CakePHP 3.x - 文件上传导致令牌不匹配
CakePHP 3.x - File Upload Results in Token Mismatch
我有一个类型为 => 文件的表单,带有文件上传控件。
当我在没有文件的情况下提交此表单时,它会按预期提交。
但是,当我提交带有附件的表单时,我得到了 CSRF 令牌不匹配。
知道为什么会这样吗?
编辑:我注意到刷新页面时 csrf 令牌是相同的,也许这是问题的一部分?
EDIT-2:当我禁用 CSRF 保护时,$this->request->getData() 数组为空
EDIT-3:我连接了 XDebug,结果如下...
显然 $post 和 $header 是第 194 行的 null/empty,导致令牌不匹配
这是我的表格
<div class="col-lg-offset-1 col-lg-10">
<?php if(isset($ledger->id)) { ?>
<?= $this->Form->create($ledger, ['url' => '/shortcut/ledger_save/' . $ledger->id, 'type' => 'file', 'class' => 'form-horizontal']); ?>
<?php } else { ?>
<?= $this->Form->create($ledger, ['url' => '/shortcut/ledger_new', 'type' => 'file', 'class' => 'form-horizontal']); ?>
<?php } ?>
<?php $this->Form->setTemplates(['inputContainer' => '{{content}}', 'submitContainer' => '{{content}}']); ?>
<!-- Default box -->
<div class="box">
<div class="box-header with-border">
<?php if(isset($ledger->id)) { ?>
<h3 class="box-title">Edit <?= $ledger->ledger_title ?> Form</h3>
<?php } else { ?>
<h3 class="box-title">Create Ledger Form</h3>
<?php } ?>
</div>
<div class="box-body">
<div class="form-group">
<center>
<?php if($ledger->disabled == 'n') { ?>
<?= $this->Form->control('disabled', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal']) ?> Check to disable (hide) ledger.
<?php } else { ?>
<?= $this->Form->control('disabled', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'checked']) ?> Uncheck to enable (show) ledger.
<?php } ?>
</center>
</div>
<div class="form-group">
<label for="inputEmail3" class="col-sm-2 control-label">Ledger Title</label>
<div class="col-sm-10">
<?= $this->Form->control('ledger_title', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Ledger Title', 'autofocus']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Total Plates</label>
<div class="col-sm-10">
<?= $this->Form->control('total_plates', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Total Plates (Total Images)']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Total Pages</label>
<div class="col-sm-10">
<?= $this->Form->control('total_pages', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Total Pages (Total Physical Pages)']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Check Tribes</label>
</div>
<div class="form-group">
<?php $x = 0; ?>
<?php foreach($tribes as $tribe) { ?>
<?php if($x == 0) { echo '<div class="form-group"><div class="col-sm-3"> </div>'; } ?>
<div class="col-sm-4">
<?php if(in_array($tribe->id, $ledger_tribes)) { ?>
<?= $this->Form->control('tribe_id[]', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => $tribe->id, 'checked']) ?> <?= $tribe->name ?>
<?php } else { ?>
<?= $this->Form->control('tribe_id[]', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => $tribe->id]) ?> <?= $tribe->name ?>
<?php } ?>
</div>
<?php $x = $x + 1; ?>
<?php if($x == 2) { echo '</div>'; $x = 0; } ?>
<?php } ?>
<?php if($x == 1) { echo '</div>'; $x = 0; } ?>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Custodian</label>
<div class="col-sm-10">
<?= $this->Form->control('custodian', ['type' => 'textarea', 'label' => false, 'class' => 'form-control', 'style' => 'width: 100%', 'placeholder' => 'Custodian']) ?>
<?php if(!isset($ledger->overwrite_custodian) || $ledger->overwrite_custodian == 'n') { ?>
<?= $this->Form->control('overwrite_custodian_checkbox', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => 'y']); ?> Overwrite Plate Custodian
<?php } else { ?>
<?= $this->Form->control('overwrite_custodian_checkbox', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => 'y', 'checked']); ?> Overwrite Plate Custodian
<?php } ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Image Source</label>
<div class="col-sm-10">
<?= $this->Form->control('image_source', ['label' => false, 'type' => 'text', 'class' => 'form-control', 'placeholder' => 'Image Source']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Provenance</label>
