I have a checkbox column in a gridview:
GridView::widget([
'dataProvider' => $dataProvider,
'columns' => [
['class' => 'yii\grid\CheckboxColumn'],
'id'=>'grid',
'country',
],
]);
And I want to make bulk actions, so I have a button that fires a javascript and sends a url like this:
index.php?r=mycontroller/bulk&action=1&ids=2,6,7,8
this is the button:
<a href="#" onclick="bulkAction('p');">
this is the Javascript:
<script>
function bulkAction(a) {
var keys = $('#grid').yiiGridView('getSelectedRows');
window.location.href='<?php echo Url::to(['mycontroller/bulk']); ?>&action='+a+'&ids='+keys.join();
}
</script>
[size="5"]PROBLEM IS[/size]
This approach is vulnerable to CSRF hacks (explained in : blog.codinghorror.com/cross-site-request-forgeries-and-you/)
So, what is the PROPER way to do it?