<div dir="ltr"><div>manu's script gives me a hint about this issue.<br></div>I have write a code to skip appending csrf code on workflow email task edit<br><br>function csrf_startup(){<br>    if(isset($_POST['module']) && $_POST['module'] == 'Workflows' && isset($_POST['view']) && $_POST['view'] == 'EditTask' && isset($_POST['type']) && $_POST['type'] == 'VTEmailTask'){<br>        <br>        csrf_conf('rewrite', false);<br>    }<br>    <br>    <br>}<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><br>Regards,<br>Lajeesh<br></div></div>
<br><div class="gmail_quote">On Thu, Oct 1, 2015 at 6:08 PM, lajeesh k <span dir="ltr"><<a href="mailto:lajeeshk@gmail.com" target="_blank">lajeeshk@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Manu,<br><br></div>I have applied your fix<br><br></div>but it is  corrupting  the serialised data saving in com_vtiger_workflowtask table.<br></div>also <br><br><span>__vtrftk</span><code>sid:061e920a61b1a795a4cef8c3fbd9e35e6b26cede,1443697598</code><span><br>__vtrftk</span><code>sid:061e920a61b1a795a4cef8c3fbd9e35e6b26cede,1443697598<br><br></code></div><code>this variables comes two times in ajax request<br></code><div><code><br></code><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div><br>Regards,<br>Lajeesh<br></div></div>
<br><div class="gmail_quote"><div><div class="h5">On Wed, Sep 16, 2015 at 6:07 PM, Manu urs <span dir="ltr"><<a href="mailto:manu.k@vtiger.com" target="_blank">manu.k@vtiger.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hi <br><br><div>Having code in <span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span> end of config.inc.php </span></span></span></span></span></span></span></span> is not a good idea .It would be fine to have a separate config.security.php  file and this be included through config.inc.php<br><br></div><div>Regards,<br></div><div>Manu Urs<br></div><div><br></div><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 15, 2015 at 9:44 PM, Manuel Fernando <span dir="ltr"><<a href="mailto:ptdesigner@gmail.com" target="_blank">ptdesigner@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span>Manu,
</span></span></span></span></span></span></span></span></div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span><br></span></span></span></span></span></span></span></span></div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span>After some days we ran into this error:</span></span></span></span></span></span></span></span></div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span><b>Fatal error</b>: Cannot redeclare csrf_startup() (previously declared in /home/jupix/public_html/vtiger/config.inc.php:213) in <b>/home/jupix/public_html/vtiger/config.inc.php</b> on line <b>224</b></span></span></span></span></span></span></span></span></div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span><br></span></span></span></span></span></span></span></span></div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span>We added the code you suggested to the end of config.inc.php </span></span></span></span></span></span></span></span></div><div>Would make any diference?</div><div>If we add this code to config.php , before line include('config.inc.php’); or after? What do you recommend?</div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span><br></span></span></span></span></span></span></span></span></div><div><br></div><div><span style="color:rgb(0,0,0);font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-weight:normal"><span><span style="font-family:Helvetica;font-style:normal"><span><span><span><b><br></b></span></span></span></span></span></span></span></span></div>
<br><div><blockquote type="cite"><div><div><div>No dia 13/09/2015, às 20:04, Steve Kenow <<a href="mailto:skenow@rdspos.com" target="_blank">skenow@rdspos.com</a>> escreveu:</div><br></div></div><div><div><div><div dir="ltr">Yeah - any time you edit and save the email, the script is added again. I always view the source before saving and strip out the script completely. 1 will be added back as it is being saved.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 10, 2015 at 8:15 PM, Richard Hills - Technologywise <span dir="ltr"><<a href="mailto:richard@tw.co.nz" target="_blank">richard@tw.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    Can anyone tell me more about this issue?<br>
    <br>
    I've just set up a workflow to send an email and ideally I don't
    want any tracking / html at all. Wondering if there is a way to
    force an email for this workflow to exclude all html?<br>
    <br>
    My issue is mostly however with the javascript included in the mail:<br>
    <br>
    <blockquote type="cite">
      <pre>       <script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:6d69ceadb7e999ee89105b6ec2b7f01790db3bb7,1441924512";var csrfMagicName = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js" type="text/javascript"></script><script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:b61c3de7d74cdc94362af7597429f8cdfcb0a05c,1441927628";var csrfMagicName = "__vtrftk";</script><script src="libraries/csrf-magic/csrf-magic.js" type="text/javascript"></script></pre>
    </blockquote>
    I have attempted to add the patch below, but have a feeling the bug
    was causing multiples of the javascript to be sent, whereas one is
    actually expected?<br>
    <br>
    Any advice would be appreciated, worst case I will add a custom
    workflow function and use my own mailer calls.<br>
    <br>
    Thanks<div><div><br>
    <br>
    <div>On 31/08/15 17:10, Manu urs wrote:<br>
    </div>
    </div></div><blockquote type="cite"><div><div>
      <div dir="ltr">
        <div>
          <div>
            <div>Hi<br>
              <br>
            </div>
            Please add the below patch of code in the config.php  file 
            to solve the issue.<br>
            <br>
            <blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
              <pre>/**
 * Vtiger specific custom config startup for CSRF 
 */
function csrf_startup(){
    //Override the default expire time of token 
    $GLOBALS['csrf']['expires'] = 259200;