<div class="col-sm-10">
<?= $this->Form->control('provenance', ['type' => 'textarea', 'label' => false, 'class' => 'form-control', 'style' => 'width: 100%', 'placeholder' => 'Provenance']) ?>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Global Keywords</label>
<div class="col-sm-10">
<?php $keywordOptions = []; ?>
<?php $keywordValues = []; ?>
<?php $foundKeywords = []; ?>
<?php foreach($keywords as $keyword) { ?>
<?php if(trim($keyword->keyword) == '') { continue; } ?>
<?php $keywordOptions[$keyword->keyword] = $keyword->keyword; ?>
<?php if(in_array($keyword->keyword, $ledger_keywords)) { $keywordValues[$keyword->id] = $keyword->keyword; $foundKeywords[] = $keyword->keyword; } ?>
<?php } ?>
<?= $this->Form->select('keyword', $keywordOptions, ['class' => 'form-control select2', 'value' => $keywordValues, 'multiple' => true]); ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Additional Keywords</label>
<div class="col-sm-10">
<?php $additionalKeywords = ''; ?>
<?php foreach($ledger_keywords as $keyword) { ?>
<?php if(in_array($keyword, $foundKeywords) == false) { ?>
<?php $additionalKeywords = $additionalKeywords . $keyword . ', '; ?>
<?php } ?>
<?php } ?>
<?php $additionalKeywords = substr($additionalKeywords, 0, strlen($additionalKeywords) - 2); ?>
<?= $this->Form->control('additional_keywords', ['type' => 'textarea', 'value' => $additionalKeywords, 'label' => false, 'class' => 'form-control', 'style' => 'width: 100%', 'placeholder' => 'Additional Keywords']) ?>
<p class="help-block">Seperated by commas.</p>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Arist</label>
<div class="col-sm-10">
<?= $this->Form->control('artist', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Artist']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Media</label>
<div class="col-sm-10">
<?= $this->Form->control('media', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Media']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Dimensions</label>
<div class="col-sm-10">
<?= $this->Form->control('dimensions', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Dimensions']) ?>
</div>
</div>
<?php if(!isset($ledger->id)) { ?>
<div class="form-group">
<label for="exampleInputFile" class="col-sm-2 control-label">Batch Upload</label>
<div class="col-sm-10">
<?= $this->Form->file('uploadfile', array('label' => false, 'type' => 'file')) ?>
<p class="help-block">Select the ledger images archive here.</p>
</div>
</div>
<?php } ?>
</div>
<!-- /.box-body -->
<div class="box-footer">
<?= $this->Form->button('Submit', ['type' => 'submit', 'class' => 'btn btn-success btn-pill pull-right']) ?>
</div>
<!-- /.box-footer-->
</div>
<?= $this->Form->end() ?>
<!-- /.box -->
</div>
这是表格 html 输出
<!-- Main content -->
<section class="content">
<div class="col-lg-offset-1 col-lg-10">
<form enctype="multipart/form-data" method="post" accept-charset="utf-8" class="form-horizontal" action="/shortcut/ledger_new"><div style="display:none;"><input type="hidden" name="_method" value="POST"/><input type="hidden" name="_csrfToken" autocomplete="off" value="06d11527d1e431fd1d1b73a6b96e9af1eec6a1fd6c2ede60cfdb06afdcff5b3c02216614f61ba68bf1bf0beeba8b5f7500319ec94ec278141ee4f480b4a4505f"/></div>
..... SNIPPED TO MAKE MAX CHARS ALLOWED ....
<div class="box-footer">
<button type="submit" class="btn btn-success btn-pill pull-right">Submit</button> </div>
<!-- /.box-footer-->
</div>
</form> <!-- /.box -->
</div>
</section>
这里是检查headers
这里是检查headers没有填充文件上传,可以看到,上图中没有Form Data,下图中有。
/etc/php.ini文件中的post_max_size设置为8M,必须设置大于上传的文件大小。
所以,我所做的是,我设置
post_max_size = 80M
然后我设置
upload_max_filesize = 60M
然后按预期提交表单
我有一个类型为 => 文件的表单,带有文件上传控件。
当我在没有文件的情况下提交此表单时,它会按预期提交。
但是,当我提交带有附件的表单时,我得到了 CSRF 令牌不匹配。
知道为什么会这样吗?
