CFileBrowserWidget - CSRF issue

Hi everyone,

I am trying to use CFileBrowserWidget. I am experiencing a problem with CSRF.

One of my view contains :


<?php

$this->widget('application.extensions.cfilebrowser.CFileBrowserWidget',array(

                'script'=>array('jobqueue/filebrowser'),

                'root'=>'/var/',

                'folderEvent'=>'click',

                'expandSpeed'=>1000,

                'collapseSpeed'=>1000,

                'expandEasing'=>'easeOutBounce',

                'collapseEasing'=>'easeOutBounce',

                'multiFolder'=>true,

                'loadMessage'=>'File Browser Is Loading...hang on a sec',

                'callbackFunction'=>'alert("I selected " + f)'

));

?>

But when i run the widget, nothing is displayed . With the help of firebug , i found that, the ajax call fails because of CSRF.

The response header says that "The CSRF token could not be verified".

When i opened that link (localhost/filebrowser/index.php?r=jobqueue/filebrowser) in browser, the error message i got is :


Error 400

The CSRF token could not be verified.

I have set enableCsrfValidation to true in CHttpRequest.php.

Can some one tell me how to solve this issue?

Well, this is pretty easy if the widget allows you to pass custom post data, and i assume it does.

For example, in uploadify, there is a param, called scriptData that allows you to pass an array of extra post data, assuming that something like this exists in this widget, then the usage would be like:




<?php

$this->widget('application.extensions.cfilebrowser.CFileBrowserWidget',array(

                'script'=>array('jobqueue/filebrowser'),

                'root'=>'/var/',

                'folderEvent'=>'click',

                'expandSpeed'=>1000,

                'collapseSpeed'=>1000,

                'expandEasing'=>'easeOutBounce',

                'collapseEasing'=>'easeOutBounce',

                'multiFolder'=>true,

                'loadMessage'=>'File Browser Is Loading...hang on a sec',

                'callbackFunction'=>'alert("I selected " + f)',

                //this is what you need:

                'customData'=>array(Yii::app()->request->csrfTokenName=>Yii::app()->request->csrfToken),

));

?>