<div class="searchInputMenu">
In this case, the "csrf-input" located under this <div>:
<div class="searchContainer">
I use XHTML 1.1
How can I fix this problem?