编辑:我注意到刷新页面时 csrf 令牌是相同的,也许这是问题的一部分?
EDIT-2:当我禁用 CSRF 保护时,$this->request->getData() 数组为空
EDIT-3:我连接了 XDebug,结果如下...
显然 $post 和 $header 是第 194 行的 null/empty,导致令牌不匹配
这是我的表格
<div class="col-lg-offset-1 col-lg-10">
<?php if(isset($ledger->id)) { ?>
<?= $this->Form->create($ledger, ['url' => '/shortcut/ledger_save/' . $ledger->id, 'type' => 'file', 'class' => 'form-horizontal']); ?>
<?php } else { ?>
<?= $this->Form->create($ledger, ['url' => '/shortcut/ledger_new', 'type' => 'file', 'class' => 'form-horizontal']); ?>
<?php } ?>
<?php $this->Form->setTemplates(['inputContainer' => '{{content}}', 'submitContainer' => '{{content}}']); ?>
<!-- Default box -->
<div class="box">
<div class="box-header with-border">
<?php if(isset($ledger->id)) { ?>
<h3 class="box-title">Edit <?= $ledger->ledger_title ?> Form</h3>
<?php } else { ?>
<h3 class="box-title">Create Ledger Form</h3>
<?php } ?>
</div>
<div class="box-body">
<div class="form-group">
<center>
<?php if($ledger->disabled == 'n') { ?>
<?= $this->Form->control('disabled', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal']) ?> Check to disable (hide) ledger.
<?php } else { ?>
<?= $this->Form->control('disabled', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'checked']) ?> Uncheck to enable (show) ledger.
<?php } ?>
</center>
</div>
<div class="form-group">
<label for="inputEmail3" class="col-sm-2 control-label">Ledger Title</label>
<div class="col-sm-10">
<?= $this->Form->control('ledger_title', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Ledger Title', 'autofocus']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Total Plates</label>
<div class="col-sm-10">
<?= $this->Form->control('total_plates', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Total Plates (Total Images)']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Total Pages</label>
<div class="col-sm-10">
<?= $this->Form->control('total_pages', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Total Pages (Total Physical Pages)']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Check Tribes</label>
</div>
<div class="form-group">
<?php $x = 0; ?>
<?php foreach($tribes as $tribe) { ?>
<?php if($x == 0) { echo '<div class="form-group"><div class="col-sm-3"> </div>'; } ?>
<div class="col-sm-4">
<?php if(in_array($tribe->id, $ledger_tribes)) { ?>
<?= $this->Form->control('tribe_id[]', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => $tribe->id, 'checked']) ?> <?= $tribe->name ?>
<?php } else { ?>
<?= $this->Form->control('tribe_id[]', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => $tribe->id]) ?> <?= $tribe->name ?>
<?php } ?>
</div>
<?php $x = $x + 1; ?>
<?php if($x == 2) { echo '</div>'; $x = 0; } ?>
<?php } ?>
<?php if($x == 1) { echo '</div>'; $x = 0; } ?>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Custodian</label>
<div class="col-sm-10">
<?= $this->Form->control('custodian', ['type' => 'textarea', 'label' => false, 'class' => 'form-control', 'style' => 'width: 100%', 'placeholder' => 'Custodian']) ?>
<?php if(!isset($ledger->overwrite_custodian) || $ledger->overwrite_custodian == 'n') { ?>
<?= $this->Form->control('overwrite_custodian_checkbox', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => 'y']); ?> Overwrite Plate Custodian
<?php } else { ?>
<?= $this->Form->control('overwrite_custodian_checkbox', ['type' => 'checkbox', 'label' => false, 'class' => 'minimal', 'value' => 'y', 'checked']); ?> Overwrite Plate Custodian
<?php } ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Image Source</label>
<div class="col-sm-10">
<?= $this->Form->control('image_source', ['label' => false, 'type' => 'text', 'class' => 'form-control', 'placeholder' => 'Image Source']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Provenance</label>
