Can't use CSRF on standalone forms in ProcessWire

Question

Can't use CSRF on standalone forms in ProcessWire

BernhardBaumrock opened this issue 5 years ago · comments

Hi everybody!
Version: 3.0.0

Bug Description

I want to use Nette Forms with ProcessWire and get the following error as soon as I add $form->addProtection('Security token has expired, please submit the form again'); to the form:

User Error

Exception: Unable to set 'session.use_strict_mode' to value '1' when session has been started by session.auto_start or session_start(). (in C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php line 386)

#0 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php(80): Nette\Http\Session->configure(Array)
#1 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\SessionSection.php(51): Nette\Http\Session->start()
#2 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\SessionSection.php(103): Nette\Http\SessionSection->start()
#3 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(67): Nette\Http\SessionSection->__isset('token')
#4 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(79): Nette\Forms\Controls\CsrfProtection->getToken()
#5 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Controls\CsrfProtection.php(88): Nette\Forms\Controls\CsrfProtection->generateToken()
#6 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Rendering\DefaultFormRenderer.php(197): Nette\Forms\Controls\CsrfProtection->getControl()
#7 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Rendering\DefaultFormRenderer.php(151): Nette\Forms\Rendering\DefaultFormRenderer->renderEnd()
#8 C:\www\maletschek\site\modules\RockCommerce\vendor\nette\forms\src\Forms\Form.php(607): Nette\Forms\Rendering\DefaultFormRenderer->render(Object(Nette\Forms\Form))
#9 C:\www\maletschek\site\modules\RockCommerce\tpl\uikit2\contact.php(19): Nette\Forms\Form->render()
#10 C:\www\maletschek\wire\core\TemplateFile.php(287): require('C:\\www\\maletsch...')
#11 C:\www\maletschek\wire\core\Wire.php(380): ProcessWire\TemplateFile->___render()
#12 C:\www\maletschek\wire\core\WireHooks.php(723): ProcessWire\Wire->_callMethod('___render', Array)
#13 C:\www\maletschek\wire\core\Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\TemplateFile), 'render', Array)
#14 C:\www\maletschek\wire\core\WireFileTools.php(926): ProcessWire\Wire->__call('render', Array)

Steps To Reproduce

Maybe the error message is already enough to fix this? Otherwise I'll provide a PW installation to show the error.

Thx in advance!

David Grudl · Answer 1 · Mon Mar 11 2019 23:34:45 GMT+0800 (China Standard Time)

Can you enable session.use_strict_mode = 1 in PHP config? Or set it via ini_set('session.use_strict_mode', '1') at the beginning of the whole script?

Bernhard Baumrock · Answer 2 · Mon Mar 11 2019 23:55:21 GMT+0800 (China Standard Time)

Yes, thank you, but then I get

Exception: Unable to set 'session.gc_maxlifetime' to value '10800' when session has been started by session.auto_start or session_start(). (in C:\www\maletschek\site\modules\RockCommerce\vendor\nette\http\src\Http\Session.php line 386)

Bernhard Baumrock · Answer 3 · Tue Mar 12 2019 02:12:02 GMT+0800 (China Standard Time)

Thank you very much, this was very fast! And it works 👍