[Vtigercrm-developers] Important Bug Workflows and emails

Stacey Johnson stacey.johnson110 at gmail.com
Thu Oct 1 15:59:51 GMT 2015


Lajeesh, did you set this script in config.php?

Stacey

On Thu, Oct 1, 2015 at 9:33 PM, lajeesh k <lajeeshk at gmail.com> wrote:

> manu's script gives me a hint about this issue.
> I have write a code to skip appending csrf code on workflow email task edit
>
> function csrf_startup(){
>     if(isset($_POST['module']) && $_POST['module'] == 'Workflows' &&
> isset($_POST['view']) && $_POST['view'] == 'EditTask' &&
> isset($_POST['type']) && $_POST['type'] == 'VTEmailTask'){
>
>         csrf_conf('rewrite', false);
>     }
>
>
> }
>
>
> Regards,
> Lajeesh
>
> On Thu, Oct 1, 2015 at 6:08 PM, lajeesh k <lajeeshk at gmail.com> wrote:
>
>> Hi Manu,
>>
>> I have applied your fix
>>
>> but it is  corrupting  the serialised data saving in
>> com_vtiger_workflowtask table.
>> also
>>
>> __vtrftksid:061e920a61b1a795a4cef8c3fbd9e35e6b26cede,1443697598
>> __vtrftksid:061e920a61b1a795a4cef8c3fbd9e35e6b26cede,1443697598
>>
>> this variables comes two times in ajax request
>>
>>
>>
>>
>> Regards,
>> Lajeesh
>>
>> On Wed, Sep 16, 2015 at 6:07 PM, Manu urs <manu.k at vtiger.com> wrote:
>>
>>> Hi
>>>
>>> Having code in  end of config.inc.php  is not a good idea .It would be
>>> fine to have a separate config.security.php  file and this be included
>>> through config.inc.php
>>>
>>> Regards,
>>> Manu Urs
>>>
>>>
>>>
>>> On Tue, Sep 15, 2015 at 9:44 PM, Manuel Fernando <ptdesigner at gmail.com>
>>> wrote:
>>>
>>>> Manu,
>>>>
>>>> After some days we ran into this error:
>>>> *Fatal error*: Cannot redeclare csrf_startup() (previously declared in
>>>> /home/jupix/public_html/vtiger/config.inc.php:213) in
>>>> */home/jupix/public_html/vtiger/config.inc.php* on line *224*
>>>>
>>>> We added the code you suggested to the end of config.inc.php
>>>> Would make any diference?
>>>> If we add this code to config.php , before line
>>>> include('config.inc.php’); or after? What do you recommend?
>>>>
>>>>
>>>>
>>>>
>>>> No dia 13/09/2015, às 20:04, Steve Kenow <skenow at rdspos.com> escreveu:
>>>>
>>>> Yeah - any time you edit and save the email, the script is added again.
>>>> I always view the source before saving and strip out the script completely.
>>>> 1 will be added back as it is being saved.
>>>>
>>>> On Thu, Sep 10, 2015 at 8:15 PM, Richard Hills - Technologywise <
>>>> richard at tw.co.nz> wrote:
>>>>
>>>>> Can anyone tell me more about this issue?
>>>>>
>>>>> I've just set up a workflow to send an email and ideally I don't want
>>>>> any tracking / html at all. Wondering if there is a way to force an email
>>>>> for this workflow to exclude all html?
>>>>>
>>>>> My issue is mostly however with the javascript included in the mail:
>>>>>
>>>>> 	<script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:6d69ceadb7e999ee89105b6ec2b7f01790db3bb7,1441924512";var csrfMagicName = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js" type="text/javascript"></script><script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:b61c3de7d74cdc94362af7597429f8cdfcb0a05c,1441927628";var csrfMagicName = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js" type="text/javascript"></script>
>>>>>
>>>>> I have attempted to add the patch below, but have a feeling the bug
>>>>> was causing multiples of the javascript to be sent, whereas one is actually
>>>>> expected?
>>>>>
>>>>> Any advice would be appreciated, worst case I will add a custom
>>>>> workflow function and use my own mailer calls.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> On 31/08/15 17:10, Manu urs wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> Please add the below patch of code in the config.php  file  to solve
>>>>> the issue.
>>>>>
>>>>> /**
>>>>>>  * Vtiger specific custom config startup for CSRF
>>>>>>  */
>>>>>> function csrf_startup(){
>>>>>>     //Override the default expire time of token
>>>>>>     $GLOBALS['csrf']['expires'] = 259200;
>>>>>>
>>>>>>     /**if an ajax request initiated, then if php serves content with <html> tags
>>>>>>      * as a response, then unnecessarily we are injecting csrf magic javascipt
>>>>>>      * in the response html at <head> and <body> using csrf_ob_handler().
>>>>>>      * So, to overwride above rewriting we need following config.
>>>>>>      */
>>>>>>     if(isAjax()) {
>>>>>>         $GLOBALS['csrf']['frame-breaker'] = false;
>>>>>>         $GLOBALS['csrf']['rewrite-js'] = null;
>>>>>>     }
>>>>>> }
>>>>>>
>>>>>> function isAjax() {
>>>>>>     if (!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
>>>>>>         return true;
>>>>>>     } elseif (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
>>>>>>         return true;
>>>>>>     }
>>>>>>     return false;
>>>>>> }
>>>>>>
>>>>>>
>>>>> Regards,
>>>>> Manu Urs
>>>>>
>>>>> On Sun, Aug 30, 2015 at 11:42 AM, Stacey Johnson <
>>>>> stacey.johnson110 at gmail.com> wrote:
>>>>>
>>>>>> What about below reported bug?
>>>>>> What time frame "soon" should normally cover?
>>>>>>
>>>>>> On Sat, May 9, 2015 at 12:46 AM, Uma S <uma.s at vtiger.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> We are in between different project development work, will get back
>>>>>>> soon.
>>>>>>>
>>>>>>> On Fri, May 8, 2015 at 9:33 PM, Alan Lord < <alanslists at gmail.com>
>>>>>>> alanslists at gmail.com> wrote:
>>>>>>>
>>>>>>>> On 08/05/15 16:39, Manuel Fernando wrote:
>>>>>>>>
>>>>>>>>> Uma S,
>>>>>>>>>
>>>>>>>>> I know you could reproduce this error. Great, but any fix soon or
>>>>>>>>> plans
>>>>>>>>> to update us?
>>>>>>>>>
>>>>>>>>
>>>>>>>> +1
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> http://www.vtiger.com/
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> With
>>>>>>> Best Regards
>>>>>>> Uma.S
>>>>>>> Vtiger Team
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> http://www.vtiger.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Manu
>>>>>
>>>>>
>>>>> _______________________________________________http://www.vtiger.com/
>>>>>
>>>>>
>>>>> --
>>>>> Richard Hills
>>>>> TechnologyWise Ltd, Tauranga, NZrichard at tw.co.nzwww.technologywise.co.nz
>>>>> ph: +64 (0)7 571 1060
>>>>> fax: +64 (0)7 571 1061
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Steve Kenow*
>>>> Retail Data Systems of Minnesota
>>>> Manager, Service Desk and End User Support
>>>> Direct: 952.392.2686
>>>> Office: 952.934.4002
>>>> skenow at rdspos.com
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Manu
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20151001/1232e734/attachment-0001.html>


More information about the vtigercrm-developers mailing list