多重记录删除不工作CSRF-Cakephp
我已经找到了其中一个答案,并尝试遵循它,但我一直得到相同的信息: CSRF令牌不匹配。多重记录删除不工作CSRF-Cakephp,cakephp,csrf,Cakephp,Csrf,我已经找到了其中一个答案,并尝试遵循它,但我一直得到相同的信息: CSRF令牌不匹配。 Cake\Http\Exception\InvalidCsrfTokenException 编辑: 删除按钮在4个控制器/表(用户、潜在客户、联系人、帐户、潜在客户)上不起作用 但是他们在我的另一张桌子上工作 这是你的电话号码 AppController.php <?php namespace App\Controller; use Cake\Controller\Controller;
Cake\Http\Exception\InvalidCsrfTokenException 编辑: 删除按钮在4个控制器/表(用户、潜在客户、联系人、帐户、潜在客户)上不起作用 但是他们在我的另一张桌子上工作 这是你的电话号码 AppController.php
<?php
namespace App\Controller;
use Cake\Controller\Controller;
use Cake\Event\Event;
class AppController extends Controller
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler', [
'enableBeforeRedirect' => false,
]);
$this->loadComponent('Flash');
$this->loadComponent('Security');
$this->loadComponent('Csrf');
}
public function pr($arr){
echo "<pre>";
print_r($arr);
echo "</pre>";
exit();
}
public function beforeRender(Event $event)
{
if(!array_key_exists('_serialize', $this->viewVars) &&
in_array($this->response->getType(), ['application/json', 'application/xml'])
){
$this->set('_serialize', true);
}
if($this->request->getSession()->read('Auth.User')){
$this->set('loggedIn', true);
} else {
$this->set('loggedIn', false);
}
}
}
public function delete($id = null)
{
$this->request->allowMethod(['post', 'delete']);
$note = $this->Notes->get($id);
if ($this->Notes->delete($note)) {
$this->Flash->success(__('The note has been deleted.'));
} else {
$this->Flash->error(__('The note could not be deleted. Please, try again.'));
}
return $this->redirect(['action' => 'index']);
}
index.ctp
$actions = [
'delete',
'deleteall'
];
if (in_array($this->request->params['action'], $actions)) {
// for csrf
$this->eventManager()->off($this->Csrf);
// for security component
$this->Security->config('unlockedActions', $actions);
}
您需要禁用CSRF和安全组件。通过在控制器的beforeFilter方法中添加以下代码,可以针对特定操作禁用它们
希望这会有所帮助。通过不使用FormHelper
,自动字段(如CSRF令牌)不会添加到表单中,因此CSRF组件会拒绝无效的表单数据。我尝试禁用//$this->loadComponent('CSRF');现在,在请求数据中找不到Im获取的“\u令牌”。安全组件将检查\u令牌的值。您不想使用表单帮助器的任何特定原因?它与CSRF和安全组件集成,您无需做任何额外的工作。我现在不需要它,它只是在测试东西。我上次使用CakePHP已经有一段时间了,但是为什么您要在deleteall()
foreach循环中调用$this->Subject->delete($value)
,这是一个有点棘手的即时通讯编辑的第一篇文章显然删除其他控制器表上的工作,但不是在Those 5(用户,潜在客户,联系人,帐户,潜在客户)
public function delete($id = null)
{
$this->request->allowMethod(['post', 'delete']);
$note = $this->Notes->get($id);
if ($this->Notes->delete($note)) {
$this->Flash->success(__('The note has been deleted.'));
} else {
$this->Flash->error(__('The note could not be deleted. Please, try again.'));
}
return $this->redirect(['action' => 'index']);
}
<button type="submit" formaction="<?php echo $this->Url-
>build(['action'=>'deleteall']) ?>" class="btn btn-danger"
onclick="return confirm('Are yo u sure you want to delete users?')">
Delete</button>
</p>
<th><input type="checkbox" class="selectall"/></th>
<td><input type="checkbox" class="selectbox" name="ids[]" value="<?=
h($user->id) ?></td>"/></td>
<button type="submit" formaction="<?php echo $this->Url->build(['action' =>'delete', $user->id]) ?>" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?')">Delete</button>
$actions = [
'delete',
'deleteall'
];
if (in_array($this->request->params['action'], $actions)) {
// for csrf
$this->eventManager()->off($this->Csrf);
// for security component
$this->Security->config('unlockedActions', $actions);
}