[Vtigercrm-developers] Important Bug Workflows and emails

lajeesh k lajeeshk at gmail.com
Thu Oct 1 14:33:24 GMT 2015


manu's script gives me a hint about this issue.
I have write a code to skip appending csrf code on workflow email task edit

function csrf_startup(){
    if(isset($_POST['module']) && $_POST['module'] == 'Workflows' &&
isset($_POST['view']) && $_POST['view'] == 'EditTask' &&
isset($_POST['type']) && $_POST['type'] == 'VTEmailTask'){

        csrf_conf('rewrite', false);
    }


}


Regards,
Lajeesh

On Thu, Oct 1, 2015 at 6:08 PM, lajeesh k <lajeeshk at gmail.com> wrote:

> Hi Manu,
>
> I have applied your fix
>
> but it is  corrupting  the serialised data saving in
> com_vtiger_workflowtask table.
> also
>
> __vtrftksid:061e920a61b1a795a4cef8c3fbd9e35e6b26cede,1443697598
> __vtrftksid:061e920a61b1a795a4cef8c3fbd9e35e6b26cede,1443697598
>
> this variables comes two times in ajax request
>
>
>
>
> Regards,
> Lajeesh
>
> On Wed, Sep 16, 2015 at 6:07 PM, Manu urs <manu.k at vtiger.com> wrote:
>
>> Hi
>>
>> Having code in  end of config.inc.php  is not a good idea .It would be
>> fine to have a separate config.security.php  file and this be included
>> through config.inc.php
>>
>> Regards,
>> Manu Urs
>>
>>
>>
>> On Tue, Sep 15, 2015 at 9:44 PM, Manuel Fernando <ptdesigner at gmail.com>
>> wrote:
>>
>>> Manu,
>>>
>>> After some days we ran into this error:
>>> *Fatal error*: Cannot redeclare csrf_startup() (previously declared in
>>> /home/jupix/public_html/vtiger/config.inc.php:213) in
>>> */home/jupix/public_html/vtiger/config.inc.php* on line *224*
>>>
>>> We added the code you suggested to the end of config.inc.php
>>> Would make any diference?
>>> If we add this code to config.php , before line
>>> include('config.inc.php’); or after? What do you recommend?
>>>
>>>
>>>
>>>
>>> No dia 13/09/2015, às 20:04, Steve Kenow <skenow at rdspos.com> escreveu:
>>>
>>> Yeah - any time you edit and save the email, the script is added again.
>>> I always view the source before saving and strip out the script completely.
>>> 1 will be added back as it is being saved.
>>>
>>> On Thu, Sep 10, 2015 at 8:15 PM, Richard Hills - Technologywise <
>>> richard at tw.co.nz> wrote:
>>>
>>>> Can anyone tell me more about this issue?
>>>>
>>>> I've just set up a workflow to send an email and ideally I don't want
>>>> any tracking / html at all. Wondering if there is a way to force an email
>>>> for this workflow to exclude all html?
>>>>
>>>> My issue is mostly however with the javascript included in the mail:
>>>>
>>>> 	<script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:6d69ceadb7e999ee89105b6ec2b7f01790db3bb7,1441924512";var csrfMagicName = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js" type="text/javascript"></script><script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:b61c3de7d74cdc94362af7597429f8cdfcb0a05c,1441927628";var csrfMagicName = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js" type="text/javascript"></script>
>>>>
>>>> I have attempted to add the patch below, but have a feeling the bug was
>>>> causing multiples of the javascript to be sent, whereas one is actually
>>>> expected?
>>>>
>>>> Any advice would be appreciated, worst case I will add a custom
>>>> workflow function and use my own mailer calls.
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On 31/08/15 17:10, Manu urs wrote:
>>>>
>>>> Hi
>>>>
>>>> Please add the below patch of code in the config.php  file  to solve
>>>> the issue.
>>>>
>>>> /**
>>>>>  * Vtiger specific custom config startup for CSRF
>>>>>  */
>>>>> function csrf_startup(){
>>>>>     //Override the default expire time of token
>>>>>     $GLOBALS['csrf']['expires'] = 259200;
>>>>>
>>>>>     /**if an ajax request initiated, then if php serves content with <html> tags
>>>>>      * as a response, then unnecessarily we are injecting csrf magic javascipt
>>>>>      * in the response html at <head> and <body> using csrf_ob_handler().
>>>>>      * So, to overwride above rewriting we need following config.
>>>>>      */
>>>>>     if(isAjax()) {
>>>>>         $GLOBALS['csrf']['frame-breaker'] = false;
>>>>>         $GLOBALS['csrf']['rewrite-js'] = null;
>>>>>     }
>>>>> }
>>>>>
>>>>> function isAjax() {
>>>>>     if (!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
>>>>>         return true;
>>>>>     } elseif (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
>>>>>         return true;
>>>>>     }
>>>>>     return false;
>>>>> }
>>>>>
>>>>>
>>>> Regards,
>>>> Manu Urs
>>>>
>>>> On Sun, Aug 30, 2015 at 11:42 AM, Stacey Johnson <
>>>> stacey.johnson110 at gmail.com> wrote:
>>>>
>>>>> What about below reported bug?
>>>>> What time frame "soon" should normally cover?
>>>>>
>>>>> On Sat, May 9, 2015 at 12:46 AM, Uma S <uma.s at vtiger.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> We are in between different project development work, will get back
>>>>>> soon.
>>>>>>
>>>>>> On Fri, May 8, 2015 at 9:33 PM, Alan Lord < <alanslists at gmail.com>
>>>>>> alanslists at gmail.com> wrote:
>>>>>>
>>>>>>> On 08/05/15 16:39, Manuel Fernando wrote:
>>>>>>>
>>>>>>>> Uma S,
>>>>>>>>
>>>>>>>> I know you could reproduce this error. Great, but any fix soon or
>>>>>>>> plans
>>>>>>>> to update us?
>>>>>>>>
>>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> http://www.vtiger.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> With
>>>>>> Best Regards
>>>>>> Uma.S
>>>>>> Vtiger Team
>>>>>>
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Manu
>>>>
>>>>
>>>> _______________________________________________http://www.vtiger.com/
>>>>
>>>>
>>>> --
>>>> Richard Hills
>>>> TechnologyWise Ltd, Tauranga, NZrichard at tw.co.nzwww.technologywise.co.nz
>>>> ph: +64 (0)7 571 1060
>>>> fax: +64 (0)7 571 1061
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>
>>>
>>>
>>> --
>>> *Steve Kenow*
>>> Retail Data Systems of Minnesota
>>> Manager, Service Desk and End User Support
>>> Direct: 952.392.2686
>>> Office: 952.934.4002
>>> skenow at rdspos.com
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>>
>> --
>> Regards,
>> Manu
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20151001/e3256603/attachment-0001.html>


More information about the vtigercrm-developers mailing list