CFileBrowserWidget - CSRF issue

Yii 1.1 General Discussion
1

Hi everyone,

I am trying to use CFileBrowserWidget. I am experiencing a problem with CSRF.

One of my view contains :


<?php

$this->widget('application.extensions.cfilebrowser.CFileBrowserWidget',array(

                'script'=>array('jobqueue/filebrowser'),

                'root'=>'/var/',

                'folderEvent'=>'click',

                'expandSpeed'=>1000,

                'collapseSpeed'=>1000,

                'expandEasing'=>'easeOutBounce',

                'collapseEasing'=>'easeOutBounce',

                'multiFolder'=>true,

                'loadMessage'=>'File Browser Is Loading...hang on a sec',

                'callbackFunction'=>'alert("I selected " + f)'

));

?>

But when i run the widget, nothing is displayed . With the help of firebug , i found that, the ajax call fails because of CSRF.

The response header says that "The CSRF token could not be verified".

When i opened that link (localhost/filebrowser/index.php?r=jobqueue/filebrowser) in browser, the error message i got is :


Error 400

The CSRF token could not be verified.

I have set enableCsrfValidation to true in CHttpRequest.php.

Can some one tell me how to solve this issue?

2

Well, this is pretty easy if the widget allows you to pass custom post data, and i assume it does.

For example, in uploadify, there is a param, called scriptData that allows you to pass an array of extra post data, assuming that something like this exists in this widget, then the usage would be like:




<?php

$this->widget('application.extensions.cfilebrowser.CFileBrowserWidget',array(

                'script'=>array('jobqueue/filebrowser'),

                'root'=>'/var/',

                'folderEvent'=>'click',

                'expandSpeed'=>1000,

                'collapseSpeed'=>1000,

                'expandEasing'=>'easeOutBounce',

                'collapseEasing'=>'easeOutBounce',

                'multiFolder'=>true,

                'loadMessage'=>'File Browser Is Loading...hang on a sec',

                'callbackFunction'=>'alert("I selected " + f)',

                //this is what you need:

                'customData'=>array(Yii::app()->request->csrfTokenName=>Yii::app()->request->csrfToken),

));

?>