mzur / kirby-form Goto Github PK
View Code? Open in Web Editor NEWThis project forked from jevets/kirby-form
A form helper for Kirby CMS based websites and apps, using the Post/Redirect/Get pattern.
License: MIT License
This project forked from jevets/kirby-form
A form helper for Kirby CMS based websites and apps, using the Post/Redirect/Get pattern.
License: MIT License
Hi there,
thanks for this awesome plugin. I implement an application form with file upload, but unfortunately the csrf validation fails.
This is due to the fact that the Kirby Request object does not parse multipart/form-data
encoded form data and hence $token === null
in Form.php#157.
Am I missing out on something or is this considered a bug?
Cheerio
Hi there, thanks for this plugin :-)
While upgrading a Kirby installation I found out, that this plugin uses Kirby\Toolkit\F, which has been refactored to Kirby\Filesystem\F
in Kirby 3.6. There are aliases available which is why the code still works. However, the aliases might be deleted eventually.
See the changelog under refactoring
Cheerio
I noticed an issue with missing csrf tokens[1], when uploading larger files through a public facing form. [2]
After finally looking into the php error log I saw this warning: PHP Warning: POST Content-Length of 19119038 bytes exceeds the limit of 8388608 bytes in Unknown on line 0 and with upping the allowed filesize/post size in php.ini
upload_max_filesize = 64M
post_max_size = 192M
I was good to go.
Unfortunately there is no indication of those limits outside of kirby in the plugin, so I would propose a check for these values, maybe behind the debug flag like kirby itself is doing: https://github.com/getkirby/kirby/blob/04127160ed1ab8dc277763cd8ba4ebc5a097bc18/src/Api/Api.php#L747-L756
if (empty($files) === true) {
$postMaxSize = Str::toBytes(ini_get('post_max_size'));
$uploadMaxFileSize = Str::toBytes(ini_get('upload_max_filesize'));
if ($postMaxSize < $uploadMaxFileSize) {
throw new Exception(t('upload.error.iniPostSize'));
} else {
throw new Exception(t('upload.error.noFiles'));
}
}
I would have sent a pull request, but I'm not sure where to place that check.
Maybe this is something to consider. Thanks!
[1] Just for the record, check for token happens here
Line 163 in 38ce34b
When using the library with PHP 8.1, it triggers the following deprecation notice:
htmlspecialchars_decode(): Passing null to parameter #1 ($string) of type string is deprecated
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.