Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-19675

Submitting a form with a blank or non-existent ezxform_token value causes PHP E_WARNING

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Obsolete
    • Affects Version/s: Known Issues 5.x Stack, 5.0, 5.1
    • Labels:
      None
    • Environment:

      Operating System: RHEL 62
      PHP Version: 5.3.3
      Database and version: 5.1.61
      Browser (and version): Firefox 15.0.1

      Description

      Under ezp5, using the Legacy controller and with ezformtoken enabled, attempting to submit a form (i.e: creating an object) after removing the value of the ezxform_token hidden input (or removing the element completely) using firebug/chrome-dev-tools will cause an HTTP 500 response, a Twig exception and a PHP E_WARNING:

      Message on the page:

      TwigBundle:Exception:error500.html.twigFatal error: The web server did not finish its request

      Warning in debug/warning log:
      Warning: PHP: E_WARNING

      Cannot modify header information - headers already sent by (output started at /var/www/apache2php53/ezp5/app/cache/prod/classes.php:3991) in /var/www/apache2php53/ezp5/app/ezpublish_testsystem/.run/kernel/private/classes/ezpkernelweb.php on line 198

      Steps to reproduce

      1. Access the admin interface and enter the dialog view to create a new object of any type
      2. Using firebug or chrome's developer tools, locate the hidden input named "ezxform_token", and delete it, or clear its value attribute
      3. Push the "Send for publishing" button

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            filiped Filipe Dobreira
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: