Tokens for Forms?

«

Previous topic

|

|

Next topic

»

Author	Message
Wei Dai	Monday 27 June 2011 2:48:37 am Hello, it is a big surprise that in eZ Publish, we don't have a way to generate a token for each forms: whether they are built upon information collectors or eZ Survey. Sure, we have various captcha extensions but it they are not built-in with eZ Publish. I am think that at lease, eZ Publish maybe provides a token datatype? How do you solve your CSRF problem? Certified eZ Publish 4 developer looking for develop information & collaboration.
André R.	Monday 27 June 2011 5:06:34 am 4.5 got token support, but token verification needs to be done by an extension. The problem is that it breaks all ajax code that does not use ezjscore function ( .ez() ), so until that is handled a bit more elegantly it is not included by default but provided to customers that are willing to adapt their code to make it work. It will in some form be bundled with 4.6 I think. eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Nicolas Pastorino	Monday 27 June 2011 5:08:56 am Hi Wei, This is indeed an issue. I would recommend, as a temporary solution which however impacts the end-user a bit, using the recaptcha extension for eZ Publish : http://projects.ez.no/recaptcha. Secondly, i would recommend filing a request for enhancement there : http://issues.ez.no/ezpublish , detailing the feature. Cheers ! -- Nicolas Pastorino Director Community - eZ Member of the Community Project Board eZ Publish Community on twitter: http://twitter.com/ezcommunity t : http://twitter.com/jeanvoye G+ : http://plus.tl/jeanvoye
Nicolas Pastorino	Monday 27 June 2011 5:09:54 am I can see Andre posted at the same time as me, providing another solution for this. Now you have several options to pick from ! -- Nicolas Pastorino Director Community - eZ Member of the Community Project Board eZ Publish Community on twitter: http://twitter.com/ezcommunity t : http://twitter.com/jeanvoye G+ : http://plus.tl/jeanvoye

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing:	Jan 29 2025 14:39:42
Script start
Timing:	Jan 29 2025 14:39:42
Module start 'layout'
Timing:	Jan 29 2025 14:39:42
Module start 'content'
Timing:	Jan 29 2025 14:39:42
Module end 'content'
Timing:	Jan 29 2025 14:39:42
Script end

Main resources:

Total runtime	0.0139 sec
Peak memory usage	2,048.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0053	588.0078	151.1953
Module start 'layout'	0.0053	0.0021	739.2031	36.6172
Module start 'content'	0.0074	0.0050	775.8203	94.1953
Module end 'content'	0.0124	0.0014	870.0156	33.9766
Script end	0.0138		903.9922

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0024	17.4380	14	0.0002
Check MTime	0.0010	7.5422	14	0.0001
Mysql Total
Database connection	0.0008	5.6597	1	0.0008
Mysqli_queries	0.0019	13.5939	3	0.0006
Looping result	0.0000	0.0567	1	0.0000
Template Total	0.0011	8.0	1	0.0011
Template load	0.0008	6.0860	1	0.0008
Template processing	0.0003	1.8739	1	0.0003
Override
Cache load	0.0006	4.2826	1	0.0006
General
dbfile	0.0015	10.8070	8	0.0002
String conversion	0.0000	0.0344	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs