php - 可捕获的致命错误:传递给 ...CsrfTokenManager::isTokenValid() 的参数 1 必须是 ...\CsrfToken 的实例,给定字符串
问题描述
目前,我正在更新在现有 Symfony 2.3(当前为 3.0.9)上运行的系统,并且正在验证操作。当我尝试将文章状态更改为选定状态的功能时,出现错误。您对如何确定原因有什么建议吗?
代码 库ArticleController.php
/**
* Article status change
*/
protected function updateArticleStatusAction(Request $request, $ids)
{
// CSRF token check
$token = $request->request->get('_csrf_token');
if (!$this->get('security.csrf.token_manager')->isTokenValid('authenticate', $token))
{
throw new HttpException("400", "The CSRF token is invalid. Please try to resubmit
the form.");
}
// Check status
$articleStatus = $request->request->get("articleStatus");
if (!in_array($articleStatus, Parameters::getArticleStatusKeys())) {
throw new HttpException("400", "articleStatus is invalid.");
}
// Status change
try {
$ids = explode(',', $ids);
$count = $this->getArticleService()->updateArticleStatus($ids, $articleStatus, $t
his->getShop());
if ($count) {
$this->get('session')->getFlashBag()->add('success', "{$count}The status of the article has changed.");
}
} catch (ArticleValidationException $e) {
$article = $e->getArticle();
$statusArray = Parameters::getArticleStatus();
$this->get('session')->getFlashBag()->add(
'error',
sprintf(
"Article ID:% d could not be "% s". Please check your input.",
$article->getId(),
$statusArray[$article->getArticleStatus()]
)
);
}
// redirect
$backurl = $request->query->get("backurl");
if (!$backurl) {
$backurl = $this->generateUrl($this->indexRoute);
}
return $this->redirect($backurl);
}
文章控制器.php
/**
* Article status change
*
* @Method("POST")
* @Route("/article/{ids}/articleStatus")
* @Secure(roles="ROLE_HQ_MANAGE")
*/
public function updateArticleStatusAction(Request $request, $ids)
{
return parent::updateArticleStatusAction($request, $ids);
}
index.html.twig
{# Status change form #}
<form method="post" class="updateArticleStatus" data-url="{{ path("ahi_sp_admin_hq_article_updatearticlestatus", {"ids": "__ids__"}) }}">
<input type="hidden" name="methods" value="POST">
<input type="hidden" name="_csrf_token" value="{{ csrf_token("authenticate") }}">
<input type="hidden" name="articleStatus" value="">
</form>
安全.yml
security:
firewalls:
secured_area2:
pattern: ^/admin/sp/
anonymous: ~
form_login:
login_path: /admin/sp/login
check_path: /admin/sp/login_check
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: /admin/sp/
target_path_parameter: _target_path
use_referer: false
logout:
path: /admin/sp/logout
target: /admin/sp/login
remember_me:
secret: "%secret%"
lifetime: 2592000 # 30 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
always_remember_me: true
secured_area:
pattern: ^/admin/
anonymous: ~
form_login:
login_path: /admin/login
check_path: /admin/login_check
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: /admin/
target_path_parameter: _target_path
use_referer: false
logout:
path: /admin/logout
target: /admin/login
解决方案
该消息还为您提供了足够的调试细节,参数 1(在您的情况下是“身份验证”)必须是 crsf 令牌。试试这个:
$csrf_token = new CsrfToken('authenticate', $token);
$this->get('security.csrf.token_manager')->isTokenValid($csrf_token)
推荐阅读
- node.js - 在 localhost 中运行 docker 时出现 ERR_EMPTY_RESPONSE
- python - TfidfVectorizer - 未安装词汇表
- javascript - 在对象文字内使用带有三元运算符的扩展语法
- sql - 考虑日期顺序的 SQL 组数据
- clojure - 有没有办法(或 Clojure 中的条件语句)来处理所有不同的条件,即使其中一个条件为假?
- r - 如何强制 ggplot2 图中的所有方面具有相同的 x:y 比例,但允许比例本身变化?
- c# - 使用 C# 打开打印服务器属性菜单
- javascript - 我无法启用平滑滑块自动播放
- ios - 找出所有符合协议的类型
- c++ - 在 Windows 中查找扬声器输出的当前音量级别