Home General support

"theme" Cross Site Request Forgery blocked.

gothick Member
in General support
I just upgraded to 1.3.1. I'm trying to duplicate an existing theme as a starting point for my own theme, but I'm getting an error.

I press the "duplicate" button, beside the "Zenpage" theme. I leave the default options of "My Theme" and "my_theme" for the name and directory. The theme doesn't get duplicated; instead I'm dumped on the Overview page with a red warning box that says:

"theme" Cross Site Request Forgery blocked.

...and then just fades away.

Any ideas what I could be doing wrong?

Thanks,

Matt

Comments

  • gothick Member
    On further investigation, I think this may be a bug in admin-themes.php -- the jQuery to launch the theme copy says:

    `launchScript('',['action=copytheme&ampXSRFToken=<?php echo getXSRFToken('theme')?>','source='+encodeURIComponent(source),'target='+encodeURIComponent(targetdir),'name='+encodeURIComponent(targetname)]);`

    ...which seems to be causing the XSRFToken parameter actually to be received under the name `amp;XSRFToken`.

    Is this maybe because it would need to be entity-encoded in HTML, but not in the JavaScript? Copy-and-paste error, maybe?

    Not too sure I'm right, though, but I'm going to keep fiddling.

    Cheers,

    Matt
  • acrylian Administrator, Developer
    This might be a bug with the recent introduced XSRF security enhancements. Best you open a ticket with your description of this issue.
  • gothick Member
    Cheers. Done. http://www.zenphoto.org/trac/ticket/1581
Sign In or Register to comment.