xh_csrf_token field can't be deleted

A place to report and discuss bugs - please mention CMSimple-version, server, platform and browser version
Post Reply
cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

xh_csrf_token field can't be deleted

Post by cmb » Fri Jan 30, 2015 3:56 pm

Hello Community,

Olaf reported a problem with CMSimple_XH 1.6.5 regarding the page data cleanup functionality: if there is a field xh_csrf_token in the page data it is listed as unused, but it can't be deleted.

This field could have been inserted in CMSimple_XH 1.6.3 due to a bug, which has been fixed with XH 1.6.4. That left another bug, which has been fixed with XH 1.6.5. Unfortunately, since then the xh_csrf_token field can't be deleted anymore.

As this is hard to fix, and it affects only some users who used XH 1.6.3, but did not clean-up the page data in XH 1.6.4 (which has been released only a week after XH 1.6.3), I suggest to tag this issue as WONTFIX.

Users who have to get rid of the xh_csrf_token field in their page data could do that manually by simply deleting the following lines from content.htm:

Code: Select all

'xh_csrf_token'=>'' 
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: xh_csrf_token field can't be deleted

Post by cmb » Mon May 18, 2015 11:11 pm

To clarify: I have renamed to item to "FIX: xh_csrf_token field can't be deleted" on the roadmap, so the usual voting options apply ("yes" would mean: fix it; "never" would mean: don't fix it).
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply