Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-19675

Submitting a form with a blank or non-existent ezxform_token value causes PHP E_WARNING

    XMLWordPrintable

Details

    Description

      Under ezp5, using the Legacy controller and with ezformtoken enabled, attempting to submit a form (i.e: creating an object) after removing the value of the ezxform_token hidden input (or removing the element completely) using firebug/chrome-dev-tools will cause an HTTP 500 response, a Twig exception and a PHP E_WARNING:

      Message on the page:

      TwigBundle:Exception:error500.html.twigFatal error: The web server did not finish its request

      Warning in debug/warning log:
      Warning: PHP: E_WARNING

      Cannot modify header information - headers already sent by (output started at /var/www/apache2php53/ezp5/app/cache/prod/classes.php:3991) in /var/www/apache2php53/ezp5/app/ezpublish_testsystem/.run/kernel/private/classes/ezpkernelweb.php on line 198

      Steps to reproduce

      1. Access the admin interface and enter the dialog view to create a new object of any type
      2. Using firebug or chrome's developer tools, locate the hidden input named "ezxform_token", and delete it, or clear its value attribute
      3. Push the "Send for publishing" button

      Attachments

        Activity

          People

            Unassigned Unassigned
            filiped Filipe Dobreira
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: