[BlueOnyx:24542] Re: 5210R CSRF mismatch when creating vsite

Michael Stauber mstauber at blueonyx.it
Wed Dec 2 18:59:50 -05 2020 

Hi Florian,

>> I just tried to create a new vsite and the following error occured:
>>
>> An Error Was Encountered
>> CSRF mismatch: The action you have requested is not allowed.

Funny. I just had the same. When /vsite/vsiteAdd was done saving, a
blank white page with tons of errors briefly popped up (too short to
read the errors) and then I got the GUI's error-page "CSRF mismatch".

The logfiles showed nothing wrong *and* the Vsite had been created
successfully.

So I deleted the Vsite, started "vokoscreen" to record the browser
window to video and tried to create another Vsite. No errors this time.
And the next time and the next time.

Means: I was able to reproduce the error only once and since then it
just works fine.

> After disabling CSRF i get
> 
> A PHP Error was encountered
> Severity: Notice
> 
> Message: Undefined property: Error::$vars
> 
> Filename: uifc/PagedBlock.php
> 
> Line Number: 924
> 
> A PHP Error was encountered
> Severity: Warning
> 
> Message: Cannot modify header information - headers already sent by (output
> started at
> /usr/sausalito/ui/chorizo/ci/application/modules/base/vsite/controllers/Vsit
> eAdd.php:379)
> 
> Filename: core/Common.php
> 
> Line Number: 570
> 
> An uncaught Exception was encountered
> Type: Error
> 
> Message: Cannot access protected property Error::$message
> 
> Filename:
> /usr/sausalito/ui/chorizo/ci/application/libraries/uifc/PagedBlock.php
> 
> Line Number: 928

I just checked ...

/usr/sausalito/ui/chorizo/ci/system/core/Common.php - line 570.

/usr/sausalito/ui/chorizo/ci/application/libraries/uifc/PagedBlock.php -
line 928

/usr/sausalito/ui/chorizo/ci/application/modules/base/vsite/controllers/VsiteAdd.php
- line 379

The problem seems to be VsiteAdd.php line 379:

https://devel.blueonyx.it/trac/browser/BlueOnyx/5210R/ui/base-vsite.mod/ui/chorizo/web/controllers/VsiteAdd.php#L379

During Vsite creation CCEd ran into an error. A quick check in
/var/log/messages confirms this. For some weird reason or other the disk
quota couldn't be set.

After performing all related transaction needed for a Vsite creation the
error messages were checked a page reload was initiated to display the
error message(s).

Problem: The $error passed to serverScriptHelper() neither was an array,
nested array or PHP object (PagedBlock.php can handle all of them). So
at that point the GUI must have thrown the badly formatted error
message, which was missing the CSRF stuff.

Long story short: vsiteAdd was creating new "Error" objects (CodeIgniter
internal errors) for Vsite creation failure, whereas it should have been
creating "BXError" objects.

I made several changes to the error handling in base-alpine and
base-vsite and just uploaded updated RPMs to the YUM repository for 5210R.

Please do a "yum clean all" and "yum update" to get them.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list