Mailing List Archive

Hey Tom,

On Fri, 2024-01-19 at 15:19 -0500, Tom via Davical-general wrote:
> I can't "Create Collection".
>
> When I click on the "Create Collection" button, my browser pops up an
> "Update password?" dialog box, which it did not do before.

Your browser will most likely be seeing the password field on the form and
thinking you're wanting to save a new password. What browser are you using?

> Then when I click the "Create" button, I get the error message:
> A valid CSRF token must be provided. You do not have permission to modify
> this collection.
>
> An nginx error log entry says:
> FastCGI sent in stderr: "PHP message: PHP Warning:  session_start():
> Cannot start session when headers already sent in /opt/davical-
> 1.1.12/inc/csrf_tokens.php on line 80"
>
> I get the same error with PHP 7.4 and 8.2

Okay, that is odd. The server isn't able to add the CSRF token to the
session headers because the session has already been started. However,
looking at the logic for seeing if the session exists, well, it is broken.
It is using the < 5.4.0 approach for >= 5.4.0 which is wrong.

Can you please try modifying

/opt/davical-1.1.12/inc/csrf_tokens.php

And replace the entire sessionExists function with:

function sessionExists() {
return session_status() === PHP_SESSION_ACTIVE;
}

Cheers,
Andrew

--
Andrew Ruthven, Wellington, New Zealand
andrew@etc.gen.nz |
Catalyst Cloud: | This space intentionally left blank
https://catalystcloud.nz |



_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general