<div class="col-sm-10">
<?= $this->Form->control('provenance', ['type' => 'textarea', 'label' => false, 'class' => 'form-control', 'style' => 'width: 100%', 'placeholder' => 'Provenance']) ?>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Global Keywords</label>
<div class="col-sm-10">
<?php $keywordOptions = []; ?>
<?php $keywordValues = []; ?>
<?php $foundKeywords = []; ?>
<?php foreach($keywords as $keyword) { ?>
<?php if(trim($keyword->keyword) == '') { continue; } ?>
<?php $keywordOptions[$keyword->keyword] = $keyword->keyword; ?>
<?php if(in_array($keyword->keyword, $ledger_keywords)) { $keywordValues[$keyword->id] = $keyword->keyword; $foundKeywords[] = $keyword->keyword; } ?>
<?php } ?>
<?= $this->Form->select('keyword', $keywordOptions, ['class' => 'form-control select2', 'value' => $keywordValues, 'multiple' => true]); ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Additional Keywords</label>
<div class="col-sm-10">
<?php $additionalKeywords = ''; ?>
<?php foreach($ledger_keywords as $keyword) { ?>
<?php if(in_array($keyword, $foundKeywords) == false) { ?>
<?php $additionalKeywords = $additionalKeywords . $keyword . ', '; ?>
<?php } ?>
<?php } ?>
<?php $additionalKeywords = substr($additionalKeywords, 0, strlen($additionalKeywords) - 2); ?>
<?= $this->Form->control('additional_keywords', ['type' => 'textarea', 'value' => $additionalKeywords, 'label' => false, 'class' => 'form-control', 'style' => 'width: 100%', 'placeholder' => 'Additional Keywords']) ?>
<p class="help-block">Seperated by commas.</p>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Arist</label>
<div class="col-sm-10">
<?= $this->Form->control('artist', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Artist']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Media</label>
<div class="col-sm-10">
<?= $this->Form->control('media', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Media']) ?>
</div>
</div>
<div class="form-group">
<label for="inputPassword3" class="col-sm-2 control-label">Dimensions</label>
<div class="col-sm-10">
<?= $this->Form->control('dimensions', ['label' => false, 'class' => 'form-control', 'placeholder' => 'Dimensions']) ?>
</div>
</div>
<?php if(!isset($ledger->id)) { ?>
<div class="form-group">
<label for="exampleInputFile" class="col-sm-2 control-label">Batch Upload</label>
<div class="col-sm-10">
<?= $this->Form->file('uploadfile', array('label' => false, 'type' => 'file')) ?>
<p class="help-block">Select the ledger images archive here.</p>
</div>
</div>
<?php } ?>
</div>
<!-- /.box-body -->
<div class="box-footer">
<?= $this->Form->button('Submit', ['type' => 'submit', 'class' => 'btn btn-success btn-pill pull-right']) ?>
</div>
<!-- /.box-footer-->
</div>
<?= $this->Form->end() ?>
<!-- /.box -->
</div>
这是表格 html 输出
<!-- Main content -->
<section class="content">
<div class="col-lg-offset-1 col-lg-10">
<form enctype="multipart/form-data" method="post" accept-charset="utf-8" class="form-horizontal" action="/shortcut/ledger_new"><div style="display:none;"><input type="hidden" name="_method" value="POST"/><input type="hidden" name="_csrfToken" autocomplete="off" value="06d11527d1e431fd1d1b73a6b96e9af1eec6a1fd6c2ede60cfdb06afdcff5b3c02216614f61ba68bf1bf0beeba8b5f7500319ec94ec278141ee4f480b4a4505f"/></div>
..... SNIPPED TO MAKE MAX CHARS ALLOWED ....
<div class="box-footer">
<button type="submit" class="btn btn-success btn-pill pull-right">Submit</button> </div>
<!-- /.box-footer-->
</div>
</form> <!-- /.box -->
</div>
</section>
这里是检查headers
这里是检查headers没有填充文件上传,可以看到,上图中没有Form Data,下图中有。
/etc/php.ini文件中的post_max_size设置为8M,必须设置大于上传的文件大小。
所以,我所做的是,我设置
post_max_size = 80M
然后我设置
upload_max_filesize = 60M
然后按预期提交表单