    /**if an ajax request initiated, then if php serves content with <html> tags
     * as a response, then unnecessarily we are injecting csrf magic javascipt 
     * in the response html at <head> and <body> using csrf_ob_handler(). 
     * So, to overwride above rewriting we need following config.
     */
    if(isAjax()) {
        $GLOBALS['csrf']['frame-breaker'] = false;
        $GLOBALS['csrf']['rewrite-js'] = null;
    }
}

function isAjax() {
    if (!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
        return true;
    } elseif (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
        return true;
    }
    return false;
}</pre>
            </blockquote>
            <br>
          </div>
          Regards,<br>
        </div>
        Manu Urs<br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Sun, Aug 30, 2015 at 11:42 AM,
          Stacey Johnson <span dir="ltr"><<a href="mailto:stacey.johnson110@gmail.com" target="_blank">stacey.johnson110@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div>What about below reported bug?<br>
              </div>
              What time frame "soon" should normally cover?<br>
            </div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote">On Sat, May 9, 2015 at 12:46 AM,
                Uma S <span dir="ltr"><<a href="mailto:uma.s@vtiger.com" target="_blank">uma.s@vtiger.com</a>></span>
                wrote:<br>
                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div dir="ltr">Hi,
                    <div><br>
                    </div>
                    <div>We are in between different project development
                      work, will get back soon.</div>
                  </div>
                  <div class="gmail_extra">
                    <div>
                      <div><br>
                        <div class="gmail_quote">On Fri, May 8, 2015 at
                          9:33 PM, Alan Lord <span dir="ltr"><<a href="mailto:alanslists@gmail.com" target="_blank"></a><a href="mailto:alanslists@gmail.com" target="_blank">alanslists@gmail.com</a>></span>
                          wrote:<br>
                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On
                              08/05/15 16:39, Manuel Fernando wrote:<br>
                              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                Uma S,<br>
                                <br>
                                I know you could reproduce this error.
                                Great, but any fix soon or plans<br>
                                to update us?<br>
                              </blockquote>
                              <br>
                            </span>
                            +1<br>
                            <br>
                            <br>
_______________________________________________<br>
                            <a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br>
                          </blockquote>
                        </div>
                        <br>
                        <br clear="all">
                        <div><br>
                        </div>
                      </div>
                    </div>
                    <span>-- <br>
                        <div>
                          <div dir="ltr">With<br>
                            Best Regards<br>
                            Uma.S<br>
                            <div>Vtiger Team</div>
                          </div>
                        </div>
                      </span></div>
                  <br>
                  _______________________________________________<br>
                  <a href="http://www.vtiger.com/" rel="noreferrer" target="_blank">http://www.vtiger.com/</a><br>
                </blockquote>
              </div>
              <br>
            </div>
            <br>
            _______________________________________________<br>
            <a href="http://www.vtiger.com/" rel="noreferrer" target="_blank">http://www.vtiger.com/</a><br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <br>
        -- <br>
        <div>
          <div dir="ltr">
            <div>Regards,<br>
            </div>
            Manu<br>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>_______________________________________________
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a></pre><span><font color="#888888">
    </font></span></blockquote><span><font color="#888888">
    <br>
    <pre cols="72">-- 
Richard Hills
TechnologyWise Ltd, Tauranga, NZ
<a href="mailto:richard@tw.co.nz" target="_blank">richard@tw.co.nz</a>
<a href="http://www.technologywise.co.nz/" target="_blank">www.technologywise.co.nz</a>
ph: <a href="tel:%2B64%20%280%297%20571%201060" value="+6475711060" target="_blank">+64 (0)7 571 1060</a>
fax: <a href="tel:%2B64%20%280%297%20571%201061" value="+6475711061" target="_blank">+64 (0)7 571 1061</a></pre>
  </font></span></div>

<br>_______________________________________________<br>
<a href="http://www.vtiger.com/" rel="noreferrer" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><i><b>Steve Kenow</b></i><br></div><div>Retail Data Systems of Minnesota<br></div>Manager, Service Desk and End User Support<br><div>Direct: 952.392.2686</div><div>Office: 952.934.4002</div><div><a href="mailto:skenow@rdspos.com" target="_blank">skenow@rdspos.com</a></div><div><br><img src="http://rdspos.com/Portals/0/Web-RDS-Logo.jpg" height="39" width="96"><br><br><br></div></div></div></div></div></div></div></div></div>
</div></div></div>
_______________________________________________<br><a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a></div></blockquote></div><br></div><br>_______________________________________________<br>
<a href="http://www.vtiger.com/" rel="noreferrer" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><div><div dir="ltr"><div>Regards,<br></div>Manu<br></div></div>
</div>
</div></div><br></div></div>_______________________________________________<br>
<a href="http://www.vtiger.com/" rel="noreferrer" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br></div>
</blockquote></div><br></div>