Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
Known Issues 5.x Stack, 5.0, 5.1
-
None
-
Operating System: RHEL 62
PHP Version: 5.3.3
Database and version: 5.1.61
Browser (and version): Firefox 15.0.1
Description
Under ezp5, using the Legacy controller and with ezformtoken enabled, attempting to submit a form (i.e: creating an object) after removing the value of the ezxform_token hidden input (or removing the element completely) using firebug/chrome-dev-tools will cause an HTTP 500 response, a Twig exception and a PHP E_WARNING:
Message on the page:
TwigBundle:Exception:error500.html.twigFatal error: The web server did not finish its request
Warning in debug/warning log:
Warning: PHP: E_WARNING
Cannot modify header information - headers already sent by (output started at /var/www/apache2php53/ezp5/app/cache/prod/classes.php:3991) in /var/www/apache2php53/ezp5/app/ezpublish_testsystem/.run/kernel/private/classes/ezpkernelweb.php on line 198
Steps to reproduce
1. Access the admin interface and enter the dialog view to create a new object of any type
2. Using firebug or chrome's developer tools, locate the hidden input named "ezxform_token", and delete it, or clear its value attribute
3. Push the "Send for publishing" button