31
Programming / csrf verhindert xhtml validierung / csrf prevents xhtml validation
« on: October 30, 2011, 05:12:49 PM »
Ich habe folgendes Problem:
Das CSRF verhindert bei mir die Validierung der Webseite.
In der csrf_utils.php findet man folgenden Eintrag:
function csrf_ob_handler($buffer, $flags) {
if (preg_match('/<html/i', $buffer)) {
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . csrf_form_input(), $buffer);
}
return $buffer;
}
function csrf_form_input() {
global $csrf_protection_name, $csrf_protection_xhtml;
$token = csrf_token();
$endslash = $csrf_protection_xhtml ? ' /' : '';
return "<input type=\"hidden\" name=\"$csrf_protection_name\" value=\"$token\"$endslash>\n";
}
Das bedeutet, dass das "Input- Feld" direkt in der "<form ..." geschrieben wird. Das ist genau mein Problem, das darf in diesem Fall nicht passieren.
In diesem Fall betrifft es nur die Suche.
Meine Suche ist so aufgebaut:
Ich nutze XHTML 1.1
Wie kann ich das Problem beheben?
----
I have the following problem:
The CSRF prevents me from validating the website.
In csrf_utils.php find the following entry:
function csrf_ob_handler($buffer, $flags) {
if (preg_match('/<html/i', $buffer)) {
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . csrf_form_input(), $buffer);
}
return $buffer;
}
function csrf_form_input() {
global $csrf_protection_name, $csrf_protection_xhtml;
$token = csrf_token();
$endslash = $csrf_protection_xhtml ? ' /' : '';
return "<input type=\"hidden\" name=\"$csrf_protection_name\" value=\"$token\"$endslash>\n";
}
This means that the "input field" directly into the "<form ..." is written. That is exactly my problem, which may not happen in this case.
In this case, it only affects the search
My search is structured as follows
I use XHTML 1.1
How can I fix this problem?
Das CSRF verhindert bei mir die Validierung der Webseite.
In der csrf_utils.php findet man folgenden Eintrag:
function csrf_ob_handler($buffer, $flags) {
if (preg_match('/<html/i', $buffer)) {
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . csrf_form_input(), $buffer);
}
return $buffer;
}
function csrf_form_input() {
global $csrf_protection_name, $csrf_protection_xhtml;
$token = csrf_token();
$endslash = $csrf_protection_xhtml ? ' /' : '';
return "<input type=\"hidden\" name=\"$csrf_protection_name\" value=\"$token\"$endslash>\n";
}
Das bedeutet, dass das "Input- Feld" direkt in der "<form ..." geschrieben wird. Das ist genau mein Problem, das darf in diesem Fall nicht passieren.
In diesem Fall betrifft es nur die Suche.
Meine Suche ist so aufgebaut:
Code: [Select]
<div id="header">
<div id="search">
<form method="post" action="{url_search}">
<div class="searchContainer">
<input type="text" tabindex="1" id="searchInput" class="inputText" name="search_keywords" value="Suchbegriffe eingeben" />
<script type="text/javascript">
//<![CDATA[
document.getElementById('searchInput').setAttribute('autocomplete', 'off');
document.getElementById('searchInput').onfocus = function() { if (this.value == 'Suchbegriffe eingeben') this.value=''; };
document.getElementById('searchInput').onblur = function() { if (this.value == '') this.value = 'Suchbegriffe eingeben'; };
document.getElementById('searchSubmit').ondblclick = function() { window.location = 'index.php?form=Search'; };
popupMenuList.register("searchInput");
//]]>
</script>
<div class="searchInputMenu">
In diesem Fall muss das csrf- input unter diesem <div> angebracht werden:Code: [Select]
<div class="searchContainer">
Ich nutze XHTML 1.1
Wie kann ich das Problem beheben?
----
I have the following problem:
The CSRF prevents me from validating the website.
In csrf_utils.php find the following entry:
function csrf_ob_handler($buffer, $flags) {
if (preg_match('/<html/i', $buffer)) {
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . csrf_form_input(), $buffer);
}
return $buffer;
}
function csrf_form_input() {
global $csrf_protection_name, $csrf_protection_xhtml;
$token = csrf_token();
$endslash = $csrf_protection_xhtml ? ' /' : '';
return "<input type=\"hidden\" name=\"$csrf_protection_name\" value=\"$token\"$endslash>\n";
}
This means that the "input field" directly into the "<form ..." is written. That is exactly my problem, which may not happen in this case.
In this case, it only affects the search
My search is structured as follows
Code: [Select]
<div id="header">
<div id="search">
<form method="post" action="{url_search}">
<div class="searchContainer">
<input type="text" tabindex="1" id="searchInput" class="inputText" name="search_keywords" value="Suchbegriffe eingeben" />
<script type="text/javascript">
//<![CDATA[
document.getElementById('searchInput').setAttribute('autocomplete', 'off');
document.getElementById('searchInput').onfocus = function() { if (this.value == 'Suchbegriffe eingeben') this.value=''; };
document.getElementById('searchInput').onblur = function() { if (this.value == '') this.value = 'Suchbegriffe eingeben'; };
document.getElementById('searchSubmit').ondblclick = function() { window.location = 'index.php?form=Search'; };
popupMenuList.register("searchInput");
//]]>
</script>
<div class="searchInputMenu">
In this case, the "csrf-input" located under this <div>:Code: [Select]
<div class="searchContainer">
I use XHTML 1.1
How can I fix this problem?