My ISP has finally pushed me to get off PHP version 7 so I figured I should also move from zenphoto 1.5.9 to the 1.6 stream.

I find 1.5.9 will not run at all for me under PHP8.x (I hope this is not a surprise)

When I do an upgrade from 1.5.9 to 1.6.0 (on PHP 7.x) I have lost my menu_manager menu items that were albums.
The albums are still there and all the data (titles, etc) migrated ok but they do not appear in my menu.

I can create a new album and when I try to add the album to my menu it fails with a message on admin panel “update_menu” Cross Site Request Forgery blocked.

In the security log I see
2026-02-16 23:21:57 Cross Site Reference iccoadmin Chuck Storry Blocked update_menu

Unfortunately the migration on the live server went poorly (and the netfirms support team are still looking into it) so I proceeded to check the migrations on MAMP on my MAC (mac mini M4)

I don't want to list too many problems at the same time but I hope this is not an issue with MAMP. I could even only get MAMP 6.9 (free) to work. Later versions gave me more grief (something about needing to call spawn) so I will hope version 6.9 is OK to use and worry about MAMP later (what version do you use? I think I saw version 6.8 in one of your responses).

Is there something I need to configure or disable in order to avoid the XSRF issue?

Thanks

I find 1.5.9 will not run at all for me under PHP8.x (I hope this is not a surprise)

No, that is no surprise. You need 1.6+ for PHP 8.

When I do an upgrade from 1.5.9 to 1.6.0 (on PHP 7.x) I have lost my menu_manager menu items that were albums.

That is weird as I don't remember any changes to the way the menu is stored/setup. Were these manually added album menu entries or the extra menu entries that generate the album list?

But 1.6 is 4 years ago so I don't remember any issue and also not that XSRF issue you report. I can only suggest to go through the changelogs and try 1.6.1 and so on.

MAMP 6.9 is of course a bit older as well and the free MAMP has frequent issues with some release sadly. For example we are on MAMP 7.2 still and didn't get 7.3 and 7.4 running…

In any be sure to disable/remove any older third party stuff you are using as many are not updated frequently sadly.

Thanks - I guess i should keep up with the updates in the future

Only 3rd party stuff I am using is zpBootstrap theme and have downloaded the fork which I believe is "compatible-ish" with 1.6

I will have another look at newer MAMP. I also can try the PC MAMP to see if it is different.

Maybe my website host has fixed things so I can try there too. Perhaps it is an environment specific thing.

I did move my 1.5.9 to 1.6.8 one release at a time and same issue in 1.6.8 (under MAMP)

Let me see if it fails in a live environment and get back to you

Thanks - I guess i should keep up with the updates in the future

Yes ;-)

Only 3rd party stuff I am using is zpBootstrap theme and have downloaded the fork which I believe is "compatible-ish" with 1.6

Yes, our fork generally should work but we basically update on requests and don't test that actively so there might be issues hidden.

did move my 1.5.9 to 1.6.8 one release at a time and same issue in 1.6.8 (under MAMP)

If you still get the XSRF issue with the menu manager I have no idea, so far seems to work here on MAMP 7.2. But I am testing 1.7a right now (the build from GitHub) but there should be no changes in that area right now.

If you have sessions enabled (Options > General > Cookies), please try to disable them.

I do not have sessions enabled.

I tried upgrading MAMP to version 7.2
Now I get the error in MAMP logs apache_error.log

The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY_YOU_MUST_EXEC() to debug.
[Tue Feb 17 11:44:45.857884 2026] [fastcgi:error] [pid 4554:tid 6168850432] [client ::1:49286] FastCGI: incomplete headers (0 bytes) received from server "/Applications/MAMP/fcgi-bin/php.fcgi"

And any access to localhost/zenphoto (root or zp-core/setup.php or admin.php) returns
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at you@example.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Are you using apple cpu on your MAC?
Do I have something misconfigured in MAMP?
I just installed 7.2 over my 6.9 and the htdocs and SQL DB all seem to remain intact

FYI - before I upgraded MAMP is installed new zp1.6.8 and added zpBootstrap and enabled menu and zenpage then added an album and a menu item for that album and it worked perfectly so the issue may somehow be related to the migration.

I was hoping to be on the latest working release of MAMP to compare notes with you as I try to figure it out but now nothing works with MAMP 7.2. on my M4 mac mini

My colleague had the process forking error in the new MAMP 7.3/7.4 which is why we are currently on still on 7.2. I haven't even tried because some job commissions are dependent on a working setup right now.

Simply put no idea where this comes from… Btw I am on a Mac Mini M4 as well.

MAMP sometimes changes the internal settings to its own default ports instead of 80 for Apache and 3306 for the db. ZP does not work with the wrong Apache ports as it is added to the url, you have to change to the standard webport 80. Maybe that?
Or you have enabled modrewrite but the htaccess file is missing/lost?

I should mention I am still on macOS Sequoia because we are not sure if the MAMP issue may be related to macOS Tahoe possibly or not. MAMP often release fixes/updates for the free version very late in favor of their pro version. But 7.4 happened quite fast this time…

I saw the restriction to use the 80 and 3306 so I am using them.
I am still on Sequoia also - keep what works

I saw some online notes about fastcgi possibly being an issue so I commented that out of the httpd.conf but that stops apache from processing PHP and just dump files to the HTTP client

By default the modrewite in this install is disabled so I left it off for now (but want it on as the pages names are not nice otherwise)

What I saw was that my XSRF issue was not present when I created a new album and added it to the menu so I think I will go back to a working MAMP and see if I can sort out the issues there - just deleting and re-adding the albums but I have a lot of image files with titles so I would rather not type that all in again.

Lets see - I will tell you how it goes

FastCGI should not be an issue as that is basically used since forever and on almost all servers, too.

By default the modrewite in this install is disabled so I left it off for now (but want it on as the pages names are not nice otherwise)

Setup cannot always securely determine if it is working or not. If you know you have as you do on MAMP, you can enable it. More than not working does not happen ;-)

In case the MAMP issue is with the PHP version and not apache itself FYI - I have selected PHP 7.4.33 and 8.3.14 and set MAMP to use 8.3.14 (and the 80/3306 ports)

I understand zp may not yet be fully tested with 8.4 and I was keeping a PHP7 available to retry my migrations

The spam counter / blocker is very annoying. I have to wait 5 minutes between posts. Maybe I am annoying for posting more often

FYI - I have just tried MAMP 7.0, 7.1 and 7.2 and all fail for me.

Going back to 6.9 still works so I will work there.

I understand zp may not yet be fully tested with 8.4

PHP 8.4 is fine with 1.6.8. Our own site runs with 8.4.16. Actually even 8.5 should work since so far 1.7a didn't require any actual changes (as tested on our server so far).

FYI - I have just tried MAMP 7.0, 7.1 and 7.2 and all fail for me.

It must be something else then. Is it just ZP not working. Did you try a plain index.php with phpinfo()?

The spam counter / blocker is very annoying. I have to wait 5 minutes between posts. Maybe I am annoying for posting more often

Sorry, necessary to keep spam bots out.