Support

Admin Tools

#9968 CSRFShield set to Advanced but hidden field not always found

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Saturday, 23 July 2011 02:39 CDT

Friday, 22 July 2011 05:11 CDT

elau24
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Articles not really related to problem

Have I searched the forum before posting? Yes

Have I read the documentation before posting (which pages?)? Pages 30-31 on CSRF/Anti-spam form protection (CSRFShield)

Joomla! version: 1.5.23
PHP version: 5.2.16
MySQL version: 5.0.92-community-log
Host:
Admin Tools version: 2.1.3 Pro


Description of my issue:

I've set CSRF/Anti-spam form protection (CSRFShield) to Advanced and can find the hidden field on one form but not another on the same website.

To look for the hidden field, I did a View Source on the page and look for:

style="float: left; position: absolute; z-index: 1000000; left: -10000px; top: -10000px;"

The form that doesn't have it is a contact form created with aiContactSafe (http://extensions.joomla.org/extensions/contacts-and-feedback/contact-forms/7901).

Is there a criteria that determines if a hidden field is to be added?

Thanks in advance for your help. Great product!

Friday, 22 July 2011 05:39 CDT

nicholas
Hi!

This feature works by post-processing the HTML output of Joomla! and appending the hidden form field to all form elements found in it. The possible reasons for the hidden field not showing are:
- Caching. Try clearing your Joomla! and browser cache
- Use of IFrames/AJAX. Some components use IFrames to load PHP files outside of Joomla!'s index.php context or AJAX (in which case the rendered document is not processed by the system plugin). In those cases, the Admin Tools plugin has no say over the rendering of the HTML and can not add the hidden field.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 22 July 2011 06:03 CDT

elau24
Thanks for the quick response! Yes, that form does use AJAX, so that's the reason.

How about Joomla login and search forms then? Do they use iFrames/AJAX? I've cleaned the Joomla and browser cache and they don't have a hidden field.

Friday, 22 July 2011 06:35 CDT

nicholas
The login and search forms should already have the hidden field. Can you send me a URL to your site so that I can inspect the HTML?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 22 July 2011 23:54 CDT

elau24
Just want to say thanks for the developer release. Now all forms, including the contact form created with aiContactSafe, contain the hidden field. I trust that the fix be included in the next official release.

Saturday, 23 July 2011 02:39 CDT

nicholas
You're welcome! Yes, of course, the fix will be included in the next Admin Tools release.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!