Home › Support › Bug Reports
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
Search Indexing and CSRF
Hi
When trying to reindex a site using the Search Module within Fuel, nothing happens. If I edit and save a page, the related search index is created correctly.
In my config.php, if I set
I can reindex happily.
With it set to true, my Firebug console reports an error 500 - "The action you have requested is not allowed" - the classic missing CSRF problem.
It seems my other sites that have Search working also have CSRF switched off.
Is this to be expected?
Cheers
When trying to reindex a site using the Search Module within Fuel, nothing happens. If I edit and save a page, the related search index is created correctly.
In my config.php, if I set
$config['csrf_protection'] = FALSE;I can reindex happily.
With it set to true, my Firebug console reports an error 500 - "The action you have requested is not allowed" - the classic missing CSRF problem.
It seems my other sites that have Search working also have CSRF switched off.
Is this to be expected?
Cheers
Comments
Thanks for that but unfortunately it didn't work for me. I think that's because I've customised the $config['csrf_token_name'] in config.php
This edit to ./views/_admin/reindex.php uses the contents of $config['csrf_token_name'] and this works for me...
var csrf = $('#<?php echo $this->config->item('csrf_token_name'); ?>').val(); var params = {pages: $('#pages').val(), <?php echo $this->config->item('csrf_token_name'); ?>: csrf };